Last week Defense Secretary Robert Gates ordered U.S. Strategic Command (StratCom) to deliver a plan to stand-up a new command to oversee information technology security and attack what would be known as “Cyber Command.” This is in addition to President Obama’s announcement last month that he will establish a new cyber security office at the White House. The historic event took place on Tuesday, June 22nd.
As one could imagine, this is no small task. StratCom has just a little over sixty days to accomplish this mission. The plan to create this new entity operating within the Department of Defense and lead by a 4-star general is due to the Defense Secretary by September 1st. According to Gates’ timeline, Cyber Command is expected to be up and operational by October 1, 2009, and fully functional one year later. An internal memo from Gates to senior Pentagon officials stated that he intends to recommend that Lt. Gen. Keith Alexander, the current director of the National Security Agency, take on the role as commander of the Cyber Command with the rank of a four-star general.
What this will actually cost is anyones guess. Current thinking is that the budget to just establish the new command through year’s end could reach as high as $200 million. Longer term, the cost of cyber intelligence, defense and offensive capabilities are estimated to be around $55 billion annually. This will create our offensive cyber forces and capabilities and defend the over 100,000 DoD Networks and 5 million DoD computers against cyber attack. One might say it is just a drop in the bucket of a 2009 DoD budget that topped $515 billion.
The United States is not the only country making this move. The UK defense ministry announced plans to establish an office of cyber attack and defense but gave no hard date when it would be operational. Britain’s GCHQ (Government Communications Headquarters, their equivalent of the NSA) seems to be well underway in fully developing their cyber capabilities. In addition, the defense ministry of South Korea has also announced plans to establish a cyber command by 2012.
Internal cooperation is critical for cyber incident investigations and event attribution. As more and more countries establish a focal point for cyber defense, the greater the opportunity to conduct these investigations and accurately identify those behind cyber attacks.
The key here is offensive capabilities. Get that right and the defensive side can feed from it. This is what has prevented our successes in this area before.
FTA: “the cost of cyber intelligence, defense and offensive capabilities are estimated to be around $55 billion annually.” and “One might say it is just a drop in the bucket of a 2009 DoD budget that topped $515 billion.“
Folks, that is more than 10% of the total DOD budget if the numbers are to believed.
Not only is tipover right to point out that $55B is lot of money by any standard, but to defend only the “100,000 DoD Networks and 5 million DoD computers against cyber attack” isn’t nearly enough. Bad guys can do an enourmous amount of damage by attacking only private sector networks & computers.
You rarely hear about the NSA, but considering the nature of their work, that is a good thing. I trust they can do this well if given the right support and authority.
For info, the two new UK “Cyber security” organisations are scheduled to be operational by end of March 2010 (“Cyber Security Strategy of the United Kingdom”, http://www.cabinetoffice.gov.uk/media/216620/css0906.pdf, p20)
I was under the impression that cyber-defense(and offense) was to be taken up by the Air Force. There was an announcement last year to that effect. They were drawing up units and everything.
beeter IT security. Strike
better IT security.