Military Appoints General To Direct Cyber Warfare

An anonymous reader writes news from The Guardian, excerpting: "The US military has appointed its first senior general to direct cyber warfare – despite fears that the move marks another stage in the militarisation of cyberspace. The newly promoted four-star general, Keith Alexander, takes charge of the Pentagon's ambitious and controversial new Cyber Command, designed to conduct virtual combat across the world's computer networks. He was appointed on Friday afternoon in a low-key ceremony at Fort Meade, in Maryland."

Qualifications

[dward90]

TFA doesn't seem to have any information on how General Alexander might be qualified for this position, and what his command will involve.

Here's hoping the guy actually knows something about cyber security, and isn't simply the management figure for actual security experts, or he could easily f*ck this up hard.

Re:Qualifications

[Daniel+Dvorkin]

The guy's got a Wikipedia article if you want to know more. Short version is, he's director of the NSA and it looks like he's spent most of his career in intelligence. He does have Master's degrees in physics and electronic warfare, and well, from his picture he looks like a slightly older version of the typical Slashdotter. ;) So he's probably about the best choice available in the senior ranks; hopefully he's smart enough to listen to the junior personnel under his command who are more likely to know what's actually going on in the hacking world.

Re:Qualifications

You said,

He does have Master's degrees in physics and electronic warfare, and well, from his picture he looks like a slightly older version of the typical Slashdotter. ;)

I sure hope this "Cyber Warfare" General knows something about computers, because consultants, and especially computer consultants are very high priced (around half a million dollars a year over-priced).

Richard Feynman seems to portray the definitive experience such a consultant can have with the military:

After the war, physicists were often asked to go to Washington and give
advice to various sections of the government, especially the military. What
happened, I suppose, is that since the scientists had made these bombs that
were so important, the military felt we were useful for something.
Once I was asked to serve on a committee which was to evaluate various
weapons for the army, and I wrote a letter back which explained that I was
only a theoretical physicist, and I didn't know anything about weapons for
the army.
The army responded that they had found in their experience that
theoretical physicists were very useful to them in making decisions, so
would I please reconsider?
I wrote back again and said I didn't really know anything, and doubted
I could help them.
Finally I got a letter from the Secretary of the Army, which proposed a
compromise: I would come to the first meeting, where I could listen and see
whether I could make a contribution or not. Then I could decide whether I
should continue.
I said I would, of course. What else could I do?
I went down to Washington and the first thing that I went to was a
cocktail party to meet everybody. There were generals and other important
characters from the army, and everybody talked. It was pleasant enough.
One guy in a uniform came to me and told me that the army was glad that
physicists were advising the military because it had a lot of problems. One
of the problems was that tanks use up their fuel very quickly and thus can't
go very far. So the question was how to refuel them as they're going along.
Now this guy had the idea that, since the physicists can get energy out of
uranium, could I work out a way in which we could use silicon dioxide --
sand, dirt -- as a fuel? If that were possible, then all this tank would
have to do would be to have a little scoop underneath, and as it goes along,
it would pick up the dirt and use it for fuel! He thought that was a great
idea, and that all I had to do was to work out the details. That was the
kind of problem I thought we would be talking about in the meeting the next
day.
I went to the meeting and noticed that some guy who had introduced me
to all the people at the cocktail party was sitting next to me. He was
apparently some flunky assigned to be at my side at all times. On my other
side was some super general I had heard of before.
At the first session of the meeting they talked about some technical
matters, and I made a few comments. But later on, near the end of the
meeting, they began to discuss some problem of logistics, about which I knew
nothing. It had to do with figuring out how much stuff you should have at
different places at different times. And although I tried to keep my trap
shut, when you get into a situation like that, where you're sitting around a
table with all these "important people" discussing

Re:Qualifications

[tuomoks]

Yes, he's qualified! Now - typical government (not just military) "US air force disclosed that some 30,000 of its troops had been re-assigned from technical support "to the frontlines of cyber warfare"" and ".. Pentagon has been more explicit, stating on Friday that Cyber Command will "direct the operations and defence of specified Department of Defense information networks [involving some 90,000 military personnel] and .."". Wow - maybe double the manpower, then the baby will be born in half the time!

Anyhow, assuming that General Alexander get's enough authority, doubtful!, network security, etc could / might get better. The question is not just "Cyber Warfare", that's a nice sounding term but doesn't really mean much. Often military research has benefitted everyone - we can only hope that it's same in this case!

Re:Qualifications

I sure hope this "Cyber Warfare" General knows something about computers, because consultants, and especially computer consultants are very high priced.

I don't imagine, even if the good General "knows something about computers" that he's going to be spending time running around and making sure everyone's printer working fine.

I sure how he knows how to organize an outfit.

Re:Qualifications

[MacGyver2210]

Just curious... ...where does one obtain a Masters degree in Electronic Warfare? Can it be obtained with, say, a BS in Computer Science as a foundation?

Re:Qualifications

[Sulphur]

Am I the only one who read **** general as a regular expression?

Re:Qualifications

[cslax]

GWU

Re:Qualifications

[martin-boundary]

...where does one obtain a Masters degree in Electronic Warfare?

