Pentagon to Create Command Focusing on Cyber Security

By Spencer S. Hsu and Ann Scott Tyson
Washington Post Staff Writers
Wednesday, April 22, 2009; 4:24 PM

A spokesman for Defense Secretary Robert M. Gates confirmed today that the Pentagon plans to reorganize itself to confront the "persistent and growing" problem of cyber attacks, creating a new command focused on protecting military computer networks and fielding new offensive cyber-warfare weapons.

"There has been discussion within the department -- to include the secretary -- to see if we are best organized to handle this challenge," Pentagon spokesman Bryan Whitman said. "Have we focused enough resources to deal with the challenge?"

For example, the U.S. Strategic Command now has lead responsibility for protecting military networks, Whitman said. However, the command, which is known as StratCom and is one of 10 Pentagon "unified commands," also has other missions, including managing the nation's nuclear arsenal, defending U.S. interests in space and coordinating global missile defense plans.

While the department is not considering creating an 11th combatant command, it could put a second command under an existing one, making the commander responsible for both, Whitman said.

"StratCom has cyber security as one of many things that they are responsible for," Whitman said. "There are other command arrangements that you can have that would bring greater emphasis and focus to it," such as a "a sub-unified command or some other type of command structure that would be more narrowly focused on this specific challenge," he said.

Besides StratCom, the National Security Agency and Defense Information Systems Agency also share cyber-security responsibilities, with the NSA possessing some of the most sophisticated personnel and tools.

Whitman added, "No decisions have been made . . . but it certainly merits and is worthy of review."

The Pentagon recently requested funds to train up to 250 cyber experts a year by 2011, up from 80, he noted.

The U.S. military's 10 unified combatant commands include all military branches and cover different regions of the world, as well as functions such as transportation and Special Operations. Some of these unified commands have subordinate commands under them to provide focus on specific missions. For example, the U.S. Pacific Command has a subordinate command with responsibility for U.S. forces in South Korea. The Pentagon plans do not involve the Department of Homeland Security, which has responsibility for securing the government's nonmilitary computer domain.

News of the proposal comes on the heels of a 60-day White House review of cyber-security efforts. Melissa E. Hathaway, an aide to President Obama who serves as acting senior director for cyberspace for the National Security and Homeland Security councils, is addressing a global information security conference this afternoon in San Francisco but is unlikely to go into specifics while the president is still reviewing findings.

Federal agency deputies are expected to meet Friday to consider the recommendations of the review team. The Pentagon may announce its changes in following weeks, sources said.

The Bush administration in January 2008 outlined a National Cyber Security Initiative, much of it classified, that called for about $17 billion in spending. Following a series of computer intrusions in the United States and overseas and mounting concern over the capabilities of hackers in China and Russia, Mike McConnell, then-director of national intelligence, last year recommended to Gates the establishment of a national cyber command.

© 2009 The Washington Post Company