Army Lt. Gen. Stephen G. Fogarty, commander of U.S. Army Cyber Command, provides opening remarks at the Association of the United States Army Hot Topic Forum on Army cyber and networks in Arlington, Va., Sept. 16, 2019. Fogarty will be directly followed by keynote speaker Army Gen. Paul Nakasone, commander of U.S. Cyber Command and director of the National Security Agency.

Transcript

Note: Unfortunately, not all of the introduction is available.

of US Cyber Command and the Director of the National Security Agency but we could not have done this today without the help of our two partners Lieutenant General Steve Fogarty, the Commander of US Army Cyber Command and Lieutenant General Bruce Crawford, the army’s CIO and G-6. Both of them and their terms have helped us shape the agenda for today. Likewise this forum wouldn’t be possible without the other army commands represented here today. Our industry partners, other DOD and government agencies represented and of course our AUSA members. Finally, let’s put our hands together for our sponsor today, Raytheon. We could not do this without our sponsor, Raytheon. (audience applauds) With that introduction, I’d like to kick this off today to kind of set the conditions by asking Lieutenant General Steve Fogarty, the commander of army Cyber Command to come forward and get us started. Steve.

[Steve] Yes sir, thank you. So good morning everyone.

[Audience] Good morning.

[Steve] Truly a privilege to be here today with this great audience, the panel members. I think you’re in for a great day. And we’re gonna kick it off here in a second with General Nakasone. I wanna give a nod out to AUSA, Gerald Swan, thank you for providing the forum that’s going to allow, I think, very good dialogue throughout the morning and the afternoon. What I would encourage everyone to do is press the panelists, ask the tough questions as we go through the day. The intent is to sharpen our narrative. More importantly, sharpen what our actions are as we move forward. So if you look at the 2018 NDS, it’s pretty specific. It states that cyberspace offers state and non-state actors the ability to wage campaigns against American political, economic and security interests without ever physically crossing our borders. So what does that mean to us? How do we actually take that challenge, look at the opportunities that it presents. What I will tell you first of all, we’ve gotta get the right players involved in this and so for the army, that’s really multiple tribes as we call them, that have to come together to be able to integrate what can be disparate activities so that we can reduce the amount of scenes that an adversary can take advantage of. So when I start to look at the tribes, this is not all-inclusive but these are the big boys, I think, that operate in this space on a daily basis. So it’s Signal, cyber, information operations, electronic warfare, PSYOPS, intel, public affairs, space, the fires community and all this really is to enable our commanders to do two things. One is to see the adversary in the cyber domain in the information environment and then also be able to see themselves, because I think that’s one of the holes in our swing over the years, is for our commanders. We do a pretty good job at actually be able to visualize the adversary. What their course of action are, what their capabilities, limitations, how they’re likely to conduct business but sometime we have a difficult time seeing ourselves in this environment, in this space. So that’s one of the things that we’re asking industry, academia, our inter-agency partners to help us with. That’s a constant requirement, is to improve our ability for cyberspace, understanding, situational understanding, not just awareness but understanding. And situational understanding in the information environment. So those are critical requirements. Now, if you look at army cyber, our missions statement is actually pretty straightforward. So it’s integrate and conduct full-spectrum cyberspace operations, electronic warfare, information operations, in order to provide our commanders decision advantage and freedom of movement in the cyber domain and the information environment while we deny the same to our adversaries. So think about that, three principle buckets. Full-spectrum cyberspace operations. We spend probably 90% of our effort on operate and defend our networks because our networks are the foundational weapons system. If our commanders don’t have functional networks, then you don’t have functional persistent ISR, long-range precision fires, effective mission command, just-in-time logistics, fundamental things like medevac that our forces require, particularly the way we operate in a very dispersed manner, generally in pretty small elements across the battlefield. So our ability to do that is predicated upon that Lieutenant or that Captain or that Major at a combat outpost or a FOB some place being able to bring the entire power of the United States to his place on the battlefield at a time of his choosing by simply depressing a handset and calling for support or hitting that send button on his laptop or his palmtop or his wrist-top. To be able to let his partners know where he’s at, know where the adversary is at and then be able to provide a series of options that he