Slashdot Mirror
Ask the Air Force Cyber Command General About War in Cyberspace
We ran an article about the new Air Force Cyber Command and its recruiting efforts on February 13, 2008. Now Major General William Lord, who is in charge of this effort, has agreed to answer Slashdot users' questions. If you're thinking about joining up -- or just curious -- this is a golden opportunity to learn how our military is changing its command structure and recruiting efforts to deal with "cyberspace as a warfighting domain." Usual Slashdot interview rules apply.
What are some of the differences between this and other parts of the military, in terms of application requirements, benefits, pay, etc?
Demented But Determined.
Have you heard enough Skynet jokes/references/analogies to make you want to kill the next guy that mentions it that thinks he's the King of Comedy?
General Lord, I am currently a member of the VT Air National Guard, and I have a bachelor's degree in computer science and work in IT for my civilian job - is there a good way that someone like me can be put to use in this effort without having to go onto active duty and relocate? Thanks - Ben
Do you have telecommuting opportunities? Terrorists and criminals don't work out of a giant call center or office building, so I would hope that those fighting against them might not have to either.
To prepare against the eventuality of an attack upon our network infrastructure, exactly how much duct tape and plastic sheeting do you recommend we stock up on?
____
~ |rip/\/\aster /\/\onkey
Does it ever wear you down that you have to look at anything and everything in the world as a potential tool or locale for warfare?
I like to place meaningful quotes in my sig, so people will know that I know what meaningful quotes are.
So, what's up with that war on blogs we read about recently? You know, the one "so utterly stupid, it makes me want to scream." Not quite your area of responsibility directly, I believe, but certainly of interest to the crowd here.
ProofReading Markup Language - and yes, I find typos.
Why has the DoD not simply disconnected from the Internet in light of all the threats and (apparently somewhat successful) attacks from abroad?
It appears that the military is increasingly involved in areas who's jurisdiction was once considered to be wholly in the civil domain. Use of jargon like "cyberspace" seems only to obfuscate and distract from the core issue. This appears an effort to recruit public opinion and defuse the deeper questions that strike at the heart of a free and civil society. I think that if we had a statement that "The private mails are a warfighting domain" would generate a fair amount of debate on the role of the military as opposed to the police, the function of constitutional protection of liberties, and the question of what actually constitutes a state of war.
What are the limits on this jurisdiction? Who enforces these limits, and how is the public informed of that status? How are efforts to extend being safeguarded from creating mission creep that threatens all civil discourse in the United States and abroad form targeting, suppression, propaganda and extra-legal surbeillance?
"Flyin' in just a sweet place,
Never been known to fail..."
Dear Major General Lord, I'm an academic who has been theorizing and writing about military doctrine in in cyberspace. One problem that I have encountered is in theorizing about what conflict in cyberspace looks like, though Libicki does a fine job. How does your command develop war fighting doctrine in the absence of actual conflict for cyberspace?
There have been several recent news reports that China has and is engaging in a nationally funded effort to hack into and attack US government computer systems. The German government recently announced that they traced recent aggressive cyber-attacks back to the Chinese government. What, if anything, is being done against this type of cyber-terrorism against us and our allies? Why do we still confer most-favored nation trading status onto a Nation who is actively engaged in efforts to spy on and attack our government and corporate computer systems?
Major, it seems to me (and others at /.) that the cultures that most geeks espouse run counter to the perceptions of the military. This being, for example, showing up at a consistent designated hour, opposition to wearing a standard uniform, having an overly strict form of discipline, etc.
How do you propose to reconcile those conflicts and establish your organization with any semblance of 'geek cred' to get the real talent you sound interested in attracting? What sorts of 'carrots' will you wave to attract people?
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
Is it possible that rules would be relaxed to allow the types of people that can do the job already but may not be "fit" or a "good fit" for/in military service, or is the plan to take airmen and train them to do what you want them to be able to do? Would a civilian with the proper skillset be able to act as a contractor without enlisting, etc?
Don't blame me, I voted for Kodos
It seems that in the military traditionally it was always looking for people fresh out of highschool for EMs and if you wanted to get anywhere in the military you had to be either college educated or, to really have a high end military career, start really young in something like the Valley Forge Military Academy and work from there.
In a traditional branch of the army/navy/airforce that is probably as it should be.
But in this area people have to be trained for years, still not know as much as the older hands in the private industry, and before they really know enough their enlistment would be over. Also, it would be unacceptable for an older IT person to join but take a pay cut to a Private's level or perhaps even a Lieutenant's -- so I imagine this branch would have to be somewhat different.
Is the military going to do to reach out toward the older folks who have extensive experience and knowledge outside the military?
A great portion of the minds you would need in order to facilitate this are not of what is traditionally classified as "fit for service." Would those requirements be altered in order to cast a larger net for a talent pool?
Karma Whoring for Fun and Profit.
War is never clean.
In conventional warfare, certain actions such as hiding among civilian populations are forbidden. These actions are considered war crimes because of the collateral damage they are likely to cause. What actions in cyberspace do you think should be outlawed? How about intentionally bringing down hospital IT systems, or destroying undersea cables without regard to the effects on civilian populations?
Don't mess with The Phone Company. Piss them off and you'll be using two tin cans and a piece of string.
If shutting down access to blogs isn't enough to create resentment, the Air Force is "developing data mining technology meant to root out disaffected insiders based on their e-mail activity--or lack thereof." With "Probabilistic Latent Semantic Indexing" a graph is constructed of social network interactions from an organization's e-mail traffic "If a worker suddenly stops socializing online, abruptly shifts alliances within the organization, or starts developing an unhealthy interest in "sensitive topics," the system detects it and alerts investigators."
"Flyin' in just a sweet place,
Never been known to fail..."
Would there be any room in the paradigm that you envision for 'cyber command' for outside contractors in the security field to make a contribution to the war effort via their own network of contacts etc.?
Would such external-to-the-organization security contractors and consultants have the potential to be paid for their information and efforts?
In Xanadu did Kubla Khan
A stately pleasure dome decree
- Space Rogue
When the US military is run by people who are representative of their population, and understand the composition of their country, they may be successful in persuading the best and brightest minds to work for them. As an observer here in canada (and we're not THAT much better for this), the american system tends to use the stick, not the carrot, in order to persuade its citizens to do the right thing - which discourages experimentation! The US military is percieved as being much worse.
My question would be, what can I expect training to be like? Obviously I would expect to go through some kind of basic training similar to regular recruits, but what kind of technical training would occur? If I'm in ROTC and getting a Bachelors or Associates in Computer Science or Math, is there some form of advanced training that is necessary? What platforms/technologies can I expect to use? Are there different types - networking, application security or even some form of hardware protection? How about encryption?
General Lord, I am currently a Computer Science student attending a U.S. university, and I am curious as to what skills you would like to see in potential recruits for the USAF Cyber Command. What areas of expertise are preferred over others?
Usually government branches that deal with intelligence matters require US citizenship for recruitment. In realizing that the intellect power regarding information security/hacking throughout the USA is not exclusive to US citizens, but in fact it is spread out through a group of people that includes many international students and/or workers, how do you plan to structure this task force towards recruiting foreign nationals?
