Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Lt. Col. John Bircher About Cyber Warfare Concepts

Posted by timothy on from the please-include-your-gps-coordinates dept.

The Air Force is not the only U.S. military branch trying to come to grips with the electronic side of warfare, both current and future. The U.S. Army Computer Network Operations (CNO)-Electronic Warfare (EW) Proponent (USACEWP), located at Fort Leavenworth, Kansas — home to the U.S. Army's Combined Arms Center — serves as the Army's hub for cyber-electronic concepts and capabilities. This is the organization responsible for developing doctrine, materiel and training to prepare the Army for cyber-electronic engagements. For example, USACEWP has developed training teams to ensure that U.S. commanders and soldiers around the world are fully informed of cyber-electronic capabilities at their disposal. Leading the Proponent's Futures branch is Lt. Col John "Chip" Bircher; Bircher entered the Army in 1989 as an Infantry officer, then served in various command and staff positions, most recently Information Operations (IO). He was the IO Chief for the 25th Infantry Division (Light), Hawaii, and Director of IO for Combined Joint Task Force -76, Bagram, Afghanistan. If you want to know more about the realities and challenges that face an armed, global IT department in a time when electronic warfare is ever more important and dangerous, now's your chance to ask Lt. Col. Bircher some questions. We'll pass on the highest-moderated questions for Lt. Col. Bircher to answer. Usual Slashdot interview rules apply.

24 of 236 comments (clear)

  1. Technique? by Manip · · Score: 5, Interesting

    Does the US Army take advantage of traditional misconfiguration and social engineering techniques in order to compromise a network or are the US government developing a home grown list of exploits to gain access to foreign government systems?

  2. Legal Ramifications by muellerr1 · · Score: 5, Interesting

    How does the military ensure that it is operating within the law regarding online military offensive activities? Are there any laws or oversight, as such? If so, how are those laws and/or oversight affected by a declaration of war?

    --
    steampunk web design
  3. Why so many directly connected networks at all? by BadIdea · · Score: 5, Interesting

    I'm interested in why so many sensitive networks are even hooked up to the internet in the first place, or why trivial systems are so often bundled with sensitive ones under the same security frameworks.

    Why aren't there more isolated networks that would require physical contact or interception to get to in the first place? Do sensitive systems really need any connection at all to the conventional internet in the first place?

    I know that many places in the DoD do take this approach (people having one computer for safe email and browsing, and a completely different computer for sensitive intel), and certainly it's more expensive and less convenient. But when the internet is basically just a big pathway leading directly to your backdoor, why take any chance at all, ever?

    --
    The Bad Idea Blog - Science, Skepticism, & Stupid
  4. What is that? by khasim · · Score: 5, Interesting

    What, specifically, would be a "cyber-electronic engagement".

    Include examples.

    Compare/contrast with traditional forms of intelligence gathering (wiretaps, listening devices, etc) and their counter-measures.

  5. Interview Question by Anonymous Coward · · Score: 5, Interesting

    With the political tilt as it is, a large part of the software development community is likely prejudiced against helping our country. With this in mind, how do you recruit the most creative and skilled people that this country has to offer?

    1. Re:Interview Question by Daniel+Dvorkin · · Score: 5, Insightful

      With the political tilt as it is, a large part of the software development community is likely prejudiced against helping our country.

      You made a typo there. Here's a correction:

      With the political tilt as it is, a large part of the software development community is likely inclined against helping politicians use the Army as a tool to fight wars which harm our country.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
  6. Hacker war... by Notquitecajun · · Score: 5, Interesting

    I doubt you could REALLY answer this, but Is the US military playing any sort of role in the semi-undergroung "hacker war" that appears to be going on between China and the US?

  7. For us geeks who'd be sitting behind a computer .. by Anonymous Coward · · Score: 5, Funny
    to fight. Will we have to go to basic training?

    If so, would basic training be to train us to stay up all night, living on pizza, soda, Skittles, and porn?

    If so, where do I sign up?!?

  8. Relationship with the Air Force? by El+Cubano · · Score: 5, Interesting

    Since the Air Force is the U.S. military branch claiming dominance in "cyberspace" (along with air and space), how do you view the Army's relationship with the Air Force in "cyberspace"? Will the Army seek to take over all of the "cyberspace warfare", carve out its own niche in cyberspace, or peacefully coexist with the Air Force?

    With respect to leadership in this area across the DoD, do you feel that the Air Force being denied the program executive role for all DoD UAV endeavors represents an opportunity for the Army increase its role with respect to UAVs (as many people see cyberspace and UAVs to be inextricably linked)?

