Home : Media : Speeches

Adm. Winnefeld's Remarks at the STRATCOM/AFCEA Cyber & Space Symposium

By As Delivered by Admiral James A. Winnefeld, Omaha, Nebraska
ADMIRAL JAMES WINNEFELD: Good morning. Good morning. I’ve checked the seats, and they seem to be somewhat comfortable. I don’t know if that’s a good thing or a bad thing. I also know that I am the second to last thing to stand between you and the exits.

(Audio interference.)

It’s great to be here today, to get out of Washington for a bit, to be here first hand, and to walk the floor, although I didn’t get to do too much of that. But it’s also great to have an analog conversation in a digital world – with you guys – and to catch some of the energy of this place. Although it looks like you’re kind of running a little low on that. We’ll see if we can do something about that.

I was joking a little bit earlier about what would – on earth – a nuclear-trained fighter pilot like me could say to an audience like this, one comprised of experts who are literally designing the way we’re going to operate in space and in cyberspace in the future.

And then my staff called to my attention – the agenda, and I realized that I really had my hands full.

You’ve already heard from giants in the space and cyber communities, key partners from the interagency and industry who’ve made some lasting contributions to cyber policy and space policy. Assistant Secretary Madelyn Creedon was just here, and, of course, General Keith Alexander earlier, who caused a bit of a stir up here, I’m sure, while he was speaking.

And, of course, our wonderful host, Bob Kehler, from Strategic Command who’s been a leader across his career in the strategic domains, not only serving as the deputy commander here at STRATCOM, but then in Colorado Springs as my neighbor and friend when he was at STRATCOM and I was at NORAD/NORTHCOM. So Bob, thank you for your continued leadership and advocacy on behalf of all the great warriors at United States Strategic Command and its components.

Now, instead of – realizing you’ve probably heard everything there is to hear about space and cyber this week from a group of preeminent subject-matter experts, I wanted instead to give you a sense of what I want you to know about where we’re going as a military and as a department, and the necessity to leverage, grow and protect our asymmetric advantages, including our space and cyberspace capabilities, as pillars of that future.

Now, we all know that over the years, the U.S. military has developed quite a few asymmetric advantages that have served us very well. We developed precision-guided munitions, and we all remember the discussion shifting from how many sorties it took to take down a target to how many targets we could take down in a single sortie.

We pioneered the use of networks in command and control. And I’ll never forget my experience as the captain of the USS Enterprise back in 2001, and having guests from a very capable foreign nation come visit me on that ship, and have them be awestruck by what we could do on that ship with networked command and control. At the same time, privately, I was thinking about how bad we were. So that tells you, sort of, where we’ve come in that asymmetric advantage.

There are other advantages brought up earlier including UAVs, stealth, space – nothing new to the STRATCOM team, of course, and all the huge advantages that we’ve enjoyed over the years. And, of course, our greatest asymmetric advantage, which is our people – and not only our soldiers, sailors, airmen, Marines and Coast Guardsmen but our government civilians and our industry partners and our academia partners. It all makes a huge difference.

And we know that some of these advantages really shocked a few of our potential nation-state adversaries when we used them in Iraq in 1990 and then 2003, and in Afghanistan. They found to their dismay that they had fallen very far behind, in fact, of the asymmetries that we could bring to bear on the battlefield. And, of course, during this most recent era, we’ve been fighting two counterinsurgencies with adversaries who could not hope to counter our asymmetric advantages and who, instead, sought their own low-tech asymmetric advantages, like improvised explosive devices.

This is instructive to me. It should be to all of us, for several reasons. First, we’re not likely to have, as our next fight, a counterinsurgency. We can’t dwell on the wonderful COIN capability we have developed.

Second, while we’ve been fighting these COIN fights, the world has changed, and other nations have been rapidly gaining in their technological prowess.

And third, just as our current extremist adversaries find low-tech ways, such as improvised explosive devices, to counter our advantages, other potential advantages (sic) will try to deny, in their own way, the significant advantages in a potential fight against them, in any way they can.

Indeed, these folks have been busily preparing for a different kind of future conflict. They’ve been studying us closely and have been attempting with some success – as I’m sure Keith Alexander outlined – to pilfer our nation’s industrial base for anything they can find of technical value that will save them time in catching up and keeping up. So we need to avoid the temptation to look too closely in the rear-view mirror as we shape our future.

