USAF Cyber Command (catch all)

[Steve Blair]

But I still fail to see the need to create an entire new service (AND new budget line, infighting, etc., etc.) when there are already acceptable alternatives (NSA, for one) available to manage and direct cyber issues.

[BobKing]

But I still fail to see the need to create an entire new service (AND new budget line, infighting, etc., etc.) when there are already acceptable alternatives (NSA, for one) available to manage and direct cyber issues.

There may not be the need - I don't know the answer. I think the consolidation makes sense, but it would require a detailed analysis and assessment.

One answer could be to consolidate all space functions in the Air Force, since their space mission is: "Deliver space and missile capabilities to America and its warfighting commands." That sounds pretty comprehensive, assuming they could actually do it.

Where I see the need is in all of the overhead. All of those commands listed have staff, infrastructure, administrative overhead.

As we are increasingly asked to "do more with less", we should not rule out considering ways in which we may be able to do it more efficiently.

Not addressed to you specifically, but many of the responses thus far seem to fall into the "we've always done it that way" or "why should we change" categories.

I'm asking - why shouldn't we change? Is it possible we could create a more efficient organization? And, if so, would the expense - and any subsequent disadvantages (i.e. risks) - of creating that organization be worth it?

This is not a radical position. Consider the following:

“Future Steps”
Commission to Assess US National Security
Space Management and Organization, pp. 93-95

• “. . . Once the realignment in the Air Force is complete, a logical step toward a Space Department could be to transition from the new Air Force Space Command to a Space Corps within the Air Force.” p. 93
  
  
• “The timetable, which is not possible to predict, would be dictated by circumstances of the next five to ten years.” p. 94
  (Comment - This report was finalized in early 2001. We are very near the end of the "five to ten year" timetable.)
  
  
• “Finally, an evolution to a Space Corps could involve integration of the Air Force and NRO acquisition and operations activities for space systems.” p. 94

REF: Commission and Panel Recommendations (PDF, 1.3 MB)
Page numbers refer to Chapter VI, Organizing and Managing for the Future (PDF, 0.6 MB), of the Commission's report.

And, from the Executive Summary (PDF, 2.8 MB) of The Commission to Assess United States National Security Space Management and Organization:

The Department of Defense requires space systems that can be employed in independent operations or in support of air, land and sea forces to deter and defend against hostile actions directed at the interests of the United States. In the mid term a Space Corps within the Air Force may be appropriate to meet this requirement; in the longer term it may be met by a military department for space. (emphasis added)

[Steve Blair]

I don't consider consolidating cyber efforts within the NSA to be saying "we've always done it that way." Rather, I'd say that it's recognizing that we already have a combined military/civilian agency in place with a strong background in, and capability for, operations of that nature. Also, since it's an existing agency that is well-funded, you're not looking at a scenario where an entire new command needs to be spun up with the resulting infrastructure costs and other associated budget line items. Given the diverse nature of cyber-threats, I'm not convinced (for a number of reasons) that a purely military agency is the way to go when it comes to dealing with them.

Too many of the "new command or organization" proposals I've seen reek more of empire-building than they do efficient organization. It's also often seen as the easy way out...and in fact often turns out to be just the opposite of what's intended. I can see the need for some sort of separate space agency or command, but with cyber I think we're better served taking a realistic look at what we have and figuring out where it would best fit. From what I've seen, I'm not at all convinced that the AF is the best place for such an agency or command.

[wm]

Deceiving? I included the (NETWARCOM) moniker after each so that it was clear they were part of that larger organization. Originally I was not going to list them separately, but decided to as it better showed the overlapping mission statements.

As far as being out of date, with the exception of the two items referenced from new stories (links provided), all of the information came from publicly accessible official websites. Could you be more specific about which ones were out of date?

By deception, I meant the inclusion of NAVNETWARCOM so often makes the list look a lot longer than it might otherwise, partly because of the inclusion of subordinate elements of one organization. It would be even longer were we to list out the various offices doing cyber work at CERDEC, or AFIT, AFRL or SMDC for example--or listing SDC (the product development organization subordinate to AFSPC) as well as AFSPC. PM also sent.

