the decision was made - we wwe had to. a move. we knew that if we came in too high, it would cost us big time. we had to stay low. and boy did we. we locked it in and rode that low rate from navy federal credit union all the way to our first house. it's a split-level ranch. so cute! 3 1/2 million members. 3 1/2 million stories. navy federal credit union. next on "this week in defense news," a glimpse at the obama administration's efforts

to improve national cyber security, plans to cut welcome to "this week in defense news," i'm vago muradian. two weeks after unveiling its new defense strategy, the obama administration announced plans to withdraw some 7000 troops from europe. what does that mean for nato and european defense? and we take a closer look at the capabilities iran is developing to keep u.s. forces out of the persian gulf. but, first, a new cyber security strategy is emerging in washington. the obama administration is wrestling with how far it should go in defining national standards, not just for federal agencies, but also for critical infrastructure that's privately owned like power plants, transportation, data and financial services. the process is being led by the national security agency and builds on a document drafted two years ago that defines 20 critical cyber controls.

now the secret event is working on a plan to require private industry to better protect itself from cyber threats. joining us now to explain what's going on and what it all means is dale mirose a retired air force major general who is now the vice president for cyber and information assurance at communication giants harris corporation. dale, welcome back to the show. >> thanks for having me, vago. >> let's start off. exactly what's the administration trying to do, how long will it before they roll out an actual policy and what is it likely going to say? >> if you think about it, this is a continuation of the cyber review which started three years ago. and it had 45 recommendations, and so over the course of the last three years, you've seen these come out one or two or three or, you know, some paradoesity. this is a continuation of that discussion work and it is the element for figuring out what the relationship that government is going to have with private industry. >> are we going to see an actual policy at the end of this and roughly when are they going to be wrapping up their

work? it's a small core group of 38 people, but there are a lot of government and nongovernment people who are participating in it. >> i think the key is that the first thing you'll see is a plan because you don't have a plan depicting this and how they're going to approach it. it's going to have to be done very carefully, because as we have discussed many times, there are two sides to this. in your introductory remarks, the elementary of privacy versus the element of protection, and those are two forces that continually battle over this domain. >> one of the things that i think people are most concerned about is the idea of continuous network monitoring which is one of the elements that was in the 20 critical controls that has certainly civil libertarians and private property advocates a little bit worried that the government will be continuously monitoring your network. this isn't a temporary breach like you going to an airport and getting frisked, it's something more pervasive. what is the right way to ensure the security without really having big brother kind of situation happen? >> again, the word continuous

monitoring, and it's continuous monitoring of information or continuous monitoring of the environment and i think there's room there for not worrying about someone reading your personal information and things like that, but looking for signals which provide red alerts, things for them to narrow down and focus on. >> is that a way -- i mean, you spent decades in the cyber field. is there a way to sort of do that where i'm sort of monitoring your network but not necessarily paying to each and every piece of data that's going through it? >> absolutely. in fact, that's most of what goes on today. you're looking for aborrations and when you see an aborration you focus on it. if it's type cast as a normal- type operation, it very seldom, if ever gets examined in detail. >> when we talk about this mandate, what are sort of going to be the priorities of who gets covered first, who's secondary order and eventually will it ever extend down to individuals, key individuals, for example? >> i think it should eventually extend down to the citizenry

because we as citizens rely on cyber space so much for commerce, for our banking, for all kinds of things that are very, very important to us. and as we become more reliant on that, then it becomes more important that it work properly, that we don't give the advantage to the bad guys. and that's the problem today. in today's environment the bad guys have all the advantages advantages. >> but when we look at it from a prioritization standpoint, who are sort of the first block of folks who are going to be covered by this and then, you know, what are the subsequent elements? >> i think since 90% of the critical infrastructure in this country is in private ownership, that will probably be the first area of focus as far as establishing standards. and then at some point in time you reach a tipping point where they become defacto. you know, if you think back many years ago, some of us are old enough to remember, you know, the fact that the three- pronged plug became electrical

