Slashdot Mirror
Air Force Cyber Command General Answers Slashdot Questions
Here are the answers to your questions for Major General William T. Lord, who runs the just-getting-off-the ground Air Force Cyber Command. Before you ask: yes, his answers were checked by both PR and security people. Also, please note that this interview is a "first," in that Generals don't typically take questions from random people on forums like Slashdot, and that it is being watched all the way up the chain of command into the Pentagon. Many big-wigs will read what you post here -- and a lot of them are interested in what you say and may even use your suggestions to help set future recruiting and operational policies. A special "thank you" goes to Maj. Gen. Lord for participating in this experiment, along with kudos to the (necessarily anonymous) people who helped us arrange this interview.
How do we prevent "mission creep" (Score:5, Insightful)
by Jeremiah Cornelius (137)
It appears that the military is increasingly involved in areas who's jurisdiction was once considered to be wholly in the civil domain. Use of jargon like "cyberspace" seems only to obfuscate and distract from the core issue. This appears an effort to recruit public opinion and defuse the deeper questions that strike at the heart of a free and civil society. I think that if we had a statement that "The private mails are a warfighting domain" would generate a fair amount of debate on the role of the military as opposed to the police, the function of constitutional protection of liberties, and the question of what actually constitutes a state of war.
What are the limits on this jurisdiction? Who enforces these limits, and how is the public informed of that status? How are efforts to extend being safeguarded from creating mission creep that threatens all civil discourse in the United States and abroad form targeting, suppression, propaganda and extra-legal surveillance?
ANSWER:
A very good question. It's a complex issue, but bottom line is that we won't need new laws to be able to fly and fight in cyberspace. The DoD's role in protecting cyberspace is governed by domestic and international law to the same extent as its activities in other domains. Other U.S. agencies, such as the Department of Justice and the FBI, have important and, in many cases, leading roles to play.
Attacks on the US and its Allies by China (Score:5, Interesting)
by Yahma (1004476)
There have been several recent news reports that China has and is engaging in a nationally funded effort to hack into and attack US government computer systems. The German government recently announced that they traced recent aggressive cyber-attacks back to the Chinese government. What, if anything, is being done against this type of cyber-terrorism against us and our allies? Why do we still confer most-favored nation trading status onto a Nation who is actively engaged in efforts to spy on and attacak our government and corporate computer systems?
ANSWER:
Yes, there are lots of news reports on that, but I'm sure you can appreciate the fact that there are other branches of the U.S. government that must answer your foreign policy questions. I can tell you that securing cyberspace is difficult and requires a coordinated and focused effort from our entire society - federal government, state and local governments, the private sector and the American people. The Air Force is working to improve our ability to respond to cyber attacks, reduce the potential damage from such events, and to reduce our vulnerability to such attacks.
Accept, Retain, Solicit good people? (Score:5, Interesting)
by Lally Singh (3427)
General,
Some of the most talented people in computer security tend to have the sort of records that prevent them from getting clearance. Maybe nothing heavily criminal, but enough of a colored background that traditional security clearance mechanisms would throw them out of the room before they get started. Often the same types of minds that are really good at computer security are also the rebel types, who'll have some history. Will you work to get these people in, or are we looking at a bunch of off-the-shelf programmers/admins who've taken a few simple courses in computer security?
Also, how do you plan to attract/retain them? Again, rebel types are some of the best hackers, and they're not likely to go in without incentives. Not due to any lack of patriotism per se, but an unexplored understanding of it. More importantly, they're likely to be anti-establishment types who aren't comfortable in the strict traditional chain of command. Finally, usually the outside industry pays quite well for the good ones. Are you prepared to financially compete for the best?
Finally, will there be any connections back to the research/academic community? You may find academics more happy to help than usual, as cyber warfare can often be nonviolent. Also, will the existing (and immense) capability within the NSA be properly leveraged?
ANSWER:
I believe even the most unlikely candidate, when working for a cause bigger than himself, turns out to be a most loyal ally. Young men and women come into the military for any number of reasons - education, health care, etc. - but end up staying because they believe what they're doing matters. We know money doesn't create loyalty--a sense of purpose does. We'll take what they have to offer, and in turn they might be surprised by what they get back. It's not just our military members either, it's all those who partner with us . . . academia and private industry, our civilians and contractors, too. In the cyber command, there is a purpose and sense of urgency to be ready. You can bet that we leverage all the expertise out there to help us do our job.
Older recruits? (Score:5, Interesting)
by rolfwind (528248)
It seems that in the military traditionally it was always looking for people fresh out of highschool for EMs and if you wanted to get anywhere in the military you had to be either college educated or, to really have a high end military career, start really young in something like the Valley Forge Military Academy and work from there.
In a traditional branch of the army/navy/airforce that is probably as it should be.
But in this area people have to be trained for years, still not know as much as the older hands in the private industry, and before they really know enough their enlistment would be over. Also, it would be unacceptable for an older IT person to join but take a pay cut to a Private's level or perhaps even a Lieutenant's -- so I imagine this branch would have to be somewhat different.
Is the military going to do to reach out toward the older folks who have extensive experience and knowledge outside the military?
ANSWER:
As I work alongside today's Airmen, many with very specialized skill sets in great demand outside the Air Force, I find them to be incredibly well trained and up-to-speed on current technologies. We bring them in from a general practitioner level and take them to expert level in reasonable time ... and well before retirement age indeed! We train them with specific technical skills as well as overarching abilities required to lead in today's environment. You're right in that we couldn't compete in the cyber world without the experts in the civilian industries who give us the technology in the first place, provide the architectures we use, and even the software we need. People don't have to enlist or take a pay cut to help us out. Certain skill sets can also be brought on board as civilians or contractors, and in many cases we do offer compensation competitive with the commercial sector.
Which acts of war should be illegal in cyberspace? (Score:5, Interesting)
by cohomology (111648)
War is never clean.
In conventional warfare, certain actions such as hiding among civilian populations are forbidden. These actions are considered war crimes because of the collateral damage they are likely to cause. What actions in cyberspace do you think should be outlawed? How about intentionally bringing down hospital IT systems, or destroying undersea cables without regard to the effects on civilian populations?
ANSWER:
The U.S. military complies with all applicable domestic and international laws, and that will certainly apply equally within cyberspace. The Law of Armed Conflict, for example, arose from a desire among civilized nations to prevent unnecessary suffering and minimize unintended destruction while still waging an effective war. It would be possible, as you mentioned in your scenario, that some who ignore the laws of civilized nations could conduct operations in cyberspace that may have unlawful negative consequences on civilian populations. For us, abiding by these laws, being good at we what do and maintaining a technological advantage over our adversaries provides us a first line of defense. Those who commit unlawful acts would certainly face potential criminal liability for war crimes.
Physical Fitness (Score:5, Interesting)
by spacerog (692065)
General, You were recently quoted in Wired as having said "So if they can't run three miles with a pack on their backs but they can shut down a SCADA system, we need to have a culture where they fit in." Is this an accurate quote? As a former member of the US Army I must say that passing a PT test is not very difficult and the suggestion that some soldiers should be exempt from basic minimum requirements is rather upsetting. Are you actually advocating the relaxation of military physical fitness standards for 'cyber warriors'? Would this not create a double standard and animosity between the cyber command and other sections of the military? Surely there must be other recruitment incentives that can be applied to attract the talent you need.
ANSWER:
I don't disagree with you . . . and I am not advocating changing our PT test. What I am saying is that we, as a military culture, need to look beyond what we've traditionally recruited. The very nature of our military requires that we be able to work in combat conditions and be able to establish and protect our cyber/communications structures and networks in remote, even austere conditions. As anyone who has worked in these austere locations will tell you, being fit is critical to mission success, so I don't foresee or advocate for a relaxation of standards just to bring in this specific type of talent. But, as we know, some of what we do in cyber can be done at home station as well, so what will our force look like in the future? This is something we need to look at and evaluate as we progress in this area.
It is good war is so terrible... (Score:5, Insightful)
by MozeeToby (1163751)
A wise man once said "It is good that war is so terrible, lest we grow too fond of it". If cyberwarfare ever becomes a reality, how do we respond to the fact that is isn't "terrible"?
The direct damage from such warfare would be primarily economic or data security related (rather than a cost in human lives) how do you feel we can prevent it from becoming a monthly, yearly, or daily occurance?
ANSWER:
The fact is we are dealing with this on a daily basis and it won't be going away anytime soon. Not for any of us. The way to shield ourselves from these attacks is to be at the forefront of technology, tactics and procedures relating to operating in cyberspace. We have systems and software that are protected by multiple layers of security and functional redundancy. We train our people to be on the cutting edge of this technology, and we find ways secure our information. We have to take this very seriously because we rely on our networks to conduct military operations all around the world. The person who hates war the most is the warrior who has to go to it ... we want to prevent that.
Criminal vs Warlike Actions (Score:5, Interesting)
by florescent_beige (608235)
General Lord,
Does the AFCC have a mandate to pursue criminals that use information infrastructure to commit crimes, or is your group intended to defend against warlike attacks only?
If the latter is true, how would you distinguish between criminal activity and warlike activity in cyberspace?
ANSWER:
The speed and anonymity of cyber attacks makes it very hard to distinguish what actions would be those of terrorists, criminals, nation states or just some lone prankster. Our command coordinates with government partners such as the DoD's Cyber Crime Center staff, who work with law enforcement officials to investigate and prosecute criminal acts if necessary. A "war-like activity" can also include presenting misleading information to our battlefield commanders. So, we've got to be spot on about authenticating the trusted source of that information in the first place. But, generally speaking, if something is a coordinated attack that would cause disruption or an attack that required a high level of technical sophistication to carry out, that would cause us to take a closer look and recommend a proper response.
Legal Hacking... (Score:5, Funny)
by JeanBaptiste (537955)
Just post a list of the stuff you want hacked and the more patriotic hackers will enjoy doing it for free.
Due to the nature of hacking and what many people do to acquire such skills, they may not want to 'join up' and all that.
But if you post a list of IP's that are okay to bring down, and networks you want information stolen from, with the understanding that the US will not condemn any attacks, and I'm sure more than enough people would do it for free.
Is there anything like this already in place? Cause I got nothing better to do this weekend. Or most any weekend.
ANSWER:
YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.
Could a Cyber Attack Trigger a Real War? (Score:5, Interesting)
by florescent_beige (608235)
General Lord,
I'm curious to know if you have have any criteria that would enable you do decide when a cyber attack is an act of war. Would it be possible for some kind of action inside a network to lead to a shooting war without some kind of overt physical threat occurring first?
ANSWER:
Within the Department of Defense, we are careful not to speculate about what would be considered an act of war. Our nation's elected officials are the ones who will decide what threats to, or actions against our national security will constitute an act of war against the United States. These same leaders will likewise determine what an appropriate response would be, and that could be diplomatic, economic or involve the military to demonstrate the nation's resolve. That's why it's my responsibility to oversee the building of a command that will provide our leaders, through the appropriate chain of command, with many options with which to deter threats in the first place or respond when necessary.
Why was the Air Force tasked with this? (Score:5, Interesting)
by Isaac-Lew (623)
Why should the US Air Force be tasked with this, instead of DISA or NSA, neither of which is tied to a specific branch of the military?
ANSWER:
Don't confuse the fact that we are standing up the Air Force Cyber Command to mean we are the lead for the nation, or the primary command to respond to a particular incident. We are just one part of a combined effort. Our first priority is to work with DoD to defend AF military resources, but many of those resources rely on civilian entities, so we obviously have a keen interest in protecting those items as well. We thought it was the right thing to do to consolidate our efforts and to align all the Air Force cyber-related resources so we can have better command and control. This command will be able to respond better to the needs of our commanders and be the focal point within the Air Force for cyber security and defense missions, as well as respond to emergencies and natural disasters. Make no mistake, we are partners with the other sister services--the Army, Marines, Navy--as well as with DISA, NSA and Homeland Security to name a few. We're all in this together.
Question about Existing Contractors (Score:5, Interesting)
by tachyon13 (963336)
General Lord, I currently work as the exact type of 'cyber warrior' you intend to recruit. But I already have a Top Secret clearance, already familiar with DoD systems, etc. The dynamic with what we call 'Information Assurance' is that of a constant struggle with our contractor management (stay within the contract, the budget, etc) and with our 'warfighter' higher ups (educating them on why they can't have full access from their home in the spirit of "operations are a priority, to hell with security"). So assuming you can get the type of expertise that are eligible for clearances, and that are willing to relocate to Offutt/etc, how are you going to address the core issue of security in the DoD: Operations/budget/schedule will always trump security. Or alternatively, security will always be back burner to 'hot' issues. Thank you for your time.
