The Foreign Service Journal, June 2018

THE FOREIGN SERVICE JOURNAL | JUNE 2018 33 I anticipated an additional burden as a woman in a mili- tary setting. On that I was wrong. Though there was plenty of testosterone in the room, at senior meetings I was delighted to note that there were many female leads among flag officers in the room or on the screen, including for Marine Cyber, Fleet Cyber and the J2 (Intelligence), as well as the head of J1 (Man- power and Personnel). This reflected similar senior roles filled by women at State and reaffirmedmy conviction that the tradition of female-led cyber successes—long established by luminaries like Admiral Grace Hopper, Agnes Driscoll and others—would continue. One of my most important roles was as a communicator. My operating fromCYBERCOMheadquarters allowed our agencies to coordinate early and improve our shared understanding of the tasks at hand. When there were disputes over the likely impact of particular actions on our policy priorities, I didmy best to ensure that facts and perspectives were shared in both directions quickly and comprehensively. At times, this was easier said than done. Email worked wonders for moving information rapidly, but when the systems are separate andmaintained at different classification levels, information sharing—with the right people—slowed. It’s hard to overstate the pressure and difficulty involved in rapidly producing multiple options for policymakers that have been well staffed, closely reviewed and are able to gain broad interagency support. No uncrossed t’s or undotted i’s are allowed. Communicating in Both Directions The pressure was daily because the array of cyber threats facing the United States was constant. This pressure was heightened on our cyber warriors when specific options carried time constraints on their viability. Often these options needed input or clearance fromparticular offices in State. Then the friction would intensify, heightened by the need tomake modifications during “live” situ- ations that had to be reflected in updated briefing slide decks— something the State Department does not often use. Ensuring that clearers outside of CYBERCOMwere reviewing the latest iteration of a plan of action took enormous attention to detail, and timeli- ness was often challenged by the limited compatibility of some networks. The POLAD office gainedmuch love from colleagues in both agencies when we could help with the transfer of new recommen- dations in both directions and ensure an accurate understanding of the thinking that informed them. It was imperative that nothing poorly staffed or inadequately socialized and cleared arrived for a command decision. At the same time, we understood every delay might be counted, not only in opportunities missed, but lives lost. I could assist in alerting senior State Department officials that options would need to be reviewed and evaluated, and I provided as much background as possible to speed up the process. It was also useful to flag for State colleagues some of the technological limitations even our best cyber warriors faced. Former Secretary of Defense Ash Carter acknowledged in an interview late last year that he had been disappointed in the effectiveness of CYBER- COM’s weapons and techniques. He further alluded to tensions brought on by other agencies not wanting CYBERCOM to use those that they had. That gets back tomeeting policy priorities, while navigating the well-documented tension between executing an early response to what intel has uncovered and what you lose by letting your adversary (and others) know that you have the intel and you have the capability to respond. Any response is framed by the broad definition of success, based on our overall policy objectives. In the cyber world, lines increasingly overlap. My former boss, Admiral Michael S. Rog- ers, has noted publicly that he couldn’t have anticipated that his agency would be involved in a response to a private entertainment firm’s network being hacked. Remember, CYBERCOMhas three primary missions; and no one equated Sony Pictures Entertain- ment with “critical infrastructure.” Establishing International Norms The other half of the vital role State played was helping to increase understanding at CYBERCOM of the State Depart- ment’s work to further establish and solidify international norms for cyber behavior and responses. An early understanding of what international norms, international law and our partner agreements allowed cyber forces to do and not do in cyber- space ensured that the options presented were truly viable. For instance, hospitals, water systems, voting machines and electrical grids could be attractive targets for countries at odds with each other, but should they be? We could put in place an effective deterrent to an action by an adversary, but it would also affect an ally’s systems or network. Should we, and legally, can we? These are instances where FSOs who are well-versed in The vocabulary differences between agencies are real; the thought pattern differences are real; and the measurements of success are different, too.