Military to Deploy Units Devoted to Cyber Operations

By DAVID E. SANGER

ASPEN, Colo. — The Defense Department’s second-ranking official said on Thursday that the military is about to deploy roughly 4,000 people in the Pentagon’s first units devoted to conducting cyberoffense and defense operations, a new mission that formalizes America’s use of a class of weapons that the Obama administration has rarely discussed in public.

“I wanted to start this fast,” the official, Ashton B. Carter, the deputy secretary of defense, said at the opening of the Aspen Security Forum, an annual meeting on domestic security. Even at a time of budget cutbacks, he said, “we’re spending everything we think we can spend wisely” on developing the skills to conduct and defend against cyberattacks from abroad.

The New York Times is a media sponsor of the forum.

In a wide-ranging interview, Mr. Carter also said that after examining how Edward J. Snowden, a former contractor for the National Security Agency, downloaded top-secret material about American surveillance programs, the Defense Department had already ordered new protections against what he called “the insider threat.”

First among the new procedures is a “two-man rule,” based on the model of how nuclear weapons are handled, which requires two computer systems administrators to be working simultaneously when they are inside systems that contain highly classified material. No individual, he said, would be able to download the material without the other one signing off, much as two technicians must sign off on work on warheads.

“This was a failure to defend our own networks," Mr. Carter said of the Snowden case. “It was not an outsider hacking in, but an insider." The lesson, he said, was that even systems administrators, who have wide-ranging access, must not be able to operate “all by themselves.”

Mr. Carter, a physicist and former Harvard professor who has worked at the Pentagon since the beginning of the Obama administration, blamed the problem largely on decisions made after the investigations into the intelligence failures surrounding the Sept. 11, 2001, terrorist attacks. Those attacks were blamed in large part on the reluctance of intelligence agencies and the Federal Bureau of Investigation to share information. Now, he said, the sharing had gone too far, because the United States puts “enormous amounts of information “in one place, a practice that may be accelerated as agencies put more data into cloud systems.

That enabled Mr. Snowden, working largely from an N.S.A. outpost in Hawaii, to download everything from details of the PRISM surveillance system to the text of a secret order from the Foreign Intelligence Surveillance Court, whose rulings are supposed to remain classified.

The question of whether intelligence-sharing had gone too far — away from traditional compartmentalization — was debated in 2010 after the revelations by WikiLeaks, based on huge databases that were downloaded by Pfc. Bradley Manning. At the time, the Defense Department promised changes, including putting in alarm systems that would be activated when large amounts of data were downloaded by an individual.

Mr. Carter strongly suggested that those changes, which also included Pentagon videos and 250,000 State Department cables, were insufficient. But his call to recompartmentalize is bound to raise questions about whether the government is restoring a system that, ultimately, was blamed for many of the failures to “connect the dots” before the Sept. 11 attacks, when the FBI and the intelligence agencies were barely sharing critical information.

The description of the Pentagon’s new cyberteams — which will be under the command of Gen. Keith B. Alexander of the Army, who both heads the National Security Agency and United States Cyber Command — was the most detailed yet of one of the military’s most closely held projects.

The administration recently conceded that it was developing cyberweapons. The best-known example is the covert effort called “Olympic Games,'’ which the Bush administration used against Iran’s nuclear program during the Bush administration. The Obama administration accelerated the program, but suffered a major setback when a computer worm, later named Stuxnet, escaped from the Natanz nuclear enrichment plant in Iran and replicated itself on the Web, where the Iranians and others could download the code that was developed by the N.S.A. and Israel’s Unit 8200, the equivalent of the N.S.A.

Future operations run by Cyber Command, Mr. Carter suggested, would be focused on the teams. “The teams are new, and they are in addition to the N.S.A. work force,” he said. While they may ultimately be modeled on Special Operations, which provide fighting expertise to supplement traditional forces, for now the cyberforce will be drawn from members of the military services.

The cyberforces are inexpensive, Mr. Carter argued. But their very existence, which General Alexander alluded to in Congressional testimony this year, is bound to be cited by other nations that are justifying the creation of their own cyberunits. The People’s Liberation Army in China has a major effort under way; its Unit 61398 has been accused of stealing corporate secrets and intellectual property from American companies, as well as planning for potential attacks on American infrastructure. Iran has created its own cybercorps, which has been blamed for attacks on Saudi Aramco, a major oil producer, and American banks.

Twenty-seven of the 40 new teams will focus on cyberdefenses, General Alexander has said. Thirteen will be directed toward the creation of new cyberweapons. Included among the documents that Mr. Snowden made public was a presidential directive, signed by Mr. Obama last fall, providing guidelines for conducting both defensive and offensive operations. It reserves to the president the decision about whether to conduct cyberattacks.

Thursday, July 18, 2013