ANSWER:
Certainly the balance between having access to do our mission and having robust security is an issue where not everyone agrees on just how much to restrict or how much to allow. The Air Force takes the security of its computer networks very seriously and has taken several measures to educate our users and to provide secure means for them to operate. As with many other issues, the Air Force through its commanders, must assess the risks and make a decision. I don't agree or I maybe I just haven't seen where security is always a back burner item.
CyberCommand Location (Score:5, Interesting)
by Mz6 (741941)
General,
Can you explain some about the situation developing between Barksdale AFB and Offutt AFB as they try to fight over the eventual final location for CyberCommand? My thoughts are that finding and recruiting talent, and laying the foundation for such a large wired infrastructure in the Omaha, Nebraska area may be easier to accomplish than in and around Shreveport, LA. What types of things is the DoD looking for when they choose the final location for this new Command?
ANSWER:
The government actually has a regulation that covers the whole process for choosing a location for a command and it's a very defined, thorough process. The bases must meet certain criteria -- existing infrastructure would be just one aspect of many items along with communications or square footage requirements, but there are other considerations, such as the impact to the environment that the Pentagon will consider. I would hope that no matter where it was located, we would still be able to attract the talent needed to work in this exciting command and that all communities see the need to protect this domain.
How do we prevent "mission creep" (Score:5, Insightful)
by Jeremiah Cornelius (137)
It appears that the military is increasingly involved in areas who's jurisdiction was once considered to be wholly in the civil domain. Use of jargon like "cyberspace" seems only to obfuscate and distract from the core issue. This appears an effort to recruit public opinion and defuse the deeper questions that strike at the heart of a free and civil society. I think that if we had a statement that "The private mails are a warfighting domain" would generate a fair amount of debate on the role of the military as opposed to the police, the function of constitutional protection of liberties, and the question of what actually constitutes a state of war.
What are the limits on this jurisdiction? Who enforces these limits, and how is the public informed of that status? How are efforts to extend being safeguarded from creating mission creep that threatens all civil discourse in the United States and abroad form targeting, suppression, propaganda and extra-legal surveillance?
ANSWER:
A very good question. It's a complex issue, but bottom line is that we won't need new laws to be able to fly and fight in cyberspace. The DoD's role in protecting cyberspace is governed by domestic and international law to the same extent as its activities in other domains. Other U.S. agencies, such as the Department of Justice and the FBI, have important and, in many cases, leading roles to play.
Attacks on the US and its Allies by China (Score:5, Interesting)
by Yahma (1004476)
There have been several recent news reports that China has and is engaging in a nationally funded effort to hack into and attack US government computer systems. The German government recently announced that they traced recent aggressive cyber-attacks back to the Chinese government. What, if anything, is being done against this type of cyber-terrorism against us and our allies? Why do we still confer most-favored nation trading status onto a Nation who is actively engaged in efforts to spy on and attacak our government and corporate computer systems?
ANSWER:
Yes, there are lots of news reports on that, but I'm sure you can appreciate the fact that there are other branches of the U.S. government that must answer your foreign policy questions. I can tell you that securing cyberspace is difficult and requires a coordinated and focused effort from our entire society - federal government, state and local governments, the private sector and the American people. The Air Force is working to improve our ability to respond to cyber attacks, reduce the potential damage from such events, and to reduce our vulnerability to such attacks.
Accept, Retain, Solicit good people? (Score:5, Interesting)
by Lally Singh (3427)
General,
Some of the most talented people in computer security tend to have the sort of records that prevent them from getting clearance. Maybe nothing heavily criminal, but enough of a colored background that traditional security clearance mechanisms would throw them out of the room before they get started. Often the same types of minds that are really good at computer security are also the rebel types, who'll have some history. Will you work to get these people in, or are we looking at a bunch of off-the-shelf programmers/admins who've taken a few simple courses in computer security?
Also, how do you plan to attract/retain them? Again, rebel types are some of the best hackers, and they're not likely to go in without incentives. Not due to any lack of patriotism per se, but an unexplored understanding of it. More importantly, they're likely to be anti-establishment types who aren't comfortable in the strict traditional chain of command. Finally, usually the outside industry pays quite well for the good ones. Are you prepared to financially compete for the best?
Finally, will there be any connections back to the research/academic community? You may find academics more happy to help than usual, as cyber warfare can often be nonviolent. Also, will the existing (and immense) capability within the NSA be properly leveraged?
ANSWER:
I believe even the most unlikely candidate, when working for a cause bigger than himself, turns out to be a most loyal ally. Young men and women come into the military for any number of reasons - education, health care, etc. - but end up staying because they believe what they're doing matters. We know money doesn't create loyalty--a sense of purpose does. We'll take what they have to offer, and in turn they might be surprised by what they get back. It's not just our military members either, it's all those who partner with us . . . academia and private industry, our civilians and contractors, too. In the cyber command, there is a purpose and sense of urgency to be ready. You can bet that we leverage all the expertise out there to help us do our job.
Older recruits? (Score:5, Interesting)
by rolfwind (528248)
It seems that in the military traditionally it was always looking for people fresh out of highschool for EMs and if you wanted to get anywhere in the military you had to be either college educated or, to really have a high end military career, start really young in something like the Valley Forge Military Academy and work from there.
In a traditional branch of the army/navy/airforce that is probably as it should be.
But in this area people have to be trained for years, still not know as much as the older hands in the private industry, and before they really know enough their enlistment would be over. Also, it would be unacceptable for an older IT person to join but take a pay cut to a Private's level or perhaps even a Lieutenant's -- so I imagine this branch would have to be somewhat different.
Is the military going to do to reach out toward the older folks who have extensive experience and knowledge outside the military?
ANSWER:
As I work alongside today's Airmen, many with very specialized skill sets in great demand outside the Air Force, I find them to be incredibly well trained and up-to-speed on current technologies. We bring them in from a general practitioner level and take them to expert level in reasonable time ... and well before retirement age indeed! We train them with specific technical skills as well as overarching abilities required to lead in today's environment. You're right in that we couldn't compete in the cyber world without the experts in the civilian industries who give us the technology in the first place, provide the architectures we use, and even the software we need. People don't have to enlist or take a pay cut to help us out. Certain skill sets can also be brought on board as civilians or contractors, and in many cases we do offer compensation competitive with the commercial sector.
Which acts of war should be illegal in cyberspace? (Score:5, Interesting)
by cohomology (111648)
War is never clean.
In conventional warfare, certain actions such as hiding among civilian populations are forbidden. These actions are considered war crimes because of the collateral damage they are likely to cause. What actions in cyberspace do you think should be outlawed? How about intentionally bringing down hospital IT systems, or destroying undersea cables without regard to the effects on civilian populations?
ANSWER:
The U.S. military complies with all applicable domestic and international laws, and that will certainly apply equally within cyberspace. The Law of Armed Conflict, for example, arose from a desire among civilized nations to prevent unnecessary suffering and minimize unintended destruction while still waging an effective war. It would be possible, as you mentioned in your scenario, that some who ignore the laws of civilized nations could conduct operations in cyberspace that may have unlawful negative consequences on civilian populations. For us, abiding by these laws, being good at we what do and maintaining a technological advantage over our adversaries provides us a first line of defense. Those who commit unlawful acts would certainly face potential criminal liability for war crimes.
Physical Fitness (Score:5, Interesting)
by spacerog (692065)
General, You were recently quoted in Wired as having said "So if they can't run three miles with a pack on their backs but they can shut down a SCADA system, we need to have a culture where they fit in." Is this an accurate quote? As a former member of the US Army I must say that passing a PT test is not very difficult and the suggestion that some soldiers should be exempt from basic minimum requirements is rather upsetting. Are you actually advocating the relaxation of military physical fitness standards for 'cyber warriors'? Would this not create a double standard and animosity between the cyber command and other sections of the military? Surely there must be other recruitment incentives that can be applied to attract the talent you need.
ANSWER:
I don't disagree with you . . . and I am not advocating changing our PT test. What I am saying is that we, as a military culture, need to look beyond what we've traditionally recruited. The very nature of our military requires that we be able to work in combat conditions and be able to establish and protect our cyber/communications structures and networks in remote, even austere conditions. As anyone who has worked in these austere locations will tell you, being fit is critical to mission success, so I don't foresee or advocate for a relaxation of standards just to bring in this specific type of talent. But, as we know, some of what we do in cyber can be done at home station as well, so what will our force look like in the future? This is something we need to look at and evaluate as we progress in this area.
It is good war is so terrible... (Score:5, Insightful)
by MozeeToby (1163751)
A wise man once said "It is good that war is so terrible, lest we grow too fond of it". If cyberwarfare ever becomes a reality, how do we respond to the fact that is isn't "terrible"?
The direct damage from such warfare would be primarily economic or data security related (rather than a cost in human lives) how do you feel we can prevent it from becoming a monthly, yearly, or daily occurance?
ANSWER:
The fact is we are dealing with this on a daily basis and it won't be going away anytime soon. Not for any of us. The way to shield ourselves from these attacks is to be at the forefront of technology, tactics and procedures relating to operating in cyberspace. We have systems and software that are protected by multiple layers of security and functional redundancy. We train our people to be on the cutting edge of this technology, and we find ways secure our information. We have to take this very seriously because we rely on our networks to conduct military operations all around the world. The person who hates war the most is the warrior who has to go to it ... we want to prevent that.
Criminal vs Warlike Actions (Score:5, Interesting)
by florescent_beige (608235)
General Lord,
Does the AFCC have a mandate to pursue criminals that use information infrastructure to commit crimes, or is your group intended to defend against warlike attacks only?
If the latter is true, how would you distinguish between criminal activity and warlike activity in cyberspace?
ANSWER:
The speed and anonymity of cyber attacks makes it very hard to distinguish what actions would be those of terrorists, criminals, nation states or just some lone prankster. Our command coordinates with government partners such as the DoD's Cyber Crime Center staff, who work with law enforcement officials to investigate and prosecute criminal acts if necessary. A "war-like activity" can also include presenting misleading information to our battlefield commanders. So, we've got to be spot on about authenticating the trusted source of that information in the first place. But, generally speaking, if something is a coordinated attack that would cause disruption or an attack that required a high level of technical sophistication to carry out, that would cause us to take a closer look and recommend a proper response.
Legal Hacking... (Score:5, Funny)
by JeanBaptiste (537955)
Just post a list of the stuff you want hacked and the more patriotic hackers will enjoy doing it for free.
Due to the nature of hacking and what many people do to acquire such skills, they may not want to 'join up' and all that.
But if you post a list of IP's that are okay to bring down, and networks you want information stolen from, with the understanding that the US will not condemn any attacks, and I'm sure more than enough people would do it for free.
Is there anything like this already in place? Cause I got nothing better to do this weekend. Or most any weekend.
ANSWER:
YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.
Could a Cyber Attack Trigger a Real War? (Score:5, Interesting)
by florescent_beige (608235)
General Lord,
I'm curious to know if you have have any criteria that would enable you do decide when a cyber attack is an act of war. Would it be possible for some kind of action inside a network to lead to a shooting war without some kind of overt physical threat occurring first?
ANSWER:
Within the Department of Defense, we are careful not to speculate about what would be considered an act of war. Our nation's elected officials are the ones who will decide what threats to, or actions against our national security will constitute an act of war against the United States. These same leaders will likewise determine what an appropriate response would be, and that could be diplomatic, economic or involve the military to demonstrate the nation's resolve. That's why it's my responsibility to oversee the building of a command that will provide our leaders, through the appropriate chain of command, with many options with which to deter threats in the first place or respond when necessary.
Why was the Air Force tasked with this? (Score:5, Interesting)
by Isaac-Lew (623)
Why should the US Air Force be tasked with this, instead of DISA or NSA, neither of which is tied to a specific branch of the military?
ANSWER:
Don't confuse the fact that we are standing up the Air Force Cyber Command to mean we are the lead for the nation, or the primary command to respond to a particular incident. We are just one part of a combined effort. Our first priority is to work with DoD to defend AF military resources, but many of those resources rely on civilian entities, so we obviously have a keen interest in protecting those items as well. We thought it was the right thing to do to consolidate our efforts and to align all the Air Force cyber-related resources so we can have better command and control. This command will be able to respond better to the needs of our commanders and be the focal point within the Air Force for cyber security and defense missions, as well as respond to emergencies and natural disasters. Make no mistake, we are partners with the other sister services--the Army, Marines, Navy--as well as with DISA, NSA and Homeland Security to name a few. We're all in this together.