Security professionals thrive in an environment where authority is questioned, basic assumptions are always challenged and diversity of thought is critical. Even the idea of uniforms is going to drive away the professionals you need to set up this type of institution. Do you believe that setting up this type of institution within the military is even a good idea? Do you think that perhaps there's a more appropriate environment for it? Are you entirely aware of what kinds of challenges you face in recruiting top-notch people for this type of thing? Would you even know a top-notch security professional if you saw one? They're not easy to identity unless you're another security professional. Are you? Do you really have what it takes to try and lead this type of organization?
If so, can you tell me why you chose ASP to run your website? Won't you have enough trouble recruiting as is without alienating some open-source loving folks right off the bat?
So far everything I've seen about this organization is riddled with basic mistakes. I wish you the best of luck but I'm just not convinced you have any idea what you're getting yourself into with this initiative.
I touch computers in naughty places
What tech do you have that came from the Stargate? and what is really going on at Cheyenne Mountain Operations Center?
General,
Perhaps the reason you are having difficulty in attracting top talent is partly due to the name of your unit. Cyber Command? Sorry, but that just sounds soooo 1980's. How about Electronic Defense Command or something, anything without the word 'cyber' in it. Seriously, have there been any thoughts about a name change?
- Space Rogue
I wise man once said "It is good that war is so terrible, lest we grow too fond of it". If cyberwarfare ever becomes a reality, how do we respond to the fact that is isn't "terrible"?
The direct damage from such warfare would be primarily economic or data security related (rather than a cost in human lives) how do you feel we can prevent it from becoming a monthly, yearly, or daily occurance?
The classified networks (such as SIPRnet and JWICS) are already not connected to the commodity internet. Only unclassified networks (which can still contain troves of sensitive and other information, and whose interruption can cause havoc in all manner of other ways) are connected to the commodity internet.
The answer is the same for anything else that is connected to the internet: that the benefits -- real or perceived -- of being connected to the internet on the unclassified side, with proper security controls, etc., outweighs the risks.
General Lord,
Does the AFCC have a mandate to pursue criminals that use information infrastructure to commit crimes, or is your group intended to defend against warlike attacks only?
If the latter is true, how would you distinguish between criminal activity and warlike activity in cyberspace?
Equine Mammals Are Considerably Smaller
What rules would be put in place to differentiate between a simple hacker and an attack by a foreign or domestic agency?
What targets would be off-limits and what targets would you feel would be classified as targets of opportunity in retaliation to a cyber attack?
What targets in the U.S. do you feel are the most vulnerable to cyber warfare presently and what can be done to alleviate that threat?
Will the USAF Cyber Command be full of TPS reports and other crap like long wait times with lots of paper work to get small thing like adding ram, getter better systems, install new software and other things?
Will you be forced on to the standard USAF window base image with limited admin accounts like how the navy and marine systems that are a Big mess are setup?
Will you use mac and linux like how the army does?
Just post a list of the stuff you want hacked and the more patriotic hackers will enjoy doing it for free.
Due to the nature of hacking and what many people do to acquire such skills, they may not want to 'join up' and all that.
But if you post a list of IP's that are okay to bring down, and networks you want information stolen from, with the understanding that the US will not condemn any attacks, and I'm sure more than enough people would do it for free.
Is there anything like this already in place? Cause I got nothing better to do this weekend. Or most any weekend.
It occurs to me that you may have thought that this new "Cybernetic division" should be not only new in the kind of activity, but also in the way you hire & check for background... Have you consider these two new approaches to your hypothetical "cybertroops". 1.- They do not need to be "onsite" (at least not part of them). they can be located everywhere in the world, provided the can make a secure link (what they -of course- can). 2.- The "background checking" process doesn't need to be the "traditional" way. maybe there are another means of getting the same certainty about a candidate's background through "net researching" (probably with more accurate results). Is it absolutely true that internet & digital world have put incredible powerfull tools in the hands of potential threads, but those tools are also at the "good people" disposal, so you may start using them with these two new approaches. Oh god, this no-good-english-talker is a big s*$#t, hope I made myself clear.
This is a great opportunity to hear military propaganda. For those interested, the simple truth is that the Air Force is finally acting reducing the number of programmers and other computer-related jobs and contracting them out, and trying to look "tough" by deploying to forward locations. You know -- the type the Army and Marines are trained for.
Whale
Will you be forced on to the standard USAF window base image with limited admin accounts like how the navy and marine systems that are a Big mess are setup?
Will you use Mac and Linux like how the army does?
General Lord,
I'm curious to know if you have have any criteria that would enable you do decide when a cyber attack is an act of war. Would it be possible for some kind of action inside a network to lead to a shooting war without some kind of overt physical threat occurring first?
Equine Mammals Are Considerably Smaller
Why have this as a branch of the military at all? Why not just use contractors, that seems to be working so well in Iraq.
Help! I've fallen in a karma hole and I can't get up!
Genearal Lord of Air Force Cyber Command? Does the propeller beanie come with the uniform or do you have to buy it separately? Have you yet formulated a plan to deal with Serpentor and Cobra-La?
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Can you explain some about the situation developing between Barksdale AFB and Offutt AFB as they try to fight over the eventual final location for CyberCommand? My thoughts are that finding and recruiting talent, and laying the foundation for such a large wired infrastructure in the Omaha, Nebraska area may be easier to accomplish than in and around Shreveport, LA. What types of things is the DoD looking for when they choose the final location for this new Command?
Hmmm.
General Lord,
Some of the "hacker" types that I understand the AFCC is looking for probably will prefer to work with Linux and Linux applications.
Due to the international nature of software like Linux that has been developed through the "free" paradigm, would this be allowed? These tools will have been produced by nationals from many different countries, perhaps even those that the United States could find itself fighting a cyber war against.
Equine Mammals Are Considerably Smaller
Will there be a doctrine for cyber attacks on enemy critical infrastructure systems for the Air Force Cyber Command? If so, what efforts are currently in place/planned to support war fighter knowledge in the arena of SCADA and control system security, and the methods for causing damage to enemy infrastructure? What importance, if any, do you and Cyber Command place on the having the capability to destroy or disable the SCADA systems that control enemy infrastructure via CyberWarfare?
~Sticky
"Flyin' in just a sweet place,
Never been known to fail..."
The entire point of doing these things is to create an effect on the civilian population.
Civil chaos is a good way to draw resources away from the enemy's military effort.
Long story short: Minimize civilian casualties, but try to make them as miserable as possible
/this post is not a question
[Fuck Beta]
o0t!
Sir,
.Net-centric (or Microsoft flavor of the day) environment?
It has been my experience that the DoD is generally antagonistic towards the use of Free/Open Source Software in the commands.
Do you envision a wider adoption of Open Source systems in your command, or will it be a
Additionally, will you be looking to Civilian contractors to supplement the Active Duty service members?
An ounce of perception is worth a pound of obscure
What is the meaning of mamelon and ravelin?
Why doesn't AFCYBER fit at one of the national labs (e.g. LANL, or LLNL) or NSA?
I thought those were the popular destinations for educated people who want to serve their country, they're already technically oriented, and they already have a lot of really smart people, so it would have seemed to me a good fit. When I'm looking at my employment possibilities, I need a way to differentiate you.
General,
Some of the most talented people in computer security tend to have the sort of records that prevent them from getting clearance. Maybe nothing heavily criminal, but enough of a colored background that traditional security clearance mechanisms would throw them out of the room before they get started. Often the same types of minds that are really good at computer security are also the rebel types, who'll have some history. Will you work to get these people in, or are we looking at a bunch of off-the-shelf programmers/admins who've taken a few simple courses in computer security?
