Carter on Cyber

By Christopher J. Castelli / June 12, 2013 at 4:52 PM

The Pentagon may one day create a joint organization like U.S. Special Operations Command to oversee more directly all U.S. military forces associated with cyberwarfare, Deputy Defense Secretary Ashton Carter said today.

His comments came after a member of the audience at a conference sponsored by the Center for a New American Security asked why the Defense Department had not established a new military service focused entirely on the cyber domain. "It may come to that some day," Carter replied.

U.S. Cyber Command, a sub-unified command under U.S. Strategic Command plans, coordinates and synchronizes DOD's cyber activities. But the department has stopped short of making the mission area inherently joint, Carter noted.

For now, he said, DOD has determined it must focus on attracting, maintaining and making the best use of the cyber talent it has, and using the services' existing cyber-related organizations to address the mission in the most expeditious manner possible.

Meanwhile, the head of STRATCOM had some thoughts on cyber issues today as well. From our story:

Pentagon leaders may never be satisfied with the reliability and readiness of the U.S. nuclear command and control system despite continuing efforts to identify and respond to cyber vulnerabilities, the head of U.S. Strategic Command said today.

STRATCOM is reviewing its legacy nuclear command and control system to determine if there are critical vulnerabilities that exist in the system, Gen. Robert Kehler said today, adding that the review likely will not be complete for some time and that the results may never fully satisfy DOD leaders.

"I don't know that we're ever going to be fully satisfied," Kehler said. "I think you have to have some healthy view that an adversary can be ahead of you and, I think, that there's no perfect defense, there's no perfect protection in any domain, to include cyber. So I think we have to be realistic as we go forward and understand that this is something that will be an ongoing concern for us."

Kehler said that, to date, the review has not uncovered any significant concerns. He noted that many of the issues that have arisen are related to what he called "basic network hygiene," like changing passwords on a regular basis.

"In some cases, we've discovered -- especially with some of the older systems -- that there aren't any vulnerabilities there because they don't work the way that newer systems work," Kehler said. "In some cases we've found things that are a concern, I wouldn't say they're vulnerabilities, and we're going to have to fix those. But we're not finished and it's going to take a while longer."