Question about Existing Contractors (Score:5, Interesting)
by tachyon13 (963336)
General Lord, I currently work as the exact type of 'cyber warrior' you intend to recruit. But I already have a Top Secret clearance, already familiar with DoD systems, etc. The dynamic with what we call 'Information Assurance' is that of a constant struggle with our contractor management (stay within the contract, the budget, etc) and with our 'warfighter' higher ups (educating them on why they can't have full access from their home in the spirit of "operations are a priority, to hell with security"). So assuming you can get the type of expertise that are eligible for clearances, and that are willing to relocate to Offutt/etc, how are you going to address the core issue of security in the DoD: Operations/budget/schedule will always trump security. Or alternatively, security will always be back burner to 'hot' issues. Thank you for your time.
ANSWER:
Certainly the balance between having access to do our mission and having robust security is an issue where not everyone agrees on just how much to restrict or how much to allow. The Air Force takes the security of its computer networks very seriously and has taken several measures to educate our users and to provide secure means for them to operate. As with many other issues, the Air Force through its commanders, must assess the risks and make a decision. I don't agree or I maybe I just haven't seen where security is always a back burner item.
CyberCommand Location (Score:5, Interesting)
by Mz6 (741941)
General,
Can you explain some about the situation developing between Barksdale AFB and Offutt AFB as they try to fight over the eventual final location for CyberCommand? My thoughts are that finding and recruiting talent, and laying the foundation for such a large wired infrastructure in the Omaha, Nebraska area may be easier to accomplish than in and around Shreveport, LA. What types of things is the DoD looking for when they choose the final location for this new Command?
ANSWER:
The government actually has a regulation that covers the whole process for choosing a location for a command and it's a very defined, thorough process. The bases must meet certain criteria -- existing infrastructure would be just one aspect of many items along with communications or square footage requirements, but there are other considerations, such as the impact to the environment that the Pentagon will consider. I would hope that no matter where it was located, we would still be able to attract the talent needed to work in this exciting command and that all communities see the need to protect this domain.
and the answers are content-free.
Oh, well. At least they tried.
I, for one, welcome our William T. Lord overlord.
Do you play global thermonuclear war?
LOL
and may even use your suggestions to help set future recruiting and operational policies
Using people's suggestions is not the Air Force way. Though, in this instance, they can't rebut with the normal "Deal with it, you're in the military."
Whale
Both good questions and good answers.
Bravo to both and Kudos to Gen. Lord.
Beer is proof that God loves us and wants us to be happy.
Absolute power corrupts absolutely. indymedia
WTF?
What?
Some of those answers are obviously 'cleaned up' and somewhat evasive... but some are actually quite nice, and the man actually used 'text speak' in an answer... I'd say the questions and answers came across rather well, given that they had to be combed over. I'd love to hear more candid, off-the-cuff answers but I know that's not really an option when dealing with something of this nature.
The security clearance question was dodged. That's too bad. I would love to work for such an organization, and might even have signed up with the Air Force if I thought I could make it into that group when I was younger. However, I know that for silly reasons that have to do more with red tape than any actual wrong-doing on my part, a security clearance is out of the question. If he'd given people some hope that the typical rules regarding security clearances would be relaxed in favor of a more "are you a potential threat" based analysis, he might have won some hearts and minds.
YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.
p.s. and we know where you live.
p.p.s. and we told the FBI, DHS and your state and local PD where you live.
p.p.p.s. and we all have guns.
The man who does not read good books has no advantage over the man who cannot read them. - Mark Twain
"Cyber Command"? What time does that show air on the Disney channel?
Q: Please g3ve u5 r00t to m133ile l3nche5!
... control ... fist .. of .. death ...]
A; No.
Q; You suxx0r!
A; I love my job! { must
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
While uncharacteristic of a general, he was responding to a ridiculous question moderated as "funny".
I welcome a personality from a department not known for it's sense of humor.
But I think your second point is most important - they tried. Assuming (hoping?) they really are reading feedback we can hope they will adjust their filters accordingly. being vague on questions such as roles and responsibilities between government agencies will only create a general sense on unease in the general population.
Furthermore, we should remember as a group of large agencies, there's bound to be politicking and may not be the level or coordination desired. Of some of this vague area may reflect reality, they don't really know where lines actually exist...
Computer Science is Applied Philosophy
The issue of Internet security and being on forefront of technology seems to me like it has much more to do with education and intelligence than with the military directly. If you want the country as a whole to be on the forefront of technology, you have to have the highly educated people who create and master said technology. To my mind, this issue becomes more of how we can improve abysmal public schools and the like than what the military can do.
I'm reminded of Foucault, who in Power/Knowledge discussed the idea of power in the context of a network or society. The military is embedded in the network of American power, and in the domain of Internet security and the like it seems to rely even more on other parts of the network than it does in other forms of operation like physical combat.
This is actually quite a traditional thing; what we used to call Letters of Marque were issued to pirates to 'legalize' their attacks on the enemy. While these were banned by the 1856 Declaration of Paris, the US is not a signatory to that treaty, and theoretically Congress could issues these permissions (it's a power specifically granted them in the Constitution).
You'll forgive me for posting this anonymously, for obvious reasons. Feel free to take it with a HUGE grain of salt.
In 2004 I was made aware of an effort by the Singaporean Military to hire a Singaporean national with an existing history of submitting code to the Linux kernel (I believe his main are was network card drivers for hardware made by various Asian manufacturers).
Their proposal was that in the middle of the normal patch stream he would slowly inject a very subtle bug that would introduce a remote exploit into the Linux kernel, that they could then keep to themselves for use if needed.
Whether or not this story was entirely true (I have never been able to confirm it, given the sensitivity and not wanting to risk trouble, but my source knew the person they tried to recruit) surely there must be potential risk of similar efforts by governments around the world.
Can you guarantee that you won't attempt to intentionally introduce exploits into Open Source projects in order to create your own private zero day exploits?
The General's answer to the third question ("Accept, Retain, Solicit good people?") clearly shows that his answer to "Usually the outside industry pays quite well for the good ones. Are you prepared to financially compete for the best?" is "No."
So, US Government, please let us know when you're ready to put your money where your mouth is, and we'll subsequently give you the best damn computer security on Planet Earth. Until then, you're just another employer trying to get more than he's paid for out of his staff.
From: Joint Chiefs
To: General Lord
Encoding: S00per Seekrit COd3 #5
Ixnay on the LOL-ay, mkay?
Equine Mammals Are Considerably Smaller
Welcome to the first phase of big brother. Do not think that this is anything other than an announcement that Americans are the biggest threat and that WE are watching you. Do not misunderstand freedom in the US is on life support. Time to stomp on this toadie of Wofflewitz's military and tell him to crawl back under the baseboards until a stand-up solder can take his place. Expect this mealy-mouthed punk to be peeping into your bedroom any day now.
haha, really? I doubt that. Maybe you have a different notion of what a ig wig is.
Also, pretty much any general can walk into a top position, if not THE top position, of most companies.
The Kruger Dunning explains most post on
You think we're bigger than generals? I think we're just a bunch of low level geeks. Yeah... talented for sure, but not at the level of a general.
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
My God, how many stars is that?
If we were to make such an attack, wouldn't that just be doing our duty as part of the unorganised militia of the USA. I mean, since every male from the age of 18-40 is already part of it, wouldn't it be part of doing our part to do war upon the infrastructure of the enemies of our nation, as much as it would be to do war upon invaders?
That which is done from love exists beyond good and evil
He has nothing to do with that. The only thing he could say is it up to elected official to determine financial questions; which would have been a correct answer, but worthless for this interview.
The Kruger Dunning explains most post on
How is paying anyone going to help reduce taxes? And if you honestly think that these problems can be solved by throwing money at them how do you think taxes will ever be reduced?
You should really think of these things before you ask. You sound like an 8th grade dunderhead or a hippie that doesn't understand how things work in the real world.
Right after the Lawnmower man.
(how's that for an obscure reference? I bet it will get Lost in the discussion though.)
If you don't know what AltaVista is (was), get off my lawn.
It is unfortunate that the General did not talk about his vision for the future, as several questions prompted.
Does the Cyber Command have a concrete understanding, and long term projections, of cyber wafare in the future?
For example, could this result in the creation of a new branch of the military, in a similar way as the Army Air
Corps spawned the Air Force? In order to instill confidence in our operations, it is important that we convey an
appropriate vision for the future. The disparity, for example, revealed in one response about distinct cyber
groups across the different branches of the military is counter-intuitive, to say the least! This reveals an operational, as opposed to a strategic role of IT in the military. While that may be correct today, ought we not be working towards a paradigm shift in the future?
On the issue of internet law, while a politically understandable response, it would have been good to have read a
more realistic grappling with these incredibly difficult problems. It is a fairly routine conception to refer to
the internet as the wild west, and this is a significant reality in terms of effectively addressing defense. In
particular, this contradiction is revealing:
"It's a complex issue, but [the] bottom line is that we won't need new laws to be able to fly and fight in
cyberspace." [....] "Those who commit unlawful acts would certainly face potential criminal liability for war
crimes."
Effective warfare exploits opportunity, and the lawlessness of the internet has been exploited ad nausea by
criminals and nations the world over. While it is not the role of the military to devise such laws, surely we can
see the strategic importance that it is in our best interest to encourage the establishment of such laws? This should be pretty
obvious: in the same way that a military power is want to fight insurgents/guerrillas, the US Cyber Command
shouldn't tacitly accept a theater that strongly disadvantages what should otherwise be a significant position of
power.
~~~~~~~~~~~~~~~
Brian Basgen
Information Security Officer
Yeah, I don't see why people are so condescending to the Slashdot audience. We should put together a report on how many "bigger wigs" post to Slashdot. Then, we should use those numbers to predict the number of "bigger wigs" vs "joe schmoes" that an interviewee can expect on one day. That way, we can say "it's unusual for a General to answer questions from 1 'big wig,' 3 professionals, 5 blue collar workers, and 1 Goatse troll."
Actually, that sounds like a lot of work. If only there was some word that wasn't derogatory that meant "not sure" who may ask questions, or "unable to predict" who may ask questions. Better get your thesaurus, I'm stumped.
01110101 00100000 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
=
u r a geek
http://www.theskull.com/javascript/ascii-binary.html
world was created 5 seconds before this post as it is.
FanFictionRecs.net
Security is not a destination, it is a process.
As the questions to the Good General noted, there is always a balancing act between ease of access/use and security. I can see why the he sort of dodged the question, as tell us what they are doing about it would be giving away some operational security!
One good thing about having so many players in the market monitoring security is that when something does happen, we will have corroborating evidence from multiple agencies. And that will make figuring out the source a whole lot easier.
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Slashvertisement, now with government investors!
Curiosity was framed, Ignorance killed the cat.
This has got to be the cheapest recruiting campaign yet! Answer questions from slashdot that has a HUGE following of tech people, make them feel like they're needs are being taken of, success!
But I will admit, it's interesting they're answering questions directly from the public in such a huge forum(whether they're American or not).
Can some say how much TPS report type stuff will be in the cyber command and will it get in the way of getting the software needed to do the job?
Will you have a hard time with a lot bureaucratic carp just to get the firewall ports open or a piece of software that you need to get the job done?
Will the cyber command be forced on to a common image / hardware setup that is not best setup for the job?
Will you have to put up with a lot carp like how people in the Navy Marine Corps Internet have to put with?
This indicates something of a culture gap between the kind of hackers who the general presumably wants to recruit and the generals themselves. Paul Graham states it well:
Such "prickly independence" is the opposite of the stereotype of the military that's lodged in my mind. Now, I know that stereotype is somewhat inaccurate, but nonetheless the rebel/renegade streak that runs through many -- though by no means all -- of the creative, intelligent people who often know technology well. I'm not sure I'd go as far as Paul Graham's "most," but I'm definitely going to use "many."
Finally, regarding the tone of the answers, remember too that it's easier for an individual speaking for himself (Neal Stephenson, anyone?) to answer candidly than it is for someone who represents millions, especially because the military sometimes has PR problems. If the general says anything forceful, it will be spun around the Internet, quoted -- perhaps out of context -- in newspapers, and generally leave the military open to the PR of others.
I'm not sure how to solve such cultural problems between hacker types who need direct unvarnished honesty ("Where is the mistake in this?") versus PR types in public ("How do I make sure my words won't be used against me?").
Which of course brings us back to the original question about how the airforce plans to attract older computer scientists, if they want to actually employ computer security experts - which the general didn't even attempt to answer.
That's okay, we can just go over there and farm some ranks... er, wait isn't this...? Oh, er... nevermind then.
"Let's face it, it's a good story. Accuracy would kill it."
Am I the only one who can't help but think: he is the very model of a modern major general?
of companies that provide civilian contractors to the military, that's who you are looking for. A 30+ year old academia probably isn't interested in joining the military. If they were, they would ahve gone to Officer training and got a contract on their assignment.
