Q & A with a cyberwarrior

Following are responses by Maj. Gen. James Bryan, commander of the Pentagon's

Joint Task Force for Computer Network Defense, to questions posed by FCW.

Q: Does the Defense Department need a greater role in law enforcement,

in tracking down and prosecuting hackers?

A: No, I don't think so. What just a year-and-a-half ago took sometimes

weeks to figure out — what to share and who to share it with — now takes

place in minutes because those relationships [with law enforcement organizations]

are there.

Q: What are some specific actions you are already taking to improve

DOD network security?

A: I believe "CND Better" [a new-and-improved JTF-CND] is going to require

us to have a higher resource level. So we've put together a multiyear resource

strategy in regard to people and money, and we are preparing to deliver

that to [Space Command]. Without a resource strategy to support our goals,

the goals are so much hot air.

Q: Can you provide some specifics on the resource strategy?

A: In order for us to do a better job of determining indications and

warnings [of coming attacks], we need to have some additional capabilities

for intelligence and analysis and threat tracking, so we've identified what

those are and we've costed them out in terms of technology and money. We

need a little bit of technology, a little bit of permission and a little

bit of manpower.

Q: Will the strategy include any recommendation regarding development

of a sub-unified command for computer network defense and computer network

attack?

A: It is a matter of public record that the [space commander-in-chief]

has both the computer network attack and computer network defense missions

[{/fcw/articles/2000/1023/web-attack-10-25-00.asp} "Spacecom

handling cyberattack, defense," FCW.com, Oct. 25, 2000]. We are prudently

studying how to go about implementing that for the long term. I think it

would be imprudent of me to get out in front of the commander-in-chief and

postulate where that is going to go.

Q: Are we involved in a cyberspace arms race?

A: Clearly, we have no corner on cyberspace in the United States, nor

does the Department of Defense. Nor are we the only military organization

in the world that's concerned about cyber events and cyber operations. I

believe the pace is being set by the evolution of technology itself and

not because of someone's creation of the term "cyberspace arms race."

Q: What guidelines should DOD use to determine when an offensive attack

is appropriate to defend its own networks?

A: This was a central question that we have asked our legal authorities

to remain engaged on. The fact is that right now my authority is very limited.

I believe in this area the wisest course of action is to pursue the policy

and procedural issues at or ahead of the pace of technological capabilities,

because whether or not to use an attack as an active defense measure or

as a weapon system is a decision that needs to be operationally defined

at the national policy levels first and foremost.

Q: There's no frustration on your part that this has not been resolved

yet?

A: I think that every commander wants to be able to defend his forces,

in this case our networks, with every prudent technology and technique at

their disposal. But in this new mission area of computer network defense,

we have to accept the fact that the boundaries are very clearly defined

for us and that we're not in the business of defining what those boundaries

are, and we have to be patient with those who are defining what the boundaries

and the procedures and the proper authorities are.