Big bucks for cyber security
The cyber security issue is a tricky one. For lack of a better option, the job of protecting government computer systems has fallen to the Department of Homeland Security (DHS), although the Air Force is an active player. The Navy and the Army also have their own programs.
Quote:
So far, CNCI has been criticized for being too secretive, though the initiative is a step forward overall. In fact, it's good news that someone is finally starting to take this seriously. Both presidential candidates have expressed a committment to improving cyber security.
Knowing just who is supposed to be in charge of cyber security would be a good start.
Air Force stops all efforts toward cyber command.
I'm really, really surprised. Though I shouldn't be.
Quote:
The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. Top Air Force officials put a halt to all activities related to the establishment of the Cyber Command, a provisional unit that is currently part of the 8th Air Force at Barksdale Air Force Base in Louisiana, sources told Nextgov.
Anybody have any idea where this will go?
http://www.nextgov.com/nextgov/ng_20080812_7995.php
Wouldn't stress to much about it just yet
Quote:
Originally Posted by
selil
Although one would think it might also be about remembering not to place all of ones fish in one barrel. Much easier to figure out which barrel to tip than it is to figure out which one holds the most fish.
The Kremlin’s Virtual Army
Foreign Policy, posted August 2008
Shadowy hackers in Moscow and St. Petersburg? Old news. Get ready for the next generation of Russian cyberwarriors.
Quote:
Much of the public argument for a harsh response among Russians rested on Kremlin-backed reports of extremely high casualties among South Ossetia’s soldiers and the civilian population, which Georgians fervently denied. This lack of clarity and factual evidence only ratcheted up the speculative nature of most discussions.
Those skeptical of the official statistics argued that the government could have fabricated the figures. In response, a group of Russian bloggers sent a public letter to SUP, ... They asked it to impose curbs on free speech and censor anyone seeking to undermine Russia’s war effort by expressing pro-Georgian sentiment. “Regular laws of peaceful times do not apply; we are at war!” read their somewhat hysterical letter. (Thankfully, SUP ignored their demands.)
Quote:
It started as a fairly predictable digital conflict, mimicking the one in the real world and displaying no shortage of “conventional” cyberwarfare: Web pages were attacked, comments were erased, and photos were vandalized.
As Russian tanks lumbered southward over mountainous Ossetian terrain, Russian netizens were seeking to dominate the digital battlefield.
But sophomoric pranks and cyberattacks were only the first shots of a much wider online war in which Russian bloggers willingly enlisted as the Kremlin’s grass-roots army.
For Russian netizens, “unconventional” cyberwarfare—...
Managing information seemed all the more urgent as there were virtually no images from the first and the most controversial element in the whole war—the Georgian invasion of Tskhinvali, the capital of South Ossetia—and the destruction that, were one to believe the Kremlin’s account, followed shortly thereafter.
Much more at the link
Estonia helps Georgia in cyber war
Estonia has already sent around 50 army reservists to Georgia (though on a voluntary, non-uniformed basis) to conduct humanitarian work and now it has emerged that Estonia is also lending its cyber-warfare expertise to the Georgian cause.
Quote:
The Estonian Foreign Ministry has confirmed that it is sending two of its leading cyber-defense experts to Tbilisi to help stave off cyber-attacks emanating in Russia. The experts are likely to be part of the new NATO cyber-defense center established in Tallinn, and if so, the move would be one of the strongest instances so far of NATO lending practical support to Georgia.
However, according to IT industry website Network World (
www.networkworld.com), Estonian servers are now hosting the website of the Georgian Foreign Ministry, whose daily blog has become a key source of information in the propaganda war with Russia.
Commenting on the move on Network World, IT security specialist Richard Stiennon said: "For Russia to respond in any way to cyber defense experts being sent to Georgia it would have to acknowledge that it was directly supportive of, if not responsible for, the current attacks against Georgia’s cyber assets. Whether or not Russia reacts on the diplomatic front this cyber war has the potential of escalating rapidly if Estonia gets involved."
Other comments posted were fully supportive of the Estonian position, ranging from "Go Estonia!" to "Kudos to Estonia for sending those cyber security advisors to Georgia." Another post warned: "Russians in some of the forums are taking notice of this IP change also, let's see the outcome."
Nato computers are under constant attack
Nato's cyber defence warriors
Quote:
An Italian sergeant, who looks young enough to still be at school, is painstakingly scanning emails that have been automatically quarantined because they contain buzzwords like "Nato secret".
A glance over his shoulder reveals emails to and from Sarajevo, Baghdad and Kabul, evidence of Nato's newly expanded horizons.
They look innocuous enough and most of the time, explains the sergeant, it is a false alarm but sometimes even quite senior officers have transgressed and they get a serious talking to about online security.
