Four key players in the establishment of U.S. Cyber Command (CYBERCOM) took a trip down memory lane at the RSA Conference in San Francisco on Wednesday to discuss how they worked together to set up CYBERCOM following one of the worst military compromises in U.S. history.
The story starts back in 2008 when the Department of Defense (DoD) discovered an infected flash drive in Afghanistan.
“It’s an important story. It’s 2008 and the Department of Defense realizes that there is malware on both their unclassified and classified networks,” explained former U.S. Cyber Command and National Security Agency (NSA) Chief Paul Nakasone. “These are the warfighting networks that we’re using for U.S. Central Command.”
This infected flash drive served as a wake-up call to the DoD, and Nakasone said it led to three important discoveries. First, he said, was “the jarring impact” this compromise had on the department, especially its classified networks.
The second, Nakasone said, was that the NSA “is able to both detect and mitigate” during this incident. The director of NSA at the time, Gen. Keith Alexander, started to consider “where do we need to go as a Department of Defense with cyber forces,” Nakasone said.
The third element, Nakasone said, “is that this is really the reason for U.S. Cyber Command. Everything starts to accelerate after the mitigation is done, and we start talking about what do we do about this going forward.”
Also taking the stage to discuss the establishment of CYBERCOM was Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly; retired Navy Vice Adm. Timothy White; and Lt. Gen. Stephen Davis, the inspector general of the Department of the Air Force.
Davis explained that the discovery of the flash drive was a crisis moment for DoD, as it couldn’t answer the question of “how many computers do we actually have?”
“I think there was a realization that we didn’t really understand the system as well as we should,” Davis said.
“Everyone wakes up relying on this network – four stars, senior civilians, commanders rely on these networks to do every bit of all the business of the mission,” added White. “And to think that this is something they perhaps have not thought as much about is potentially compromised … that’s unsettling at a minimum.”
Easterly, who retired from the U.S. Army after more than twenty years of service, explained that Alexander brought together herself, Nakasone, Davis, and White as a four-person “implementation team,” known as the Four Horsemen, to stand up CYBERCOM.
“I certainly learned a lot from being in that environment. I learned a lot about the importance of empowering people and crushing bureaucracy so you can actually make hard things really happen,” Easterly said. “I learned a lot about just the power of no drama, no ego, which frankly, was our motto in terms of how we operated, and I think it informed how I lead organizations to this day.”
“I think we’ve done that effectively across the interagency, specifically NSA, CISA, FBI, U.S. Cyber Command in a way where, you know, the egos go out the door, and you’re really focused on what you can do to ensure the safety and security of the American people,” she added.
CYBERCOM certainly faces different threats today than it did back in 2010 when it was first established.
In fact, Nakasone said in December that he was working with DoD on an independent study that looks at the prospect of a new force generation model for CYBERCOM, or a “CYBERCOM 2.0.”
“The scope, scale, sophistication, of the threat has changed,” Nakasone said at the time. “The private sector has changed, our partners have changed. I think that we’ve got to be able to take a look at how we’re going to change as well.”
