This new normal formulating from the pandemic, the recent increases in cyber-attacks, and the need to respond in a better fashion to cyber-crime and preserving the overall safety of the internet has set a new imperative for the cyber professional and our society. Establishing resiliency and agility in our thinking, management and systems by all stakeholders (Government, industry and global partners) will be critical to establishing a safe internet that respects privacy, human rights and people globally. Competitors and potential adversaries have exploited Department of Defense (DoD) and other critical infrastructure networks at a high cost in both intellectual property and dollars (SECNAV, 2019). The challenge is how we in DoD will meet this new normal from a cognitive and system thinking perspective to impact change management, operations and policy objectives to establish the strategic resiliency and agility required to meet the challenges presented in the information environment. Furthermore, the U.S. government continues to confront re-emergent and continuing competitions with old Cold War foes like China and Russia that will also require change; while dealing with expanding and constantly-morphing globally-dispersing terrorist groups.
Recent steps by the Biden Administration in supporting recommendations of the Recent Cyber Solarium Commission and Executive Orders on Improving the Nation’s Cybersecurity are a great start to reach what the National Security Telecommunications Advisory Committee (NSTAC) has outlined in a detailed report called Moonshot, a strategy to Make the Internet safe and secure for the functioning of Government and critical services for the American people by 2028” (NSTAC, 2020). Being resilient and agile has become a national security issue and will require strategic and political changes in the coming decade to include improved means of leadership, acquisition, technology development and defense in depth frameworks (Nakasone & Sulmeyer, 2020).
The current patchwork legal framework is ill suited to address the cyber security questions that have arisen in this New – Norm and will require legislative oversight and effective policy making (Cordero & Thaw, 2020). The current Cyber Solarium Commission Report outlines key recommendations that merit further attention by executive and legislative branches:
- need to establish a Bureau of Cyber Statistics
- need to establish a Joint Collaborative Environment for sharing and fusing Threat information
- need to strengthen an integrated Cyber Center within CISA and promote integration with Federal (and International Centers)
- need to establish a Joint Cyber Planning Cell under CISA
- need to Direct DoD to conduct Force Structure Assessment of the Cyber Mission Force
Currently the Marine Corps is leading the Department of Defense in a Zero Base Review (ZBR) of their workforce, as described in FY20 NDAA §1652 tasks DoD components to conduct a ZBR of the cyber workforce (DoDM 8140). The Marine Corps is working with the RAND corporation to better understand how best to integrate their Force structure, as described in the recent Force Design 2030 considerations outlined by the Commandant of the Marine Corps and the Network Modernization Plan outlined by Deputy Commandant Information. This systematic review of structure and the information environment will be required of all DoD and Federal Agencies as well as industry partners with the development of these new Biden Administration regulations soon to be planned for future cyber contracts and operations. However, the Marine Corps is leading the way with their focus on strategic agility and resiliency in moving the information environment to meet these new normal demands and challenges.
This review commenced around the 2019 timeframe and continues today with a focus on doctrinal changes in way of thinking as described in recent Marine Corps Doctrinal Publications (MCDP) on Learning and Competition and described strategic plans (Force Design 2030 & Net Mod Plan). Additionally, the Marine Corps continues work on maturing their network governance, service management and portfolio approach to IT investments by better understanding of enterprise risks, opportunities and threats while optimizing resources in support of application and cloud modernization. Additionally, the Marine Corps has established an enterprise Command & Control (C2) construct for their cyber force implementing industry approach to agile and IT service management (ITSM) while modernizing IT Acquisition Framework under a Naval construct. Figure 1 aligns the thinking applied to how the Marine Corp’s focus to this strategic alignment to a new normal will integrate these methods and means of governance, enterprise risk and a whole new way of systems thinking to its design with the principles outlined in Agile (GAO-20-590G) and good old fashion Marine Corps leadership and tenacity (MCDP-7).
Figure 1 – New Normal Construct
Finally, technologies like Zero Trust, IPv6 and mobility will change the continuous monitoring of the network, so cyber professional can focus more on data and services that include Artificial Intelligence- Machine Learning (AI/ML), security analytics, continuous diagnostics to help improve user entity and behavioral factors to ensure ubiquitous access and information protection. The synthesis of these initiatives and concepts will be critical to developing policy and strategy that supports the outcomes that will set the “new-normal” for success in the cyber domain; in an era of greater peer competition and exponential changes in maintaining democracy and governance in the internet. Making the right choices, adopting the right technologies and smartly integrating these aspects in an effective and agile manner has never been more critical than ever before.