Of course, we need to finish the job in Afghanistan, and we need to continue our important fight against terrorism. And we need to capture the right lessons from the next fight, because there are some of them out there, but the conflict that I’m hoping to deter by clearly demonstrating that we’re able to win it wherever it occurs, will be in a far more technically challenging environment than our fights today.

It’ll be a fight that includes an intense electronic-warfare environment that goes after our networks, our communications, our precision navigation and our – all our –sensors. It will include tactical ballistic missiles and cruise missiles, mining, swarm attacks, adversary attempts to negate our surveillance platforms, including the UAVs we’ve grown so accustomed to using. Bob Kehler’s term also – his favorite term – congested and contested space will be an issue. And, of course, the unknown unknown, which is most assuredly out there somewhere.

Put another way, our adversaries will try to knock us off our game, and to use our own strengths against us or to avoid our strengths. So as we think about the emerging challenges of future threats and the asymmetric advantages that we need to continue developing, including cyber, we have to address the more basic idea of what do we need to win in this environment.

Our force will need to be smaller in size because of the national security imperative of deficit reduction. It needs to be smarter in composition, which means being what I would call right-weighted and more common platforms, with the right combination of stealthy and non-stealthy platforms supporting each other, and thoughtful placement of capabilities in the active and reserve component.

It needs to be faster and more secure in all aspects of command and control, from planning all the way to communicating, not only because it can but because it must.

It needs to be physically faster, which will be helped by it being right-weighted and properly supported by forward posturing, forward presence, prepositioning, and lift. Being physically faster will require maintaining our readiness, and we can’t allow ourselves to become hollow. And we can be our own worst enemies, sometimes, when we try to keep too much force structure in a declining budget.

Our gear is going to have to be far more reliable in a world of faster and more lethal weapons, because our stuff simply has to work the first time we use it. We might not get a second chance. We’re going to need to be more precise, because we simply don’t have the time or the forces required anymore to wear an enemy down. We’ll need to have better situational awareness and standoff capability in order to be more survivable and effective, for which both space and cyber are key enablers.

We’ll need to view our competitors through a global lens, not just individual combatant commander lenses – something, I’m sure, Bob Kehler would have been happy to hear me say, and in fact, we just talked about it a little bit ago. We’ll need to be hyper-joint and interagency, and tied to nongovernmental partners, truly interdependent with each other. We’ll need to be ever more tied in with secure, reliable, and confident partners, friends, and allies.

And we’ll need to have a good understanding of these new domains, including – and especially – the cyber domain.

I have no doubt that there’s been a lot of talk about cyber this week, and you’re probably tired of hearing about it. But cyber is the best example I can think of, of how our 20th-century world, which had all kinds of nice, bright Westphalian borders, has moved into a 21st-century world with borders that are simply fading away.

As much as we want to cling to old ideas in this world, we must confront this reality. So let me talk for a moment about these fading borders in the cyber context. The first border, I would say, that’s faded is the border between near and far. It’s the most obvious one. It’s been obliterated by the Internet. On a single keystroke, you can go from point A to point B in milliseconds and do enormous damage.

This has created fascinating legal dilemmas for us – when adversaries can target us in a virtual place from servers that happen to be located in a very inconvenient physical place. Another fading border is that between public and private, where companies, possessing and exerting enormous power – and in some cases acting like nations – and in some cases, also, exercising what they view as an inherent right of self-defense.

The border between state and individual has faded. Nations, using individuals as proxies, as well as what Tom Friedman has called the super-empowered individual, can cause great harm. Indeed, the former, the super-empowered individual that’s a proxy, can morph into the latter, an independent individual acting all on his own. As we’ve seen in the physical world, with certain nations overseas losing control of proxy extremist groups, we run the risk of a nation, using a proxy cyber group, losing control over that group as well.

The border between peace and war has faded considerably, as well, in this domain. We have to ask ourselves, when is Internet intrusion espionage, and when does espionage actually leave behind something harmful. At what point does espionage rise to the level of a hostile act through massive theft of a nation’s most important asset, its creativity?