Also, how do you plan to attract/retain them? Again, rebel types are some of the best hackers, and they're not likely to go in without incentives. Not due to any lack of patriotism per se, but an unexplored understanding of it. More importantly, they're likely to be anti-establishment types who aren't comfortable in the strict traditional chain of command. Finally, usually the outside industry pays quite well for the good ones. Are you prepared to financially compete for the best?
Finally, will there be any connections back to the research/academic community? You may find academics more happy to help than usual, as cyber warfare can often be nonviolent. Also, will the existing (and immense) capability within the NSA be properly leveraged?
I'm glad to see our DoD taking our nation's networked security seriously. Right now it's just a bad, bad joke.
Best of Luck!
-Lally Singh
Care about electronic freedom? Consider donating to the EFF!
Major, General, Lord? Phew, I imagine you have alota fun with that one.
just .. WOW! :(
Why can't we go back to using jumpers to configure slot adapter cards? Why? I say!
Now I'm pretty sure you yanks ( sorry, limey over here ;) ) have thought of an intranet and keeping the interface between it and the internet as small as possible. Add to that selective levels of network to control data flow even more. Here's the thing.
If you go target a Chinese node and take it down, that could be construed as an act of war. If it's just cyber us non-combatants get to sit around and wonder why You Tube is running a bit slow, but if it escalates we have a real problem. So a good offensive is not the best defence. Sitting behind a defence so good no offence can get in is the best defence. Then you keep logs and simply ask china why these IP's in their patch are doing naughty things. Nothing like a decent papertrail and all that.
As a qualified electrician the best bet is simply to not be connected. No connection, no signal get's through. And no chance of server failure leaving you with your pants down ( english definition ). Problem is how do those pesky emails get to where they need to be? Manual transfer. KVM switches to jump between desktops, and a flash drive on a key to transfer the data manually. No direct connection and the data still get's to the right inbox in the end.
Simple eh? The problem is when you have a network with multiple firewalls. Sure it's multi-layered ( and let's face it discs in the post are not the best of plans ) but it can still be hacked. With manual transfer of data the two machines on their separate networks can be sat next to each other, with one monitor, keyboard, and mouse. How easy is that. Use a decent size flash drive and warn staff there will be delays in mails getting to destination. Do a transfer every half hour by copy and paste. You could even auto-create an archive to shift stuff over as one file. Get it built into the mail servers by some aspiring geek.
Just a thought, but if they can't get in they can't get in. And then you are the one being provoked, not the provoker.
By the way I'm not good enough to build this, but an electricians best friend is a plug you can simply pull out.
Greetings form Blighty :)
Why should the US Air Force be tasked with this, instead of DISA or NSA, neither of which is tied to a specific branch of the military?
1. Is there any age limit? Would someone who is in their mid-30's still qualify?
2. Would the Cyber Command overlook the policy on those with ADD who take a medication (Ritalin, etc) for this condition?
3. Can I get caffeine-laced MRE's?
4. What are Rules Of Engagement in Cyberwarfare?
5. What will Cyber Command's relationship be with regards to Homeland Security's Cyber Sercurity divison? What steps will you take to ensure sharing of information while not stomping on each other's toes?
Ergonomica Auctorita Illico!
I have done a significant amount of research into the idea of Information Warfare on an international scale.
First off, the government has been shown to have numerous points of entry to their networks, which would be a problem. Also, the number of agency setups are so diverse, will the CyberCommand provide a strict set of guidelines for all equipment used on the network? It seems rather risky to me that there is such a variety of hardware used by all the different agencies in the government. A standardization of network and computer equipment would be a vital task, and I would say the CC would have a unique opportunity - and responsibility - to define these standards and enforce them.
Secondly, the nature of information warfare shows that there are blurred boundaries between military and civilian attacks, and where the DOD has jurisdiction to operate. I believe in order to protect the critical national infrastructure, the CC would operate domestically as well as abroad to prevent catastrophic network failure in any of the critical infrastructure. How do you view these gaps in traditional military wisdom?
Thirdly, I am a 17 year old student in Kansas. I have been programming as a job for around two years, working at a company that does internet security. I will be getting a degree from Fort Hays State University (hopefully in four years) in Information Networking Telecommunications with an emphasis on Advanced Networking and Information Assurance. What exactly would I need to learn or look into in the future that could be useful to the CyberCommand? I am extremely interested in participating in the Command - as long as the two year relocation standard is *not* enforced.
Lastly, we have been provided very sketchy details about the job descriptions for positions in the cyber command. I assume network engineers, software engineers, information security analysts, and other technical positions will be needed. Can you provide a brief overview of the positions you are interested in filling for your Cyber Command, and what they would be doing?
Thank you for your time,
Tyler A. Thompson
Is the Cyber Commander's uniform a robe and wizard hat?
Infiltrating encryption and security software at the source, have you noticed large amounts of server corruption to distribute compromised software.
Are there any plans to put backdoors in domestic encryption software?
Why are you lying?
RS
Shoes for Industry. Shoes for the Dead.
Sir, How do you plan to combat the general view that the military is so far behind in the use and understanding of current technology? On the AFCYBER site there was an entire article dedicated to a "call" being had "online" as if the US Air Force had just discovered this technology. The current website and information contained, as i see it, would act as a deterrent for the technology savvy in the private sector. What are your plans for recruitment?
"We ran an article about the new Air Force Cyber Command and its recruiting efforts on February 13, 2008."
/.
/. simply rode those coattails. Claiming otherwise isn't trivial, is open to legal action and...assumes that /. readers are pretty dumb as a group, when the opposite is actually the truth. The dolts that run /. are the dumb ones.
See, this is the issue with
Wired ran an article, and
My question, will there be a necessity for Airmen to be stationed in the AOR as part of an AEF rotation to complete the mission or will the majority of the work be able to be completed from home station?
AEF rotations are part of life in the Air Force. I am currently deployed to Iraq as part of an AEF rotation and am proud to be doing my part. This is not my first deployment and I hope it will be my last. However, being able to stay at home with my family yet still play a roll in the AF mission would be preferable to myself and I'm sure many other Airmen. With rumors of 6 month AEF rotations coming in the near future being spread more and more often, a chance to spend more time with our families sounds like a good thing.
Thank you for taking time to answer our questions.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
How are efforts to extend being safeguarded from creating mission creep that threatens all civil discourse in the United States and abroad form targeting, suppression, propaganda and extra-legal surbeillance?
Why don't you just ask him for exactly how long he's cheated on his wife?
Is there any part of civilian infrastructure that is not target-able by current moral standards of warfare? Before you answer that, your statement: Minimize civilian casualties, but try to make them as miserable as possible is pretty controversial. What do you mean miserable? Is a hospital being deprived access to the systems that facilitate saving peoples lives (directly or otherwise) being made "miserable"? Or is it a crime? And why is it allowed to make civilians "miserable"? What does "miserable" mean? You seem to draw the line at death, hence the word "casualties", but what about starvation, sickness and other nasty things? Do they qualify for your rather goofy impression of misery?
