“USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.”

“My main focus will be on building the capacity, the capability,  and the critical partnerships required to secure our military’s operational networks. This command is not about efforts to militarize cyber space. Rather, it is about safeguarding the integrity of our military’s critical information systems.”

Gen. Keith Alexander, USCYBERCOM Commander
Nomination Hearing, April 15, 2009


U.S. Plans Cyber Shield for Utilities, Companies

WSJ – By SIOBHAN GORMAN

The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.

Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project…

A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It’s a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.

U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.

Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems—which run everything from subway systems to air-traffic control networks—have since been linked to the Internet, making them more efficient but also exposing them to cyber attack…

The NSA years ago began a small-scale effort to address this problem code-named April Strawberry, the military official said. The program researched vulnerabilities in computer networks running critical infrastructure and sought ways to close security holes.

That led to initial work on Perfect Citizen, which was a piecemeal effort to forge relationships with some companies, particularly energy companies, whose infrastructure is widely used across the country.

The classified program is now being expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration, officials said. With that infusion of money, the NSA is now seeking to map out intrusions into critical infrastructure across the country.

Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said…

Leaking to Intelligence Reporter Siobhan Gorman

Newsweek – By Michael Isikoff, April 15, 2010

In a 10-count indictment, former NSA senior executive Thomas A. Drake was charged with exchanging “hundreds” of e-mails with the reporter and helping her research her stories about the agency between February 2006 and November 2007.

The indictment doesn’t identify the journalist, but a senior law-enforcement official confirmed to Declassified that it is Siobhan Gorman, who at the time of the alleged infractions covered intelligence issues for The Baltimore Sun; she now works the same beat at The Wall Street Journal. Gorman’s stories exposing the NSA’s computer problems—including those in its multibillion-dollar Trailblazer program aimed at identifying electronic data crucial to the nation’s safety—won her a prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2007. (Gorman did not respond to e-mail and phone requests to discuss the case, and a Wall Street Journal spokeswoman declined to comment.)

Among the accusations in the indictment: that between November 2005 and February 2006, Drake set up a special Hushmail e-mail account and (at the request of an unidentified congressional staffer) reached out to Gorman, passing along “classified and unclassified” information from NSA documents. Sometimes, Drake allegedly copied and pasted, or scanned and e-mailed the documents with their classification markings removed…

Drake’s lawyer, James Wyda, a public defender in Baltimore, did not respond to a telephone request seeking comment.

Drake, according to the indictment, served in a number of NSA positions starting in August 2001, when he was hired as the chief of the Change Leadership and Communications Office in the Signals Intelligence Directorate. He later became a Technical Leader in the Directorate of Engineering, where he was responsible for improving efficiency within the agency. In September, 2006, he began teaching at the National Defense University, but he remained a NSA employee until his security clearance was suspended in November 2007.

Although the indictment charges that Drake served as a source for “many” of Gorman’s stories—some of which contained supersensitive signals intelligence or SIGINT information—prosecutors didn’t charge him with violating the Espionage Act, the most serious crime they could have leveled. Instead, they indicted him with willfully retaining classified information that he was not authorized to have, obstruction of justice, and lying to FBI agents about his alleged role as a leaker…

The indictment states that the first story for which Drake allegedly provided information was on Feb. 27, 2006. This appears actually to have been a Feb. 26, 2006 front-page story by Gorman in The Baltimore Sun reporting that two technology programs at the heart of the NSA’s drive to combat 21st-century threats were “stumbling badly” and hampering the agency’s ability to fight terrorism. One of the programs, the story reported, was Cryptologic Mission Management, a $300 milllion computer-software program. Another was code-named Groundbreaker, a multibillion-dollar computer-systems upgrade that frequently got its wires crossed.

