If the nation were forced to defend itself against a catastrophic cyberattack, Lt. Gen. Edward Cardon said there must be teamwork between federal agencies and the private sector.
Amid the onslaught of cyberthreats faced by federal agencies, the potential for an even larger and more sustained catastrophic version of a digital attack has become an increasingly real possibility.
If such a scenario were to took take place, the Defense Department would certainly play a lead role in the response. But it likely couldn’t do it alone, according to Lt. Gen. Edward Cardon, commanding general of the Army Cyber Command.
“It’s not solely going to be a DOD problem,” he said this week at a New America Foundation event on cybersecurity.
Despite the fact that his organization increased exponentially in a year -- going from only two functional units, to its current 25 -- a large-scale nation-state-directed cyberattack magnitude could likely not be defeated without significant teamwork across the federal government and the private sector, according to Cardon.
The only problem is the government is still taking baby steps toward greater collaboration with the private sector and even personnel- and resource-sharing between federal agencies themselves can still be spotty.
“I think eventually where we’re going to have to get to is a much closer relationship between government and private for these true World War I-type events,” Cardon said.
In its current format, teamwork between federal agencies remains a challenge because different agencies are simply not equipped to collaborate, according to Cardon.
For example, a National Security Agency analyst's request to work for a year on rotation at the Army Cyber Command isn’t as simple as it might sound. The two organizations' personnel systems are unable to interact.
“We’re not set up that way,” Cardon said.
Collaboration between federal government and private industry brings with it even more red tape. But the opportunities for collaboration appear to be slowly improving.
Cardon predicted within the next year, there will be a cyber career field in the Army, specifically targeted for civilians. This will likely mean cutting down the number of required enlistment years, so that someone from the private sector has the option of signing on for only two years, instead of the typical six.
It will also likely require more fluidity when it comes to the Cyber Command’s positions and duties.
“Right now, when you’re hired, you’re hired against a very specific position, with a very specific well-defined route, and that’s not really what we need in this space,” Cardon said.
Bringing more private sector IT personnel into the federal sphere, especially for short stints, will likely help to strengthen the relationship and thus collaboration between these entities.
This is a necessary partnership, according to Cardon, in order to be better prepared for more severe cyberattacks.
“If it’s truly that big, there’s no way the Department of Defense is going to be able to do this without having some sort of an interrelationship with government and private,” he said.