Hurting civilian life in any way is not acceptable. Communications disruption in your enemy's military is obviously a goal, but I do not understand why criminal activity against a civilian population is to be allowed or encouraged. I don't care what the barbaric traditions of war in the past have instantiated. In fact, some of these wars were fought successfully without this type of activity, except the absolute necessary destruction (such as destroying parts of infrastructure the enemy uses to advance..etc).
Back to the question: the reason I find it interesting because of how technology has coupled the military and civilian side of things. It is "communication" tech by nature, but that is only a description of the underlying tech. In the near future, software infrastructures may evolve to a level where they become heavily integrated into life-critical situations in all walks off life. So by taking out military comm via internet cables, you also effect extremely adverse things in innocent people. Just like "taking out water treatment centers", which happens to be a disgusting evil act.
PS: the first person to say "war is ugly" as a response will be shot and their family raped... because war is ugly.
Sir, Being a Marine veteran with a B.S. in Computer Science, an A.S. in Information Systems Security, as well as a CISSP/Sans GIAC certification I was wondering if the AF planned to reduce restrictions on prior service members of other services being able to join. Just a year or so ago I went by a local recruiting office for the AF and was turned away to the reserver side recruiter because, "The Air Force isn't looking for prior service veterans. Spend some time in the reserves then transfer to active duty." It would seem your best source of immediate talent that your new Cyber Command could employ is the prior service professionals, yet your own service's recruiting rules would make that nearly impossible.
I previewed and re-read this three times before posting and somehow missed this. I meant to say, "This is not my first deployment and I hope it will NOT be my last."
I apologize for the omission.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
One of the storied stereotypes of the hacker domain is that of the nabbed "black hat" being impressed Into a "white hat" role. (Think Leonardo DiCaprio's role in "Catch Me If You Can".) However, the US armed forces no longer offer service as an alternative to prison (last I checked anyway), even though it offers a hacker in such a position the best deal he or she may ever get.
Would you seriously consider trying to exploit the talents of convicted hackers if you thought those talents could be a viable asset?
--- The American Way of Life is not a birthright. Hell, it's not even sustainable.
cyber warfare can often be nonviolent
I think you meant non-destructive. See the casualties will all be virtual and tallied up by computers on both sides. The people who were "killed" in each attack, even if from a third neutral party starship, will be expected to report to the disintegration chambers at their designated time.
This is absolutely necessary to ensure our respective infrastructures remain intact. It is better that our wars are fought in cyberspace. Wouldn't you rather the front lines be Second Life and WOW servers than say, NY state?
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
General, During the Vietnam War we at PACAF HQ operated a geosynchronous satellite between Hickam and Ubon Royal Thai Air Force Base which was used to bounce recon imagery and revised air target charts back and forth across the Pacific on a daily basis. The program name was COMPASS LINK. Has this type of technology been rendered obsolete by the Internet or simply by more sophisticated satellites?
They don't call it the "Chair Force" for nothing! :P
"Ein Volk, ein Reich, ein Führer." -Adolf Hitler
"We are one Nation, we are one People." -The One 'leader'
What the hell. Retard. War IS ugly. If we gotta wipe out X000 civies to protect one of our bombers? good. They are the ENEMY. Once they have been defined as such, blow them straight to hell.
Does this branch of the USAF exist to be a force of retaliation against those that attack us, or would the purpose be to develop better standards and practices to prevent these attacks from ever happening?
General Lord, I currently work as the exact type of 'cyber warrior' you intend to recruit. But I already have a Top Secret clearance, already familiar with DoD systems, etc. The dynamic with what we call 'Information Assurance' is that of a constant struggle with our contractor management (stay within the contract, the budget, etc) and with our 'warfighter' higher ups (educating them on why they can't have full access from their home in the spirit of "operations are a priority, to hell with security"). So assuming you can get the type of expertise that are eligible for clearances, and that are willing to relocate to Offutt/etc, how are you going to address the core issue of security in the DoD: Operations/budget/schedule will always trump security. Or alternatively, security will always be back burner to 'hot' issues. Thank you for your time.
Dude, if you dont use sarcasm tags they WILL mod you down :)
I serverd in the military earlier in life. I am currently in the area and have been in IT for the last 10 years. I know the military has an age limit for joining, will there also be an age limit for joining with cybercommand? On another note, we're damn glad to have you. I think it will be very good for our local economy.
During times of war, special laws come into effect. The killing of another human being, normally considered one of the most heinous of crimes, is a legitimate practice under combat conditions. My question is this: Does the law come into play at all during cyberwarfare, or is "code" the new law, as far as the USAF is concerned? Does cyberwarfare relate more closely to a covert operation? If there is a strict legal framework for cybercombat, what are its fundamental aspects?
I am an Indian and what the US does have non-trivial effects on my day to day life. US military publicly and actively declaring meddling with the internet to be a part of their job can amongst other things motivate my political overlords into some kind of action.
:P
Like everything else this has both good and bad effects for me. I don't think our establishments here have a very good idea of what freedom of speech means and they could easily do some wrong here. On the other hand it opens up business opportunities for people like me which is the part I would be interested in.
So, here are my questions. What kind of stuff does your division do? Do you outsource any of it to the private sector? Do you outsource any of it to India or other countries?
I suppose data mining the internet would be a key part of your operations. What kind of tools and cyber-technologies would you consider? Which are you already investing in? What kind of tools/techs could I work on that could benefit operations such as the ones you plan to undertake?
The military entering new domains has historically benefited the research and development in these sectors and I look forward to the new cool civilian tech this could bring along with it.
Why use sarcasm tags when what he says is true? The Muslims, (not all, but in general) would like to see every American dead with limbs separated by bombs. Its in their holy book, you convert or you die. I'm not for intentionally killing civilians, but I get sick of how much whining goes on about civilian casualties. They hate us and their fathers/brothers/sons are blowing themselves up to kill the brave men and women trying to defend us. They don't want peace, they want to annihilate us. /rant
Do away with our corrupt tax code. Support the Fair Tax
MGen Lord, Will new Air Force Specialty Codes (AFSCs) be created to differentiate the military personnel filling these roles from traditional Comm personnel? Will this new Command be staffed primarily by military/DoD-civilian personnel, or will they be relegated to supervisory/leadership positions only, with contractor personnel providing the bulk of the workforce?
General-
Please consider changing the name of this new command. "Cyber Command", or "Cyber-anything" sounds, well, goofy to me. I'm a programmer. Using the term 'cyberspace' reminds me of other faded terms like, "e-commerce", "information superhighway", "home page", etc. I know it's a small thing, but really, I laughed out loud when I heard the Air Force was starting this Cyber Command. Do I have an alternative? No; I'll leave that to the naming/branding experts. Thanks for listening.
U-H
General,
When engaging in cyber-warfare how you you judge a victorious scenario? Do you use offense measure to render them unable to launch attacks? Or are you only trying to repel their attacks on you systems and networks?
Save a life, sign your organ donor card.
General, I've been reading up a little on this because I'm considering joining the Air Force after (during?) college, and I have a question that I think many people have, but I hadn't seen it asked yet:
What will be the setting for those involved in the new Cyber Command? I take it that the main base will be somewhere in the States, but would we be deployed to places like the Middle East? I can easily imagine a facility in an air-conditioned office-type building, but I'm not sure how well it'd work in situations like those in the Middle East...
