Cyber Security Lessons from a Military Leader

  • December 08, 2013
  • Feature

By Bill Lydon, Editor

Major General Robert E. Wheeler gave a compelling and informative keynote presentation on cyber security at the ISA Automation Week conference in Nashville, TN on November 6, 2013. The cyber security challenges faced by the military and industrial automation systems are strikingly similar.

Major Wheeler’s role as the Department of Defense (DoD) CIO is to ensure defense of DoD networks work with international partners to securely share information and collaborate on common norms of cyber defense, and work with the defense industrial base to secure information vital to national defense. Wheeler currently serves on the staff of the Secretary of Defense as the Deputy Chief Information Officer for Command, Control, Communications and Computers (C4) and Information Infrastructure Capabilities (DCIO for C4IIC) on the Secretary of Defense staff. He has an impressive resume including an engineering degree, command pilot with more than 5,000 hours in multiple aircrafts, and senior military adviser to the U.S. Mission for the Organization for Security & Cooperation in Europe.

Major Wheeler is all about being proactive and preventing/mitigating cyber-attacks.


Major Wheeler noted the five major things he worries about - namely, speed of change, electromagnetic spectrum access, cyber security, mobility, and enterprise solutions. In addition to geopolitical threats, Major Wheeler commented that a large component of cyber threats are from criminal elements, those with an ax to grind, and smaller groups that want to inflict damage. Lack of protecting our systems from cyber threats provides these bad guys with new opportunities to steal and inflict damage.

The growing use of wireless in industrial automation systems should consider cyber security factors. A recent article by Admiral Jonathan Greenert, Chief of Naval Operations, addressed these wireless issues in an article called Adm. Greenert: Wireless Cyberwar, The EM Spectrum, And The Changing Navy.


The DOD cyber security goals easily describe suitable industrial automation goals. For the four DoD goals mentioned in Major General Wheeler’s presentation listed below, I suggest analogous industrial automation goals:

  • DoD Goal: Assured mission execution in the face of cyber warfare by the most capable adversary.
  • Automation Goal: Assured quality and production in the face of cyber warfare by the most capable adversary.
  • DoD Goal: Better, safer sharing with all of DoD’s mission partners.
  • Automation Goal: Better safer sharing with all supply chain partners.
  • DoD Goal: Freedom of action in cyberspace for our mission commanders.
  • Automation Goal: Freedom of action in cyberspace for our production professionals.
  • DoD Goal: Ability to deliver trusted information and assured network availability across the Department.
  • Automation Goal: Ability to deliver trusted information and assured network availability across the company.


Major General Wheeler described how they are achieving these goals.

  • Realigning, restructuring, and modernizing how DOD’s IT networks and systems are construction, operated and defended. The goal is to have a Joint Information Environment (JIE). Information on these concepts can be found at
  • Revising the Department cyber security technical and operational standards and policies.
  • Clarifying operational roles and responsibilities.
  • Improving cyber information sharing within the Department.
  • Rethinking our strategy for ensuring the DOD has experts, capable information technology, and cyber workforce that it needs to stay ahead.
  • Writing it down in a revised DOD Cyber Security Strategy
  • Doing all of this in partnership with the right wide range of industry, inter-agency and international partners.

Again these points could easily be a blueprint for industrial automation systems regarding cyber security.

Wheeler also noted that since cyber security is a moving target, detection is important so that incoming threats can be contained and this information used to improve systems.

Legacy Systems

Major General Wheeler noted that the military has a great number of legacy systems. This is the same challenge faced by industry. I asked him how they are dealing with the legacy issue. They perform engineering, economic, and risk analysis. In some cases it is too expensive to change older systems and they find ways to mitigate the risk. Another outcome indicated by analysis can be upgrading everything. Legacy systems with a closed system architecture (i.e.: proprietary communications) may continue to be used particularly if they are not connected to anything else. Legacy open systems, particularly with older operating systems create more risk for cyber security attacks. There is a great deal of industry discussion of migrating systems to the latest open architecture software and hardware platforms. I suggest that following the process described by Major General Wheeler is prudent to analyze the cyber security risks before making changes.

Thoughts & Observations

The industry needs to take cyber security protection and mitigation more seriously. It is to analogous to industrial physical security that we take for granted. Consider for a moment the consequences of eliminating all the physical security measures that are now common in industrial plants to keep out bad elements. Not taking cyber security risks seriously is like having no security systems or locks on the doors.

Wheeler believes that if done correctly, cyber security is not an expensive piece to the puzzle.

Cyber security requires the same upfront engineering analysis and thinking required in any systems project. As any good project manager knows, if functions are added later they will cost much more.

Related Articles

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..