The Kruger Dunning explains most post on
A lot of the questioners and commenter's seem to believe that the serious work of Network Security, technical counter espionage, and general "cyber" defense are done by folks in blue or green uniforms. This is simply not the case. Contractors and government civilian employees do the vast majority of this work.
It doesn't matter that the Air Force isn't changing its standards to recruit more "hackers" into the enlisted or officer ranks because the work is overwhelmingly being done by civilian contractors/GS/DOD civilians.
Just because the recruiting commercials talk about the high quality of military technical training doesn't make it true. Most of NETCOM's military folks wouldn't know a NOOP_SLED or SQL injection attack from a Carl's Jr. 6-dollar burger.
It isn't that they are unintelligent mind you; it is simply that the training is inadequate, their time is divided amongst too many tasks to stay on top of technical fields, and the culture of the military isn't very conducive to performance oriented tech tasks.
After all when a CERT geek is underperforming you can motivate them with the threat of job loss or outright fire their dead ass... the military just doesn't work like that.
Incompetence is rampant because it isn't grounds for termination. Ergo : contractor corps.Laborare Est Orare
Why didn't anyone among you pull a von-Stauffenberg on dictator Bush?
Curiosity was framed, Ignorance killed the cat.
Wouldn't you want to know what the military has to say about these things? Even if they are cleaned up it's better then not knowing anything about it. Personally I'd like to know how you would prepare for/get involved in something like this, besides taking some network security courses. And I'd definitely like as much information as I could get about it to determine whether I would actually be interested in pursuing it or not.
4 groups involved in the command. In my experience, while Air Force IT enlisted (group 1) are the best among the US military, most get fustrated by group 2 and leave to join group 4. The officers (group 2) tend to be useless egomaniac bootlickers who see how much group 4 is earning and tend to favor one or two organizations in that group in return for management positions later. The federal employees (group 3) are almost all retired military who refuse to update their skills from the punchcard days. Worse, they are placed in leadership positions that 20+ years of sniveling have left them completely unprepared to do well. Only the contractors actually know anything about cybering and security. Of course, they are not supposed to do the former from government computers and are prevented from doing the latter by groups 2 and 3. The best they can do is pass on some skills to group 1 and recruit them when their enlistment is up. The biggest culprits are group 2 as officers they lie and lie about what they have done and kiss up to their higher officers and former higher officers. Then, as contractor management, they lie and lie about what they can do and kiss up to their higher management and their former higher officers.
I think given the type of forum and nature of the subject the answers were OK. Hey, they answered.
And I still think "General Lord" ranks up there in the top ten of title/name combinations.
Of nothing beats Staff Sargent Max Fightmaster, and nothing probably ever will.
If this really IS being followed at the highest levels, then I can't help but comment.
I worked at a certain major AFSPC base for almost a decade as a contractor. Back in the early days, when we first got a base-wide Internet connection, the local Comm Squadron was free to implement security systems as they saw fit, and we had some good stuff in place - we sorted out the Sidewinder mess that CITS dumped on us, added our own IDS, and made the best of our home field advantage, setting up tripwire alarms and things on hosts scattered throughout the network to catch internal scanning.
This was all done by contractors, mind you, and it got done because we liked what we were doing, took pride in doing a good job of it, and we had support from the squadron commander. The blue suiters had a very high turnover rate, with average retention at something like 6-9 months for the folks down at our level. None of them ever learned to do much besides process NOTAM paperwork and handle accreditation pacakges.
Once the MAJCOM started taking control of the security stuff, our defensive posture went to crap. What we'd done didn't fit with the overall plan, so it was all removed. We were left with poorly-implemented downward-directed systems operated by poorly-trained drones. Every week we'd have to explain to these people (mostly MAJCOM-level people, the AFCERT folks were usually a little better) basic concepts like IP spoofing (I wrote a 2-page form letter on the subject), and teach them how to read their own ASIM logs.
I have to say that the aggressor squadron teams that'd come in and attack the network knew their stuff. And of course they were able to break in every time. But it felt a little like being armed with a paintball gun and having the Marines sent at you. We KNEW how to help prevent, detect, and respond to these attacks, but we weren't given the authority, time, or resources to do anything about it.
If Cyber Command is going to do anything useful on the defensive side of things, then the best thing they can do, IMO, is to deploy a small garrison force to each base and give them the responsibility for base network defense. Let them interface directly with the BNCC, and plan on having them in one place for AT LEAST 18-24 months. Let all of these forces communicate with each other at the working level to share information and strategies. Some of our most productive contacts were those we made with other bases on our own initiative, and not through the chain of command. Keep the chain of command in the loop, but let the people at the bottom talk to each other.
Most importantly, make it clear that their job is security, and not paper pushing. Certainly there's always going to be paperwork involved, but when I left, the CND office did nothing BUT push paper, and paper that was largely worthless. Not a single thing they did would have ever helped to detect an attack from within the base network.
I don't mind saying all of this, and I'll be happy to say plenty more, because I don't work there any more, and I frankly don't care to ever get another penny of Air Force money. I WOULD like to know that the trend toward totally incompetent central management of base security is being reversed, though.
"I don't agree or I maybe I just haven't seen where security is always a back burner item." I submit this: http://government.zdnet.com/?p=3416 (There are others out there) And do not think for a second that this is out of the norm. The problem wasn't that the Unisys folks didn't want to effectively monitor the DHS network, it was more than likely a problem of 'priority'. 3 was enough, they met their 8500.2 IA control requirements (technically) and that was all they were worried about, contractually. Now I'm sure the good IA engineers at Unisys went to CCB meetings and engineering review boards and fought the good fight for security, and due to schedule, or cost, or both, implementing the other IDS's was deemed a low priority...Something they would do next revision. This is common, I imagine common in the private sector too, but I wouldn't clain ignorance.
go completely off topic and mention the Old Orifice. However, on a brighter note I could still be modded down for off topic cliche ridden childishness about Stargate.
Mind you that would be a good list if only someone would accidentally publish it... here.
Posts, MyBio or Sig, may contain satire, sarcasm, bolded nouns be sardonic or even witty & be Church of SD
Generals don't typically take questions from random people on forums like Slashdot
When I was in the USAF I wrote a letter to president Nixon, and recieved a very nice and polite reply from a General. So Generals may not answer random people on the internet, but they do answer random servicepeople who write the Comander In Chief.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
I always thought "Cyber Command" was a form of online BDSM.
You can hold down the "B" button for continuous firing.
I had some very high hopes for this Q&A session. You did not deliver on these hopes. A lot of other people here are going to talk (are already talking) about how "content free" your answers were. I'm going to talk instead about how I think you could have done better--in many cases, a lot better.
First, it was probably a mistake for you to come here in the first place. The average Slashdotter has about as much wisdom and insight as a mentally challenged turtle. When you enter this domain, you need to expect discourse to drop to that level. Slashdot is not a forum for insight and erudition: it is principally a forum for young tech-savvy people to throw around their prejudices as if they were established fact. My first suggestion for your after-action review is "what is it you needed to accomplish, and why did you think you could accomplish it here?"
Second, your public affairs staff did you a misservice in how they briefed you for this audience. You're addressing a crowd of people with analytical abilities which border on the profound. (Which, of course, makes the lack of wisdom all the more striking. Data is not information, information is not knowledge, knowledge is not wisdom, as Frank Zappa said.) A large number of Slashdotters are professional programmers, system administrators, mathematicians, physicists, engineers, and more. These are all professions which require the ability to slice apart arguments, statements, propositions. Your answers are absolutely awful in this crowd. Consider your first set of questions:
Your answer, stripped of the PAO gibberish, reduces down to "that's an excellent question, we won't need new laws, we cooperate with other agencies." I think you'll agree that your answer not only failed to answer some of the questions, it failed to answer any of the questions.
General, what would happen to a newly-minted second lieutenant who tried to answer one of your direct questions with such an evasion? Would that lieutenant even have a career by the time you were finished with him? You'd accuse him of sophistry, of insubordination, and--what is worse--you would accuse him of thinking you're an idiot.
General, you must think I'm an idiot. Most of your answers are insults to my intelligence.
Your PAO is probably selling you on a line that in the internet era, all interviews are given to a global audience, and you have to answer with that in mind. If this is the case, get a new PAO. The audience is potentially global, but you definitely have a very select audience in front of you. Optimizing your answers for a potential audience just means that nobody in the wider world will bother reading these pasteboard answers, and the select audience in front of you will walk away believing you have disrespected them. That's fatal in public relations, and your PAO ought to know it.
Third, you are an officer and a gentleman in the United States Air Force. You are to comport yourself at all times in a manner most befitting that uniform you wear. USING STUPID TEXT MESSAGING ACRONYMS MAKES YOU LOOK RIDICULOUS. The people to whom you are speaking may be the most ridiculous, venal and self-absorbed people you've ever met, but you need to be better than that. You need to be an airman.
My uncle was an Air Force counterintelligence officer. One of my best friends recently left USAF OSI. You are not living up to the high standards I have seen them set.
My recommendations are pretty simple:
Staff them with basement dwellers
It won't get in the way if you remember your cover sheet.
... I welcome our nuclear-armed overlords to Slashdot.
Have gnu, will travel.
I remember sitting in on many large forums when I was in the military. Some regional or some pentagon guy greater than a rank of 06 would come to provide general info on upcoming changes or direction with something in the fleet, like big picture, what is happening to older ballistic missle submarines, how is the force changing, what bases were closing etc... During the question and answer sessions, there was always two or three idiots that would complain about very specific things. "My paycheck was messed up last week and it has not been resolved yet", "Why was I transferred here when I requested to go there", "Are we going to get better boots", "Why can't anyone in my rate get promoted" etc...
Maybe these were some valid concerns but bringing them up in an auditorium full of people seems kind of dumb when you know the speaker has no idea about your specific concerns.
The idea doesn't really seem to far-fetched to me. It really sounds like the situation with privateers a few hundred years ago, where civilians were authorized to commit otherwise criminal acts against enemy possessions.
Bot networks have been shown to be very powerful, whether used to mass email or launch a DDOS attack. So I suggest creating an official defense botnet client that civilians can download to help our military from home.
Naturally, the military wouldn't use this every day, but if this effort were heavily publicized through major media outlets and made easy to download and install (initiates contact with home so it bypasses most consumer firewalls without port forwarding, etc). I think you would find the number of cyber patriots to be large indeed.
Of course, if the military ever attempted to tie a backdoor of any kind into this bot client it would create a serious backlash so I would recommend hard coding that this should never be done into the orders to create it as well as public statements. This will help reduce the possibility of a future commander doing so either.
The other possibility is that the bot net could fall into the hands of a third party. While this is possible, and it probably isn't possible to make it impenetrable all you really need to do is make it secure enough that its easier to establish your own illicit botnet. People are doing just that every day so that barrier can't be that high.
Q: How do we prevent "mission creep"
... must answer your foreign policy questions
... that would cause us to take a closer look
... educating ['warfighter' higher ups] on why they can't have full access from their home
A: bottom line is that we won't need new laws
T: In fact, we don't even need the laws we already have
Q: What, if anything, is being done against [Attacks on the US and its Allies by China]
A: other branches of the U.S. government
T: But when they give me the green light, I'll give them holy Armageddon. Count on it.
Q: Accept, Retain, Solicit good people?
A: You can bet that we leverage all the expertise out there to help us do our job.
T: We find someone with the requisite skills, guys with names like "Snake Pliskin" or "Kevin Mitnick", and implant time bombs in their necks, which we'll deactivate upon successful mission completion.
Q: Older recruits?
A: Certain skill sets can also be brought on board as civilians or contractors
T: Try WalMart.
Q: Which acts of war should be illegal in cyberspace?
A: The U.S. military complies with all applicable domestic and international laws
T: I misinterpreted your question because I have a really guilty conscience.
Q: Physical Fitness
A: This is something we need to look at and evaluate
T: Put down your Doritos and Mountain Dew and go for a walk, you lazy butt.
Q: It is good war is so terrible...
A: The person who hates war the most is the warrior who has to go to it
T: But of course, it's love and hate. I was born to be a warrior. And I love my job. Damn I love my job.
Q: is your group intended to defend against warlike attacks only?
A: if something is a coordinated attack
T: Can you say "Predator"?
Q: Post a list of the stuff you want hacked and the more patriotic hackers will enjoy doing it for free.
A: the Air Force neither encourages nor condones criminal activity
T: Please talk to the CIA.
Q: decide when a cyber attack is an act of war.
A: Our nation's elected officials are the ones who will decide
T: It's an act of war when Bush hears it from Cheney who hears it from Satan who is a puppet of Cowboy Neal.
Q: Why was the Air Force tasked with this?
A: We are just one part of a combined effort
T: Can you say "Predator"?