Also, If we are placed near active combat, would we be seeing combat ourselves? I myself would probably be comfortable with handling and operating weapons, but I can't say whether many of the people you are trying to attract would be... Many might even be comfortable with a standard sidearm. (I once participated in a school trip to Pease ANGB, where myself and two others were treated to a session in the combat simulator, with a once-real M16, M9, and one shotgun that I don't remember the name of.)
You're uninformed. The muslims conquered almost their entire empire without a single civilian casualty. Their dogma was not to uproot one tree, or set fire to a house, or kill the weak or the unarmed or the women or the elderly. Other then their initial faux pas with som arab jewish tribes, they led the most humane example of honorable warfare in history. They had control over most of the known world (spain to china) and yet only a limited number of people converted, usually over many decades (90 years for most of palestine). You are brainwashed, stop watching fox news.
Apparently power plants & telecommunications fall under that domain and wikipedia claims (without a citation) that it's a war crime to attack such infrastructure... which makes me wonder why the first thing the USA did upon invading Iraq was to cut phone lines, power lines and destroy water pumping stations.
You may be right, but the reality on the ground speaks otherwise.
[Fuck Beta]
o0t!
Is there a scenario where it would be possible for Major General Lord to obtain the title of "Lord"? Because then he'd be Lord Major General Lord. And that would be awesome. Not quite as awesome as Major Major Major Major, but still awesome.
I understand you can't answer specific questions on your budget expenditures. However, I am curious about your departments' general strategy for acquisition in agents and equipment. Given that your branch is both new and will be charged with handling challenges that could include: mitigating massive Denial of Service attacks from computer nets across the world; specifically targeted viruses against pentagon and other systems; and digital interference against foreign hacker teams, will your team be expected to have a high machine:cyber-agent ratio or rely more on effective individual actions using fewer machines?
I agree the reality is different, but I would not change my values on the battlefield because others in the "free world" have decided to cause fatal diseases among a civilian populace by bombing water stations, or engaged in organized (literally sanctioned) brutal sexual humiliation, or gang rape and murder of 14 year old girls and their families. Our governments need to work with OUR values, not the other way round.
Captain, I hope you realize that people who use the internetz partake in a strange, ritual also known as FGT-TREE. The Arm Mary has HIStoryiCALLY not liked homosexuals, are you willing to lie next to one now? is that why you received additional training, to accomodate for them? It actually goes against Zionism, you should refer to your paymaster, cuz it's not what it says in the Torah!!!! Additionally why not persue for piece, why does everyfink have to b so aggresive??? Simple but universal rule is "don't piss folk off and they won't piss back on U"
I did RTFA, and found no mention of
The article only talks about limitations on service-members' own logs and/or contributing to those of others.There is nothing wrong with such limitations per se — controlling, what information gets out of the military, is perfectly legitimate.
In Soviet Washington the swamp drains you.
US Air Force blocking blog access
...
and
US Air Force accepting questions about recruitment, cyberwarfare etc. on the oldest and largest blog of all, slashdot.
Care to comment ?
You must either be from a fly over state or still in high school to be this ignorant. Evidently killing women and children is a good thing to you. Ask the Japanese how that went for them in ww2 after raping and killing whole populations.
Will there be any mission that needs to be done on board a supersonic stealth aircraft, or a spacecraft? How about a mission involving an "Alien" computing system (i'm not referring to a Dell/Alienware).
I understand that the purpose of Air Force Cyber Command is to defend and protect our country from cyber-doom, but can we please invest a few of our tax dollars into hiring a graphic/web designer to build a new website for you guys? When comparing it to other military websites, it looks less like a branch of the service and more like a secret club that some twelve year olds assembled in their back yards. Perhaps you'd be able to recruit more professional, top-grade security specialists if your website didn't look like it was outdated a decade ago.
Why does a division of the military have an "Art" section on their website? Are you gonna get the bad guys with 1337 Gimp skills..? If so, I'd love to join and enlist for the position of "Technical Gimp Sergeant".
Do you forsee a time when we find out that country X broke into our infrastructure and say brought down the Internet (or maybe just part of it like DNS), causing an war? Would this be limited to taking down their computers or is sending in physical force acceptable? Would we ever really call out a country who is trying to hack us or do we just batten down the hatches to prevent them from getting in? Would you make this public? After all, we are probably doing the same thing.
On a side note I am really interested in this. I currently work in IT as a DOD contractor, and am pursuing a degree in InfoSec. Do you think cyber command will be contractor dominated or military personnel dominated ? Would you accept someone who is given a guaranteed position in this command who is say 27-30, has a masters in infosec and is willing to take a little bit of a pay cut to have this on their resume when they get out in 4 years?
In conventional warfare, certain actions such as hiding among civilian populations are forbidden. These actions are considered war crimes because of the collateral damage they are likely to cause. What actions in cyberspace do you think should be outlawed? How about intentionally bringing down hospital IT systems, or destroying undersea cables without regard to the effects on civilian populations? I think the military should fuck off and leave the Internet alone.
This whole CyberWarfare crap is just a Government excuse to fuck with the Internet, Honestly how do they think up this stuff?
~Dan
P.s Please deliver a bullet to the head of whoever coined the term "Cyberwarfare"
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
What, if anything, is being done to counter the threat of embedded trojans or related hazards?
There are probably a hundred million PCs in the US, and a very high percentage of them are built from components manufactured overseas. A clever enemy could embed hostile code in any one of a number of places: northbridge/southbridge chipsets, graphics cards, bios, network controllers, maybe even memory controllers. Attacks could be anywhere from stupid brute force deletions, document corruption, or denial of service to sophisticated attacks like stealthy targeted data alteration, network sniffing, etc. Threats could be very hard to detect, and triggering could be done via any one of a number of covert channels (including time-based, network based, or complex schemes with cooperating viruses or worms).
There was a widely celebrated case where US operatives got trojaned equipment into the supply chain of the Soviets and destroyed a gas plant (http://www.msnbc.msn.com/id/4394002). This would be a minor blip compared to the damage that could be done to American business interests if some compromise of even a fraction of one percent of the desktop computer hardware in the country were to be activated. And given the DoD emphasis on COTS products, are there any efforts to vet and/or protect important internal systems?
Maybe a deeper question, since computer assembly, board design, BIOS/EPROM coding, and chip fabrication don't require any particular security clearance, is it even possible to protect against such attacks?
Eloi, Eloi, lema sabachtani?
www.fogbound.net
When the Israelis destroyed the new, state-of-the-art Russian air defense system in Syria in 2007, the attacking aircraft didn't even appear on the radar they were destroying, and IED attacks are way down with the introduction of tech that... are we at the point where realtime countermeasures are the true state of the art in cyberwarfare, rather than the sideshow of internet security? What's the next step? Jamming enemy ICBM go-codes? Triggering remote detonation of same? Are we already at that point?
With your experience in cyber warfare, I'm sure you've developed some opinions about cybercrime that apply to the world outside the military. How would you go about getting rid of cybercrime on the Internet?
In Soviet Russia, I ruled you
General-
Do the big intelligence agencies--CIA, NSA, NRO, FBI--not already fulfill this role? Is the Air Force reinventing the wheel with this program?
As both a taxpayer and an NCO, how can I trust that this AFCC will hire and train its members to some standard that we never see in the field?
Do you plan on becoming an entirely insular organization?
If so, why is the Air Force accepting this mission instead of spending the money on renewing our aging fleet of _AIR_craft?