  9. China by je+ne+sais+quoi · · Score: 5, Interesting

    What is the U.S. Army doing to protect U.S. sensitive information from the frequent number of cyber-attacks originating from inside the People's Republic of China? Is it primarily defensive?

    --
    Gentlemen! You can't fight in here, this is the war room!
  10. Recruitment by caljorden · · Score: 5, Interesting

    Does the US Air Force, or any branch of the armed services, currently recruit for cyber-related positions directly? Or is it a requirement that all members come out of the standard armed services personnel? If there is currently no system for recruiting the best and brightest CS/IT/Security personnel from the civilian population, would that ever be considered?

    1. Re:Recruitment by db32 · · Score: 5, Insightful

      I can answer this one for you. Yes they do. The Air Force in particular has been getting much more active in advertising it's increasing need for the intel/cyber style missions. You basically go through the same process everyone else does.

      1. Go to the recruiter and say "I want to do XYZ". If you are lucky you will get a recruiter that isn't a slimeball and will actually help you do specifically what you want. Hit or miss here, some are really amazing folks that know how to work things, others are asshats that know how to sleaze kids in. Do your research first. Non military and recruiters are about the last people you want to talk to for "how it really is" information, one is clueless and comes up with nonsense stories, the other has a clue and comes up with nonsense stories. Currently active or recently retired people will have the best information, though it will frequently be a bit dated. It is best to refine your questions with them and then ask specific pointed questions of the recruiters.

      2. Go to the MEPS (Military Entrance Processing Station I believe) and do the tests. ASVAB being the big one here, all branches use these scores in one way or another to determine what jobs you are qualified to do. This isn't exactly a hard test by any stretch, more than anything it gives the military a guess as to how complex of a school they can send you to without wasting money on you failing out. You will also go through the whole physical thing, eye tests, piss tests, blah blah blah.

      3. Go to the career manager folks. Each branch has a different name for them and this part will typically happen at the MEPS. Again, much like recruiters they are hit or miss. However, they have a bit better of an excuse. They aren't there to convince you to join so much as for you to tell them what specific job you want to do. These are the people that look up your scores and compare that to job requirements and then check for openings in that job. They process tons of people per day, many of which have no idea what they want to do other than "work on computers" or "fix planes" or whatever. The key to coming out of this is to do your research well before you go. Narrow down what you want to do to a few jobs and know their code for whichever branch you are talking to. These people are experts at human resources stuff, not the details of whatever career you want. They probably won't be able to answer much unless they came from that career or know someone in that career. The best bet is to get your recruiter to arrange some time to meet people in the career field you are interested in and get the answers that way.

      4. Go to basic training. Everyone goes, no way past that.

      5. Go to your school. Each branch does this a bit differently, but after basic training you will go to the school for your chosen job. This could be 2 weeks long, it could be 2 years long, all depends on the job.

      6. Pray for your assignment. Now you are in, you have the career you want, and now it is a roll of the dice. You go where they need your career, period. There are a number of programs to finagle your way around to places you want, but don't expect any of them to help you much in your early days. Your best bet here is to do a damned good job, don't be a fuckup, and let your supervisors know what your goals are. Good supervisors will help you get where you want to go. Above all else, don't expect it to happen quickly.

      National Guard units basically follow the same steps, except for the assignment process. With the Guard you will be joining a specific unit when you enlist. So you will already know exactly what your assignment will be. The Guard units are able to do much more targeted recruiting because of this. The Active Duty world you kind of go into a big pot and stay there unless you managed to get into special assignments (usually by being really good at what you do and leaning forward for opportunities).

      --
      The only change I can believe in is what I find in my couch cushions.
  11. What limitations do you observe? by Anonymous Coward · · Score: 5, Interesting

    Conventional military is bound by the Geneva convention. To date, there is no international law governing military info-war. Are you therefore no longer bound not to attack civilian targets? Is scrambling hospital records to create civilian deaths by mistreatment considered a valid attack?

  12. Re:John Bircher? by QRDeNameland · · Score: 5, Funny

    His superior officer, Col. Kukla X. Clanner, wasn't available for comment.

    --
    Momentarily, the need for the construction of new light will no longer exist.
  13. Why does the Army have a love affair with Windows by Anonymous Coward · · Score: 5, Interesting

    the worlds most insecure operating sytem? Seriously, I just had to go through the Army accreditation process at work, and all the guidelines basically say that Windows is the most secure according to the army. Several of the policies do nothing to increase security but are windows only features, a not so subtle hint that if you want to be "secure" you should be using Windows. The policies also states that since open source is "unsupported" you should use a commercial OS unless you can find "support" for the open source software. The scrutiny that the Linux/Unix machines are put through is MUCH more than Windows machines are. Windows machines are basically said to be "secure" if you apply all the patches and set a couple of settings. Its as if the Army considers Windows to be the most secure instead of the least secure. The whole security accreditation process seemed to be a giant push for us to move to Windows, which means that in my opinion the whole exercise was intellectually bankrupt. Why does the Army continue to push windows despite its absolutely horrendous security track record?