As a result of management and technical problems, Gorman wrote, “agency computers have trouble talking to each other and frequently crash, key bits of data are sometimes lost and vital intelligence can be overlooked.” In the same story, Gorman quoted a former NSA employee, who she said was “speaking to a reporter for the first time” under the condition of anonymity. “What I am fearful of is: because of all this, we will have a 9/11 Part II,” the source was quoted as saying…

Articles By SIOBHAN GORMAN in the Wall Street Journal

Other Articles/Interviews By SIOBHAN GORMAN

Senate Defense Bill Veils Cyber Provisions

N’tl Defense Authorization Act Seen as Rapid Path to Infosec Reform

GovInfoSecurity – By Eric Chabrow, Executive Editor,

Hidden within the 854 pages of S. 3454 – the Senate version of the National Defense Authorization Act – are the basic elements of cybersecurity reform, including provisions to update parts of the Federal Information Security Management Act of 2002, the primary law governing IT security in the federal government.

Though S. 3454 is tailored for the Defense Department, unlike its House counterpart that contains IT security provisions aimed at the entire government, the Senate version could serve as a vehicle to reform governmentwide IT security governance when the Senate and House versions of National Defense Authorization Act are reconciled in a conference committee. Many of the IT security provisions in the Senate bill parallel those found in other cybersecurity measures.

Among the similar proposals are requirements to continuously monitor IT systems for vulnerabilities and threats, develop processes to assure the safety of computer software and reduce supply chain risk.

What is in the Senate version of defense authorization related to cybersecurity? Among key provisions:

  • Automation of continuous monitoring of the effectiveness of the information security policies, procedures and practices within DoD’s information infrastructure;
  • Strategy to assure the security of software and software-based applications;
  • Mechanisms to monitor systems and applications to detect and defeat attempts to penetrate or disable IT systems and applications;
  • Strategy in the risk management regarding the supply chain and in operational planning for cybersecurity; and
  • Strategy to rapidly acquire tools, applications and other capabilities for cyber warfare for the United States Cyber Command.

The Senate defense authorization bill does not include – but the House one does – provisions to establish a Senate-confirmed director of a newly created National Office of Cyberspace in the White House..

Related Links:

Text of S. 3454: National Defense Authorization Act for Fiscal Year 2011 (PDF) or read the text on THOMAS.



National Defense Authorization Act for Fiscal Year 2011

Subtitle D–Cyber Warfare, Cyber Security, and Related Matters

SEC. 931. CONTINUOUS MONITORING OF DEPARTMENT OF DEFENSE INFORMATION SYSTEMS FOR CYBERSECURITY.

    (a) In General- The Secretary of Defense shall direct the Chief Information Officer of the Department of Defense to work, in coordination with the Chief Information Officers of the military departments and the Defense Agencies and with senior cybersecurity and information assurance officials within the Department of Defense and otherwise within the Federal Government, to achieve, to the extent practicable, the following:
    • (1) The continuous prioritization of the policies, principles, standards, and guidelines developed under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) based upon the evolving threat of information security incidents with respect to national security systems, the vulnerability of such systems to such incidents, and the consequences of information security incidents involving such systems.
    • (2) The automation of continuous monitoring of the effectiveness of the information security policies, procedures, and practices within the information infrastructure of the Department of Defense, and the compliance of that infrastructure with such policies, procedures, and practices, including automation of–
    (A) management, operational, and technical controls of every information system identified in the inventory required under section 3505(c) of title 44, United States Code; and
    (B) management, operational, and technical controls relied on for evaluations under section 3545 of title 44, United States Code.
    (b) Definitions- In this section:
    • (1) The term `information security incident’ means an occurrence that–
    (A) actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information such system processes, stores, or transmits; or
    (B) constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies with respect to an information system.
    • (2) The term `information infrastructure’ means the underlying framework, equipment, and software that an information system and related assets rely on to process, transmit, receive, or store information electronically.
    • (3) The term `national security system’ has the meaning given that term in section 3542(b)(2) of title 44, United States Code.

The rising sun illuminate polar mesospheric clouds in this picture  taken from the International Space Station while over the Greek island  of Kos in the Aegean Sea. The sun illuminates low clouds that appear  yellow and orange, higher clouds and  pollutants appear white while the  polar mesospheric clouds are seen as light blue ribbons across the top  of the picture

SEC. 932. STRATEGY ON COMPUTER SOFTWARE ASSURANCE.

