Transcom nominee takes aim at cyber threat

At his Senate confirmation hearing, Air Force Gen. Darren McDew stressed the importance of information sharing with the private sector, which handles 90 percent of Transcom’s activity.

As part of its role in defending the nation’s infrastructure from cyberattacks, the Defense Department has emphasized the importance of sharing information with the private sector. At his confirmation hearing this week to become head of the U.S. Transportation Command, Air Force Gen. Darren McDew underscored that idea, reminding senators that 90 percent of Transcom’s activity takes place on commercial networks.

Transcom is a DOD-wide command that provides air, sea and land transportation to military components and service members, often coordinating with commercial providers. And it’s no stranger to the cyber threat or the need for information sharing. Between June 2013 and May 2014, at least 20 successful hacks, all of them traced to China, were made against Transcom contractors—and the command was told of only two of them.

Those hacks exposed potentially sensitive information on the movement of U.S. troops and equipment. In addition to commercial airlines handling nine out of every 10 personnel flights, about a third of bulk cargo shipments are made via commercial providers. Following the hacks, Transcom said it would contractually require providers to report any breaches, and while that helps, it doesn’t make the threat go away.

“One of the greatest threats that faces our nation is our ability to deal with the cyber threat,” McDew said during his confirmation hearing July 14 before the Senate Armed Services Committee. “I believe that U.S. Transportation Command has put some things in place to make that less likely, but as we go forward, the threat only gets worse. Our ability to deal with it must evolve and we have to find ways to do better with it going forward.”

While the military, along with the rest of the government, has taken a more intensive look at the cyber domain, calling it an operational domain, the relationship with Transcom and the private sector positions Transcom differently than other combat commands.

The command “relies upon the integrity of the information exchanged between military and commercial partners in its role as the distribution process owner for the department,” McDew said in a written response (PDF) to prehearing questions. “Our ability to command and control is highly dependent upon getting the right information to the right people at the right time, while protecting it from our adversaries.”

McDew stated he must “figure out how we will continue to work with commercial industry that we’re required to work with and need to work with. Ninety percent of our work is done on the commercial networks and that is a threat that I have got to face going forward if confirmed.”

“That’s an interesting perspective,” Senate Armed Services Chairman Senator John McCain (R-Ariz.) responded, asking, “Right now there is the possibility that adversarial nations could shut down your business?”  “There is always that threat that adversarial nations could shut down our nation,” McDew answered.

Considering its mission to provide global transportation mission, McDew said the command’s “number one priority is ‘Readiness’ for the enterprise. Communicating our need to be informed about cyber intrusions with our commercial contractors is essential.”

One issue McDew stated he will have to study more is the relationship between contractor and military networks. “Not only do you have to maintain the infrastructure of the Department of Defense but you have numerous contractors,” Sen. Jack Reed (D-R.I.) said. Reed asked for McDew’s comments regarding steps taken to maintain contractor cybersecurity and steps taken to ensure that if they were compromised it would not “cascade” into military networks.

“I see that Transportation Command has put some things in place in their contracting system to allow the contractors to show assuredness of their network and to provide for requirements to report intrusions in their network – those are I think very beneficial,” McDew observed from the studying he has done though noting it has not been in great depth. If confirmed, he said, he would want to look deeper into this issue to see areas that can be strengthened.