  14. Jurisdiction? by Caerdwyn · · Score: 5, Interesting

    Given that the most likely targets for cyber warfare are civilian targets, and that the perpetrators will likely be either non-government organizations or non-military employees of foreign governments, how do you see the jurisdiction question playing out? In particular, at what point are there handoffs in investigation, arrest, and prosecution between the US military, the FBI, and local authorities of affected civilian targets?

    --
    Everybody gets what the majority deserves.
  15. Avoiding Redundancy or is it Necessary? by introspekt.i · · Score: 5, Interesting

    What steps is the Army taking to avoid overlap with the Air Force's "cyber warfare" program(s)? Is avoiding overlap considered necessary, or is redundancy considered a good thing? Are there plans to collaborate on large scale with the Air Force, or keep the programs isolated from one another?

  16. And if and if ... by khasim · · Score: 5, Interesting

    And if there actually is a "Hacker War" between us ... and if our military is currently playing a role in such ... are there any civilian applications that will be released to help defend our non-military assets (corporations, education, etc)?

    Example: the NSA has worked on SELinux.

  17. Timing and relevancy by zappepcs · · Score: 5, Interesting

    It's common knowledge that what we call the Internet was suckled by the military. Black-hat and white-hat security conferences and practices have been an active part of Internet security for over a decade.

    Can you explain what seems to be the US Military arriving at the game in the third inning?

    Having had TSEC and observed security processes and procedures, such as tempest precautions some time ago, I'm having trouble understanding why the 'cyber defenses' of the US Military only now seem to be actually realized.

    Is the delay due to funding? Priorities? or simply to underestimation of what the rest of the world was up to all this time?

    Please be as specific as you are able to be.

    Thank you.

    --
    Support NYCountryLawyer RIAA vs People
  18. Threat Assessment by mykepredko · · Score: 5, Interesting

    As I understand it, every military in the world assess the threat its opponents pose by their capabilities rather than perceived intents.

    How do you perform a threat assessment in the area of cyber-warfare where the physical weapons (as was pointed out in an earlier post) is the keyboard and mouse with much of technology being used as a threat being developed in the U.S?

    Thanx,

    myke

    --
    Mimetics Inc. Twitter
  19. "Civilian contractors" by faloi · · Score: 5, Interesting

    Do you foresee a high utilization of civilian contractors? Knowing that there are some restrictions on people that can be recruited into the Army for any number of reasons (asthma, medications, criminal records), do you see a need for either more lax recruiting guidelines for some of the "front line" troops in the cyber warfare field, or a higher use of civilian (or at least non-Army) personnels?

    --
    "It is a miracle that curiosity survives formal education." -Albert Einstein
  20. Hurdles of Cyber Warfare by Digital+Ebola · · Score: 5, Interesting

    Greetings,

    One issue to cyber warfare is linguistics. How does a military unit overcome this? Does the unit consist of people skilled at the various languages used in theater plus the technical concepts required to execute, or are you forced to cooperate with any other agency?

    Also, agency cooperation: are there good relationships between the cyberwarfare units and the intelligence community, and can you say whether or not there are SOPs in place that would utilize cyberwarfare units in conjunction with a physical offensive, i.e. disable Three Gorges Dam right before an op.

    Thanks for the time!

    --
    "Network penetration is network engineering, in reverse."
  21. Computer Literacy by AioKits · · Score: 5, Interesting

    What level of computer literacy do you feel the Commander-In-Chief and those reporting to them should have in order to comfortably and accurately convey the importance of a given situation/threat the USACEWP encounters?

    --
    "Quote me as saying I was mis-quoted." -Groucho Marx
  22. Are We At War? by Doc+Ruby · · Score: 5, Interesting

    What is the "cyber command" doing to protect the US from current serious attacks on major Federal government sites, including the attacks on sensitive Congressional sites reported this week?

    Is there any traditional military precedent for tolerating these attacks to the extent we do? Is that hesitancy making us weaker, so our eventual delayed military (or "cyber-military") response will be compromised from winning the conflict to our satisfaction?

    At what point do these attacks constitute acts of war, does that need to be declared by Congress, and how does the "cyber command" change its response at that point?

    --

    --
    make install -not war