[Schmedlap]

From the Wall Street Journal...

Defense Secretary Robert Gates created a new military command dedicated to cyber security on Tuesday, reflecting the Obama administration's plans to centralize and elevate computer security as a major national-security issue...

Defense Secretary Robert Gates's budget envisions training more than 200 cyber-security officers annually...

The decision follows President Barack Obama's announcement last month that he will establish a new cyber-security office at the White House...

The Pentagon initiative will reshape the military's efforts to protect networks from attacks by hackers, especially those from China and Russia. It also consolidates the largest concentration of cyber warriors and investigators in the government under one military command, exacerbating concerns of some experts who worry about military control of civilian computer systems...

The command is meant to begin working by October and to be fully operating by October 2010...

The Pentagon, which is already receiving the vast majority of new government spending on cybersecurity, has thousands of cyber warriors, many of whom are expected to be housed under the new command, which is likely to be next door to the NSA's Ft. Mead, Md., campus...

Is this what we need? Or are we just redrawing the organizational chart / rearranging chairs? On matters that I don't know much about... In Gates I Trust.

Thoughts on whether this new command will likely impact our preparedness and, if so, for the better?

[Steve Blair]

I still think something like this should be folded under NSA. It's too early to tell (IMO) if it will make things better or worse. Sam might have some better insight into this...

[Schmedlap]

I still think something like this should be folded under NSA. It's too early to tell (IMO) if it will make things better or worse. Sam might have some better insight into this...

Just noticed this comment near the end of the article...

Rod Beckstrom, former chief of the National Cyber Security Center, which is charged with coordinating cyber-security activities across the U.S. government, quit in March, warning in his resignation letter that the growing reliance on the NSA was a "bad strategy" that poses "threats to our democratic processes."

I don't know if this is ACLU-type hysteria or if he knows of some legitimate concern. I have to think that, given his position, he is sane. But, on the other hand, there's just something about NSA and DoD that doesn't quite worry me when it comes to privacy issues. IRS or DoJ - now that might concern me. Maybe I'd feel a little more threatened by it if I were not a white Christian man whose ancestors arrived in this country from England in the 1700s. I'm curious what, specifically, his concern is and how credible it is.

[selil]

I don't know if this is ACLU-type hysteria or if he knows of some legitimate concern. I have to think that, given his position, he is sane. But, on the other hand, there's just something about NSA and DoD that doesn't quite worry me when it comes to privacy issues. IRS or DoJ - now that might concern me. Maybe I'd feel a little more threatened by it if I were not a white Christian man whose ancestors arrived in this country from England in the 1700s. I'm curious what, specifically, his concern is and how credible it is.

I've talked a bit with Beckstrom about this and he has some good points. The NSA is NOT in the information dissemination business. Regardless of competing philosophies there are a few facts.

1) United States infrastructure including Department of Defense networks all run on commercial carrier infrastructure. Any Department of Defense effort MUST also be a civilian LED effort.

2) The cyber infrastructure is a largely logical network with strange relationships resulting in chaotic hierarchy of company and government partnerships nested on top of a brittle physical infrastructure primarily owned by very few companies. Now the Department of Defense wants to add their acquisition system to this mix.

3) NSA wants this mission as they trade on a reputation more than evidence of their capability. The NSA is not in the information sharing business and prefers dictating the terms of agreements. This results in abject failure and wariness by watchdog groups. The AT&T network tap debacle shows the relative weakness of this approach.


4) A DOD cyber command as suggested is a failure at all levels if it does not reflect a war fighting mission. Intelligence is a support entity not the actual combatant. Placing a cyber command into a counter intelligence role only suggests to me that they are not serious about defense or offense. I suggest this is fact based on what other domains would you say this is true about?

I am not a fan of the current direction. It looks to me as the NSA is making a power grab and that is worrisome. There appears to be a lot of money on the line but it is all coming out of somebody else's pocket so everybody wants to make sure they are getting money not losing money. It is easy to throw out epithets like ACLU worry warts, but that ignores critical elements of this plan often ignored. The NSA has engaged in political spying including forcing a congressman to vote the way NSA wanted based on the congressman's illegal engagement with AIPAC. The entirety of the US cyber infrastructure is a shared civilian/government infrastructure. Finally because the NSA is a secret organization they are not in the business of disseminating information. Their information assurance directorate is even worse at getting information out than NIST.

