seamless movement between safe and crisis states, the ability to reconstitute capacity within 12 hours and the ability of
departments and agencies to work together, communicating
effectively, sharing information and maintaining situational
awareness, he notes.
Kosak says he is not yet certain when the system will be
up and running. “I’m more focused on driving the requirements and the strategic and policy piece, and the chief
information officer is putting in place the master schedule.
It will work itself through the Joint Requirements Oversight
Council schedule within the department,” he offers. The
program management team is working with the Defense
Department mission assurance decision makers and other
stake holders to further refine long-term requirements for
the system. While the system has reached full operational
capability on some key objectives, the team intends to add
more features as soon as possible.
In his position, Kosak oversees the department’s con-
tinuity, mission assurance, domestic counter-terrorism,
information-sharing and global anti-terrorism policies
and programs. His office develops plans, policies and lead-
ership support initiatives to assure the department can
execute its core functions, even in the face of asymmetric
military threats and severe natural hazards to defense
installations and infrastructure. Kosak also co-chairs a
mission assurance steering group with
his counterpart on the joint staff.
Kosak describes three pillars nec-
essary for assuring the department
can fulfill its mission. The first is the
identification of a list of mission-sup-
porting assets. “We literally prioritize
assets in terms of their criticality to
the mission, in terms of vulnerabili-
ties that may exist therein. The identi-
fication process is essential,” he offers.
The next is the assessment process. “We’re building at this
point a joint assessment capability that looks at not just the
physical, traditional areas of focus, given the conventional
threats of the past, but is now focused on cyber expertise and
very, very heavily focused on the asymmetric element that
is so pronounced today for a nation state or a transnational
criminal or terrorist organization to try to hurt the United
States and impact the department’s ability to do its job. That
process is called the Joint Mission Assurance Assessment pro-
gram,” Kosak states. “The problem we’ve had in the past, quite
frankly, is a lot of focus on physical, not enough on virtual.
Now we’re bringing them together as never before.”
Risk management is the third pillar, which requires
assessing vulnerabilities and whether they can be miti-
gated. “We have to rack and stack the key plans and the
key single points of failure that we’ve identified, and we
have to look at the probability of attacks so that we can
basically invest resources, time and effort to address single
points of failure or vulnerabilities and do so in a way that’s
most effective,” he says.
If, for example, a combatant commander prioritizes a
specific cybervulnerability, “we look to rack and stack that
with other vulnerabilities and make a strategically informed
recommendation to the secretary and deputy secretary to
take a look at investments,” Kosak states.
Fixing identified vulnerabilities often is the bigger challenge. “We have a bit of history of identifying a lot of problems and vulnerabilities, but we need to improve upon our
ability to actually fix things,” he acknowledges.
A Standard Missile 3 is launched from the
guided missile cruiser USS Shiloh during
a ballistic missile flight test in the Pacific
Ocean. Virtually every wartime mission for
the U.S. Defense Department, including
command and control of major weapon
systems, relies on information technology,
making cybersecurity a top priority for
critical infrastructure protection.
“We have a bit of history of identifying
a lot of problems and vulnerabilities,
but we need to improve upon our
ability to actually fix things.”
—Charles Kosak, deputy assistant secretary of defense
for defense continuity and mission assurance in the
Office of the Under Secretary of Defense for Policy
contact: George I. Seffers, email@example.com