Overview[edit | edit source]
The United States Department of Defense (DOD or DoD) is the federal department charged with coordinating and supervising all agencies and functions of the government relating directly to national security and the military. The organization and functions of the DOD are set forth in Title 10 of the United States Code. Figure 1 is a simplified depiction of DOD's organizational structure.
The DOD has three major components — the Department of the Army, the Department of the Navy, and the Department of the Air Force. Among the many DOD agencies are the Defense Advanced Research Projects Agency (DARPA), the Defense Intelligence Agency (DIA), the National Geospatial-Intelligence Agency (NGA), and the National Security Agency (NSA).
Cybersecurity[edit | edit source]
The DOD depends on 7 million computer devices, linked on over 10,000 networks with satellite gateways and commercial circuits that are composed of innumerable devices and components. The threat to DOD computer networks is thus substantial, and the potential for sabotage and destruction is present. While criminal organizations are a source of concern, foreign governments have more resources and more worrisome motivations. Cyber warfare is attractive to adversaries because it poses a significant threat at a low cost. An adversary does not need an expensive weapons program to conduct damaging attacks; a handful of programmers could cripple an entire information system. Moreover, it is also an attractive weapon to our adversaries because it is difficult to trace the origin of the attack and even more difficult to deter one. According to DOD, a large number of intelligence agencies and foreign militaries are actively trying to penetrate our military networks. These networks are scanned millions of times a day and probed thousands of times a day. Over the past several years, DOD has experienced damaging penetration to these networks.
The DoD plays a key role in defending U.S. interests in cyberspace. Various Defense Department directives provide guidance and define terms such as Information Operations and Information Assurance. For instance, the Joint Doctrine for Information Operations (Joint Pub 3-13, October 9, 1998), is a key document in defining how U.S. joint forces use cyberwarfare to support U.S. military strategy. But much of what the military does in cyberspace today is an outgrowth of traditional views and approaches toward ensuring information security (InfoSec).
The military has been further guided by Joint Vision 2010 (JV-2010), a broad long-term strategic concept for joint military strategy and planning purposes promulgated by the Joint Chiefs of Staff (JCS). JV-2010 embraced information superiority and technological advantages designed to transform traditional warfighting. Its successor, Joint Vision 2020 (JV-2020) (released May 30, 2000), extends the conceptual template established by JV-2010 to guide the continuing transformation of U.S. military forces. Among other things, JV-2020 states:
|“||changes in the information environment make information superiority a key enabler of the transformation of the operational capabilities of the joint force and the evolution of joint command and control.||”|
Also, the Quadrennial Defense Review (QDR) stated that asymmetric forms of warfare, such as information warfare, will become increasingly prevalent in the world, adding:
|“||because of the prevalence of such capabilities in the hands of potential future adversaries and the likelihood that such adversaries would resort to such means in the face of overwhelming U.S. conventional dominance, U.S. forces must plan and prepare to fight and win major theater wars under such conditions.||”|
DOD is responsible for protecting and defending its networks, including independently establishing bilateral relationships with foreign military and other international partners to share computer vulnerability data and coordinate activities and operations. As a federal department with cyber expertise, DOD is included by HSPD-7 among the departments that are to collaborate with DHS to secure cyberspace. Under these authorities, multiple subcomponents within the department are responsible for cyberspace activities related to strategy, policy, plans, and operations.
DOD’s cyberspace operations encompass both defensive and offensive activities, for which the primary purpose is to achieve military objectives or effects in or through cyberspace. Defensive Cyberspace Operations are categorized as computer network defense, which consists of actions taken to protect, monitor, analyze, detect, and respond to unauthorized activity within DOD information systems and computer networks. Offensive Cyberspace Operations are comprised of two functions: information gathering (or computer network exploitation) and computer network attack.
Office of the Assistant Secretary of Defense for Global Strategic Affairs[edit | edit source]
The Office of the Assistant Secretary of Defense for Global Strategic Affairs (OASD (GSA)) is the primary policy organization within DOD responsible for formulating the department’s international cyberspace policies. The OASD (GSA):
- Develops DOD strategy for international cyberspace engagement and coordinates intra-agency cyber activities for the Secretary and Deputy Secretary of Defense.
- Supports NATO cyberspace policy development.
- Participates in ITU-T and ITU-D study group efforts (cybersecurity standards, national best-practices guidelines, tools to promote a culture of cybersecurity, and cybersecurity self-assessment tools) as a member of U.S. delegations.
- Participates in UN General Assembly proceedings as subject matter expert in U.S. delegations.
- Participates in an intra-agency working group related to ICANN.
- Develops bilateral and multilateral agreements regarding military cooperation for cyberspace operations.
- Provides policy guidance to other U.S. agencies participating in international efforts via the International Sub-IPC.
Office of the Assistant Secretary of Defense for Networks and Information Integration/DOD Chief Information Officer[edit | edit source]
The Office of the Assistant Secretary of Defense for Networks and Information Integration/DOD Chief Information Officer (OASD(NII)/DOD CIO) is to develop and coordinate information-sharing relationships with international military partners to support computer network defense operations. The Joint Staff J-5 is responsible for translating national policy into joint doctrine for DOD’s combatant commands and represents the Joint Chiefs of Staff (JCS) at the ICI-IPC. The OASD(NII)/DOD CIO:
- Leads the International Information Assurance Program (IIAP), which develops and manages cyber-related bilateral and multilateral data sharing relationships with foreign military partners.
- Represents the United States at the NATO C3 Board that approves the NATO Cyber Defense Policy and directs policy implementation via the Cyber Defense Management Board.
- Sponsors the biannual International Cyber Defense Workshop (ICDW), which provides [technical security]] training to military and civilian information assurance specialists and computer security practitioners on topics including computer network defense, response and analysis, and computing forensics.
- Provides technical expertise and guidance to other U.S. agencies participating in international efforts via the International Sub-IPC.
References[edit | edit source]
- Department of Defense, Report of the Quadrennial Defense Review (May 1997). For a more recent report, see DOD, Quadrennial Defense Review Report (Feb. 2010).
|This page uses Creative Commons Licensed content from Wikipedia (view authors).|