I'll be honest I'm not a fan of this plan. I think it is wrong. I think this is a scary way of doing business.

Worse. I'm usually a fan of the NSA I like what they do. I would like to see them keep doing it. I don't think this mission belongs with them. I don't think this mission belongs within ANY intelligence organization. It should be with a combatant command or the government simply is not taking it seriously.

I guess less facts and more opinion but there it is. As an aside I've been asked by [redacted] to write a policy paper (Amici Curiae) on this.

[Ken White]

NSA needs to do what they do.

The intensive mixing of many civilian and many government entities that is today's cyberworld is going to require a new approach. DoD and all its agencies and departments couldn't provide a new approach if they had to; the bureaucracy wouldn't allow it. Opposed as I ordinarily am to new bureaucracies, I think this needs one.

[PINT]

I do not necessarily agree this it is a bad thing or that this mission doesn't belong in an organization led by an intelligence type. However, putting this under an existing intelligence monolith may not be the best COA. Sam is right, NSA is not known for their ability to share and play well with others. But BL, some capabilities and capacities that can be leveraged to get this off the ground are already resident within NSA and it makes stand up easier and faster.

To be honest, I don't care what tribe specifically runs in (ops/intel/comm/whatever). I am more concerned with:

1. What authorities will they actually have to do something?
2. What guidance and intent have they been given for their role?
3. Do we have the right leader in charge? (And by this I am not talking herbivore versus carnivore...in the end, all successful endeavors are about leadership. Oh, and personalities matter...)
4. What is the command's vision for cyber and how are we gonna get there?
...etc...

There mutiple great examples of how just because someone is an ops type, they do not corner the market on leadership, vision, creativity, initiative, etc... I've seen good and bad leadership from all types. Key is to get the right person in there empowered with the authorities necessary to act. In the end, it's all about leadership...and should have very little to do with tribalism.

PINT

[Ken White]

To be honest, I don't care what tribe specifically runs in (ops/intel/comm/whatever). I am more concerned with:

...(And by this I am not talking herbivore versus carnivore...in the end, all successful endeavors are about leadership. Oh, and personalities matter...)

...and should have very little to do with tribalism.

While I agree that tribalism is unnecessary, unwanted, undesirable and three or four other un-s, I'm not at all sure you can avoid it if you populate an organization with humans. Leadership is key -- but personalities do matter and they tend to gather in tribal groups. Leaders come and leaders go, some good and some bad through luck of the draw, however, tribes endure.

While I'd like to see no tribalism because I'm anti tribal, I've noticed that most people are not; they like to join tribes -- so I think it's a given that a tribe will do the job. Perhaps another idea is to use the human proclivity to form tribes to our advantage in determining what to do. i.e. select or form the right tribe for the job...

Not that I have much faith that any ideas expressed here will sway the process...

[selil]

Not that I have much faith that any ideas expressed here will sway the process...

I get way more attention from foreign governments on my ideas about cyber warfare than I do from my own government. I'm quite disenchanted with the process and several of the people involved. They seem to be more worried with power and money and handing it out to contractors than actually taking care of what is an inherent government task (waging war). It's not bullets and bombs so they are not serious about offensive measures.

[Ken White]

I get way more attention from foreign governments on my ideas about cyber warfare than I do from my own government. I'm quite disenchanted with the process and several of the people involved. They seem to be more worried with power and money and handing it out to contractors than actually taking care of what is an inherent government task (waging war). It's not bullets and bombs so they are not serious about offensive measures.

the fact that Congress, absent an existential threat * is always going to be more concerned with power and money and handing it out to contractors than caring about inherent government tasks.

Government employees, uniformed and not, vote but they aren't a monolithic vote and they can be be -- and are -- controlled by Congress. They also are not, other than the employee Unions, big contributors to Congressional campaigns. Contractors (and bomb and bullet manufacturers) OTOH are huge contributors. Mega huge. Thus, power and money outweigh the national interest every time. Get past that and then Party loyalty trumps loyalty to the Nation. Pathetic crew...

