1.The status of US Cyber Command
Cyber Command – which organizes the military’s cyber resources and synchronizes cyber operations – was established in 2009. It exists as a sub-unified command under US Strategic Command, one of the Department of Defense’s nine Unified Combatant Commands. Hagel will have to evaluate Cyber Command’s maturation to date and determine if it warrants a status elevation to a Unified Combatant Command.
Hagel will also need to decide on Cyber Command’s leadership structure. Currently, General Keith Alexander, command of US Cyber Command, is also serving as the director of the National Security Agency. Hagel must ask if it continues to be necessary and appropriate to have a military command and an intelligence unit under a single line of control.
Developing a cyber workforce
In January, reports surfaced that Cyber Command will increase personnel from 900 to 4,900. While this is an important capacity-building step, it also presents two challenges:
First, Hagel must specify the roles and responsibilities for these new positions. Only then can the Defense department understand the skill-sets required and identify the individuals needed to achieve its objectives.
After that, the department can focus on attracting and retaining talent. This entails more than just competitive salaries and benefits. It means continuing to bridge a cultural divide – bringing in creative, tech-savvy individuals that generally are not attracted to a hierarchical military environment.
It also means striking the right balance in attracting the country’s top technical experts – some of whom may have criminal background complications stemming from previous hacking convictions – while ensuring individuals in sensitive positions do not pose a security threat.
Improving the cyber capabilities
In times of budget austerity, cyber capabilities are one of the very few areas of the defense budget expected to increase. While investments are needed, throwing money at the issue alone will not solve our problems.
The Defense department’s process for acquiring new capabilities is designed for obtaining large weapons platforms that remain online for decades. That acquisition process is not suited for the cyber realm. Cyber capabilities become outdated as threats are constantly evolving. Their cycles of use are far shorter than typical weapons systems, and the Pentagon’s efforts to close the cyber-preparedness gap have lagged. Hagel must work within the Pentagon, and with Congress, to craft a more efficient process for developing and approving new cyber capabilities.
Hagel should also ensure that his department continues to improve relationships with private-sector innovators, such as small technology start-ups, that are working on cutting-edge solutions to tomorrow’s problems. The federal contracting process is cumbersome, making it difficult and time-consuming for small businesses to navigate. Hagel should work with Congress to improve incentives for small businesses to contract with the federal government and help the Pentagon keep pace with rapid technological developments.
Establish rules of international behavior
Hagel will need to establish a strong working relationship with Secretary of State John Kerry on a variety of issues, but there may be no more urgent issue than cyber security. Together, they must work with governments around the world to build transparent norms based on common principles, define protocols for watch and early-warning systems, and reduce behaviors that unintentionally escalate cyber incidents.
Additionally, non-state actors are now a major player in the cyber arena, often acting on behalf of governments and private clients. The US should work with partner governments to instill a culture where countries take responsibility for actions that take place within a their territories, without allowing “security” to become a pretense for cracking down on free speech and other fundamental values.
As Hagel assumes control of the Pentagon, he has a number of challenges before him. From the drawdown in Afghanistan to budgetary concerns, there are numerous threats to confront. Cyber threats are as complex as any he will face, but there are concrete steps he can take to improve American security.
Matthew Rhoades is the director of legislative affairs at the Truman National Security Project and the Center for National Policy.