Q: constant struggle
A: not everyone agrees on just how much to restrict or how much to allow.
T: Let me work from home or I'll terminate your damn contract
Q: such a large wired infrastructure in the Omaha, Nebraska area may be easier to accomplish than in and around Shreveport, LA.
A: The government actually has a regulation that covers the whole process
T: Not my call. The choice largely depends on which commercial interests have bought the most powerful congressmen.
If I had mod points today, I would have modded you up rather than responding.
He lost me at that line too. I have *never* heard the acronym "YGTBKM", though it only took a few seconds to figure out what he meant there. And having LOL as a random exclamation in the middle of an otherwise serious line just made him look like an AOL teenager.
I think what non-tech-savvy business-people need to learn to communicate well with people like us is that in formal communications, we communicate formally, like I'm typing now. Just because we relax our standards a bit when we're perhaps talking to our friends on IRC or IM services doesn't mean that we'll do it in places where complete, readable English is a better method.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Yes, there are lots of news reports on that, but I'm sure you can appreciate the fact that there are other branches of the U.S. government that must answer your foreign policy questions.
I think what he means is: I agree with you, but I did not vote for the f*cker.
Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
constitutionally, the rights for cyber command-type operations are reserved to the states or the people. so if you want to hack a known bad site, you would be required to comply with state law, but the interesting thing would arise from this: if it wasn't the federal govt's job to do this cyber-protectionism (which the constitution clearly states is not the role of the federal govt) then who would prosecute someone for hacking a known bad site? imagine this scenario: i hack a terrorist message board and bring it down permanently someone from the terrorist organization hires a lawyer and presses charges against me in my home state i choose to have a jury at my trial now rather than it being a federal responsibility to say "he hacked something he will go to jail regardless of motivation or the facts" my fate lies in the hands of a jury of peers, who after examining my motives (it was a terrorist group, not protected by the first amendment) and the harm done (terrorists become unable to pass information at the same level of ease) they can choose whether i was breaking law or taking it into my own hands. in order for the system i am speaking of to function successfully, a fundamental change in what the role of government IS would be necessary. if we want to be strung along and victim to the DMCA provisions, then we dont have to do a damn thing. if we want real change and freedom we are required to take back the inalienable rights that the DMCA has alienated. when the govt is looking out for us we all lose, i know plenty of people who could for less money do more than what the vague answers of general lord imply that can be done.
i support the right to offend.
But will spent more time doing TPS reports and waiting for approval then doing real work?
Having a security clearance and public disclosure is a tricky areas to swim in. As a rule of thumb, you can't reveal any kind of information that ties a country to a motive, method of attack, or indicates technoloigcal prowess (or lack thereof). Once you drag a specific country into a discussion, that information is (or becomes) classified.
As an example: "The Republic of Elbonia launched a DDoS attack against a defense contractor who's working on a classified Air Force widget that can make disco popular once more." would be strictly verboten. Rather it would be the very neutral "The Eastern Bloc region is responsible for 60% of DDoS attacks towards our civilian partners; many attacks target specific technologies are being developed to aid our war fighters."
So questions about China, or other countries will be summarily worded very neutral like, or just outright dodged. Not to mention you're a public official making a declarative statement about another country, which is a foreign policy can of worms.
I bring nothing to the table.
I've found that military/government culture is generally about a decade behind corporate culture. For example, when I was in the Navy they were pushing this "TQL" stuff, which was a bad rehash of the popular 80's TQM "Total quality management" initiatives. Corporate culture had moved past that particular management flavor of the week, but the military was just getting into it.
I see a similar thing with hiring practices. I'm a vet, and a talented senior developer and quite patriotic (in a libertarian/contstitutionalist sense). I decided a couple years ago to try to offer my services to the government.
I went to the usual places, such as usajobs and looked at or applied for various development positions. Most of the jobs were such a hassle to apply for, I didn't even make it past the first stage. You couldn't even talk to a human being until you had filled out a bunch of different forms, put together a "package", submitted it, had it rejected for some minor error, resubmitted it etc...
Many of the jobs had degree requirements and wouldn't even talk to me.
After going through all this for weeks, I didn't get a single response back. Nothing. So I figured "oh well, I gave them a chance" and I accepted one of the multitude of positions head hunters were clamoring for me to take, for a much better salary than was being offered by any of the government positions.
The punchline to this story is that about four months after all this (and after I was happily settled into my new job), I got a couple calls from those agencies saying that my package had finally passed review and asking if I was available for an interview. Four months!
With a process like that, how is the government supposed to hire talented people?
Drinking habits can be dangerous. You can choke on the cloth and the nuns will wonder where their clothes are.
I don't consider myself a hacker at all, but I am a software developer and live in a potential base area. It might be time to consider a career change for the military.
On a side note, I wonder if you get uber kewl moniker like pilots... I dibs zer0c00l.
His answers are not content free; they are opinion free, there is a difference
Jump to high and you hit your head
General Lord,
What is going to be the policy for Open Source? As you probably know there is a great prevalence in the Black Hat community to use open source for their tools.
What is going to be the policy for use of tools that would be considered black hat in nature? IE: Is the USAF going to have the latest versions of MPACK with the full subscription?
In China, there is a cottage industry of hackers that are paid after they pull off hacks, is there going to be any situations where that occurs here?
What is your opinion of the paper "Unrestricted Warfare" by Qiao Liang and Wang Xiangsui? Is this going to be part of the foundation for the USAF CC or is the program's posture going to be purely defensive in nature?
Thank you
"Will you have to put up with a lot carp like how people in the Navy Marine Corps Internet have to put with?" If they try to give you carp, respond with a red herring. http://en.wikipedia.org/wiki/Red_herring
How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
Reading Lord's comments I couldn't help the feeling that I was listening to a service delivery manager from one of those outsourcing companies like CSC or Unisys. All that stuff about "we know money doesn't create loyalty" and "we leverage all the expertise out there" sounds painfully familiar. And after they run out of BS and the fog of confusion finally clears, you realize that all of your Unix servers are supported by two guys in Hyderabad, who share one Solaris 2.6 certificate and know less about Unix than my cat. The worst thing USAF can do is take advice from the outsourcing industry.
A good pay is how your employer shows you that your work and your experience are appreciated. And knowing that you are appreciated is what makes you a happy employee. And happy employees tend to be loyal to their employers. So, yes, money does create loyalty. Lord says that "in many cases we do offer compensation competitive with the commercial sector". While this may be true, working for the USAF as a civilian contractor is not like working in the commercial sector. There's a whole different level of crap that you need to put up with. So, if the USAF is serious about this Cyber Command business, they need to do a whole lot better than just salaries that are "competitive... in many cases". When hiring, don't go for the quantity - you are not planning a cyber-invasion of China - but go for quality instead.
Speaking of quality, while Lord understands that they "need to look beyond what we've traditionally recruited", he is still under the impression that the USAF can "bring them in from a general practitioner level and take them to expert level in reasonable time". Of course, this depends on their definition of "reasonable time", but somehow I don't think they mean 10-20 years. They are probably talking about a couple of years at most. I remember reading a resume of a guy claiming to have "reached the Unix guru level". I just had to bring him in for an interview: I wanted to see what a Unix guru looked like. Apparently, some time in the past ten years the minimum guru requirements have been significantly lowered.
Programming and system administration are not those fields where you can turn a rookie into an expert in reasonable time. The time required will be most unreasonable. For example, a good sysadmin is not someone with encyclopedic knowledge of "man" files, but someone with a big database in his head of stuff that broke down and how it was fixed. Theoretical knowledge is important - comp-sci degrees, training, certificates, etc. - but what really matters is experience - years and years of it. So hire the most experienced personnel you can afford and hold on to them as if the security of your country depended on it. Guys who are good, know they are good, so you need good ego-stroking skills to keep them around. Hint: pinning medals to their chests is not going to help, but a fatter paycheck might. So the approach along the lines of "we'll take what they have to offer, and in turn they might be surprised by what they get back" is not going to work. The people USAF needs are of that certain age where they don't like and can ill afford surprises.
"The U.S. military complies with all applicable domestic and international laws, and that will certainly apply equally within cyberspace..." And that's what everyone is afraid of. But, hey, as long as they wear uniforms while hacking networks, they should be in the clear as far as the Geneva conventions are concerned.
Next time, it would be better to switch the roles and let the USAF ask questions!
because you will be called on it. I am with most of the people commenting here in that I didn't really expect substantive answers to these questions from anything PR approved, but remember the audience. There is a better than even chance that such answers (ignoring the question while saying something else, for example) will be taken as an insult to the intelligence of the reader. As in "did you seriously expect me to regard this as a satisfactory answer to that question?"
While I appreciate the attempt to appeal to a wider audience, I would suggest avoiding situations like this instead of merely giving "PR answers" and hoping they will produce a favorable impression. Given they myrid constraints any communication attempts of this nature must face, I would estimate the potential harm is greater than the potential gain.
(I should also state that I am operating under the assumption that this exercise was undertaken as a serious attempt to communicate and generate good PR for the army, and not for the purposes of generating responses indicating that the "tech community" being appealed to here is not a viable recruitment channel and not a source of potential workers compatible with the Army. I expect it is a good faith effort but the possibility remains that someone is hoping "slashdot" will annoy certain people.)
Now, on to the deeper issue of whether the answers were content-free. On the surface, yes. They have to be. There's no way that the General could be expected to reveal classified information or discuss tactical issues. Since that is a given, I don't consider that to be significant. Nor can the General be expected to say anything contary to official policy or current doctorine. The head of the US Navy was forced to resign after rumours of contradicting the official line. He was not even shown to have done so, it was merely speculation. A General is far more vulnerable and therefore is going to be far more careful. Again, since that is a given, it's not important.
Now, I said that on the surface, the answers were content-free. Does that mean there's buried content? Yes. Nobody can write independently of themselves, which is why textual analysis is sometimes better than a fingerprint. Now, one needs to be very careful when examining the nature of an answer, as it is extremely easy to read things in that aren't there. However, there are some things that are clear. The first thing that's obvious is that the General didn't regard Slashdot as a hostile audience. He put in far too much effort for him to have thought that.
The second observation is that he seems to consider Slashdot as a potential source of technically-savvy people, but didn't make his answers a recruitment drive. I suspect a degree of baiting may be there, an effort to get people intrigued enough to dig deeper, but no more so than most people would do in a similar situation. He's professional and still moderately enthusiastic about his work.
Finally, given the PR disaster the Pentagon recently faced over malware getting into their networks (and there being a decent chance this included secure classified networks), the measured tone of the discussion on cyber-threats was refreshing. He would likely have been aware at the time of making the replies that the Pentagon were planning an announcement, this sort of thing isn't done on the spur of the moment, which means that he could have either significantly played down (or up) the threat, according to whatever PR strategy is in place. He didn't, preferring to talk about ways that he'd like to see things move to improve the cyber-culture.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Because it was the job of the VOTERS who put him in office to VOTE him out.
You have the chance to eject the Republicans every election.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
"Personally I'd like to know how you would prepare for/get involved in something like this, besides taking some network security courses."
Make a recruiter do his job and take you to an installation that has those functions so you can meet and talk with some airmen who do that work. They may tell you their jobs suck, or that they enjoy them. I bet you get a variety of responses.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
I am in the exact same position as tachyon13. I work on a weapon system which probably has higher Information Assurance considerations than any other fielded system. I can say the the driving factors in security from highest to lowest are: Contractor's willingness to implement, Development schedule and configuration management (revisions scheduled in terms of years), Cost, technical, security impact. In other words, security happens according to 1000 other whims. Any Cyber Security command will have develop unique processes and procedures (more akin to NSA) to operate. If the have to wait 6 months for an IA tool to be approved, another 3 months to buy, 3 to approve for installation on the computer, and 1 to install, they are not going to win the IA battle.
I do security
is it just me or is there no link to the answers?
There are plenty of people who aren't all that creative and of relatively normal intelligence who know technology well. There are also plenty of people in the military who are creative and intelligent. Paul Graham argues like this: I'm imaginative and I don't like to lead or follow; this is therefore a property of imaginative people. It's a false generalization, and it is easy to simply consider the evidence that supports it while ignoring evidence that contradicts it. If you realize that he is writing a persuasive essay and simply using an informative tone(rather than writing an informative essay), his positions are usually quite a bit less compelling.
So the other way of asking your question is, how do you get someone who is politically tone deaf to do a political job. The answer is, you find someone who can do the job and is not politically tone deaf, because the tone deaf guy is hopeless. If you start with the silly dichotomy between 'hacker types' and 'PR types'(which is really just a way of calling someone who is aware enough to and willing to make political concessions an ass kisser), you won't believe that someone with both abilities exists. That's non-sense, especially when you have admitted that you see the necessity of acting in a political manner.