can use to maneuver against that adversary. So that is critically important as that network. So that is being able to see the adversary and being able to see yourself. So that’s a critical capability as we move forward. So 90% of our effort is against that. Okay, about 10% is offensive cyberspace operations. That’s where people generally like to take the conversation immediately and we say, look, we’ve got game in there and we’ve used that game but what I will tell you is it’s full-spectrum cyberspace operations that is absolutely critical. Electronic warfare, three principal participants that operate in the spectrum. The intel guys that do collection, the cyber guys who use it, the Signal guys who are responsible for planning and managing all operations in the RF spectrum. Okay, that’s that team for the electronic warfare piece. And one doesn’t have a dominance over the other. They all have to work together and so we have to have the tools, again, allows us to see the adversary’s operations in the spectrum, how we’re operating in the spectrum so that we can plan those operations, synchronize them at a level that we’ve never been able to in the past. And then information operations. So the cyber domain is part of the information environment and what we’re seeing as we’re going out with our commanders, we wanna be able to provide multiple options so they can present the adversary with multiple dilemmas and they have to be able to maneuver to a position of relative advantage in every domain. So whether it’s on the land, sea, air, space or cyber, that’s really what we’re attempting to provide our commanders and what I will tell you is, on a daily basis, we’re not just being asked for some technical capability. We’re being given commander’s intent, we’re given broad tasks and sometimes, the best thing I can do from a cyber side is actually to deliver content. Deliver a message. Maybe the cyberspace operation that I’m going to conduct actually creates some type of IO effect. So it’s our ability to integrate those three to be able to actually provide those commanders that decision advantage that they require to, again, be able to maneuver to a position of relative advantage and then they can conduct a range of operations against the adversary. Now, there are operations that are short of war and we are in a competition, a state of competition every single day. We are operating in the information environment. Maneuvering in the information environment, every single day. And that’s absolutely critical because my principal boss who’s sitting at the front table here, I think is probably gonna talk about the vision for United States Cyber Command and when I look at my army boss, Gerald McConville, my responsibility is to figure out how I’m gonna take cyberspace capabilities, electronic warfare capabilities and information capabilities and apply those against multi-domain operations. So our commanders, our forces can dominate in every environment, in every domain. So for Cyber Command, I’m responsible to enable the cybercomm commander to achieve his goal of persistent engagement and what that allows me to do and really the task that I derive from the Commander of Cyber Command is to be able to operate throughout the entire operational depth of the cyber domain and the information environment. So that is in red space, it is in gray space and it is in blue space. So I gotta be active in all of those environments in order to conduct my operations because I do not want to give an adversary, I don’t wanna cede territory to him, I don’t wanna give him a freedom of maneuver, I don’t wanna give him space that he can operate in to attack me from. So my ability to operate persistently throughout the entire operational depth of not only the cyber domain but the information environment is a requirement that we have. And our ability to synchronize those operations, be able to take something that you physically can’t see and allow a commander to visualize so he understands what’s happening, he understands (audio disruption) that attacking him, something he can’t normally see, that is one of the toughest challenges of all. So as we go through the day, we’re gonna talk about the network and how critical that is to our operations but operations in any domain. We’re gonna talk about the importance of intel because in the cyber domain and the information environment like every other operational domain, intel drives operations. So we cannot afford to have siege. NSA is the greatest enabler, most important partner for CyberComm, on the army side, ISCOM, Intelligence and Security Command is my greatest enabler, my most important partner. So intel was central to everything that we do in this environment. And one of the things I think will come out in the discussion today is, we’re talking about intel and information and the ability to merge these. So when I look at my requirement, it’s not just military intelligence, it’s not just traditional collection that’s gonna give me what I require. What we find is we go out and we buy commercial threat intel. That’s what helps me defend my networks in real-time. I don’t have a billion points of presence on endpoints globally dispersed but we have commercial partners that do and I wanna be able to leverage that just like industry can do. And