I was privileged to attend a super event at the Center for Strategic and International Studies (CSIS) on Monday. They hosted Vice Adm. Barry McCullough, Commander of U.S. Fleet Cyber Command and U.S. 10th Fleet (both Navy cyber organizations). It was in the main a normal “command brief,” but McCullough’s forthrightness made it much more.

McCullough has had a stellar career as a Navy surface warfare officer. The officers in that field are known for their no-nonsense way of doing business, but the Vice Adm. is clearly in a class by himself. His commands “own” a wide portfolio of electronic issues for the Sea Service. He has Info Ops, SIGINT, Electronic Warfare, Networks, Space Ops, Information Assurance, and Cryptography.

That is a huge plate. Grouping these skills/missions together makes perfect sense, but it is an enormous task regardless.

McCullough opened his remarks by telling the industry audience that after several months, he is beginning to understand the problem set. He emphasized that anyone who thinks there is a quick technological fix to this is dreaming. It will be a long slog and a tough one. He also admitted that while cyber is a domain, he looks at it as a battle space, so he can maintain his orientation as a war fighter and as a provider of direct support to other war fighters.

His three main areas of focus are to protect the Navy’s networks and cyber capabilities, to facilitate the offensive operations, and to produce non-kinetic effects when they are called for.

While there are lots of “good” activities ongoing right now, McCullough said that no two are alike. There is a need for some sort of standards and standardized procedures across the space. One set of initiatives that is needed in the Navy is a relook at their career management. Confessing that he always thought that “every sailor” needs to go to sea, he sees now that he was wrong. It takes too long to educate and train experts in cyber. To do so and then send them away to a new assignment after two to four years of utilization is not wise. Even for the officers in this field, the Navy has to stabilize their personnel or waste huge amounts of money and time.

The Vice Adm. also noted five areas to which he is paying as much attention as possible:

  • Keeping an operational mindset, vice a “support” view;
  • Refining the Command and Control (C2) relationships between himself and his regional/geographic counterparts;
  • Obtaining and maintaining situational awareness of the cyber battle space;
  • Understanding and properly using the present authorities (he has Title 10, Title 50, and even some Title 14 authorities); and
  • Developing a way to operate in real time (computer fast).

These are the right priorities for the Navy (and other services too) right now.  McCullough emphasized that all the services were working together on this challenge.  None of them had all they needed to address it alone, so their joint cooperation was the key.

He wrapped up with an acknowledgement that there were huge definitional issues still to be resolved. It is easy to talk of computer network attacks, but being able to execute them without lots of unintended consequences is very difficult.

Bottom line: The Navy is moving in absolutely the correct direction, with the right man at the helm.  McCullough’s recognition that they are not there yet is not just accurate, it is crucial to ever getting there.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More