Pentagon Advisers Want Cyber ‘Tiger Teams,’ More Authorities for Cyber Command

National Security Agency and Cyber Command chief Adm. Michael Rogers testifies on Capitol Hill in Washington, Thursday, Jan. 5, 2017, before the Senate Armed Services Committee hearing:


AA Font size + Print

National Security Agency and Cyber Command chief Adm. Michael Rogers testifies on Capitol Hill in Washington, Thursday, Jan. 5, 2017, before the Senate Armed Services Committee hearing:

Pentagon advisers: We need more infrastructure cybersecurity. Congress: We want more election-hacking security.

U.S. critical infrastructure and military responsiveness is at such high risk to Chinese and Russian hacking that Pentagon advisors are recommending a special task force, or “an offensive cyber capability tiger team,” to help the military acquire new weapons of cyberwar. But the real worry for senators on the Armed Services Committee, who heard from Defense Science Board members Thursday, was not how to respond to Russia shutting off the lights but how to respond to an attack like the DNC hack and John Podesta hack — attacks on sovereignty that are not necessarily an act of war.

While the group came to warn Congress about attacks to things like the U.S. electric grid and other “vital U.S. interests,” Senators John McCain, R-Ariz., and Elizabeth Warren, D-Mass., quickly brought the discussion to the intelligence community’s assessment that Russia was using spearphishing campaigns to destabilize elections, both in the U.S. and abroad. “If an enemy or an adversary is capable of changing the outcome of an election, that’s a blow at the fundamentals of that country’s ability to govern,” said McCain. “The election is a system of democracy… if you destroy it then you have basically dealt an incredible blow to the country, which is far more severe than shutting down an electrical grid.”

“Describe the range of options the U.S. has for deterrence,” against that sort of thing, demanded Warren.

Jim Miller, a member of the Defense Science Board and a former under secretary of defense for policy, squirmed a bit at the question. “One thing we want to do is deny the benefits” of that sort of operation, he said. “Getting that information out earlier would have been very helpful.”

The board is a group of civilian experts who advise the Department of Defense on technical matters. On Thursday they presented a new report on cyber deterrence.

The military conversation about cyber capabilities and threats (at least the conversation that the public hears) is typically big on buzzwords and small on substance. The most recent report breaks somewhat from that tradition. “Major powers’ (Russia and China) have significant and increasing ability to hold U.S. critical infrastructure at risk or otherwise use the information domain to harm vital U.S. interests, and their more limited but growing capability to thwart our military response through cyber attack,” it concludes.

The proposed tiger team would “develop options and recommendations for improved and accelerated acquisition of scalable offensive cyber capabilities, including additional authorities to USCYBERCOM, and the establishment of a small elite rapid/special acquisition organization.”

The idea echoes what U.S. Cyber Command head Adm. Michael Rogers has said he wants to do with CYBERCOM in the years ahead. Rogers would structure Cyber Command teams much more like special operations forces and give commanders more license to use offensive cyber weapons, the same way you would use regular weapons largely determined by the guy with the gun or his immediate superior.

“At the moment, we tend to differentiate between the offense and defense,” Rogers said last month at the WEST 2017 conference, in San Diego.  “Offensive cyber in some ways is treated almost like nuclear weapons in the sense that their application outside of the defined area of hostility is controlled at the chief executive level and not delegated down. What I hope to see in the next five to seven years is can we engender enough confidence in our decision makers and policy makers … you should feel comfortable pushing this down to the tactical level.”

Rogers means he wants fast reaction cyber-squads answering to combatant commanders and outfitted with better tools. On the defensive side, he stressed a need for “machine learning at scale,” using robust artificial intelligence methods applied to detecting and understanding what the enemy is doing and what new tools the enemy is working with. On the offensive side, Rogers said he wants to go to industry for more.

“In the application of [conventional] weapons, we go to the private sector and say, build us a JDAM [a Joint Direct Attack Munition]. On the offensive side [in cyber] to date, we do all of our development internally… is that a sustainable model?” he asked.

The newly released task force report sounds a similar note to Rogers. “Rapidly establishing and sustaining an array of scalable offensive cyber options, including strategic cyber options, will require a different approach to acquisition … Because target systems and software can change, sometimes unexpectedly and at a moment chosen by the adversary, a quick reaction capability with flexible acquisition authorities will be essential.”

Needless to say, throwing lots of money at private outfits to develop break-in tools for adversarial networks, databases, devices, etc. will likely prove controversial since civilians may use similar networks and devices. If you find the perfect hack against, say, a Cisco networking product, can Cisco sue you for damages? Can Cisco customers sue you if an outside party then uses the access tool you developed to steal their data? It’s one reason why following the rules of armed conflict becomes much harder when the battle terrain is, in part, other people’s phones and equipment and not physical space.

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.


When you download a report, your information may be shared with the underwriters of that document.