How do we approach a domain in which military networks ride on vulnerable civilian pathways, where cyber events can have catastrophic effects on systems that impact military capability in both virtual and physical domains, and when civilian and government networks are attacked and may need military cyber capabilities to recover?

Perhaps, even more importantly, in a domain where things happen at the speed of light, and where so much of our critical infrastructure exists or is controlled, at what point do we consider a cyber attack on civilian infrastructure to be analogous to a kinetic attack on our country – and where does military responsibility begin and end in such an attack? Some would argue that there is a parallel to another nation’s kinetic attack on our key infrastructure, in which the military would have the lion’s share of capability to defend.

These are difficult questions, and I’m not sure we have yet fully come to grips with them all and we don’t have much time to get them right.

In this new domain, which carries a novel mystique, we will require new policy tools that recognize we are on new ground, that the boarders in the cyber domain have pretty much faded away.

These new policy tools must enable the most capable cyber defense of our nation, while at the same time providing American citizens and our allies and our friends with an absolute assurance that we are determined to protect our coveted civil liberties.

The last part is that it will require new forms of trust that are backed by new forms of oversight. It will also require new approaches which are well laid out in the new DOD cyber strategy to include treating cyberspace as a new domain, operating or employing new operating concepts, partnering with U.S. governmental departments and agencies and the private sector - and a great example of that is our defense industrial base - building robust relationships with U.S. allies and international partners, and, of course, leveraging our nation’s wonderful ingenuity and the exceptional cyber workforce and rapid technological innovation.

Implicit in this strategy is the fact that we’d like to deter nefarious actions in cyberspace in one of three ways. First and foremost, we want to do it by denying an aggressor’s objectives, by denying his ability to attack, through a variety of passive and active defensive measures.

Second, by being able to quickly mitigate the effects of an attack, to demonstrate to potential aggressors that an attack – that an attack is so quickly recoverable that it would do no good to conduct it.

And third, and only as a last resort – and always under the direction of the president – by making a cyber-aggressor pay for an attack on our nation.

This is basic deterrence theory. I would reiterate that we would very much prefer the first deterrence method, denying a cyber-aggressor’s objectives, to the other two methods of deterrence – through the mitigation after the fact or offense – we do not want an arms race in cyberspace.

Keith Alexander and his team are looking at all of these deterrent methods, growing our capabilities and capacities in order to be able to execute them at cyber speed. Frankly, we’re lucky to have Keith and his team on our side. They’re the best in the world. And they are working hard on new ways of gaining domain awareness, new postures in the form of network configurations to provide us with better visibility over and defense of our networks, new approaches to command and control, and new capabilities and capacities.

We’re also lucky to have great teamwork with industry and academia. I like what former Deputy Secretary of Defense Bill Lynn said about this. He said, in the cyber domain, soldiers are not the only ones on the front lines. Scientists, engineers and innovators are too, including the companies represented here today. And I would forcefully repeat that statement.

I can assure you that under our emerging, strategic point of view in the department that cyber will continue to be a growth industry for us.

In other domains as well, we need to extend our asymmetric advantages. We’ve always been good at this, and we cannot afford to lose our edge. And I would celebrate the fact – as an example this morning – the Army’s success with the new Advanced Hypersonic Weapon that was successfully tested in the Pacific today. What a great story.

As you’re all keenly aware, a world full of accelerating change will require us to change. And I would challenge the popular view that change isn’t necessarily a core competency of the Department of Defense. Just last week in front of Congress, our chairman, General Dempsey, said, “we are, I promise you, one of the most change-oriented organizations you’re going to see appear before you any time.”

And he’s exactly right. Think of the advances I mentioned earlier – quantum leaps in space, cyberspace, stealth, UAVs. These did not come about because we are opposed to change. But as you know, we are a bit under the gun right now in terms of the budget process, which presents, as far as I am concerned, both a challenge and an opportunity.

It’s a problem, because big corporations like the Defense Department tend, under financial pressure, to hunker down and protect their market share. There’s a great passage from Tom Friedman’s latest book “That Used to be Us,” in which he quotes IBM president and CEO Sam Palmisano – former CEO – talking about companies in crisis – he said, “you spend more time arguing amongst yourselves over a shrinking pie than looking to the future, and so you miss the big turn.”