    (a) Strategy Required- The Secretary of Defense shall develop and implement, by not later than October 1, 2011, a strategy for assuring the security of software and software-based applications for all covered systems.
    (b) Covered Systems- For purposes of this section, a covered system is any critical information system or weapon system of the Department of Defense, including the following:
    • (1) A major system, as that term is defined in section 2302(5) of title 10, United States Code.
    • (2) A national security system, as that term is defined in section 3542 of title 44, United States Code.
    • (3) Any Department of Defense information system categorized as Mission Assurance Category (MAC) I.
    • (4) Any Department of Defense information system categorized as Mission Assurance Category II in accordance with Department of Defense Directive 8500.01E.
    (c) Elements- The strategy required by subsection (a) shall include the following:
    • (1) Policy and regulations on the following:
    (A) Software assurance generally.
    (B) Contract requirements for software assurance for covered systems in development and production.
    (C) Inclusion of software assurance in milestone reviews and milestone approvals.
    (D) Rigorous test and evaluation of software assurance in development, acceptance, and operational tests.
    (E) Certification and accreditation requirements for software assurance for new systems and for updates for legacy systems.
    (F) Remediation in legacy systems of critical software assurance deficiencies that are defined as critical in accordance with the Application Security Technical Implementation Guide of the Defense Information Systems Agency.
    • (2) Allocation of adequate facilities and other resources for test and evaluation and certification and accreditation of software to meet applicable requirements for research and development, systems acquisition, and operations.
    • (3) Mechanisms for protection against compromise of information systems through the supply chain or cyber attack by acquiring and improving automated tools for–
      • (A) assuring the security of software and software applications during software development;
      • (B) detecting vulnerabilities during testing of software; and
      • (C) detecting intrusions during real-time monitoring of software applications.
    • (4) Mechanisms providing the Department of Defense with the capabilities–
      • (A) to monitor systems and applications in order to detect and defeat attempts to penetrate or disable such systems and applications; and
      • (B) to ensure that such monitoring capabilities are integrated into the Department of Defense system of cyber defense-in-depth capabilities.
    • (5) An update to Committee for National Security Systems Instruction No. 4009, entitled `National Information Assurance Glossary’, to include a standard definition for software security assurance.
    • (6) Either–
      • (A) mechanisms to ensure that vulnerable Mission Assurance Category III information systems, if penetrated, cannot be used as a foundation for penetration of protected covered systems, and means for assessing the effectiveness of such mechanisms; or
      • (B) plans to address critical vulnerabilities in Mission Assurance Category III information systems to prevent their use for intrusions of Mission Assurance Category I systems and Mission Assurance Category II systems.
    • (7) A funding mechanism for remediation of critical software assurance vulnerabilities in legacy systems.
    (d) Report- Not later than October 1, 2011, the Secretary of Defense shall submit to the congressional defense committees a report on the strategy required by subsection (a). The report shall include the following:
    • (1) A description of the current status of the strategy required by subsection (a) and of the implementation of the strategy, including a description of the role of the strategy in the risk management by the Department regarding the supply chain and in operational planning for cyber security.
    • (2) A description of the risks, if any, that the Department will accept in the strategy due to limitations on funds or other applicable constraints.

SEC. 933. STRATEGY FOR ACQUISITION AND OVERSIGHT OF DEPARTMENT OF DEFENSE CYBER WARFARE CAPABILITIES.