-- part of the electricity equation. we've reached a tipping point in cyber space where the de facto elements will take over and it'll be more economical, it'll be more advantageous for us to follow the standards. >> all government contractors is a priority because you can use that as a gateway for information. but defense contractors so far have been exempt, haven't they? >> they're exempt because defense contractors have already been under more strict rules for some period of time. the defense industrial board which was created about five years ago in fact sought to establish the requirements that defense contractors and intelligence community contractors would have to follow. so in some regards, they are further down the road on this and this is just the next level of trying to figure out what's the proper role of government, what's the proper role of private industry. >> you and i over the years have talked about the advanced persistent threat that is on u.s. networks. one challenge that has emerged now is apparently a worm that can install itself even onto

the pentagon's computer access cards that may actually even install a virus that allows china to be able to look at your desktop. how serious of a threat and problem is that? >> first of all, we have to remember that the threat is always changing, always getting more sophisticated. so we develop an antidote in one area, and then you can expect there's going to be an increased threat in another area. so the situation you're describing is something that is predictable in many ways. but it's no less serious. and so the idea that somebody can represent, authorize operations and mask themselves of that is definitely serious and that's what makes the advanced persistent threat so much of an issue. >> in the cyber game, you're only as good as the weakest link in it. are we eventually going to need some form of a -- like we have the tsa that we're going to have to have a cyber security agency to monitor and to enforce? >> again, you're looking at it

bureaucratly. i look at it is what do we need to do technically first and i think there are a lot of new technologies, host of technologies, et cetera, that allow you to rebaseline to the previous levels of technology. >> in the 20 or so seconds left, what about the cost part of this? this is going to impose a cost on businesses. how big of a cost is it going to be both for big businesses and small? >> well, it will be a cross that can more easily be shared, assumed by big business and more adversely affect small business. but the key of it is that it's going to matter when it results in a competitive advantage and it doesn't matter what the cost is if it's a competitive advantage, either national security or in your pocketbook. >> dale, thanks very much for joining us. coming up, what the decision to cut two army brigades from europe

president obama's new defense strategy unveiled at the pentagon a couple of weeks ago called for reducing u.s. forces in europe as washington shifts more attention to asia. defense secretary leon panetta announced a week ago that the army will bring home two brigade comat teams and as many as 10,000 soldiers from europe. the army will retain some 30,000 troops on the continent and periodically send units there to train with partner nations. here to talk about the long- term implications of the decision, the future of u.s. forces in europe and the new strategy is a strategist who served in both bush and obama administrations. barry pavel is the director of the international security

program at the atlantic council. barry, welcome to the show. >> thank you very much, vago. >> let's start out. you know, is this the right strategy and what does this cut mean over the long term and does it undermine america's commitment to europe? >> let's start with the strategy. i think there's a lot of good in the strategy itself. i think first of all i give the administration a lot of credit for a real strategy that from what we can tell will drive the budget, the fiscal year 2013 budget that's about to be delivered to the congress in a couple of weeks, and from what we can tell, the strategy actually drove the budget deliberations. so that hasn't been done very often, and if that happens, we should give them a lot of credit and that the budget actually reflects the strategic priorities of the secretary of defense and the president. second, i would say it has real priorities in it, i mean, very clear regional priorities, china, the middle east and then europe and very clear functional priorities, certain capabilities are emphasized to support certain missions and certain capabilities are less

emphasized. and so i think that's a very salutair aspect of the strategy as well. and third, i would say that it's a good strategy for focusing on the long term. a lot of strategies that are less effective focus on short term challenges and this is very focused on the long-term challenge reflecting the shift of power to asia over the next 10 or 20 years. so i'd say there's three very strong aspects of the strategy that should be praised. >> but as we then look about this troop cut, i mean, there are some folks who have sort of suggested that it's somehow -- you know, america is lessening its commitment to europe and that it diminishes somehow america's u.s. war-fighting capabilities more broadly. what is this cut and what is the impact? strategy and your question is sort of directed at that. first, i wary a bit because it's the return of the large pentagon bureaucracy to a symmetric adversary and that is the chinese military as a threat and while that military

