ARLINGTON, Va. – Cybersecurity is experiencing a dramatic transformation. What was once primarily the domain of IT specialists has evolved into a collective responsibility for all defense personnel. Each member now plays a crucial role in fortifying the digital realm against looming threats.
“We have shifted from a mindset of cyber just being something on the side,” said Gurpreet Bhatia, the Department of Defense’s principal director for cybersecurity and one of four senior leader panelists who underscored the point at a recent National Guard Bureau town hall. “It drives missions and assures mission success.”
Cyber defenders have traditionally focused on protecting vital military assets like fighter jets and satellite systems, said Air Force Col. Jack Johnson, director of intelligence and cyber effects in the Air National Guard’s intelligence and computers directorate. However, he highlighted an alarming trend in which near-peer adversaries and lone operators have broadened their scope to target military personnel.
Johnson offered a poignant example, illustrating how hackers could target senior military leaders, potentially siphoning funds from their bank accounts and tarnishing their online presence through social media manipulation, impairing their ability to lead.
“Just as we would look at what and who an adversary’s center of gravity is, they are doing the same thing toward us,” Johnson added. “So, we need to be aware of that and counter it.”
Good cybersecurity habits, otherwise known as “cyber hygiene,” ensure external adversaries and insider threats don’t get a leg up on a unit, according to Leonel Garciga, Army chief information officer.
“If you’re leaving your common access card [in a network computer] when you leave your workstation, you failed the test. If you turn on a secured network computer, open a window that folks outside can see in, you failed the test,” Garciga said. “It’s not defensive cyber stuff or next-level security. It’s what we’re supposed to be doing day-to-day.”
Adhering to a routine, however, is not enough to support the warfighter, said Kenneth McNeill, the chief information officer with the NGB’s communications and computers directorate.
Keeping a vigilant mindset and not being comfortable “every single day at every level” is “the way we do business,” he said.
Even with the technological wonders that come with cyber, it’s leadership that’s going to elevate or jeopardize a cyber enterprise.
“Do we need to have the tools on the network to do the things we do? Absolutely,” said McNeill. “[But] if you don’t have the tactics, techniques and procedures in place, and leadership doesn’t emphasize that, we’re going to have a problem.”
The panelists also discussed enhancing global partnerships in the cyber battlefield to counter the actions of adversaries.
“They are exponentially accelerating their speed of going after every single opportunity, every single vulnerability they can find,” said Bhatia. He noted that cyber warfare is a “global sport, so we need our allies and partners to be on board to defend this space.”
This gets done, he said, with diversity of thought and trust among all cyber defenders.
“Allies and partners really bring diversity in how we approach and tackle problems,” Bhatia said. “It all relies on building that foundational trust that we can operate together in a very safe, secure manner of sharing information and opinions.”
Recent conflicts have highlighted the importance of cyber cooperation.
“What we are seeing right now, whether we’re talking about Ukraine or Israel, is just proliferation of online capability,” said Garciga. “It’s starting to recast what the world looks like in terms of cyberspace and not just cyber hygiene.”
Bhatia said raising and maintaining awareness about the global implications of cybersecurity through required training is paramount regardless of one’s position.
“We live in a world where we need cybersecurity — from your PC to your iPhone, all your routers and devices you bring into work,” he said.
For Bhatia, forums like the one he and other panelists participated in prove that cyber is no longer an afterthought in the defense ecosystem.
“We are building a different culture now that demands cybersecurity is part of our normal, day-to-day conversation,” he said.