Of course, I would rather take the ninnies who think that people in the Pentagon shouldn't have opinions(because they have them, no matter what) and explain to them that it is probably better for them to be able to express their opinions than it is to require them to pretend that they don't have them, but there seems to be more ninnies than rational people, so acting political is necessary for lots of people.
Nerd rage is the funniest rage.
I still don't know what it means, except maybe that the general has a teenage daughter? Or thinks /.ers are mostly 13-25 years old.
YGTBKM = You've got the best known method ?
WTF?
I realize the constraints under which the major general operates, however, it seems as though the granting of this Q&A cum interview is a PR play. A "cyber" command is almost difficult to take seriously. It is obvious that a cyber command would be concerned with the flow and use of information - it would seem that the traditional apparatus within the Air Force for dealing with matters pertaining to information, intelligence, would best handle the newer aspects of information transmission. It does seem like the cyber command intends to attract and develop expertise related to systems design and development and for data communications infrastructure, the inclusion of this skill set into the Air Force is certainly welcome.
shock the monkey
Despite complaints otherwise, these answers were not entirely content free. Clearly, in many cases they were worked over EXTENSIVELY by PR people to remove any information of a sensitive nature; both politically sensitive, as well militarily. While I certainly think they have no business censoring information because of political sensitivity (an act that works against the very foundations of a democratic society, so I find it rather offensive), that's not to say that NOTHING came though.
Some things I think I came away with:
- Overall, he seems willing to pursue candidates who might otherwise have not been "military material."
- They seem to be setting up a framework of SOME sort under which multiple intelligence agencies are able to cooperate effectively. According to my understanding, this is a drastic departure from the current state of affairs.
- They WILL be dealing with domestic targets, if only in cooperation with other domestic law enforcement bodies. This was the impression I got from their answers, but it might be reading too far into it (though I doubt it).
- Assuming the former is true, they are going to try to do an end run around domestic and civilian cyber law. The sense I got from the evasiveness (reading into what he avoided answering), was that they have no intention of abiding by the same laws that civilians and domestic law enforcement are forced to obey. My guess is it's going to be more of the same, "this is national security, those laws don't apply to us," bullshit we've been seeing for the last 8 years out of the painfully fascist leanings of the current powers that be.
While I often read too much into what isn't said, the real impression I'm getting is that they're going to try to parlay the military nature of this new cyber command into an excuse to avoid obeying the current legal restrictions faced by domestic agencies. If you thought this whole fiasco with AT&T was bad, just wait until the military gets their fingers in the cookie jar. (BEWARE the goddamn military-industrial complex. I may sound paranoid, but that's the greatest danger out there to our freedom.)
Oh, well. At least they tried. I'm sure some of these sounded content free to you. They did to me too. But this is also partly because you have a deaf ear to military issues. Since I've done some contracts for the military I could read some of the answers with more nuance.
one of the most accurate answers he gave was on the retention issue. One of the reason I love working with military folks is they tend to be so energized by their work because it makes a difference. Working on actuator controls is cool but Working on actuator
controls that are connected to neurally driven prosthetics or if they fail will kill a pilot is a whole different level of excitement.
Army reaserch folks also tend not to worry so much about money and grants because the army mostly takes care of their salaries and offers them opportunities that matter. It's sort of like academia but with all the crappy parts taken out, all the drivel research filtered out by the simple question of will it help a warfighter, and then other people committed to transitioning any superior products you create to practice.
His answer about retention was thus spot on. People join the military for a constellation if irrelevant reasons, and some find a powerful incentive to stay when they see that merit and loylaty are rewarded. What we hear on the outside of course are all the isolated cases where merit and loyalty were not rewarded because those are the reasons those folks left.
Some drink at the fountain of knowledge. Others just gargle.
But the GP said he was a dictator.. He wouldn't have made that up out of thin air would he?
// MD_Update(&m,buf,j);
and I don't know what YGTBKM! means.
Well, from my decade of service in the USN Submarine Service I'd say that a significant (if not vast) majority of my fellow bubbleheads exhibited the traits of "prickly independence" and "rebel/renegade". From encounters and conversations with other parts of the Navy and other branches of the service over the years I'd say that (outside of the more elite branches, like the Submarine Service) the traits are present in what amounts to only a very slight minority.
Many in the military also tend to be more creative than you might think. Certainly we're trained as most people think, to treat The Book as something to be followed slavishly. What most people don't realize is that we are also schooled in the principles behind The Book so that when the shit hits the fan and The Book has to be tossed over our shoulder - we are ringing the changes rather than merely improvising. (And even when we do have to improvise, we've still got that grounding to work from.)
Which is why the military values those traits - someone who doesn't have them flounders when you have to heave The Book. And the military knows full well that in the real world things will go all pear shaped - its inevitable. (And, inevitably, leads to tension between 'the kind of serviceman you want in peacetime' and 'the serviceman you need in harm's way'.)
The difference between the typical creative person and the military mind, I think, lies in the ability of the military mind to 'switch modes' as it were. The discipline to stay in robot mode when needed, matched with the ability to operate creatively when needed. You can't have artistic tantrums when the bullets are flying, or even in peacetime in garrison.
1) Do you have any foreign connections? Obviously, the biggest security concern with classified information is foreign espionage. So, they want to make sure that you aren't under the sway for a foreign government.
2) Do you have anything that could be used as leverage to make you give up information? It isn't that the care so much what you are or what you've done, they care if you care. Your sexual orientation isn't important... unless you are scared about having it revealed, in which case it could be leverage.
That's what they are worried about. They want to make sure you won't give up the secrets you are supposed to keep. So the check is based around first making sure you are who you say you are, and then making sure that there isn't anything about you that could be used.
I have a friend who has an active secret clearance despite having used marijuana. They were actually more concerned about the fact that his mom was originally from Mexico. However, upon checking it out fully, they decided that she was just your standard immigrant, and thus her son had no special ties to a foreign power. As such he got his clearance and now works for General Dynamics.
They really don't give a shit about your life, beliefs, etc, unless they happen to be something that might lead you to betray the secrets entrusted to you. You would probably find that bad credit would be much more problematic than past drug use (since being deeply in debt makes you easy to bribe).
Your argument is dubious. Mercenaries do not equate to an effective military in any way, shape, or form. On the contrary.
My fellow hackers do not give into centralized power as large as the military. Remember that the military is under the ultimate authority of the president, an individual you did not elect because you were given shitty choice over which member of congress to promote so you ended up not giving a shit because none of the candidates had a clear perception of technology anyways.
While the offer sounds tempting, the militarys obsession with procedure, lack of exceptions and its fixation on hierarchy will directly conflict with individuality. Theyll probably tell you that porn is not allowed on your machine. Theyll probably make you use a windows box and force you to change your background and tell you to stop watching so much damn anime.
We have a duty to preserve anonymity, data neutrality, information integrity, and a community service of information for up-and-coming generations.
If you are a hacker, you are already enlisted in your own army. Your duty is whatever the hell you want to do. If youre not getting paid, its either because you hate cubicles, or have good morals. Keep your day job and continue to be under your own authority.
Trying to install linux on my microwave, but keep getting a kernel panic...
I think the answer to question five was as strange as it was because it was interperted as "what sites would the AF like a group of cyber-milita to take down (such as Chinese military sites" as opposed to "do you have active honeypots that you can publish the IPs of, and thus gain a sizable testing force". If interperted as the former, his answer is certainly understandable. If the later, well, I imagine that most honeypots would not be exposed in such a way, so as to be used against people with bad intentions. Now, IP addresses are cheap, but I don't know the cost of running public honeypots in addition to private ones. Not to mention making them look different enough that they are not both detectable as being such.
Your ad here. Ask me how!
There was much to obtain ... did you google/... "General Lord" cyberwar tactics strategy weapons/operations/mission/abstract ... The ...___... Russians/Chinese (nope not the Israelis) may have a (whoops accessible) paper posted on MG Lord ....
... there was not much, but a logical collection process and as many leaps-of-reason could make you a person of special interest (if discovered) to General Lord's civilian associates.
Available content-aggregate can provide detail adequate for logical discovery of unknowns. You are correct
Folks be careful out there and !HAVEFUN!
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Because his work in Iraq isn't protecting any of my rights. Perhaps in another, just, conflict he will be putting his life on the line to protect my rights to whine. He and his organization aren't protecting my rights by fucking with the Iraqis, just in case that was what you were insinuating.
Blar.
"...and that it is being watched all the way up the chain of command into the Pentagon." I donate my 5 voting moderation point this round to the Association of Former Cyber Crime Warriors (to be founded). Whatever I do when moderating here today, my motivation might be fully misunderstood by people who later on command the person with the gun in front of me. They might even just not share my taste of humor. So, I better shut up. ;-)
Greetings,
Chris
"An operating system must operate."
here are my random thoughts;
Top Talent,
This is going to be a huge issue. no way arround it, best way would be something along the lines of the NSA. whereas you recurit talent, as long time contractors. in return for things like further education, etc. in the end you would end up with 60% contractors and the rest would be AF personell but thats ok, cuz all the high level stuff would be handled by real talent.
top down security;
in refence, to an above post that spoke of poor security at the local level becuase of top down security. this is also an issue but one where people with talent need to be recurited. it takes years,
of exp to be a good expert or program mgr. and thats whats needed., not sure how this could be fixed.
but haveing standards, (which exist) and have the ppl with training and talnet implamenting is key.
maybe have a few real top talent types recurited as contractors (cisco Engrs)
-Nexus6
It read:
Dear Air Force Serviceman,
President Nixon regretfully passed away in 1994, twenty years after having last served in office. Please check HQ for a photograph of the current President, or contact your CO to order an update of Presidential photograph. The Marine Corps is the only Service that should have equipment that old.
Sincerely,
A General
1a) The realspace laws that govern military activities apply to our cyberspace activities.
1b) The same people who oversee us to make sure we comply with the other laws.
1c) We do like we do with realspace things, we turn them over to the appropriate civilian authorities.
2a) We are doing our best to defend the nation's interests. As you can imagine, it is hard and complicated by politics.
2b) Good question, but the military doesn't make those decisions. Ask your democratically elected government.
3a) We are constrained by what Congress, the President, and the rest of the mucky mucks decree. We let in those we can. We also have little say over security clearances.
3b/c) We will attract them as we always have: patriotism, money for college, a chance to learn and earn, and even health care. We are an all volunteer service. Our people will stay because they want to stay. We may not pay the best, but we want loyal servicemen, not mercenaries. Our members will stay because they are making a difference as a part of a larger organization.
3d) We have had, continue to have, and will have a strong connection with the research/academic community.
3e) You are asking the wrong person again. We will work with them, but how much they do is up to the rest of the government.
4) Other people make those decisions. But, even if one is too old to enlist, one can always work for the military as a civilian employee/contractor.
5) We don't make laws and I really can't answer this question without getting my ass in trouble. That said, we will abide by the laws of war and those that don't will be punished.
6) I don't think we should lower fitness requirements, especially for people who are deployed. But, we may want to rethink some of the requirements and how they are measured. And, we should rethink what we look for in recruits. Fitness can be increased, but stupid is forever. And, for some posting, especially ones in the U.S. maybe we can use people who would not be deployable or who may be forced out due to health or weight. We might even want to consider converting those people into civilian employees/
7) You have just mentioned what makes my job hard. How to make cyberwar "terrible" so as to make it undesirable? Right now, it is a matter of a good defense. It may come to trying to isolate countries or enlisting other governments in the hunt for cyberterrrorists. We REALLY want to prevent a cyberwar because war sucks for us more than you will ever appreciate.
8)We are really for defending against outside groups attacking the U.S., but sometimes it is hard to tell that from civil crime. When we investigate, if we determine that it is outside our mandate, we turn it over to the appropriate civilian agency, such as the FBI, CIA, etc.
9)YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.
10) We don't decide what constitutes an act of war. That is for the civilian government. We just fight the battles they pick.
11) We are tasked with defending military computers and networks. The other agencies defend other systems. We will work together, but they have their job and we have ours.
12) I don't see the mindset you are talking about. Maybe I am not exposed to it, but I don't think that is the way things are.
12) If I answered this it would be TL:DR. There is an entire process in place which I, and many people in the military, have little to no control over.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
....when you chat with one of their recruiting representatives online and they can't provide any information. Personally I'd eat something like this up... I'm underutilized by the Marine Corps and want to work in the industry, and would love a way to do that without wasting almost half a retirement check... I've got an AS in Computer Science and am wrapping up my last few classes for a BS in Computer Science as we speak, plus I'm at seven years of active duty time in the US Marines in which I'm currently a Sergeant. I've got a (fairly) decent resume of programming work, to boot.. The catch? Two years left until I EAS.. So essentially they're article tells me they're willing to relax military standards in order to recruit us geeks, but when a certified geek that blows the doors off those standards with expert rifle scores, top-tier physical fitness tests, a monster GT score, and experience as an NCO shows interest in applying..... "You'd have to contact us after you exit the service to explore options as an Air Force Officer..." OK buddy.. Sure, I'll get right on exiting my current career to apply with you guys with no hint of a program or acceptance promise two years down the road... Unreal... Looks like I might just have to let the Navy send me to Law School yet....