is gaining gaining symmetric tactics. this is the pentagon's comfort zone and the world doesn't tend to be presented as neatly as that. secondly, i think this should be considered defense strategy step one because there will be more cuts coming undoubtedly from the debt and fiscal pressures that we're feeling now and will continue to feel from what we can tell. so there's phase one, and there'll be successive drawdowns over the next two, three, four years and they're going to have to change the strategy i think at a certain point. certainly the next quadrennial defense review begins a year from today, pretty close to it, will have to address additional fiscal pressures. third, more to your point, i think the strategy was a bit overmessaged regarding asia, asia, asia, the shift to asia, the pivot to asia. so while the document itself is very clear and a little more crisp on the other issues, i think it's been overmessaged and overplayed the shift to asia. that's having a real impact on

european leaders' decisions. in some cases, it's a healthy impact, boy, is the u.s. not going to do everything all the time, everywhere, with and for nato, but also it's going to have some dell tairious impacts, is the u.s. going to be with us, the central and eastern europeans who are worried about a resurgent russia, will the u.s. be there for us, is the transatlantic link still very sound. these are some very important questions, healthy to debate them, but i think the u.s. needs to be very clear about what its strategic intent is and how it's going to underright write that in time. >> officials have repeatedly stressed that the article 5 commitment where any attack on europe would bring -- an attack on any member would bring the alliance to the defense of that member. should there be a specific number around which america's commitment to europe is built? does the troop number -- you know, can it go down to 40,000, does it matter more in the capabilities that are in that

number, that's the first question. the second question is what can washington do to reassure some allies that are concerned? >> good question. i'm a capabilities, not numbers guy. i think it's much more important the nature of the capabilities that you are positioning in various places to work with various allies, much more than a magic number. we currently have a magic number in korea. i think it's still 28,500, somehow 28,499 means the deterrence is broken. i don't think those are strategically sound. the approaches, although i understand they reflect in some -- in some perspectives allies' views of the nation to come to their defense. i personally think that the cut of the brigade comat team is not a significant discontinuity or extremely dell tairious by itself for the transatlantic link and the u.s. commitment to nato, especially as pentagon officials are saying it's going to be compensated for by

increased rotational presence of ground units and that is all of those units that have been in afghanistan and iraq over the last 10 years are now going to be rotating increasingly through europe, working with our allies, exercising and training and strengthening our interoperablability and the u.s. plans to increase its this. >> and in the last 20 or so seconds that you think that will be enough to reassure our allies? >> i think if it's done properly, but i would certainly highlight the need for very robust and focused security cooperation activities with our allies and nato, very robust, appropriately robust exercises to do things that we haven't been doing as much over the last 10 years and i think contingency planning, while you shouldn't discuss all of this in public, the reason some of these allies who are concerned have real concerns about their

territorial integrity and the threat they see posed. the u.s. and nato should be doing contingency planning to address some of these concerns. they're legitimate in some cases. >> barry, thanks so much for joining us. we appreciate it. up next a look at the capabilities iran is developing alright everybody, get your heads up.

now when i was in the military, i learned that if you stand together, you can stand up to anything! no matter where i was deployed,

i always knew that somebody had my back! you boys are your own band of brothers! you have each other! just like i had navy federal credit union... 24/7... live customer support! let's go! let's go! 3 1/2 million members. 3 1/2 million stories. navy federal credit union. iran talks a lot about closing the strait of hormuz but most analysts say they don't have the capability to do so yet. but iran is building the capabilities to succeed in the future, including developing a nuclear weapon. iran's approach to closing the gulf is called an antiaccess area denial strategy that focuses on developing specific capabilities that make it so difficult, expensive or dangerous for american and allied forces to operate in the region that they effectively withdraw from it. china is using a similar approach to eventually keep america out of asia. this new approach could end a 20-year era in which american projected force worldwide with

impunity unless washington rethinks its own strategy. the center for strategic and budgetary assessments has taken a closer look at iran's future capabilities and what to do to stop tehran. it's from a range to defeat iran's was coauthored by mark gunzinger and secretary of defense during the bush administration. welcome back to the show. >> thank you, vago. >> how cape able is iran capable of closing the straits today and where do they want to be 10 years from now? missiles and anti-ship cruz missiles with -- cruise missiles. the current inventory of

