Security planners work on cyber defense strategies at U.S. Army War College
CARLISLE — When it comes to cybersecurity, we’re all in this together.
The nation’s best defense in cyberspace involves not only the military but private citizens and corporations, top security planners said here Tuesday in a closed-door meeting at the U.S. Army War College.
“You do not want this to be a military approach,” said speaker Mark Troutman, the director of the Center for Infrastructure Protection & Homeland Security at George Mason University. “We are Americans. We secure ourselves at the end of the day with an active and engaged citizenry.”
Participants at the Carlisle event are working to break ground on a national cybersecurity strategy that would provide direction for the federal government in the event of a major computer attack, said William Waddell, director of mission command and the cyber division at the War College.
Sessions on the first of three days of planned talks included about two dozen planners representing multiple military branches, federal agencies such as Homeland Security, National Security Agency, Defense Department and Defense contractors, as well as security professors.
The Carlisle discussions are taking place as high-level talks between the United States and China play out at the Strategic and Economic Forum in Washington. U.S. Treasury Secretary Jack Lew opened the three-day forum Tuesday by saying Washington remains “deeply concerned about government-sponsored cyber theft from companies and commercial sectors.”
The comment reflected U.S. concerns that China might have been behind a massive computer hack on the federal Office of Personnel Management involving millions of government employee files. U.S.-China talks on cybersecurity issues were suspended last year when federal prosecutors in Pittsburgh filed criminal charges against several members of the Chinese military for allegedly stealing trade secrets.
Federal officials have said cybersecurity will be discussed during the Washington forum in an effort to smooth out problems before Chinese President Xi Jinping’s scheduled first visit to the White House in December.
The Tribune-Review’s Cyber Rattling series has reported the growing online threats from nation-states, criminals and others. The newspaper was invited to Carlisle to sit in on the unclassified but background discussions, involving many top policymakers who declined to comment for attribution because of security concerns.
One top military official suggested that the response from the United States to significant online attacks should not be limited to computers but include the potential for lethal force.
The session opened with an acknowledgement of the need to move quickly. Many active and retired military and government workers talked among themselves about the personnel management hack.
“The persistence and the size of the violation of people’s integrity is concerning to me, along with the knowledge of the threat and our vulnerabilities and those pieces that affect basically all U.S. citizens,” Waddell said.
U.S. military discussions about cyber capabilities have been taking place for more than a decade, but have focused primarily on the country’s offensive capabilities rather than defenses, said Anthony Shaffer, a retired Army lieutenant colonel who is a senior fellow at the London Center for Policy Research, a New York-based think-tank.
“We don’t do (planning) to the level necessary now to understand that if we can do this to somebody else, for goodness sake, they’re going to do it to us,” Shaffer said.
The first phase of the War College’s cybersecurity focus in February laid out policy recommendations that included increasing the Defense Department’s participation in cyber-response planning at the federal, state and local levels, as well as increased private-sector accountability for critical infrastructure such as power grids.
The War College events break down barriers that prevent groups from communicating about the cyber threat and what to do about it, said Thomas Arminio, a homeland security professor at Penn State University in Harrisburg.
“We have to avoid any notion of ‘my turf versus your turf,’ ” Arminio said, “because the problem is only going to be solved by collaboration.”
Reuters contributed to this report. Andrew Conte is a staff writer for Trib Total Media