U.S. Cyber Command director: We want ‘loud,’ offensive cyber tools
An Army National Guard cyber training exercise designed to develop and train cyber-capable forces including members of the Guard, Army Reserve, U.S. Marine Corps, Air National Guard and other federal agencies. (Photo by Sgt. Stephanie A. Hargett/Army Cyber/Flickr CC-BY-2.0)
The U.S. military’s top cyber warfare unit is working to develop weapons distinctly different from those used by the intelligence community, the executive director of U.S. Cyber Command said during a Department of Homeland Security business conference held Tuesday.
Shawn Turskey told a small audience of predominantly security software vendors and government officials the command unit is looking for tools that can be definitively traced back to the United States military, diverging from the ultra-stealth exploits often used at bureaus like the National Security Agency.
“In the intelligence community you never want to be caught, you want be low and slow, you never really want to be attributed. There’s a different paradigm from where you are at in the intelligence community,” said Turskey, who leads the Department of Defense’s capability and tool development project within Cyber Command. “But there’s another space over here, where maybe you definitely want to be louder, where attribution is important to you and you actually want the adversary to know.”
The development of “loud” offensive cyber tools, able to possibly deter future intrusions, represent a “different paradigm shift” from what the agency has used to in the past, Turskey said.
“We will continue to work with the intelligence community for offensive means and offensive operations,” he said. “But as the United States Cyber Command, we need totally separate tools and infrastructure to conduct our operations.”
The comments come at a critical time for the command as the organization shifts from “capacity building to capability delivery” since its inception six years ago, Turskey said.
In recent months, reports have suggested that the Obama administration is reviewing a plan to elevate the status of Cyber Command to a unified combatant command. Such a move would effectively detach the organization from the NSA’s purview and give it greater autonomy and operational authority to conduct missions.
“As the cyber threat landscape has evolved, we have continued to review whether keeping the NSA Director and the Commander of [U.S.] Cyber Command together as one, dual-hatted position is the most effective structure approach,” Michael Daniel, White House chief cybersecurity coordinator, told FedScoop earlier this month.
In broad strokes, Cyber Command is focused on four broad development areas as the year closes, including tools, infrastructure, defensive components and government compliance, pursuant to legal, ethical and moral bounds, Turskey said.
“These four things are really shaping our funding, our issues and it has even really shaped our organizational structure.”
As part of this effort, underscored by the four development areas, Cyber Command recently stood up a new group called the capability development group, or CDG, which ensures that technologies, services and other capabilities are both manageable and streamlined to their full extent. The CDG will also give guidance and integration tips for industry partners to adapt Cyber Command tools.
By fiscal year 2018, the command hopes to boast 6187 cyber warriors, totaling 133 teams — able to engage in both defensive and offensive missions — and to establish a more sustainable talent pipeline to replenish the ranks, Turskey explained.
Currently, the unit has roughly 4,700 cyber warriors spread across 100 individual teams who are currently ready to pursue operations.