so we have partnerships that we have built over a period of time that allows me access to that information. The trick is to be able to sense, understand, decide, act and assess faster than the adversary. So it could be a state actor, it could be a non-state actor. In order to do that, I have to be able to use every type of information that’s relevant. Whether it’s traditional military intelligence or something that I can get from industry from academia. So it’s not only the data that’s important but it’s the tools that allow me to create that situational understanding. My ability to turn that into something that commanders can actually visualize and then they can take action to either protect their forces or to exploit an opportunity that I’m able to allow them to visualize. So that’s about as simple as it gets and what we’re gonna do throughout today is we’re gonna unpack that and those different pieces and parts. So I’m gonna stop here and I’m gonna segue into an introduction for someone who actually doesn’t require an introduction. The commander of United States Cyber Command, the Director of the National Security Agency and the Chief of the Central Security Service. Three very tough hats but the ability for one person to be able to synchronize all those activities is absolutely critical. There are very few people that can do that successfully. The person that’s getting ready to come on stage is someone who is incredibly talented and gifted. He has the ability to do that, thankfully for not only DOD but for our nation and as General Swan said, all the details of the medals and awards and job history that’s in your bio but I think what you wanna do is, you wanna listen to our keynote speaker this morning and please join me with a warm welcome for General Paul Nakasone. (applause)

[Paul] Thanks Steve, appreciate it. So it’s good to be back at AUSA I must admit. Coming into the building today, I was thinking, we have been on a journey now for the past decade as an army. And while Steve indicated that, certainly I can talk about the priorities of US Cyber Command and the priorities of the National Security Agency, what I thought I’d do today is to remind us where we’ve been on this journey as an army. Because it has been 10 plus years and I would say that even though we can talk about persist and engage in our ability to both enable our partners and to act, it’s really important for us to take the lessons learned about what we’ve been able to do as an army. Because today, if you take a look at the environment upon which we operate, where our adversaries continue to be increasingly pervasive, are increasingly capable, you know, what are they doing? They’re operating below the level of armed conflict with the idea of stealing our intellectual property, eroding our military overmatch, stealing our personally identifiable information, we can certainly guess at our confidentiality in attempting to interfere within our democratic processes. But this morning what I’d like to do, I certainly would appreciate both Pat and Guy’s ability for me to kind of squeeze in this morning over a fairly significant series of meetings that are heading to the day. But what I would like to talk about is, so what’s the army done to be able to defend our interests in cyberspace? How have we been able to impose costs against our adversary? And how have we learned the lessons over the past 10 years that really have projected us forward? Now what I would offer today is a story of how the army has built, trained and deployed this force and continues to build a powerful force for the future. Is the idea of really three central things that we have focused on. First of all this idea of building both a school and a branch. Now ladies and gentlemen, 10 years ago, I would offer that those discussions were far from settled. They were friction-laden and has a tremendous amount of angst, in terms of what do we do with this idea of cyberspace? But our ability as a service to go after and look at, let’s build a school, let’s build a branch, has been able and has allowed us to make sure that our young people are able to look at cyber and say, hey I have a career within this force. I can one day enter as an E1 and become and E9. Or one day I can come in as a young lieutenant and someday be the commander of US Army Cyberspace. Or I can come in as a warrant officer and be able to ply my trade and remember, central to this conversation early on was this idea of, hey I wanna come in and I wanna work cyber. I don’t necessarily wanna work intel, I don’t necessarily wanna work signal, I don’t necessarily wanna work another branch, I wanna be within cyberspace. So that’s point one. Second piece is this idea of, we need a training platform. How do we train the force? I came in in the mid ’80s. Yes, the mid ’80s, it was a great decade. And I thought about my first rotation to the National Training Center. What a difference that made in our capabilities to look at our force, see ourselves, execute what we’re supposed to do and prepare for future conflict. We’re doing that same idea today in the cyberspace and we’ll talk a little bit today about the persistent cyber training environment and the importance of what this capability is going to bring to what we do. And the final thing I would say is