    (a) Findings- Congress makes the following findings:
    • (1) The cyber space operating domain is characterized by near-speed-of-light actions.
    • (2) Deterrence and defense in cyber space require agility in responding to new threats.
    • (3) Traditional processes and schedules for the acquisition of defense systems are not tailored to meet the speed and agility required for the acquisition of capabilities for cyber security operations.
    • (4) The United States Cyber Command will need to be provided with new or modified tools and capabilities to procure cyber security and cyber warfare capabilities in a timely manner.
    • (5) It is necessary to preserve the independence, discipline, and integrity of the requirements process and the acquisition process.
    • (6) The assignment to a single individual of responsibility as Director of the National Security Agency and Commander of the United States Cyber Command complicates the process of ensuring proper oversight of the establishment of requirements for cyber systems and of the procurement of capabilities for the United States Cyber Command.
    • (7) The sensitive and secretive nature of operations in cyber space, and the unclear boundaries between activities undertaken under the authorities of the Director of National Intelligence and the Secretary of Defense, further complicate the creation of sound oversight processes for acquiring and exercising cyber warfare capabilities.
    (b) Strategy Required- The Secretary of Defense shall develop a strategy to provide for the rapid acquisition of tools, applications, and other capabilities for cyber warfare for the United States Cyber Command.
    (c) Basic Elements- The strategy required by subsection (b) shall include the following:
    • (1) An orderly process for determining and approving operational requirements.
    • (2) A well-defined, repeatable, transparent, and disciplined process for developing capabilities to meet such requirements.
    • (3) The allocation of facilities and other resources to thoroughly test such capabilities in development, before deployment, and before use in order to validate performance and take into account collateral damage and other so-called second-order effects.
    (d) Additional Elements- The strategy required by subsection (b) shall also provide for the following:
    • (1) Safeguards to prevent–
      • (A) the circumvention of operational requirements and acquisition processes through informal relationships among the United States Cyber Command, the Armed Forces, the National Security Agency, and the Defense Information Systems Agency; and
      • (B) the abuse of quick-reaction processes otherwise available for the rapid fielding of capabilities.
    • (2) The establishment of reporting and oversight processes for requirements generation and approval for cyber warfare capabilities, the assignment of responsibility for providing capabilities to meet such requirements, and the execution of development and deployment of such capabilities, under the authority of the Chairman of the Joint Requirements Oversight Council, the Under Secretary of Defense for Policy, and other officials in the Office of the Secretary of Defense, as designated in the strategy.
    • (3) The establishment and maintenance of test and evaluation facilities and resources for cyber infrastructure to support research and development, operational test and evaluation, operational planning and effects testing, and training by replicating or emulating networks and infrastructure maintained and operated by the military and political organizations of potential United States adversaries, by domestic and foreign telecommunications service providers, and by the Department of Defense.
    • (4) An organization or organizations within the Department of Defense to be responsible for the operation and maintenance of cyber infrastructure for research, development, test, and evaluation purposes.
    • (5) Appropriate disclosure regarding United States cyber warfare capabilities to the independent test and evaluation community, and the involvement of that community in the development and maintenance of such capabilities, regardless of classification.
    • (6) The role of the private sector and appropriate Department of Defense organizations in developing capabilities to operate in cyber space, and a clear process for determining whether to allocate responsibility for responding to Department of Defense cyber warfare requirements through Federal Government personnel, contracts with private sector entities, or a combination of both.
    • (7) The roles of each Armed Force, and of the combat support Defense Agencies, in the development of cyber warfare capabilities in support of offensive, defensive, and intelligence operational requirements.
    • (8) The manner in which the Department of Defense will promote interoperability, share innovation, and avoid unproductive duplication in cyber warfare capabilities through specialization among the components of the Department responsible for developing cyber capabilities.
    (e) Report on Strategy-
    • (1) REPORT REQUIRED- Not later than March 15, 2011, the Secretary of Defense shall submit to the appropriate committees of Congress a report on the strategy required by subsection (b). The report shall include a comprehensive description of the strategy and plans (including a schedule) for the implementation of the strategy.
    • (2) APPROPRIATE COMMITTEES OF CONGRESS DEFINED- In this subsection, the term `appropriate committees of Congress’ means–
      • (A) the Committee on Armed Services, the Committee on Appropriations, and the Select Committee on Intelligence of the Senate; and
      • (B) the Committee on Armed Services, the Committee on Appropriations, and the Permanent Select Committee on Intelligence of the House of Representatives.

SEC. 934. REPORT ON THE CYBER WARFARE POLICY OF THE DEPARTMENT OF DEFENSE.