ballistic missiles is not terribly accurate. we're talking in accuracy from 500 meters up to a couple of cloments. great for terror weapons for cities not so effective against point military targets. but should they develop those capabilities with increased range and increased accuracy, it can be very troubling for our operations in the region. and, of course, nuclear weapons could change the dynamic significantly and they're clearly on a track, if they desire to develop operational efforts. >> what are some of the specific capabilities that are the most problematic ones and what is the window in which we can expect them to introduce that capability? >> a lot of analysts have talked about their development of nuclear weapons capability. they could do it in a couple of years, consensus opinion seems to be. and if so, that could be very problematic for our future power projection operations as well as for our partners in the region, those weapons could be used to coerce them to deny us access to regional bases, even

thability to overfly their countries to operate against iran. it's difficult because, first, we may not be able to deter iran from using those weapons in the future conflict, especially if those weapons have the control of regional area commanders. second, it would be very difficult to find them and kill them if they're gersed and in hide sites throughout iran. and finally, i don't know if anyone will say we have the capabilities today of interdicting every ballistic missile fired at our forces and our friends, especially if they're fired in swarms. that's why we conclude in our report that the best course of action, while we lead through all those things in the future counter wd campaign in iran, the best course of action is to make sure iran never develops a nuclear weapons capability in the first place. >> before we get to that, i mean, what are some of the -- what are some of the things the united states has to do to maintain that freedom of action and to stop that from

happening? is it, for example, a military strike on iran at some point, and what sort of internal developments and changes in thinking does the u.s. military have to adopt to be able to maintain that freedom of action? >> >> well, the u.s. military is making progress toward a number of things. first of all, they have developed an air/sea battle operational concept, which some say that's tailored for the western pacific, it's not. it's to deal with these kind of antiaccess air denial strategies globally. >> and that's an agreement between the air force and the navy to work more closely with one another to develop a doctrine that maxizes the use of both services in an area denial environment. >> and for the marine corps and hopefully for the army as well. >> eventually. >> yes. the long-range strike family of systems is another step forward, improving our long- range strike capabilities, be able to operate that's antiaccess air denial environments hopefully not to include the next bomber but an unmanned stealthy aircraft to fly off our aircraft carriers to give them a much greater

persistence in those regions. building partner capacity, to counter around proxy groups that could be equipped -- >> hamas in the region. >> yes, and in iraq. >> and but we're operating now in an era of very large resource constraints and we've got about 40 seconds or so left, you say there needs to be a shift in investment from things america should do and what america doesn't need to do. what are those things we need to do and not do? >> we have to take a hard look at our posture and make sure we diversify it and construct a posture to be able to support an outside and inside kind of operation that we suggest. also the whole mix of aviation in terms of long range, short range, we want to make sure that we're not investing in the short-range capabilities and we have the right resources going to the long-range capabilities. and then unmanned capabilities as well. most of our unmanned force today is best suited for operations. we need stealthy unmanned

aircraft, land-based, carrier- aircraft, land-based, carrier-

the obama administration has launched a high-level discussion on what role the government should play in safeguarding federal agencies as well as the nation's power stations, telephone exchanges, financial institutions and computer networks from cyber attacks. because most of america's infrastructure is in the private sector, civil libertarians and private property advocates fear an invasive government role. but those who argue for a more proactive approach have a point. government sets, maintains and enforces standards to maintain private property is protected for society's greater good. the government regulates the auto, food, energy and transportation and other businesses to ensure public safety. it has a similar obligation when it comes to computer

security. while once the internet was a luxury, now lives, livelihoods and national security depend on it, and all too much of what is truly vital, according to experts, is defended too loosely, if at all. a virus that crashes the nation's power grid could be more deadly than firing missiles at american cities and the siphoning of terror bytes of american intellectual property and others poses a kind of economic threat. the administration is right to seek a national strategy to safeguard infrastructure vital for the common good. it can and must do so with minimal invasion of privacy. there will be an expense in implementing safeguards, but the cost of the inaction will prove far more costly. thanks for joining us for "this week in defense news," i'm vago muradian, you can watch this program online at defensenewstv.com or e-mail me at vago@defensenewstv.com. i'll be back next week at the same time.