what’s an army without doctrine? What’s an army without doctrine and strategy? That’s among the things we have foundationally done within cyberspace, is ensure that we have a doctrine and a strategy that allows us to have a foundation for what we’re going to do. So we are in a renewed area of great power competition. Our army is going to be called and has already been called on to act within this new domain. But we are no longer building a force, we’re no longer preparing and shaping a force, we now have a force that acts. We have a force that is, every single day, defending our networks, we have a force that is running our networks and not only running them well but also taking a look at the full-spectrum piece of what Steve has talked to, in terms of how do we impose cost against an adversary? And how do we do that necessarily in support of a joint force commander, in places like Iraq and Afghanistan, or how do we do it in terms of being able to support a national objective, like the mid-term elections? So let’s talk a little bit about where we’ve been, where we are and where I think we’re leading to. So let me provide first of all just a current baseline of our force. Let’s look at DOD information network operations. As Steve mentioned, 90% of what we do, I would offer as Commander of US Cyber Command, a majority of what I think about every single day is how do we secure our networks? How do we secure our data? How do we ensure the security of our weapons systems? Now within the army, obviously, Network Enterprise Technology Command, under the command of Major General Maria Barrett, headquarter at Fort Huachuca is our instrumental force in terms of our headquarters being able to do DODA operations, the 1.2 million endpoints that NETCOM has responsibility. Working that in coordination with our higher headquarters, on the Cyber Command but importantly working across the services because when we see vulnerabilities, when we see risks, when we see intrusions in one service, it rapidly moves laterally. And this idea of being able to run a network really well, the idea of being able to have a global placement as does NETCOM with eight brigades in 21 different countries. This is, as Steve mentioned, is foundational of what we do and this ability to have the assurance, to have the reliability and have the operational capability to run a network is sometimes easier said and usually than done but I would tell you, we do that very well and I’ve watched it over the period of 10 years, growing in terms of our ability to not only look at vulnerabilities, react to vulnerabilities but more importantly, get in front of those vulnerabilities. Now closely followed by DODA operations, this idea of defensive cyberspace operations today. 20 different cyber protection teams in our force. Looking and ensuring and being able to not only provide hunting capabilities on our network because these cyber protection teams, the number one thing that they’re going to do is hunt for an adversary and how do they hunt for an adversary? They hunt for an adversary because they have exquisite intelligence. And as Steve mentioned, where does that exquisite intelligence come from? Whether or not it’s intelligence from Security Command whether it’s National Security Agency, whether or not it’s self-generated, this idea of being able to have a cyber protection team, 20 of these teams of which seven are looking at our army systems, is critical what we do for the future. It is also one of the areas over the past decade that I would say has changed perhaps the most. This idea of being able to talk a very, very small element, deploy them forward, being able to establish a reach-back element in the United States and then being able to track and hunt and report on an adversary. This was done exquisitely in the mid-term elections with three different elements being able to move forward into Europe. This is what is different about our defensive space, our defensive cyberspace operations today. This idea of being able to deploy, to be able to project your power, being able to work with a partner nation and say, hey, we have capability, we know that adversaries are within your network and let’s identify them. Now not only are we building 20 teams within our active component but the army reserve and the army guard, 21 different teams. They are starting to come online today and if you take a look at the reporting across the press over the past several weeks and past several months, look at the ransomware attacks in places like Louisiana, in Texas, in Montana and the governor’s calling out who? Calling out the guard to be able to do this. This is a new venue, this is a new capability, this is a new possibility for what we’re doing to build this capacity across our total army force. As we move to defense, let’s move to offense very quickly, in terms of, this is as many would imagine, the focus for many conversations. What are we going to do offensively? We have 21 different teams in our army. Those 21 different teams, whether or not they’re located in places like Georgia or Texas or Hawaii or Fort Meade, they provide options to join force commanders. They provide options to me in defensive of the nation. They’re highly trained, 1,100 people that have come on board over the past several years. These 