United States Central Command (USCENTCOM) and our regional partners face a common threat in cyberspace. Various adversaries with substantial cyber offensive capabilities intend to exploit and disrupt information infrastructure essential to regional and global economies and regional security and stability. Building a strong partnership and spirit of cooperation are critical to understanding and addressing this threat. Collectively, we must operate and defend our critical information technology (IT) infrastructure and networks using common principles for responsible behavior in cyberspace.
Information sharing and continued collaboration between partner nations is critical. Likewise, relationships with private industry and academia are also important to remain on the cutting edge and continue to adapt to the dynamically changing cyberspace environment.
Many of our critical government and military IT systems depend on industry-provided network infrastructure. Therefore, the need to build reliable partners in industry cannot be overstated. Cyber security cooperation is about sharing best practices and strengthening bilateral and multilateral partnerships.
Currently, United States Central Command and our regional partners use a variety of venues to share information and best practices, generate dialogue, and make progress in building cyber security capacity within the region:
- Central Region Communications Conference (CRCC)
- Key Leader Engagements (KLE) and Cyber Subject Matter Exchanges, Assessments, and Workshops
- C2 Interoperability Working Group (CIWG)
- Command and Control Interoperability Board (CCIB)
- Coalition Military Exercises
In partnership with the Office of the Secretary of Defense and the Department of Defense Chief Information Officer, the United States Central Command engagements and partnerships illustrate that protecting vital information systems starts at the top with responsible IT governance and a whole-of-government approach. Successful implementation of a cyber security strategy relies on a trained, educated and certified work force. This begins with basic users, often the weakest link, becoming certified to a baseline standard. Training, education, and certification are even more critical for system administrators, network administrators, and cyber security professionals.
Hardening networks requires a solid architecture that identifies points of failure and eliminates vulnerabilities in the IT infrastructure, employing sensors and establishing common standards for operating, defending, and improving the IT networks. It’s important to be able to rapidly respond to a cyber threat and take appropriate action to mitigate the risk and minimize the impact to operations. As such, we all need Computer Emergency Response Teams, composed of cyber security experts to rapidly respond during a significant cyber incident.
In partnership with whole-of-government and Department of Defense cyber experts, USCENTCOM conducts Cyber Security Assessments with regional ministries of defense to scope specific cyber security cooperation initiatives and prepare a tailored road map to build or enhance cyber security capacity and capabilities. These assessments provide detailed recommendations to enhance training, organizing and equipping of cyber forces, set the stage for development of foreign military sales cases and certification programs, and help to identify the need for follow-on assessments or training. Generally, these exchanges focus on four lines of effort:
Line of Effort 1 – Policy, Strategy and Organization
Specific recommendations to improve or develop Cyber Defense Strategy, policy and organization
Line of Effort 2 – Workforce Development
Specific recommendations to develop a cyber workforce to include a tailored training regime
Line of Effort 3 – Provide and Operate
Specific recommendations to map out network architecture and determine network health
Line of Effort 4 – Protect and Defend
Specific recommendations to improve system confidentiality, integrity, availability and nonrepudiation
Building upon the recent Central Region Communications Conference held in Washington, D.C., May 12-14, 2015, and attended by 38 regional IT professionals from nine partner nations, USCENTCOM plans to invite government and industry leaders in the cyber field to quarterly collaborative cyber security workshops to develop plans of action and collective milestones to ensure continued progress. These quarterly workshops will be conducted virtually using the Web-based All Partners Access Network, or APAN. We anticipate the first of these collaborative workshops to take place in August 2015. Although we’ve collectively made great strides in strengthening our cyber security posture, the threats continue to evolve, and only through cooperative vigilance can we protect our mutual interests in cyberspace. Together, we can find a way!
The articles contained in this issue of Unipath — and additional material available on Unipath’s website — provide a strong overview of what the region is doing to defend against terrorists, criminal organizations, hostile governments and hackers who operate online. Unipath is a forum to share ideas and articles on a wide range of military and security topics.
As always, your comments and suggestions are helpful to shape the way ahead in critically important fields such as cyber security. Please email comments or ideas to [email protected].