Serious threats
When it comes to cyber espionage, Nato officials refuse to say who they think is behind the attacks, in fact our escorts can hardly wait to steer us off the subject.
Cyber Command- Why Stop There?
In Cyber Command - Why Stop There? I pose for discussion the creation of a new force. A "CyberSpace Force", created from the other services for space and cyberspace operations, just as the Air Force was created in 1947.
The full article is too long to post here. An abridged excerpt is listed below - I encourage anyone interested in the topic to visit the Joint Chatter blog and offer your comments.
---------------------
The Pentagon is likely to take the rare action of adding a new combatant commander, this one for cyber warfare.
Why stop there?
Why create just a cyber combatant command? Why not step back and consider whether a more substantial reorganization is needed?
Last year the term cyberspace was officially defined and last fall elevated to a new domain.
cyberspace - A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (CJCS CM-0363-08)
To further the discussion, it is also necessary to present the definition of another domain medium from the same publication:
space - A medium like the land, sea, and air within which military activities shall be conducted to achieve US national security objectives. (JP 3-14)
With all of the redundancies across the various services, why not consolidate them into a new service? Analogous to the National Security Act of 1947, which created the Air Force from the Army Air Force, a 21st century reorganization could create a CyberSpace Force. (The exact name is not significant, using CyberSpace Force as a generic moniker.) This new force, formed from components in all of the services, would concentrate the existing disparate and duplicative efforts into one organization. No service would lose capabilities, because we fight as a Joint team now. Personnel from the newly created force would join operations and command structures as dictated by mission requirements.
As it exists right now, each the services are devoting significant resources and efforts into solving the cyber challenges "in their own lane."
(Full blog article includes examples of redundancy)
In September 2001, a day prior to the terrorist attacks, Secretary Rumsfeld pointed out "Each service branch has its own surgeon general and medical operation. At the department level, four different agencies claim some degree of control over the delivery of military health care." in his Bureaucracy to Battlefield speech of 10 Sep 2001.
Similarly, why should each service recruit, organize, train and equip information assurance professionals and other related specialties?
Each of the services would resist this reorganization, just as the Army did over 60 years ago. Looking back, are there many today that would question the wisdom of having the Air Force as a separate service? (Funding issues and differences in MWR services aside...) :) In addition to eliminating redundancy, all the services would benefit in that they could each put more focus on their core mission.
I first asked this reorganization question seven years ago, while on a field trip staff ride to Colorado Springs, CO as part of a Space Operations elective. The general officer speaking to us answered along the lines of "it may happen eventually, but we're not there yet." That time it was more about a space reorganization. Last week, while in DC to attend Phoenix Challenge 2009, I asked a similar question regarding creating of a cyberspace force. Generally the response was "good idea, probably the right thing to do, but we can't afford it" and "maybe in 20 years." Others suggested that it should be an agency - incorporated into, or similar to, the National Security Agency.
If it's the right thing to do, why wait? The cumulative cost of duplicated efforts, followed by an eventual reorganization, surely exceeds the startup cost of doing the right thing now.
Additional Advantages
This new CyberSpace Force, if done right, could expand the pool of available personnel. Numerous reports over the last several years lament the shrinking percentage of high school graduates physically qualified for military service. Why does a programmer need to run 3 miles? We have an entire generation growing up comfortable using the complex controllers associated with Halo 3 and Guitar Hero, just to name a couple popular titles. Does it make sense to say to them, "Sorry, we can't use you to monitor and adjust the orbit of a satellite if you can't do 40 push-ups in two minutes?"
Consider the stereotypical images conjured up of "uber geeks", college IT support staff or attendees at a hackers convention (e.g. DEF CON): long (sometimes different colored) hair, may not pass a uniform inspection, may not even fit in a uniform. But does that mean we should keep them out of the cyber fight if they are willing to serve?
(Blog article includes links to images of DEFCON attendees)
Many Americans may choose to serve that otherwise would not consider traditional military service. As Noah Shachtman (Editor, Danger Room) said last week in his keynote speech at Phoenix Challenge: (paraphrasing) the military is not a popular option in Manhattan, but there a lot of people that want to feel like they are part of something.
This should be a service and not an agency. In our nation's defense we need the ability to send people where and when we need them - we can't afford to face the same challenges other departments have faced when necessary to send their personnel "down range."
Questions
What are the advantages and disadvantages of creating CYBERCOM as a new combatant command?
Is it time to perform a new reorganization of the Defense Department, creating a force focused on the Space and Cyberspace domains? What challenges would be faced in a large-scale reorganization? What opportunity costs do we continue to pay by a failure to address the root problems?
Further Reading
Additional references available in the full article