21 teams provide us, literally, the capability to provide forth projection, to deploy commanders, every single day in Iraq and Afghanistan. But behind all of these teams are the command and control apparatuses that are so important for us to be able to get things done. Whether or not that’s Army Cyber Command, whether or not it’s joint force headquarters, cyber in Fort Gordon. As I mentioned, NETCOM or the 780th that has responsibilities for our force, our offensive force. First IO command. We take a look at full-spectrum operations. Where does information operations fit in? It fits in very, very cleanly with regards to what we wanna do in EW, Cyber and IO and then of course, the Army Cyber Protection Brigade headquartered at Fort Gordon, Georgia. They say, what’s the investment that we’ve made as an army? We make an investment a little less than $2 billion per year for our cyber force and I would tell you it returns much more. Every single year, in terms of its capabilities and its options and its response times. I highlighted it in my opening remarks, this idea of three components that have really been successful for us as an army, as we’ve built this force. Let’s talk about that first component, this idea of building a branch and a school. In fact, we really built the school and we stood up the school before we stood up the branch. What’s been our success over the past five years? Let me share with you those successes. Right now we have been able to, since 2015, train over 332 officers at Fort Gordon. We started with a class of 16 several years ago. We have built it under the leadership of Fogarty and Morrison and now Hersey and a tremendous amount of capability brought in by TRADOC. To go from 16 to well over 300 and we’re looking at 400 officers a year in the near future. So 300 plus commissioned officers that come in. In the future, 200 officers a year, we will anticipate we will train at Fort Gordon but it’s not only commissioned officers, take a look at the warrant officers. Over 100 have been trained since 2015 and now on a pathway for 50 a year as we move out. Then the 17 Charlies, our enlisted force. Well over 250 have been trained over the past several years, moving towards again, a goal of 400 per year. What we’ve been able to do though is take a look at Fort Gordon in a much different light in terms of being able to build the capacity at our cyber school. And I suspect that General Hersey will be able to talk about this later but what I see is this ability to rapidly bring the lessons of what we learn in our force to the school house rapidly. Every day we’re changing in terms of how we conduct our defensive operations. How do we ensure that the defensive hunting techniques that we’re doing in a forward deployed locations rapidly get back into the Cyber Center of Excellence? We’re doing that today. And oh, by the way, how do we ensure that young people that come through and have had the ability to grow in this domain for many years aren’t necessarily going through the same process that we went through, at the basic courses of years ago? Where we train necessarily not to standard but certainly to time. The other piece I would offer and I’m very, very proud of the fact is that the Cyber Center of Excellence has also taken a look at, how do we ensure that we have some type of equivalency and some type of manner to work with our reserve components? National Guard and reserves can’t necessarily come back to Fort Gordon for six months of training. But a very rare, highly-skilled force that’s able to ensure that they meet the equivalencies, why are we not ensuring that that would be the standard for the future? So that’s the first part, as we take a look at our school house. But the other part behind it is the branch. You know, the fact that we have a cyber branch, the fact that we’ve taken a look and said, hey, this is so important to us that we are the newest branch since SOF in the mid ’80s. That’s taken off in terms of being able to take a look at the culture, the capacity, the ability to bring an idea to this new branch, the ability, as I mentioned, for young people to look and say, hey, I’m gonna start out as a cyber ops or as a cyber enlisted soldier and I wanna continue my career throughout that whole period of time. Incredibly important to us. Now if branch and school are the first two elements, let me talk about the second element, which is how do we train? As I alluded to, a foundational impact upon me was this idea of, early in my career, going to the National Training Center and being able to experience an after action review. Seeing the ability for us to plan something, synchronize something and then hopefully execute something. That’s the same idea we’re pursuing now in cyberspace. How do we take the concept of a persistent cyber training environment, a virtual NTC-like commodity and bring it to places like Meade and Gordon and Texas and Hawaii. What does that allow us to do? It allows a young squad leader, it allows a young team leader to come in and re-run a scenario. And we wanna hunt on a certain network, let’s go ahead and build that network to scale, let’s ensure that that network is exactly like that the network we’re gonna hunt on and then let’s train. What do we do so well as an army? We train, we train to