It’s an opportunity, this budget pressure, because if we get this right and if we’re willing to change, and as long as the budget pressure doesn’t grow any further, we may be able to actually reset into something that’s better. One of the central changes we’re going through in this process is that for the first time I know that anybody can remember, we are actually letting strategy drive our resource decisions.

We’re not just doing a cut drill under this budget pressure, where we typically go one-third, one-third, one-third across the services – although that is where we started over the summer. We realize that every strategy carries its own risk band and that at the current level of budget reduction, we probably left the acceptable risk band for a full-blown QDR strategy.

So we’ve really been working on a different strategy to guide our efforts. We’ve had unprecedented access to the president as we’ve done this, in order to gain his views. No decisions have been made yet, and I can’t discuss any aspect of this strategy really at this point, but I assure you it’s out there and it’s being worked actively – and it’s taken work, though, to inculcate this strategic approach into our culture because people will always try to drift back into their old habits. But the senior intellectual leadership of the department now views our strategic decisions through this strategic lens, and this has been a big change for the building.

I will tell you that this new strategy will carry different dimensions of regional emphasis, war-fighting capacity boundary conditions, and war-fighting type emphasis – all looking ahead to the future.

And I can repeat for you something that the president said yesterday, and I quote: “I have directed my national security team to make our presence and missions in Asia and the Pacific a top priority,” unquote. It should not be lost on this crowd that the Pacific is our highest-tech theater. We are determined to maintain our technical edge in that region, and we will. That means dominating in the anti-access and area-denial environment.

Informed by this strategy, we’re making tough choices about our interests. It’s never easy, but I really applaud Secretary Panetta and Chairman Dempsey, and my partner, Deputy Secretary Carter, and all of the service secretaries and chiefs for how well they’re hanging together during this process. Remember Benjamin Franklin’s famous quote about hanging together or hanging separately.

But I have to tell you that change is the hardest thing for an organization to do. And we’re going to have to change. Talking about change is a great way to conclude my remarks. One of my favorite sayings comes from a book called “Surfing the Edge of Chaos” and it goes, “equilibrium is the precursor to death.”

This principle holds true in biology – think about the dodo bird and how quickly it went extinct when humans showed up and its environment radically changed. It also rings true in business. Think about IBM after it invented and then failed to follow through on the PC, and in war fighting, where we simply can’t afford to miss a trend or cling to an older concept. We cannot afford to be rendered irrelevant at a single stroke, including a single keystroke.

So we’re going to step out and take some risk. We’re going to realize that we live in an accelerated, competitive learning environment. We’re going to do everything we can to shed long-held beliefs that don’t matter anymore and traditional configurations and tribal behavior in order to get this done. We will seek much less duplication through a portfolio approach to war-fighting requirements that will be informed by cost and technical maturity.

We’ll work more closely with industry than we ever have. Together, we’re going to nurture new ideas through science and technology, and research and development that’s focused in the right places. We’re going to enable our brightest young people to find new disruptive innovations, to include synergies among existent innovations, and we’ll kill the elements of the bureaucracy that try to bat down these new ideas.

We will protect our new ideas from those who can steal them. We will research and design and build the right tools more quickly, and we’re going to control costs while we do it, and we’re going to protect our supply chains. And we need your help on all of this.

We’re going to build satellites that come in on time, on cost, and end up in the places they’re supposed to be. We will quickly scale up the winners and we will ruthlessly kill the losers – the programs that are not performing.

If it doesn’t work, or is poorly managed, it’s going away. If it does work, and it’s adaptable, scalable, and relevant to our strategy, and open architecture and affordable, we’re going to buy it. And least – at least – all of the above is what we hope to do. And I said we will do it, but of course, we’ve got lots of work to do – (inaudible). We’re going to take on the security challenges of this new digital century by doing exactly the things that I was mentioning a moment ago.

You all are key to that success and I thank you very much for the individual efforts that each and every one of you put in every day whether you’re military, whether you’re government or civilian, whether you’re industry, contractor, civilian, what have you – academia – I thank you for your efforts and doing what you do, contributing in your own way to shaping what I believe, in spite of an ill-considered and improper narrative about the decline of this wonderful country. I thank you for what you’re doing for our wonderful nation. So thank you very much and I look forward to talking with you. (Applause.)