Thank you for your time, General.
-b
No offense, but I've stopped responding to AC's.
A large number of your company grade communications officers have been involuntarily separated over the last few years under the "Force Shaping" programs. As many as 30-45% in some year groups. Some of these young officers came equipped with the know-how and enthusiasm to carry out AFCYBER's mission. What justifies the search for information warriors when the Air Force is dismissing the "blue-suits" who have already volunteered?
Not ignorant. More informed than most people. Go read the Koran. It specifically says that those who do not convert to Islam must die. Now I realize that not all Muslims believe this, but this is a tenant of their religion.
Read my comment again. I said we shouldn't be trying to kill civilians. However, these people are not as "innocent" or "peace-loving" as people think. Not by a long stretch.
P.S. If I went to a government school the "High School" flamebait would have some merit.
Do away with our corrupt tax code. Support the Fair Tax
General -
I'm among the skeptics who doubt the US military's ability to ever move at "Internet speed." Today's cutting edge exploitation techniques are being developed by a very loose constellation of independent networked actors; in such an environment, change and innovation occur very rapidly. The military, with its reactionary "closed-by-design" sub-culture, its tight legal restrictions, and its well documented tradition of bureaucracy, in no way resembles an agile innovator. If the USAF attempts to mass-produce hackers in the same way it now mass-produces pilots and mechanics, the results are predictable: any real-world hack is likely to be buffoonish, easily detected, and traced back to the USAF; the blow-back from such a failure would likely end Cyber Command's offensive mission.
Rather than trying to build a "conventional force" of hackers, why not adopt the Chinese model, where the Government covertly leverages the civilian hacker community, rather than relying on their own organic capability?
An this smell is not coming from my trash can, but from this post about fighting a cyber war..
So now, since the extinguished Cyber Angels fell to the ground in a muck of run an hide, when all their spammers were failing. They are attempting to make another, spam, 'take privacy information', "Club" that talks of fighting a war of cyber vandalism.. But are the Vandals. What sort of mockery must keep clueless persisting as so.. People that make the problems, come on to open source forum posts as the understated Slashdot an try an 'recruit' the gullible? My, my.. what a bunch of dingbats that are trying to merge out to the innocent to get them to do they're virus trend bidding(s).. So as we all hold our breathe to this post.. I hope no one gets suckered into this Post about this 'cyber warfare'.. That everyone an their grandma knows the internet spam is most likely being lead by theses 'Cyber Generals'.. So whats going to be the verdict when The cyber General steals a innocents identity it will most definitely be the cyber generals attacked(hacked) them selves an made off with members names.. Which really they stole someones identity an need a diversion so that no one notices it was a gimmick the whole time!
To the General: So this is going to end up as hide an seek once more for you, do you really think you can gimmic people again with this lunacy? You are causing your final problems..
I have lived in New Orleans previously and it is not a haven for "cyber warriors". In fact, there aren't too many IT jobs in the area at all. Why not move the Cyber Command to another area where there would be a much higher supply of IT professionals?
They don't trust you, and they shouldn't. Airmen shouldn't be trusted on their own to do anything without strict guidance and remedial measures readily available. When that happens, abuse happens. Airmen can't be trusted to stay away from malicious links in email; nor to surf only for appropriate content. I was at a base where an airman got caught downloading 1200 pornographic images during an eight hour shift! I can only assume there wasn't "work to do" due to him being super efficient.
Sir,
With the Air Force currently force shaping its airmen in order to recapitalize the aging aircraft fleet, where does a new Major Command and the ensuing support structure fit into the overall plan of doing more with less? Is there some reason why this has to be a Air Force program and not a joint contribution program? Also, with the increase in contracting out 3C0 and other networking career fields, does this entire MAJCOM have the possibility of being outsourced in the near future?
Those who live by the sword, get shot by those who live by the gun...
Looks like Tom Clancy and his pals weren't too far off the mark. It's shapin up to be a mighty cyber future.
Codifex Maximus ~ In search of... a shorter sig.
Anyone with even a moderate level of experience in Computer Security knows that the criminal element is often way ahead of the private sector and/or government in terms of effectiveness and technique. Do you have a specific plan to counter other countries (i.e. Russia and China) that are more willing to work with their criminal element then we are?
General Lord,
I served proudly as an active duty member of the United States Air Force for 4 years and then in the Reserves for another 4 years. Although the Air Force is generally regarded as the most "modern" of the U.S. military branches, I still found that the overall structure was too rigid to take me where I wanted to go, so I followed my inner geek and moved fully into the civilian sector.
You said, 'We have to change the way we think about warriors of the future.' At first, I guessed that you would hire these individuals into government contractor positions, but the Wired article implies otherwise. Many of the brightest security experts, by nature, are highly independent and have a noted distaste for many of the standards that being in the Air Force require, such as basic training, dress and appearance, and physical fitness. How far will the Cyber Command bend the traditional standards in order to persuade the best and brightest in the security field to sign up into a military career?
Like one of the other posters, I too have(had) TS clearances and 20 year IT professional, no military experience but believe the government and perhaps the military needs many IT pros to fill in for the soon to retire. I certainly would work in a reserve capacity (silimar to military reserve) for help out during a crisis or just to fill in for the regular guy wants to take paternity leave for 3 months. Just keep in mind that at least some of us would help out a weekend a month and two weeks every year or two. BTW, i'm a CIO of a $1B company and we know our sh*t.
William, No intelligent human will join your society of violence and destruction. Fuck you.
While there may be others out there, /. is a good place to start for recruiting the talent sought after by such an agency. It also serves as a way of obtaining direct input from such talent by agreeing to respond to their questions and possibly tailoring their entry requirements to attract said talent.
IMHO, if they open it up to private contractors (GSA-style terms and pay), that would be your best bet. If enlistment is required, caveat emptor.
With an increase in data theft at all levels in the US, it is obvious that the country is in dire need of talent to secure the various infrastructures critical to the economy. Unfortunately, all the talent in the world is not going to guarantee that you'll end up with a supervisor or upper management structure that knows their ass from a hole in the ground. At that level, it's all about politics; which is why those that have many years of experience and tenure in any agency tend to quietly exit stage left into the private sector and become consultants or open up their own security firm.
Best of luck to us all!
---
Always keep in mind:
"All warfare is based on deception."
~Art of War (Ch. 1, paragraph 18)
Major General, Your efforts here are worth noting if they are truly sincere and you have backing from individuals with nicer offices than you. I don't want to come off adversarial but I just saw what I expect to be the first of many commercials on TV about this new "Cyber Command" to recruit individuals. You cannot expect to put together a team of qualified, battle tested and real world "cyber" trained guys and gals with that glossed over public relations regurgitation. Yes, I said battle tested. Pressure and resilience come in many forms that do not involve a gun. The people you are looking for will be extremely turned off by sending out a "Hackers" movie type recreation of how to protect the nation from "Cyber crime" by clicking a button or two and then seeing a big "GUARDED" screen pop up over the US. We don't feel safer when we see that. Just the opposite actually, it's sad to see something that dumbed down would be released to the public airwaves. I don't envy your position right now. But I must posit that nothing good can come from this with its current direction. The ones that can help would not get within a mile of this and the ones that would, I can can guarantee you sir, you don't want them clicking any buttons. My question would be: From what I have seen so far your marketing and PR is going to fail. You have a chance right now to change that before it becomes unrecoverable. Are you willing to bring in the proper resources and mindsets to make your project viable and have a chance to make some progress? Thank you for your time and best wishes, ~S
General,
Since operations within the cyber theater will require the application of minds more than the application of bodies, have standards for developing and maintaining the level of mental fitness (as in high stamina and a consistently high level of cognitive function, for example) required for the work in question been created?
