A key aspect he's been looking to incorporate into Fleet Cyber Command: integrating with the Navy's other numbered fleet commands to mix cyber into operations afloat and ashore, around the world, regardless of mission or locale.
That's just one area Gilday highlighted in a recent conversation with C4ISRNET Editor Amber Corrin, in which he also talked top priorities, major challenges and how the command is central to Navy intelligence operations.
C4ISRNET: You're about seven months into your role at Fleet Cyber Command. Can you give us a lay of the land and a sense of who you are and what you do?
Vice Adm. Mike Gilday: In terms of numbers, we are about 15,000 officers and sailors spread across commands globally. We've got three primary missions. The first mission is to operate and defend the Navy networks in our ship-to-shore communication systems. That also includes the operation of Navy spacecraft; so satellites that provide global telecommunications for our deployed operational forces.
So that's the first mission. The second is to conduct tailored signals intelligence collection and the creation of actionable intelligence and surveillance information from that collection. Our primary customers are our operating forces for around the globe.
And our last mission is to plan for and, when directed, be prepared to deliver effects in entering cyberspace in support of combatant commander and national objectives.
C4ISRNET: Signals intelligence and surveillance operations aren't necessarily the first things that come to mind when you think about the service cyber components.
Gilday: On a day-to-day basis in terms of the signals intelligence, or SIGINT, there really is an inextricable linkage between signals intelligence and cyber operations. There is a symbiotic nature where they can really feed each other. But signals intelligence, that's the collection of intelligence from the [radio frequency] spectrum and then also through cyberspace. You can see where that would actually help us get a better understanding of cyber operations from both the offensive and the defensive perspective as we collect information and in a foreign environment.
We do not do any domestic collection. This is all done in foreign space. It serves a couple of purposes. The first is we gather that signals intelligence to get an understanding of what adversaries are doing. We can inform our four deployed operational units in real time on things that are going on. Secondly, it feeds directly into our understanding of cyber actors and their potential actions against us, as well as potential targets that we may be able to exploit.
C4ISRNET: Can you tell us about some of the priorities you've carved out during your time so far at Fleet Cyber Command/10th Fleet? What are your top goals right now?
Gilday: My top priority is really to be in a position to deliver at a high degree of effectiveness across all of those mission areas on a 24/7 basis. Tenth fleet is a warfighting fleet just like our other fleets. But one of the differences with 10th Fleet as opposed to the rest of the operational Navy is that we have to maintain a sustained
24/7 level of effectiveness across all of those mission areas. Our telecommunications have to be up all of the time. They have to be defended all of the time. We are always collecting signals intelligence and generating actionable intelligence. We have to be in a position to provide effects through cyberspace when called.
The way we differ from the rest of the Navy is if you consider our air wings and our ships and our submarines — they are on more of a cyclical readiness cycle, right? They deploy for a number of months. Then they come back home. They're at a maintenance cycle, then they ramp up again through a training cycle before they deploy again. We never ramped down. We were always in a constant state of high readiness.
To be in a position to provide that, at the state level, it is really my top priority because 10th Fleet in each of those mission areas is really supporting the rest of the Navy both ashore and afloat. That really is my top priority — to be able to provide uninterrupted command and control capability across the rest of the Navy.
C4ISRNET: You've talked about your support to the Navy. What about your support to U.S. Cyber Command — what does that structure look like?
Gilday: We have 40 cyber mission teams split between the offense and the defense. Right now, the goal of U.S. Cyber Command is to have all 133 teams in Cyber Command leads at FOC, or full operational capability, by the end of fiscal 2018. For Fleet Cyber Command in our force teams, 25 of our force teams are already FOC. We estimate that those remaining 15 teams are well on track to be FOC in fiscal 2018.
In terms of the offensive teams, our offensive teams all fulfill joint requirements for Cyber Command. For our defensive teams, most of our defensive teams fill a joint requirement for Cyber Command. However, we do have six cyber protection teams that are what we call service-retained. They are specifically under my direction for use in Navy-specific missions.
C4ISRNET: What would you say are some of your top challenges right now — and how are you tackling them?
Gilday: In terms of our top priority, it is really defense, right? The defense of those networks and those global telecommunication systems. I'd characterize the challenge as how the threat is evolving. There are a few trends that we see that are really clear.
The first is there is a rapidly increasing number of malicious actors that are on the internet. I wouldn't say that the vast majority of those are criminal in nature. But, that criminal activity still targets us just like it targets everybody else. There are also nation-state actors out there specifically looking to target [the Defense Department] for their own national interests and their own national objectives. We see a rapid rise in the number of malicious actors on the internet.
The second is that we see likewise a rapid rise in the capabilities available to these actors. A new piece of malware, for example, is introduced [something like] every few seconds out there on the internet. Some of this malware is available to download for free. A lot of it is available at low cost.
You can see where you essentially have different weapons that are available on an hourly and daily basis to actors out there that have malicious intent. So it's a rapid rise in actors and a rapid rise in capabilities. Then a difficulty that we have is the challenge for law enforcement to pursue these threat actors — because there are so many of them. Across national boundaries, [there's a] lack of international norms in cyberspace that give you the framework to rapidly pursue somebody from a criminal nature and to bring them to justice.
The last trend is that we see an increased use of automation on the offensive side. Because of new technologies like artificial intelligence, there is the ability to automate the delivery of malware across the internet and across the broad IP space. Whether that is DoD IP space, a Navy IP space or a commercial IP space.
Those trends are an increasing challenge for us to keep up with. One of our priorities is to continue to rely on automation to help us with the defensive side. This again is taking advantage of new technologies associated with artificial intelligence that allow us, in an automated way, to detect and respond to threats that are coming at us at a higher volume and with an increased degree of lethality, if you will.