You do know that any US DoD overseas bound cargoes cannot legally be carried by MSTS if there is a US civilian ship available? That Army and Navy stevedores -- and even military Postal units -- cannot work for training in the US legally? They might compete with the Stevedores Unions (or the APWU). Congress passes laws like that which are NOT in the national interest and that preclude inherent government tasks being done by elements of the government at the behest of contractors and business. Just as the State legislatures pass laws protecting the big business interests in the State. Live in Florida and want to pay off a lease on a car? Even if the lender is in another State, in Florida you have to pay through a Dealer so he can make money off your payoff. That's not unfettered Capitalism -- it's crooked legislators. At all levels.

That's unlikely to change until Congress is reformed. That's why I tell everyone, every election -- vote the Bastards out! All of them, both parties are totally corrupt, don't ever vote for an incumbent. Only way they'll get the message.

So what you say is distressing but not surprising.

* Even during the Civil War, existential threat if there ever was one and WW II, big national effort if not really existential, Congressional venality was apparent and little checked.

[PINT]

Not that I have much faith that any ideas expressed here will sway the process...

What are you talking about?!? I think all of our opinions will be IMMENSELY critical to shaping the course of this and all other human events, tribal or otherwise.

It all boils down to leadership and personalities matter...because I guarantee if you put a terrible leader in charge with an inability to build the right team, articulate a coherent vision, leverage the resources appropriately and execute -this (and any other effort) will fail.

[Ken White]

It all boils down to leadership and personalities matter...because I guarantee if you put a terrible leader in charge with an inability to build the right team, articulate a coherent vision, leverage the resources appropriately and execute -this (and any other effort) will fail.

the opposite? Insure a good leader and that his or her replacements will also be good and not just connected or due for their turn?

Or figure a way to leverage resources in the milieu that is the US government? I won't even aim for articulating a coherent vision pertaining to warfare, even cyber warfare, in this era of political correctness (or, more correctly, political foolishness).

Not saying it shouldn't be as you say; it should be. However, as the Docs say, the prognosis is not good. Mediocrity is our forte; virtually mandatory due to statutory constraints decreeing 'level playing fields' and 'concern for the taxpayer's dollar.' Not to worry, fortunately, the kids generally make up for their leaders shortfalls and most of the world most of the time is even less proficient than we are so it generally works out okay.

[Schmedlap]

1) United States infrastructure including Department of Defense networks all run on commercial carrier infrastructure. Any Department of Defense effort MUST also be a civilian LED effort.

That was always something that I thought was a glaring security problem that, while expensive, would be correctable. Why doesn't the DoD have a separate internet that is physically disconnected from the rest of the internet? My understanding is that even our classified networks retain some connection to the infrastructure used by everyone in the civilian world. Is that too big of an undertaking? Or is it rendered moot now that we cloud compute?*

Not that I have much faith that any ideas expressed here will sway the process...

Dang. I thought that I brought enough gravitas so that someone would notice the thread.


* - That rhymes

[Ken White]

here when I said that...

We be on track now...

[Kiwigrunt]

I told all of my friends about it. They are both reading it now.

[Hacksaw]

but I don't think what was related in a press release is necessarily the extent/scope of this new unified command's mission...

placing it under STRATCOM is just about right... warfighter, but without an AOR (unless you call everything an AOR)...

Will it stumble, bumble, and otherwise struggle to figure out how it relates to the endless number of stakeholders... yep, it's inevitable... but a joint/unified approach that deliberately explores the cyber realm as operational domain is decades late, but...

better late than never...

To the sceptics, where else would you put Cyber Command if you buy into the notion that cyberspace is an operational domain?

Have fun storming the castle... I mean firewall

[AdamG]

http://www.npr.org/templates/story/s...574055&ps=cprs

There may be no country on the planet more vulnerable to a massive cyberattack than the United States, where financial, transportation, telecommunications and even military operations are now deeply dependent on data networking.

What's worse: U.S. security officials say the country's cyberdefenses are not up to the challenge. In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of U.S. computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering.