By Caleb Skeath

This past Wednesday, the House Armed Services Committee’s Subcommittee on Emerging Threats and Capabilities held a hearing on military cybersecurity issues.  The hearing focused on the most pressing cyber threats to the nation’s security, as well as the need to grow the military’s cybersecurity workforce while maintaining high levels of skill and training.

Navy Adm. Michael Rogers, Commander of U.S. Cyber Command, described four different types of cyber threats that the U.S. faces:

  1. Autocratic governments, such as North Korea, that “view today’s open Internet as a lethal threat to their regimes;”
  2. Theft of intellectual property by states, individuals, and criminal organizations;
  3. Disruptive activities, such as denial-of-service attacks, malware, and network traffic manipulation; and
  4. States developing the capabilities and system access for hostile activities in cyberspace, either as a deterrence measure or in preparation for future attacks.

Adm. Rogers stressed the need for collaboration between the public and private sectors in order to address these threats, noting that neither the U.S. government nor the private sector can independently defend itself from cyberattacks.  However, he cautioned that there is no current “legal and policy framework” for sharing the Defense Department’s cybersecurity capabilities with the private sector.  According to Adm. Rogers, the creation of such a framework should be addressed in tandem with pending cybersecurity information-sharing legislation.

The witnesses also highlighted the rapid progress of the military’s cybersecurity workforce and capabilities in recent years.  According to written testimony, the staffing of the U.S. Cyber Command’s Cyber Mission Force is approximately halfway complete, and the majority of the 6,200 personnel on 133 different teams will achieve initial operational capability by the end of fiscal year 2016.  During the course of the hearing, Adm. Rogers stated that the government’s current cybersecurity structure envisions the Department of Defense in a “supporting role” to the Department of Homeland Security, but stressed the need to test this system and chain of command to ensure that it works in responding to cyber incidents.

Each of the witnesses also expressed concern over the impact of potential sequestration and reduced defense budgets on the ability to grow and maintain the military’s cybersecurity capabilities.  When asked about what Congress can do to support the military’s cybersecurity efforts, Adm. Rogers responded that Congress must “ensure a steady resource stream” for recruitment and training of cybersecurity specialists.  Otherwise, he expressed concern that members of the U.S. Cyber Command could “walk away” from the military in favor of higher pay rates in the private sector.