Report from the 30th Annual Space Symposium, May 19-22, Broadmoor Resort, Colorado Springs, Colorado
For the past five years, the first day of the National Space Symposium — now known simply as the Space Symposium, the largest symposium of its kind in the world — has started with an entire day dedicated to discussions of the cyber domain as it pertains to the DoD and civilian industry. The annual event highlights presentations from the major civilian cyber players and the senior cyber commander for the DoD, military services and government agencies. Several of the now-senior military officers worked for or with me as junior officers at some point in the past, and while that is an age-related humbling experience, it also makes me proud of them at the same time.
One major talking point, among many, is crystal clear: the U.S. government and civilian enterprises alike understand that cyber security is a critical mission and that cyber warfare, especially from a nation-state point of view, is a credible and viable threat to every government and civilian program and and to everyone today.
Major General Kevin McLaughlin, currently the commander of 24th Air Force and AFCYBER, the major command that takes cyber warfare to heart as a major mission, is one of those young officers in my past that make me proud today. Kevin was the luncheon speaker, and he put the Air Force role for cyber warfare in perspective as well as explaining how the Air Force role is integral to the overall Defense Cyber Enterprise. This integration role may seem like a small matter, but General McLaughlin’s explanation of Air Force and DoD cyber and IA (Information Assurance) synergy is critical to the success of his organization and mission.
This is critical because throughout my Air Force career and even today I constantly encounter commanders that are quick — too quick in my book — to explain, usually with great passion, why their particular mission(s) are critically important and “unique” to the Air Force writ large enterprise. Unfortunately, history shows us that “unique” organizations within services do not always fare well in budget scenarios, especially seques-castration budgets.
In my humble but experienced opinion, the senior officers commanding these “unique” organizations, be they cyber or otherwise, would fare far better if they conformed to Air Force budget requirements and still conducted their day-to-day unique missions just like a fighter pilot and fighter sortie. By that I mean you never know what you will encounter on a fighter sortie. You never know what the enemy will throw at you but you can rest assured that any plan, no matter how well conceived, will not survive initial contact with the enemy. The plan always changes and will hopefully be successful, but only because of flexibility, which has been described as the key to air power, and certainly not because of the “plan.”
So, I was assured when Gen. McLaughlin described “A Day in the Life of a Cyber Warrior” just as I would a fighter sortie. Prepare for the known threat and expect the unexpected. Be innovative and flexible, and you may win the battle and live to fight another day, because make no mistake about it, cyber warfare is a life-and-death struggle.
Fortunately, there do seem to be solutions that work, and a key point that was made numerous times by various speakers is that the small, small, usually local cyber warrior company is often times much more successful than the security behemoths that tend to get bogged down in their own administrative minutia. One of the companies mentioned was NDP, a small cyber and IA company in Boulder, Colorado, known for its work slaying the cyber dragons attacking the well-known SBIRS (Space Based Infrared System) program. The story goes that NDP, with only 50 employees, took on major global SBIRS cyber and IA issues and made it look simple. It is always the real experts that make it look simple. The chairman of one of panels really put it in perspective when he opined, “Would you really want Raytheon or Boeing providing anti-virus software for your home computer? Probably not! No slight to the mega companies intended, but I would go with the local, flexible and responsive small company, like NDP, every time.”
Thankfully, a lot of what I heard this year, as opposed to years past, conforms to the scenario I just described. Bad cyber actors (villains), local or nation state, are anticipated, and while the white-hat cyber warriors win more times than they lose, it is clear there is currently no panacea for cyber and IA threats — just hard work, diligence and flexibility to hopefully win the conflict.