10/15/2015 2:03 PM
by LTG Edward C. Cardon
Commanding General, U.S. Army Cyber Command
Today our Army’s successful execution of Unified Land Operations relies heavily upon cyberspace to deliver combat power to the tactical edge. Cyberspace facilitates unprecedented connectivity and flow of information required for mission command, intelligence, maneuver, fires, protection, and sustainment that helps enable our ground combat units to achieve overmatch against our adversaries. At the same time, reliance on cyberspace has made our Army vulnerable to a wide range of cyber threats.
Cyber threats pose a serious danger to both our national security and our personal security. Cybersecurity requires engaged leadership, individual accountability and collective responsibility. Leaders have a duty to understand this domain the same way we understand other domains. Individuals have a personal responsibility to protect our networks, systems and data – the defense has to be right all the time while the offense only needs one opportunity. Finally, there is collective responsibility in security: just as everyone is responsibility for force protection at an operating base, so it is with our networks, systems and data. Army leaders must embrace cyberspace as a contested warfighting domain and recognize the network as a weapons platform that needs to be protected and defended.
Cybersecurity is not just a technology issue. Most breaches of DoD networks you read about are caused by improper architectures, poor network hygiene or poor user practices: all of these have a human component. Said differently, users who click on phishing emails or network administrators who failed to implement necessary updates and practice good cyber hygiene put our networks, systems and data at risk. Most of these errors are usually the result of the failure to follow standards or failure to enforce standards.
Cybersecurity is Leaders’ business—we now operate in a contested cyber domain. Army Leaders must know the cybersecurity standards and enforce them. Leaders also need to know what data they have on their networks and how to protect it. This starts with ensuring everyone is trained on cybersecurity – it is about readiness.