    (a) Findings- Congress makes the following findings:
    • (1) During classified and unclassified testimony before Congress, senior officials of the Department of Defense acknowledged that there is a serious gap between the Nation’s capabilities to conduct offensive and intelligence-gathering operations in cyberspace and the policies and regulations necessary to guide and limit, and provide oversight of, such operations.
    • (2) These senior officials also testified to their belief that the Administration should be able to correct the shortfalls in such policies during 2010.
    • (3) It is vital for the Department of Defense and the President to ensure that the United States Cyber Command operates under the clearest possible rules of engagement and policy directives to prevent mistakes, avoid setting bad precedents, and enable effective actions and responses in defense of the Nation’s interests in cyberspace.
    • (4) It is also vital for the United States to convey to the international community the Nation’s position on deterrence, the exercise of the right of self-defense, acceptable norms of behavior, the responsibilities of sovereign nations, violations of sovereignty, the use of force and acts of war, and other fundamental national security issues associated with cyberspace.
    (b) Report-
    • (1) IN GENERAL- Not later than March 1, 2011, the Secretary of Defense shall submit to Congress a report on the cyber warfare policy of the Department of Defense.
    • (2) ELEMENTS- The report required by paragraph (1) shall include the following:
      • (A) A description of the policy and legal issues investigated and evaluated by the Department in considering the range of missions and activities that the Department may choose to conduct in cyberspace.
      • (B) The decisions of the Secretary with respect to such issues, and the recommendations of the Secretary to the President for decisions on such of those issues as exceed the authority of the Secretary to resolve, together with the rationale and justification of the Secretary for such decisions and recommendations.
      • (C) A description of the intentions of the Secretary with regard to modifying the National Military Strategy for Cyberspace Operations.
    • (3) FORM- The report required by paragraph (1) shall be submitted in both unclassified and classified form.

SEC. 935. REPORTS ON DEPARTMENT OF DEFENSE PROGRESS IN DEFENDING THE DEPARTMENT AND THE DEFENSE INDUSTRIAL BASE FROM CYBER EVENTS.

    (a) Reports on Progress Required- Not later than March 15, 2011, and every year thereafter through 2015, the Secretary of Defense shall submit to the congressional defense committees a report on the progress of the Department of Defense in defending the Department and the defense industrial base from cyber events (such as attacks, intrusions, and theft).
    (b) Elements- Each report under subsection (a) shall include the following:
    • (1) In the case of the first report, a baseline for measuring the progress of the Department of Defense in defending the Department and the defense industrial base from cyber events, including definitions of significant cyber events, an appropriate categorization of various types of cyber events, the basic methods used in various cyber events, the vulnerabilities exploited in such cyber events, and the metrics to be utilized to determine whether the Department is or is not making progress against an evolving cyber threat.
    • (2) A description of the nature and scope of significant cyber events against the Department and the defense industrial base during the preceding year, including, for each such event, a description of the intelligence or other Department data acquired, the extent of the corruption or compromise of Department information or weapon systems, and the impact of such event on the Department generally and on operational capabilities.
    • (3) A comparative assessment of the offensive cyber warfare capabilities of current representative potential United States adversaries and nations with advanced cyber warfare capabilities with the capacity of the United States to defend–
      • (A) military networks and mission capabilities; and
      • (B) critical infrastructure.
    • (4) A comparative assessment of the offensive cyber warfare capabilities of the United States with the capacity of current representative potential United States adversaries and nations with advanced cyber warfare capabilities to defend against cyber attacks.
    • (5) A comparative assessment of the degree of dependency of current representative potential United States adversaries, nations with advanced cyber warfare capabilities, and the United States on networks that can be attacked through cyberspace.
    (c) Performance of Certain Assessments- The comparative assessment required by subsection (b)(3)(B) shall be performed by the Department of Homeland Security, in coordination with the Department of Defense and other agencies of the Government with specific responsibility for critical infrastructure.
    (d) Form- Each report under this section shall be submitted in unclassified form, but may include a classified annex.

