recommended reading

Air Force chief of staff concerned about cybersecurity ‘black hole’

Gen. Mark Welsh

Gen. Mark Welsh // United States Air Force

The Air Force's chief of staff expressed concerns that the Pentagon is moving on cybersecurity spending without a coordinated plan on how defense agencies should deal with threats to sensitive networks, Foreign Policy reports.

Gen. Mark Welsh spotlighted the Air Force’s lack of direction on how it was expected to operate in the digital realm. He told FP, “I don't know of a really stated requirement from the joint world, through U.S. Cyber Command in particular, as to what exact kind of expertise they need us to train to and to what numbers to support them and the combatant commanders.”

While Welsh did not say he opposed computer security spending, he voiced reservations about procurement and spending without clear rules of engagement, according to the report. "I'm just not sure we know exactly what we're doing in it yet, and until we do, I'm concerned that it's a black hole," Welsh said. "I'm going to be going a little slow on the operational side of cyber until we know what we're doing.” He spoke at an Air Force Association-sponsored conference outside Washington.

The federal government hasn’t articulated how it intends to let agencies play both offense and defense in cyberspace, even as it begins to explore aggressive tactics more openly.

There are hints that various moving parts are falling into place, paving the way for the foundations of a more cohesive strategy. The U.S. Cyber Command is inching toward being elevated to full combatant command status, a move that would give it more access to resources and the Pentagon’s top brass. Computer and network attacks can be classified as armed offensives that trigger the right to self-defense, State Department legal adviser Harold Koh said this week, in a move that laid down an early legal framework for approaching the digital realm.

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.