Pentagon leaders expect Cybercom 2.0 to help thwart Chinese actors ‘living off the land’
Senior officials at the Defense Department say the Pentagon’s new cyber force generation model will help the military boot out Chinese threats from America’s critical infrastructure networks.
A digital tactic known as “living off the land” has been a concern for U.S. officials in recent years as actors linked to China, such as Volt Typhoon, have infiltrated networks in the United States.
“The Chinese have executed a deliberate campaign in order to compromise U.S. networks and then use native commands and native features inside those networks to move around to look like legitimate traffic. That makes it difficult for us to define those,” Army Lt. Gen. William Hartman, acting commander of U.S. Cyber Command and director of the National Security Agency, told lawmakers during a Senate Armed Services Subcommittee on Cybersecurity hearing.
“We have seen them in telecommunication systems. We’ve seen them in critical infrastructure. That’s the bad news. The good news is we see them and we report them, and we execute operations to get them out of those networks. And increasingly, as we build expertise under the Cybercom 2.0 program, it will allow us to do that more effectively,” Hartman said.
Under the Cybercom 2.0 initiative, the Pentagon has developed a new cyber force generation model that’s intended to modernize the way the department builds and develops digital forces and talent.
“Our legacy force generation model is inconsistent, hindering our ability to adapt at speed and scale to counter threats like Volt Typhoon and Salt Typhoon, and quickly integrate emerging technologies like artificial intelligence. To secure the nation’s interests, we must generate cyber forces equipped to operate with precision, agility, and lethality,” according to an overview of the implementation plan for the revised model that was posted online to coincide with Wednesday’s hearing.
“A strong and integrated national cyber workforce is essential for protecting the American way of life. The cyber forces developed under CYBERCOM 2.0 will be on the front lines defending the critical infrastructure we all rely on, while simultaneously engaging the most critical threats posed by adversaries who seek to do our nation harm. This initiative directly enhances the security and resilience of our nation against the most consequential cyber threats,” officials wrote in the document.
A key element of the new model is to focus more on cultivating specialization among the cyber workforce rather than rotating people through assignments as generalists.
For example, some teams might be trained to defend satellite communications and GPS systems, while others specialize in protecting power grids and transportation networks. Meanwhile, some personnel might be oriented toward developing access for sensitive systems, Katie Sutton, assistant secretary of defense for cyber policy, explained in written testimony for Wednesday’s hearing.
“This approach builds a cyber force better capable of addressing emerging threats, such as exploitation of industrial control systems in critical infrastructure or cyberattacks automated by artificial intelligence,” Sutton told lawmakers.
Hartman said the advanced and specialized training will allow the U.S. to both compete with and “outpace China.”
AI and automation will play an important role in helping Cybercom defend American networks, he told senators.
“It’s not going to entirely take the human out of the loop, but what it is going to do is identify the most important data that our analysts need to look at in order to best protect our network,” he said.
The Cybercom boss noted that pilots have been undertaken by the Defense Department, including an Army-executed effort known as Panoptic Junction.
“We are looking at scaling that technology. It was specifically focused about how to find Chinese living off the land, techniques that we’ve seen repeatedly used,” Hartman told lawmakers.
“The bigger piece, though, is really closing the loop between what we learn in our offensive capability and what our defensive teams are prepared to defend against, and literally in real time, turning around that knowledge and so that as we learn more, we use that information to drive our own defense for our networks. And artificial intelligence and automation is absolutely 100% part of our plan,” he added.
Sutton noted the Cyber Innovation Warfare Center that is part of the Cybercom 2.0 effort.
That initiative is “really looking at how do we adopt all the innovation that is moving very rapidly in this domain, particularly AI and automation, and how do we operationalize that most effectively in the department? So it’s not just about acquiring a tool or a technology. There’s a lot of non-material aspects that will need to be successful. How do we need to train our workforce to most effectively use that tool? AI is going to change fundamentally what many of our work roles do in this domain. And so how do we develop new training modules? … What doctrine? What new tactics, techniques and procedures do we need to develop to be able to fully leverage these new capabilities?” she said.
She continued: “And so the model of the CIWC is to have an innovation warfare center that can look at technologies that are going to have game-changing effects in our domain, bring in the operational input that General Hartman mentioned, and in a very short term, look at how we need to address everything. We need to adopt that technology, both material and non-material, and then get that into our platforms as quickly as possible. It’ll be our tie to industry. It ties our operational force directly to industry to allow this to happen at the speed at which we’re seeing the capabilities come out.”
Sutton will play a leading role in overseeing the implementation of Cybercom 2.0. She may soon be joined in those efforts by Army Lt. Gen. Joshua Rudd, who President Donald Trump has nominated to be the next Cybercom commander and NSA director.