I know that "leet" is a hard-to-define grammar, but I believe you said:
"Please geve us root mieeile lenches!"
In the future, it may be best to keep in mind that "3" isn't a wildcard. =)
± 29 dB
I just don't see an army of educated IT security people being able to fend off self taught hackers, let alone even detect them.
I am not worried about the veterans, unless they are self taught. And in that case I'd make sure not to do anything that would leave them feeling betrayed. Think about what Kevin Mitnick did to the FBI after working with them. People don't realize, there are far better then Kevin out there. The best ones are the ones you'll never hear about, they are ghosts.
The best ones also have a strong sense of right and wrong, it's just different from what most peoples views are.
As for myself, being told I can't do or accomplish something is the strongest motivator.
It's not a conscious thing, it's almost obsessive compulsive and no malice or desire for any gain what so ever, nether data or money.
Just thrill or fulfillment of some deep subconscious need.
In high school I couldn't help when walking by a row of locker in an empty hallway to unlock 20 locker in a row that had master locks on them, then re-lock the locks on upside down. And see how fast I could do it. I'd won many bets that way.
Same for teacher bathrooms, the school safe. (just opened the door 1 inch then closed it again) They ended up putting me in charge of the schools computers in my senor year since I already had full access and knew much more then the consultant that they had that barely could update there COBOL source code.
Over the years, I have built my own modems from scratch, build and sould the first PC sound devices, wrote the first code to play 6 Bit digital audio on the PC's internal speaker. Built early home made packet radios, spread spectrum radios on CB's.
Reverse engineered many BIOS/ boot ROM's, copy protection, viruses, crack games, AOL and Compuserve account, phreaked, security systems, vending machines, Cable TV, cell phones, GPS, you named it.
When one malicious hacker that messed with me later asked a friend to get a copy of 286 AMI Bios from me, I even put a defanged non-contagious version of Jerusalem B virus into it so that it installed the TSR portion every time he formatted a disk. Specifically so it would aways infect ever disk he touches. Specifically designed to get detected so no one would ever trust floppies from him. He used to be a big wares guy, but I put a quick end to that.
Over the years I have gotten into so many things and ever left a trace, just popped in, poked around, got board and moved on.
In the process I have learn so much and had written so much code, that I have become a seasoned kernel hacker in both BSD and Linux with a strength in networking.
Another thing people don't realize, Hacker don't aways have a specific target but meander, and see where it goes.
I think Bruce Schneider pointed out was they go the weak points, like don't open the lock but go in over the drop ceiling tiles.
The reality is that heavy lock is more likely to attract them if for no other reason then out of curiosity. What the hell is in there that requires so much security? It's like a giant puzzle and solving it, quenches ones curiosity.
Anyhow now that I probably said too much, just for the record, I stopped the illegal stuff a long long time ago, now that I have probably gotten myself on some watch list.
These days, I focus on understanding SPAM (towards blocking, tracing etc), defending DOS, P2P, ECIP and flow control, Video and data compression, mathematics, Cracking DRM and FOSS coding. It still fulfills the rebel side of me, and also accomplishes something useful.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
I suspect that the general may have provided a glimpse of things to come in his statement about verifying the source of attacks before striking: "...we've got to be spot on about authenticating the trusted source of that information in the first place." Perhaps this is part of the reason that ipv6 is tied to your hardware address by default in pretty much every implementation. Expect that governments will track hardware addresses to individuals to the maximum extent possible.
I've got some questions, doubt they'll be answered(wish I coulda caught the original article).... or atleast answered with the nonanswers we got here.
I've been in IS now for over a decade, almost exclusively as a blackhat. In the past few years I've gotten into doing "unconventional" threat response - blackhats can be the best whitehats, y'know, learning through doing. Now tell me, why should I go in at an entry level paygrade when I can make more as a civilian? What gaurentees do I have of immunity? Why should I bring my tricks to your trade, when it's unlikely I'd be in an enviornment of trust anyways? As is I've got a juvi record and wouldn't get a sec. clearance anyways. I've got alot to lose by going in, including the trust and respect of those around me, whom I've been running with for 12 years -- but nothing of gain is apparent. What about the risk of being given a different AFSC? I've got some friends that went in 13D together, showed up to boot, and were told they were 11B now.
These are the thoughts on our minds. Personally, I've been considering enlisting for a long time now, but USMC. Give me some real answers(unlike those posted above), some gaurentees on paper, and maybe I'll consider USAF. 'Til then, no way.
www.isoHunt.com
So, US Government, please let us know when you're ready to put your money where your mouth is, and we'll subsequently give you the best damn computer security on Planet Earth.
He doesn't want to hire you. He wants people who aren't motivated only by money.
Because if you're motivated only by money, when the Ruskies (allow my cold war allusion) come by with a $40M bag you're going to tell them everything you know.
Now, you may be saying to yourself, "hey, I'm not just about the money, I've got my ethics, my morals, my values." OK, so then take a paycut for the Common Defense, if that's the right thing to do. If not, see #1.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
You've got to be kidding ?man?
Are agnostics skeptical of unicorns too?
Can't really remember, but yeah, it's in a book(s) somewhere.
.mil that much, as you appear to do, hate on the losers who call the shots, not the grunts who have to carry it out, and then clean up the mess too.
Then again, I've heard the expression personally, from people who in Vietnam *did* have phonepoles come up to where they were.
It's a common expression in military aviation. It's about the only way some people can get a real grip on what a big SAM looks like.
Hell, I've even heard the phrse in TV programs dealing with jet combat. It's the *crews* calling those things "flying phone poles", not some writer.
If you have to hate
That's why I left, you know. I love the Air Force.
I positively have no love whatsoever for the assholes she sadly has to serve. And it's only gotten worse.
The "Civilized World" jumped the shark ca. 1973.
Hell, even private citizens can afford a MiG these days.
Fact: USSR is gone.
Fact: USSR built a whooole shitload of war-waging aircraft.
Fact: Anyone with the right money can get these.
Fact: This is why we still have an Air Force. Well, that, and heavens, we just can't close down what made America prosper: the war machine. I despise that machine, but will defend to the end those who wear the uniform, because I wore it. We are but cogs.
Just because the adversary is now a friend, it wasn't always that way -- and on top of that, the war-waging equipment they built is still around, and actively traded, with some models in particularly high demand (I'd sell my soul for a MiG 15, but then, I have no soul to sell.)
If you think the air wars are over, you're naive. You and I may not see the day jet faces jet in anger, with guns, anymore, certainly not like in Vietnam or WWII -- but it'll happen again. It won't be the Russians. Or maybe it will be. Maybe it'll be the Chinese. Or the Canadians. Or the Mexicans, or any other number of countries with beefs with the US. It's not like there's a shortage of countries who hate our guts.
Your sarcasm is stale. You need new. May I hook you up? I know a guy.
The "Civilized World" jumped the shark ca. 1973.
Here are the answers. Before you ask: yes, his answers were checked by both PR and security people.
Warning, he will sound like a robotic overlord because his management folks don't understand how much this site's visitors value a genuine personal tone. So deal and try to extract the meaning on your own.
How do we prevent "mission creep" (Score:5, Insightful)
by Jeremiah Cornelius (137)
ANSWER:
A very good question. It's a complex issue, but bottom line is that we won't need new laws to be able to fly and fight in cyberspace. The DoD's role in protecting cyberspace is governed by domestic and international law to the same extent as its activities in other domains. Other U.S. agencies, such as the Department of Justice and the FBI, have important and, in many cases, leading roles to play.
Existing laws are fine. theres like a million of them. If there's a problem, we will hook up with Legal over in DOJ and the FBI, just like we do for everything else. It's not Different if it's Just On The Internet Now.
Attacks on the US and its Allies by China (Score:5, Interesting)
by Yahma (1004476)
ANSWER:
Yes, there are lots of news reports on that, but I'm sure you can appreciate the fact that there are other branches of the U.S. government that must answer your foreign policy questions. I can tell you that securing cyberspace is difficult and requires a coordinated and focused effort from our entire society - federal government, state and local governments, the private sector and the American people. The Air Force is working to improve our ability to respond to cyber attacks, reduce the potential damage from such events, and to reduce our vulnerability to such attacks.
You can't honestly expect me to start slinging mud at other governments. that's what you elect politicians for. We're just trying to keep our computing house clean, and be ready if a mission calls for something all hackery.
Accept, Retain, Solicit good people? (Score:5, Interesting)
by Lally Singh (3427)
ANSWER:
I believe even the most unlikely candidate, when working for a cause bigger than himself, turns out to be a most loyal ally. Young men and women come into the military for any number of reasons - education, health care, etc. - but end up staying because they believe what they're doing matters. We know money doesn't create loyalty--a sense of purpose does. We'll take what they have to offer, and in turn they might be surprised by what they get back. It's not just our military members either, it's all those who partner with us . . . academia and private industry, our civilians and contractors, too. In the cyber command, there is a purpose and sense of urgency to be ready. You can bet that we leverage all the expertise out there to help us do our job.
I know that a lot of folks think hax0ring is way anti military/establishment/uniform. But many times you can get real quality people from unexpected places. We can't pay the big bucks usually but we find that lots of people will do it anyway because they want the pride that comes with Protecting the Motherland. Lots of people work in nonprofits for less pay because they believe in the mission, too.
Older recruits? (Score:5, Interesting)
... and well before retirement age indeed! We train them with specific technical skills as well as overarching abilities required to lead in today's environment. You're right in that we couldn't compete in the cyber world without the experts in the civilian industries who give us the technology in the first place, provide the architectu
by rolfwind (528248)
ANSWER:
As I work alongside today's Airmen, many with very specialized skill sets in great demand outside the Air Force, I find them to be incredibly well trained and up-to-speed on current technologies. We bring them in from a general practitioner level and take them to expert level in reasonable time
It sounds like the General knows his stuff and that gives me a warm cozy feeling as I read his responses. However, when you recruit these hackers they aren't necessarily going to respect authority. All it's going to take is one person above them angering them before this takes a turn for the worse. You won't be able to stop leaks from these people. If you try that's just going to make it all the more fun to leak. This is something that needs to be kept in mind. The Generals responses are excellent and I'm sure alot of people are starry eyed after reading this, but it only takes one bad attitude to set the people you seek off. Basically, they need their own community and their own types to run the show. It's going to be more like a LAN party then an operations center. Are you truly prepared for that? Regular folks that can be trained to sit and obey are not what you seek.
"I guess I'm gonna fade into Bolivian."
I get the impression they're not terribly interested in grabbing up the anti-social hackers we're picturing. I expect they're looking to develop their own people to a point where they're very good at very singular, near-mechanical tasks, and contract the rest out to the private sector. Hell, that's how everything else gets done. Let a company design and build the new machine, train someone to change the oil and replace parts.
Actually, I recall when having a MBTI test (Myers Briggs Type Indicator) that of the 16 personality types, being told that there is a considerable skew of people in the armed forces to being ESTJ or ISTJ.
Generally those people who are Intuitive, Feeling and Perceiving (as characterised by the MBTI, which isn't necessarily the same as what you might think those words mean) don't "fit in" as well with the usual type of person needed in the armed forces.
There have been studies done on this (google it) and it makes sense that the armed forces isn't the best place for people who place emphasis on feelings, intuition (in the MBTI sense this refers to those who place an emphasis on abstract and theoretical data and future possibilities and insight) and Perceiving (MBTI defines this as being someone who sees the world in shades of grey).
The most common armed forces recruit is generally ESTJ, who is a logical person who deals with physical facts, makes judgements on the world in black and white terms and uses logic. Now it could be argued that's exactly like your average hacker but read a definition of an ESTJ at somewhere like http://www.personalitypage.com/ESTJ.html and you see how nicely that fits your typical soldier type.
There's all sorts of people and no doubt the military may have some places for pretty much any kind of person, but on average the ESTJs are what they need/want it seems.
Of course this isn't necessarily the best way to characterise people anyway, but it gives a good feel that the military don't really want just any old person. A lot of people I know are ENTP (like me) or INFP and you just know they wouldn't fit in a military command structure. Heaven knows, most of us have trouble just fitting in with a corporate lifestyle!
pithy comment
How long has the word "resolve" been used in this context ("the nation's resolve")?