SARAVA!
Major Lord, I would like to know what your stance on the usage of community based volunteer groups, like the Neighborhood Network Watch (NNW), for surveilling networks that are public or used by the public. Since it appears one such group is already operating both in NYC and LA, that being the Neighborhood Network Watch, with backing from the Department of Homeland Security (DHS). Do you condone the usage of the community eavesdrop on the community itself, in order to fight "terrorism" in the community and if so does the Cyber Command work in conjunction with such group(s)?
General,
Do you believe that the combined arms concept exists within the cyber theater?
SARAVA!
I believe that in this instance, the interview guest should obtain a user ID and answer as many questions as he sees fit, as opposed to the limited selection passed on to him.
This is that important.
SARAVA!
Superworms such as Storm represent perhaps the greatest threat to the internet becasue their stealthy natures allows the organization of millions of computers into a covert zombie botnet before their true exploit is finally launched. Will Cyber Command launch offensive operations to hunt down and destroy superworms already imbedded in cyberspace civilian computers, or create supermilworms (new word for CC use if you wish, with zero Google hits) that covertly draft millions of civilian cyberspace computers as secret War Reserve resources available for future callup and deployment in a future cyberspace battle?
And, herein lies the rub - the separate domains are interconnected, and there remains the question as to the assurance that is provided by the hardware and software systems that are responsible for keeping them segregated.
Today, those interconnections do not use (m)any of the principles of the old Orange Book (Trusted Computer Security, or TCSEC) Class A1 system security designs to defend against subversion - of their supply chain, of their maintenance processes, patch distribution, nor even the higher assurance design approaches that might lead to even EAL5 or EAL6 Common Criteria systems.
Rather, they rely on "defense in depth", which is a sort of fiberglass, or plywood, approach to construction - light, strong, but never designed to be penetration proof.
The TCSEC Class A1 (and to some extent CC EAL7) assurance measures are designed, specifically, to be able to demonstrate to an impartial 3rd party that there are no hidden back doors in the system to bypass security, whether intentionally or accidentally introduced. They do this through both rigorous analysis of design and correspondence checking between objectives (enforce a policy), requirements (implement the policy), design, development and maintenance of the security enforcing functions of the system. They're required to be formally specified, and demonstrably minimal in their implementation.
Full disclosure: I work for a company attempting to resurrect Class A1 (TNI Red Book, specifically) products for use in cyberspace applications. Its been done successfully multiple times, for multiple products. Some of those products have been specific function devices, and others were multi-purpose systems designed to provide trusted (no back door) enforcement of security functions (MLS) so that untrusted applications running on them don't have to. It takes a decade or more to accomplish from scratch.
Large systems are composed of many smaller systems. Plywood is a fact of life in both hardware and software. But when the security (assurance) of the system rests on small pieces known not to already contain holes, you can concentrate on the functionality provided by the plywood, instead of pretending you'll use it for strength and endurance.
What is the current / projected budget for Cyber Command, and what percentage / amount of that budget do you plan to offer to either the SBIR Program or X-Prize style challenge competitions?
First time I WISH I HAD MOD POINTS!
So what if he/she is anon . . .
I could not agree more.
I am not one to become excited over stuff, yet I think this is probably one of the most important threads ever . . . am I the only one to realize this? This is THE MAN admitting that he needs us! And this is in everyone's best interest! You think our suits are bad? Try some Asian (and that was not racially motivated, trust me) or 3rd world suits . . . those people redefine the concept of the infliction of suffering . . . I know, I LIVE in a 3rd world hellhole (Colombia) . . .
SARAVA!
Dear Gen Lord:
In major campaigns, the National Guard (and Air National Guard) play a significant role and are often the front line service. How do you see the individual state Guard units participating? In addition, what Civilian roles will be both a part of the Guard and contracted to the Guard?
Banjo - The more I know about Windoze, the more I love *nix
The quasi-private industry of defense contractors and military engineering companies have been a key element in the military development of the United States. What role do you see for the private sector in advancing our capabilities for cyberwarfare and cyberdefense?
General,
1. I am an active duty Loadmaster and am on what the Air Force considers a 'critical job list' of sorts. Would I be allowed to retrain to a field in the new Cyber Command, or would the Air Force prefer to retain me in my current job. Are the new cyber positions also considered 'critical'?
General,
What relationship do you see between the officer and enlisted positions in this new command? Would it be the traditional Air Force model of having the officers with the Bachelor's Degrees (presumably in a computer field) be the 'tip of the spear' so to speak (the actual offensive computer user) with the enlisted force backing him up? Or do you see it as a place where the enlisted would man the actual offense and defense with the officers acting in more of a leadership role, managing the talented? The most talented hackers in the world problably have no computer degree and no interest in obtaining one.
General,
The Air Force has been drawing down sharply on lieutentants in the last few years. It would seem that this new command would be protected from such draw downs, but perhaps not. Do you see a position in the Cyber Command as having a large amount of job security in the next 20 years?
General
The background of individuals has not traditionally been as important as the training the Air Force gives them. Do you see an in depth school forming (aka pilot training) for people who are computer savvy, but not necessarily the 'hackers' the Air Force would need in key positions? Or would this command be more interested in hiring individuals already in possession of such talents?
I am not a military historian, but up until recently, it seems as though waging war against another entity primarily meant taking control of their physical territory on the ground and taking out important resources by bombing or some similar high-impact targeted strike. How will Internet warfare change the basic structure of a military campaign? What would a full-scale war incorporating cyber warfare look like?
Some more specific questions in this vein:
This space reserved for administrative use.
How do you envision cyber warfare being applied to conflicts that are primarily against groups of insurgents (Iraq for instance), as opposed to a war against another nation?
This space reserved for administrative use.
General,
I've worked close enough to the DoD/IC community to realize that there
is a tremendous amount of overlap and (pardon me) pig-headedness in
various groups. There are already countless gov't organizations that
have a huge overlap in functionality. Yet, each will assure you
that they have THE best and most important and definitive program.
So my question is two-fold... (1) Why put this "cyber" stuff under you
and the military (and not under some other branch of the government) and
(2) what's to say that some other part of the government won't do it
better (especially in light of many of the skeptical comments you may
already have noticed here)?
Basically, why the Air Force, and not the DIA/CIA/NSA/DHS/ETC?
General Lord,
.mil space? Does AFCYBER monitor and respond to critical infrastructure-related attacks on corporate assets? How does AFCYBER act as a counterpoint to US_CERT?
What are your operational boundaries? Are you restricted to incidents in
DWhite
"Even if you're on the right track, you'll get run over if you just sit there" - Will Rogers
re-nationalize DARPANET? "Cybercrime" and "cyber-terrorism" conducted on a tool built by the US military doesn't sit well with this taxpayer. Paying 6-figure salaries to combat those abuses of US property by foreign nationals is also not representative of my interests. Why shouldn't we de-commission the whole project, cease allocating IPs to all foreigners and foreign holdings, and let private industry either make the World Wide Wasteland profitable on their own dimes or declare bankruptcy one-by-one?