standard, we train to an ability to get to an outcome. This is the same idea that we’re pursuing with regards to the persistent cyber training environment and oh, by the way, this idea of doing after action reports is not lost on those of us that have grown up in the army doing that. So how do we bring the same concept of experiential learning to a virtual reality upon which we operate? So important to us and then, if you’re an offensive team, how do you actually take a look at the network you’re going to have to access, move through and then get to some type of effect at an end state? How do we do that, how do we ensure that we are looking at every single angle, in terms of what we wanna do? We can’t do that in real life but we certainly can do it within the concept of a persistent cyber training environment. This ladies and gentlemen for us will be among the most important items that will come on board within the next six to 12 months that will drive our readiness. We see it so clearly, we see it from the young teams that have already operated within this space and we see the ability for them, again to bring their teams down, to do the individual and most importantly that collective training that’s so important to us as an army. And then finally, as I mentioned, what’s an army without doctrine, without strategy? Joint pub 312 guides us for cyberspace operations. The army has already written their field manual, field manual 312 that looks at this. But the interesting thing about where we’re going as an army today is this idea of, how do we take at look at not only what we’re going to do for the joint force, not only what we’re going to be able to do in support of combatant commands like US Cyber Command but how do we operate at the Brigade combat team and below? How do we ensure that the information operations, the capabilities upon which we impact social media, how do we take a look at these early lessons learned that cyberspace teams that have already deployed with Brigade combat teams to the National Training Center and Joint Readiness Training Center are gonna be able to leverage that? We’ve written that down, we’ve been able to capture it, this idea of a cyberspace army for our army, our cyberspace strategy for our army, this idea of an integrated framework of intel, cyber, EW and IO. Critical pieces of where we need to go. What Steve Fogarty has talked about for several months is now part of what we’re talking about in our doctrine. In the early standup of a cyber warfare support battalion at Fort Gordon that brings together the ideas of information operations and EW and cyber. It’s no longer an idea, it’s based upon the foundational strategy and it’s actually a unit that’s operating today. So those three components, whether or not it’s a branch and school, whether or not it’s training, whether or not it’s strategy and doctrine, what has it lead to? Well let’s take a look at the report card over the past 10 years. First service to build, to standard, 41 different teams across all the Department of Defense? The United States Army. Secondly, when we were looking at joint task force areas, the standup of a capability to go against ISIS offensively, who did US Cyber Command point to? Army Cyber Command. Every single day, as we take a look at operations in Afghanistan and Iraq and other places within central command, leveraging the capabilities of our Army Cyber. And it’s not only the teams but it’s also the capabilities that have been developed over the past decade. What intelligence and security command has done, early on, has now been leveraged for us in being able to create effects in and through cyberspace. And the last thing, the mid-term elections of 2018. One of the key players, an army team that was able to get onto net and provide effects in support of the defense of our mid-term elections. So those are the results that we’ve had with a very, very small amount of investment. But the important thing is that we’ve been able to bring together our strengths. We’ve been able to bring together our strengths of leadership, we’ve been able to bring together our strengths of other army commands that have been able to support us, whether or not it’s been FORCECOM or Training and Doctrine Command, Army Material Command, we’ve approached this as an army in terms of seeing the future and understanding how important this is, not only to our service but the nation. But ladies and gentlemen, I would be remiss to say we’re on a journey and we’ve been on a journey for the past decade and as US Cyber Command gets ready to celebrate its 10 year anniversary next spring, I think we can safely say that our adversaries will continue to operate below the level of armed conflict. That they will continue to operate with speed and agility. And that they will continue to adapt to this change. But for that, our army must be as resilient and as ready as we’ve always been. And so as we look at cyberspace today, I’m left very, very pleased with the idea that we will continue to make, for many years, a contribution. A contribution in supporting our army, supporting our joint force and supporting our combatant commands. And so with that I would close by saying, the best is truly yet to come. Ladies and gentlemen, thank you very much I appreciate it. (applause). Thanks Guy.