So, on this question and answer:
YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.
I find myself wondering if the question asker's scenario couldn't fall under something like a Letter of Marque and Reprisal? If so, this is hardly a novel idea, as it's actually something that is explicitly accounted for in the US Constitution.
// TODO: Insert Cool Sig
I want to raise some of the deeper issues behind the problem of cyber-warfare (or even just most plain cyber-crime related to fraud).
:-), the threat (or opportunity) of an upcoming technological singularity, and so on
http://en.wikipedia.org/wiki/Cyberwar
Most of the movie "War Games" is silly, but this statement from it is profound: "the only winning move is not to play". Or to generalize it, there are finite games and infinite games, and infinite games are about continuing to play, not about winning (see author James P. Carse on _Finite and Infinite Games_).
http://video.google.com/videoplay?docid=-962221125884493114
Now that we are confronted with global warfare, whether nuclear, biological, or cybernetic, we need to rethink what games we want to play. As Albert Einstein said "The release of atom power has changed everything except our way of thinking." The same might be said about genetic engineering or the internet. We need to somehow transcend these arms races instead of try to win them.
It continually boggles my mind that people are willing to admit to problems of such extreme magnitude caused by "progress" so far -- like the threat of nuclear war, the threat of bioengineered plagues (or even just cluster bombs and land mines), the threat of economic collapse (speculation, derivatives, etc.), the threat of widespread pollution with unexpected consequences (e.g. endocrine disruptors from plastics), the threat of global climate change, the threat of universal fascism (by "liberals" or "conservatives"
including the threat of cyber-warfare or cyber-crime (essentially the technological face of the usual horsemen: war, plague, famine, leading to death), but then, when faced with these huge threats, the solutions proposed are timid, piecemeal, or regressive. Why not consider that big systemic problems (sometimes resulting from incremental quantitative changes over time adding up to vast qualitative changes) may require widespread transcendental changes (even if just a change of the heart or the prevalent mythology)?
=== the need for mutual security and a resilient civilian infrastructure ===
As long as the US defense strategy is based on strategic dominance of others
"Joint Vision 2020 Emphasizes Full-spectrum Dominance"
http://www.defenselink.mil/news/newsarticle.aspx?id=45289
and not mutual security for all, the US will not be secure, because it will be a threat to everyone by its own logic. Such a one-sided strategy will promote the development of the very ruinous arms races which have already cost trillions and left both the USA and the now-defunct USSR as losers of the cold war (the USA just taking a little longer to fall from the financial punches of the past few decades).
These issues were outlined in the book _Brittle Power_ in the 1980s,
http://en.wikipedia.org/wiki/Brittle_Power
mainly in regard to the US energy infrastructure, but the ideas apply everywhere including manufacturing and likely the internet. Systems which balance meshwork and hierarchy
http://www.t0.or.at/delanda/meshwork.htm
(and so are at least moderately decentralized, compared to hierarchical monopolies) will stand the greatest chance of survival. Unfortunately, the civilian systems which the General is charged with protecting are mainly not of that variety. The internet is more-so like this than almost any other system, but it still has its key weaknesses in practice (including widespread use of difficult-to-audit proprietary software like Microsoft Windows). That lack of resiliency is a product of the failure of decades of civilian governance in terms of
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Am I missing something here? I see a link the the original questions article, a link to the Generals biography, a link to the Cyber Command website, some editorial comments, a thank you, and .... no responses to questions. Yet other posters are commenting on stuff, where are these responses? What am I missing here?
Interesting read, and very informative. I am 40, and will be graduating from the Norwich University MSIA program in June (4.0 GPA). I am glad to see that the DoD is at least looking at reducing the physical qualifications for entrance. I for one would never pass (Asthma and a disc problem), however I would be very interested in helping the IA program for the US government. The recent attacks on a nation (Estonia I believe) by cyber terrorists brings about some key warning signs for those interested in cyber-warfare and cyber-terrorism. The ability to bring to a halt communications, transportation, and economic infrastructures of a country, essentially crippling it are interesting aspects for a new front in warfare. Where in the past the first overt attacks on a nation have been to cripple communications and command and control structures through the use of air power, now we can investigate cyber attacks as a feasible first strike technology. The ability to bring down these systems makes an effective platform, with significantly reduced risk to personnel. Also defending against such attacks is of paramount importance. While the threat to the US is a bit different in that such attacks would likely not be followed by traditional military force, the results of a successful attack against this country could prove devastating to the economy and our infrastructure. Since these attacks appear to be the work of bot-nets, defense against these attacks means defending against many civilian and corporate "zombie" machines that have been taken over without the owners knowledge and/or permission. To this end it may be worth investigating whether a public awareness campaign might be effective in limiting the attacks. Also replacing the current internet infrastructure with routers designed to identify and limit such attacks may be an effective deterrent. The latter option also allow the infrastructure under US control to be monitored and used for attacks against the US while allowing information warfare tactics originating from the US against our enemies, thereby allowing us greater control over such matters. Also, considering that bot net attacks have been determined to be so successful, I am wondering what the official policy is on using civilian and foreign machines to launch an attack against enemies in a time of war?
Open Source: Eroding the Digital Divide
Since when is it criminal to hack? It's potentially criminal, but I hack my systems all the time to make sure no security holes are present. The government has been really good lately on not calling all hackers criminals, but I'm worried this article is a step in the wrong direction. The government should be happy that ethical hackers exist otherwise most of those pesky software/OS exploits would still not be patched. Also, can you imagine having to train a hacker from scratch?
I haven't ranted on this for about 5 years, and was hoping never to have to again. It's like saying driving a car is criminal because some people cause vehicular manslaughter.
Actually... you'd probably be very surprised. I knew a number of people who I suspect were/are INFP - as there is nothing inimical there towards being in a command structure. Ditto for ENTP.
Just because it isn't the best place for them, doesn't mean they won't do well there. The ESTJ may be the typical 'soldier type'... But there is a hell of a lot more to the military than the grunt-on-ground. There really isn't a typical 'soldier type' outside of academia and stereotypes. (And maybe the Infantry, both USA and USMC.)
An ENTP with a little dollop of discipline would make a hell of an officer for example. I'll bet you'll find many ISTP in the various elite/special forces... A good portion of the technical specialist types I served with in the submarine service probably were INTJ. It takes a certain mindset to be a good technical specialist like a fire controlman, sonar operator, etc... etc...
Ahem, unless they fudge the election result
/. engaged in an political propaganda excercise with an air of well meaning but naive intellectualism and is unsurprised at the bland outcome, i would hope that this lack of critical judgement is not repeated as it only serves to fill the pages of internal reports and buff up a false image of engagement. I believe slashdot should gaurd against the emergence of its partisan leanings or even from becoming vulnerable to accusations of same.
we are all cosmic nuclear waste
I was in the service before you were born, young man. I served from 1971 to 1975. Nixon resigned the day I returned to the US from being stationed in Thailand.
Here is an account of that trip (I was there from August 1973 to August 1974) and here is another.
Sadly, I see you didn't get the "funny" mod you were shooting for. Better luck next time!
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
As a Marine, I have to say that the hacker mentality is very at home in the military. Provided the hacker can use some self-discipline to focus his energy on productive pursuits. Taking apart a piece of classified gear to fix something even though your technically not supposed to == good, talking shit or breaking something cuz it's cool != good.
In the Marines we are taught that the operations theater offers no quarter to those who cannot adapt. The hacker mentality makes you more effective, and versatile which ultimately helps you survive.
The pay. That sucks. If the Marines gave out bonus pay for high-level geeks the way the Navy does for Nukes I might still be active duty. (I'm not just talking about multiples for re-enlistment. Nukes get all sorts of bonuses for various certifications and duty stations. {Two of my brothers are E-6 nukes.})
thank-you. Your thoughtful post sheds an enlightened note as to why one can never trust what the State or its military has to say about anything. As has been proven over the last 50 years: They lie in the name of preserving an Institution that has little concern over the well-being of it's rank-n-file or the constituency they presumably serve. They lie, period; for whatever reason, well-intentined or otherwise, in the name of an Establishment corrupted by greed for money and power to take what rightfully does not belong to them.
War is a racket and its prosecution and privatization has bankrupted our society to the point of extinction through generational terrorism
"There is no way to peace. Peace is the way."
Mahatma Gandhi
resist propaganda
In response to the China question: The only way the American people--and all people--can be secure on the Internet is through untraceable, onion-style routing and the use of secured, encrypted communications. These methods protect against not only malicious hackers, but governments, too. Education, not protection, is the answer.
As for the "solict, accept, retain" question, I feel that Maj. Gen. Lord's answer is a non-answer. He somewhat addressed the retention part of the question, but he did not address the first part: forgiveness of past sins. The best crackers are the ones that don't get caught, but there are some pretty damned good ones that do get caught.
The answer to the Older Recruits question answers a wide question: "If I want to participate, do I have to enlist?" I think many potential participants/contractors will find this welcoming. However, I can only imagine the media outcry when some alarmist reporter looking for a scandal finds that a third of the Air Force's new Cyberspace wing have priors. I guess the Air Force would need to address the second question better, then.
The "acts of war" question and answer lead to the following thought process: Most cyber attacks are guerilla in nature. They are short, perhaps coordinated, and surgical. However, if these acts are considered acts of war, would not the permission and blessing of Congress be required, as per Article I, Section 8 of the U.S. Constitution? Wouldn't Congress have to declare war (cyberwar?) on a nation? Given the current war powers atmosphere, it would seem that the Air Force would perform the attacks at the order of the president or the Secretary of Defense.
Colin Dean Go a year without DRM
You obviously can't be arsed to use your brain for even a few milliseconds, so let me spell it out for you:
Instead of funding this program, those same taxpayer dollars could be used to fund any number of other programs which many people would believe to be more worthy.
Alternatively, they could be returned to the taxpayers in the form of a tax cut.
Tax reduction OR other programs are an alternative to military spending.
I am neither an 8th-grade dunderhead or a hippie. Try again.
Well said Derek. I'd add that the General's responses had just enough authenticity that I believe he probably authored the original content. But, I suspect it went through a process something like this before it was released: 1st Draft: YGTBKM! But seriously, I'd love to have a strategy like the Chinese and harness you guys into some kind of ass kicking civil cyber patrol but you know I can't, turns out that would be illegal. Oh well. But hey, if you kick a little ass and I didn't ask you to, what can I do about it? By the way, you didn't hear it from me, but there is a list of interesting IP addresses stego-hidden in my bio picture at af.mil, get the big jpeg one. 2nd Draft after once over by his deputy: YGTBKM! But seriously, I'd love to have a strategy like "some other places" and harness you guys into some kind of really good civil cyber patrol but you know I can't, turns out that would be illegal. Oh well. But hey, if you kick a little ass and I didn't ask you to, what can I do about it? Please email me for a list of interesting IP addresses. 3rd Draft after legal review: YGTBKM! LOL! I CAN haz cheezburger! 4th Draft after second deputy review: YGTBKM! LOL! But seriously, I'd love to have a strategy like some other places and harness you guys into some kind of really good civil cyber patrol but you know I can't, turns out that would be illegal. Oh well. But hey, if you kick a little ass and I didn't ask you to, what can I do about it? Really, email me. 5th Draft, PAO Approval: Mmmmm... Cheezburger. Final Draft after corrections: YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.
Allied nations have similar programmes.
It has been useful in other problem domains to have an exercise OPFOR and training grounds. See Crocodile03, Red Flag, Fincastle Trophy etc.
Are there plans to both co-operate with allied nations, use "Tiger teams" to assess vulnerabilities in both US and allied infrastructure, train a specialist OPFOR using likely enemy tactics, have an "inactive reserve" of irregular cyber-militia... and is there a (preferably multinational) group studying such "Blue Sky" ideas? How do we go about starting one if not? This Slashdot experiment indicates someone is on the ball, at least...
About 15 years ago, I was part of an unofficial e-mail-ex that happened immediately after an unfortunate incident involving a QANTAS trans-pacific flight and the USN. We examined just what might happen in case of severe tension between the US and Australia. The problem from the Australian viewpoint was not causing unacceptable damage to the US in order to coerce the country into behaving as they'd wish, it was doing so without causing unacceptable collateral damage to the world economy. This pre-dated Tom Clancy's "Debt of Honor", which contained a few of the ideas. Both sides retired shaken, and resolved to try pretty much anything before going that far in actuality. Hopefully infrastructure has been secured a bit since then. As a regular reader of the RISKS digest http://catless.ncl.ac.uk/Risks , I wouldn't bet on it.
Zoe Brain - Rocket Scientist
LEAST reassuring answer ever. This basically equates into "we do what we want to you, when we want, as often as we want to, and use your tax dollars for lube. As you were.