Subtitle E–Other Matters

SEC. 951. REPORT ON ORGANIZATIONAL STRUCTURE AND POLICY GUIDANCE OF THE DEPARTMENT OF DEFENSE REGARDING INFORMATION OPERATIONS.

    (a) Report Required- Not later than 90 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives a report on the organizational structure and policy guidance of the Department of Defense with respect to information operations.
    (b) Review- In preparing the report required by subsection (a), the Secretary shall review the following:
    • (1) The extent to which the current definition of `information operations’ in Department of Defense Directive 3600.1 is appropriate.
    • (2) The appropriate location within the Department of the lead official responsible for information operations of the Department, including the designation of a principal staff assistant to the Secretary of Defense for information operations.
    • (3) Departmental responsibility for the development and oversight of Department policy on information operations and for the integration of such operations.
    • (4) Departmental responsibility for the planning, execution, and oversight of Department information operations.
    • (5) Departmental responsibility for coordination within the Department, and between the Department and other departments and agencies of the Federal Government, regarding Department information operations, and for the resolution of conflicts in the discharge of such operations.
    • (6) The roles and responsibilities of the military departments, the United States Special Operations Command, and the other combatant commands in the development and implementation of information operations.
    • (7) The roles and responsibilities of the defense intelligence agencies for support of information operations.
    • (8) The roles of the Assistant Secretary of Defense for Public Affairs, the Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict, and the Assistant Secretary of Defense for Networks and Information Integration in information operations.
    • (9) The role of related capabilities in the discharge of information operations, including public affairs capabilities, civil-military operations capabilities, defense support of public diplomacy, and intelligence.
    • (10) The management structure of computer network operations in the Department for the discharge of information operations, and the policy in support of that component.
    • (11) The appropriate use, management, and oversight of contractors in the development and implementation of information operations.
    (c) Department of Defense Directive- Upon the submittal of the report required by subsection (a), the Secretary shall prescribe a revised directive for the Department of Defense on information operations. The directive shall take into account the results of the review conducted for purposes of the report.
    (d) Information Operations Defined- In this section, the term `information operations’ means the information operations specified in Department of Defense Directive 3600.1, as follows:
    • (1) Electronic warfare.
    • (2) Computer network operations.
    • (3) Psychological operations.
    • (4) Military deception.
    • (5) Operations security.

SEC. 952. REPORT ON ORGANIZATIONAL STRUCTURES OF THE GEOGRAPHIC COMBATANT COMMAND HEADQUARTERS.

    (a) Report Required- Not later than 90 days after the date of the enactment of this Act, the Secretary of Defense and the Chairman of the Joint Chiefs of Staff shall jointly submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives a report on the organizational structures of the headquarters of the geographic combatant commands.
    (b) Elements- The report required by subsection (a) shall include the following;
    • (1) A description of the organizational structure of the headquarters of each geographic combatant command.
    • (2) An assessment of the benefits and limitations of the different organizational structures in meeting the broad range of military missions of the geographic combatant commands.
    • (3) A description and assessment of the role and contributions of other departments and agencies of the Federal Government within each organizational structure, including a description of any plans to expand interagency participation in the geographic combatant commands in the future.
    • (4) A description of any lessons learned from the ongoing reorganization of the organizational structure of the United States Southern Command and the United States Africa Command, including an assessment of the value, if any, added by the position of civilian deputy to the commander of the United States Southern Command and to the commander of the United States Africa Command.
    • (5) Any other matters the Secretary and the Chairman consider appropriate.

Researcher cracks ‘secret’ code in U.S. Cyber Command logo

Related Previous Posts:

New Cyber Attacks Against American Government and Business Networks

White House Cyberspace Policy Review Requires Full Implementation of HSPD-12

Privacy Concerns: Is Einstein Listening and Watching You?

Related Links:

Army Times: DoD Cyber Command is officially online

WSJ: Introducing U.S. Cyber Command

CBS Video:  Cyberspace Security

Info Week: NSA Announces Infrastructure Cybersecurity Program

Computer World: GAO slams White House for failing to lead on cybersecurity


end

About these ads