All 19 hijackers were known terrorists 09-10-2001. Lack of FBI intelligence does not justify warrantless wiretaps..
I tried to join the military some time ago, and was given the response: I'm too old, have slight asthma and i had a broken arm one time and thats not allowed. I'm 31 years old and my broken arm and asthma certainly doesn't affect me when I'm coding. Also, I am a high school drop out, and no degree, but I've worked with Microsoft, Stanford University, US Department of Energy, Junjiper Networks and Cisco Systems and can prove it. Is the military going to be insistant about "formal qualifications and procedures" - if so, they will lose the real talent, as I'm sure many of the best are informally trained. I'd suggest a testing mechanism similar to MCSE, CCIE, MCSD .. etc and a stringinent background check. I'd drop my $100/hr contracting rate to help secure america, earn a degree and get into shape, but will the Military be "broad" enough to draft the truly competent - or insist that I not have ever broken an arm and can run a mile in the appropritate time?
This is something I really hope gets asked. A lot of the comments here seem to be of the "the people you need aren't going to fit in with the military structure" as well as, "are you sure you even know what you're getting into doing this?"
I think Internet Privateers, a sibling-comment suggests, would be perfectly legitimate - and as effective, if not more effective, than an organized USAF "cyber attack" on, e.g, the PRC. I don't doubt the need for a "cyber command" to protect American information infrastructure, but I strongly suspect that an distributed, head-less method of attack is a better offensive strategy than a monolithic one. And I think most people on Slashdot would agree (although I am eager to hear arguments against it).
So really - what is your response to what the parent suggests? In the case that an offensive is required against enemy information targets, would the USAF be willing to publish a list of IP addresses for private citizens to crack?
Nemilar http://www.techthrob.com - Visit Me!
Major General Lord, I've served in the United States Navy and I left in disgust after six years because I saw the military is being subverted by evangelical Christians at every level.
..."
My question to you is this: How does the US Air Force expect to recruit intelligent, free-thinking computer security experts into an organization that has been thoroughly corrupted by religious fanatics bent on bringing about the apocalypse?
Mikey Weinstein describes my concern in this quote:
"Every single time radicalized Christianity has engaged the machinery of the state and the armed forces, we have ended up not with puddles and little streams, but with oceans and oceans of blood," he says. "I'm not just talking about the Holocaust or the Inquisition or the four Crusades, I'm not just talking about the Black Plague; it's the transition from Plan A to Plan B.
"In Plan A, evangelical Christians with a smile on their face will ask you to please, please, please accept their biblical worldview of Jesus. The problem with that is, inevitably, Plan A morphs into Plan B. They stop asking so nicely, and then you have the Holocaust, the pogroms, the Inquisition
-- 1099-07-15 -- never forget
You must be thinking of administrative networks, in which windows is prevalent in military. Operational networks tend to use whatever OS is appropriate (and windows is very rare). I've seen a lot of Solaris. Don't expect to see Mac's except as a gimmick, there's to many custom software solutions and I can't see why they'll design a position around Mac OS.
But whatever system you are using, expect it to be locked down, and if you need something changed/installed then it won't happen in any timely manner. This is the military and bureacracy is king.
General, In relation to the Air Force taking on the added responsibilities that Cyber Command is assuming, could you give us estimated percentages of the workforce within Cyber Command and its satellite agencies in terms of Uniformed Air Force, Uniformed non-Air Force, Government Civilian, and Contractor workers.
My name is Mike Hoffman and I'm a reporter with the Air Force Times. I am working on a story about the Air Force's new Cyber Command. I was hoping to speak with some of the computer experts out there interested in possibly joining the Air Force and working under its new Cyber Command. My office number is 703-750-8670 and my email is mhoffman@atpco.com. Give me a call or drop me an email and I just wanted to talk about why you might be interested. Thanks, Mike
"Why does the porridge bird lay its egg in the air?"
"Flyin' in just a sweet place,
Never been known to fail..."
Watching a TV ad for AF recruiting - I see scenes of "Cyber Warriors" and the narrator describes the role as "defending America". So, what is the role - defending America, or defending US Military infrastructure? Given that foreign intelligence goes after secrets in US industry - how will the USAF step up to the plate and defend us? As a first responder? How does this fit with posse comitatus? And given the generally poor state of protection across the federal sector - will you help them? and how? I understand using USAF for offensive IO, but am not seeing how you can practically address defense.
Hope is the worst of evils, for it prolongs the torment of man. -- Friedrich Nietzsche
Maj Gen Lord,
Sir, I'm glad the USAF is recognizing the legacy of Billy Mitchell and taking the sometimes unpopular initiative to establish a footprint in cyberspace. What do you think about establishing a program to recognize or reward people who identify vulnerabilities in Air Force software and systems? With a centralized disclosure system you could improve system defenses by altering the current climate - encouraging the discrete reporting of holes in system security. If the program is structured and well defined, you could discourage "insider hacking" and still tap the brain power of geeks who may not be lucky enough to be assigned to the new command.
Respectfully,
phreakngeek
How will you address domestically launched attacks?
I am very small, utmostly microscopic.
Major General Sir: If this is a new non-physically confronting environment to fight in, then will the definition of a suitable recruit be modified? Older people and even physically disabled people could compete in this arena on equal footing with the standard young and physically fit military recruit. I, for one, would be interested in signing up, if that were an option. I believe there is a wealth of talent for fighting cyberwarfare among those older than 29 and unable to do 10 pull-ups or run 5 miles. Thanks.
Any chances joining up for this will lead to getting a robot body, with 400 times normal human strength, all networked to create a supernerd with jugs of justice?
I don't want this to sound like the obligatory "me too" posting, but where do I sign up?
:) (Been there, done that, have the video of it). You should already have a file on me, marked "mostly harmless".
I've done quite a bit of network security. One of the sites I worked for had amazingly high traffic (millions of web viewers daily) and was constantly bombarded by attacks. In the late 90's, I'd cite 10 per second. That rate kept going up, but their success rate remained 0. Those ranged from basic DoS to well constructed intrusion attempts.
I kept our network secure through good firewall rules and access controls. On a fairly regular basis, I was asked to help with intrusions on other people's networks, where I'd identify, isolate, clean up, and protect. It was always interesting (bordering on fun) to see how they were doing things, and protect against those actions.
I know my methodology wouldn't be the same as the USAF method, but it's real world experience to make the "bad guys" go away. Unfortunately, retaliation was not an option, as a civilian I have no legal protection in such actions.
I cannot enlist in the US Armed Forces, as I've had surgery done on one of my eyes, and this restricts my ability to enlist. In a field like this, I am good. I say good, because I know there are people better than me, they're just very rare to meet.
My site (in my header) should give sufficient information to find me. Just don't park a black helicopter over my house, it annoys the neighbors.
Serious? Seriousness is well above my pay grade.
for anything it buys: 3000 years ago or so, Sun Tzu said 'Governments always pay the highest price in wartime.' Given that defense amounts to "wartime", is the Congress going to understand fully the need to have top notch people and equipment for understanding & engaging cyber threats and warfare in all its forms, and then Funding it Properly?
Does posse comitatus apply to a DoD cybercommand operating in the United States and with regards to U. S. citizens?
Have the lawyers drawn you a CONOP box yet?