You get one when you beat the high score on Global Thermonuclear War. Would you like to play a nice game of chess?

Re:Qualifications

[identity0]

Why should he? It's not like we expect generals to fight in the trenches and shoot the enemy, why should a gerneral be expected to work exploits and hack code? Isn't a general's job by definition managing others who are experts in the field?

A serious question, can someone provide examples in industry of good leaders who were so because they knew the details, or who were bad because they didn't?

Re:Qualifications

Just curious... ...where does one obtain a Masters degree in Electronic Warfare?

He obtained his from the Naval Postgraduate School

Re:Qualifications

[interkin3tic]

Just curious... ...where does one obtain a Masters degree in Electronic Warfare?

I think if you convince the army you have a masters in electronic warfare, that's a masters in electronic warfare.

Re:Qualifications

[Stargoat]

I don't know that this could get f*cked up. It's operating out of Fort Meade, so it's basically operating in NSA territory. It's mandate is already being filled by the NSA, assuming that the CyberCommand cannot operate on US territory. (That should be assured, as the fellow is a general. But it no longer is; probably never was.)

What I don't get is - how is this not the NSA?

Re:Qualifications

[DrugCheese]

What from his picture makes him look like a slashdotter? His hair is trimmed, his face is shaven and his smile seems to suggest he's been laid within 25 years.

Re:Qualifications

[Glonoinha]

At that level you are assigned high level goals (like making sure Google doesn' t get hacked by the Chinese.)
Your job is to put good level middle level managers in place to hit a chunk of those individual goals.
The job of those managers is to put good low level managers in place to manage the implementation of the details of one of those goals singly.
The job of the low level managers is to hire you and I to actually do the work, to keep us motivated to deliver that single goal.
The job of you and I : actually care about the details and get it done.

Actual domain knowledge about the minutiae doesn't hurt, but it doesn't really help either.
That said, I think they'd be a lot better off with Thresh - he has a proven record of just pwning on the cyberwarrior field.

Re:Qualifications

[Tetsujin]

TFA doesn't seem to have any information on how General Alexander might be qualified for this position

He's very experienced and diligent in issuing "A/S/L?" queries.

"militarisation of cyberspace"?

[Vinegar+Joe]

I guess someone has never heard of DARPA.

http://www.darpa.mil/

Re:"militarisation of cyberspace"?

[thestudio_bob]

or cybernet

Re:"militarisation of cyberspace"?

[caladine]

Besides DARPA, the very idea of "despite fears that the move marks another stage in the militarisation of cyberspace" assumes that other countries haven't already taken this step, just not quite as publicly. In my mind, it just means that the US government is actually taking a serious threat... seriously.

Remember you are .mil and to .mil you shall return

[optikos]

What goes around comes around. The ARPAnet was military. Now perhaps it may become so once again. (With apologies to Ash Wednesday in the Catholic Church for the subject line.)

Internet 2 is not the full answer

[TheMiddleRoad]

Yes, the military can (and probably does already) have their own network. However, damage will be done to our country via the regular internet. Imagine if, one day, all the bank accounts in the country went to millions of dollars or to zero? The military is, hopefully, going to take care of those kinds of scenarios. We need a central command to handle such attacks.

Re:Internet 2 is not the full answer

[JackieBrown]

Take care of that how? By random napalm attacks against anyone who looks a bit shifty? ... There is no need for warmongering.

You have a very limited understanding of what the US military does if you think it exists soley for wars.

Re:meep

[chill]

But, the real question is, could you tell it was a hack or if it just rolled over?

More Important Than Alexander's Qualifications

[DarkKnightRadick]

Right now, it doesn't matter. He apparently knows how to use people who know more than he does. To me he proved that when he took out the honeytrap site (stupid move, but whatever).

From TFA:

The difficulties facing the new command were underlined in March by former CIA director Michael V Hayden, who said that the Saudi operation had demonstrated that cyber warfare techniques were evolving so rapidly that they were now outpacing the government's ability to develop coherent policies to guide its use.

"Cyber was moving so fast that we were always in danger of building up precedent before we built up policy," Hayden said.

This is the key point. Unfortunately the Federal government is SUPPOSED to move slow. The unfortunate part of that is something like cyberwarfare will always outstrip even the ability of a state government (with the assumption being that state government is meant to move quicker to respond directly to the needs of it's people) to make policy governing its use.

Soooooo....*shrugs*

I'm kind of torn on this. Let the government grind slowly away at policy like it should, or enable them to make snap, on-the-fly decisions with far-reaching ramifications. No matter what you choose, it's the wrong answer.

I hope he goes after the chinese

[outsider007]

All that goldfarming has to stop.

This can't be right.

Should his last name be Connor?

They have that

[Sycraft-fu]

It's called SIPRNet. There are others too, JWICS, NSANet, and so on. They are internets (small i) in every way. However, they don't interact with the public Internet (big I). It is how they keep classified data separate. It seems to work quite well. At the very least there's never been a break in to them that has been revealed.

However, that doesn't mean there's nothing of importance on the Internet. It's not all just geeks chattering and LOLcat pictures. For example ATMs operate on the Internet these days. Heavily encrypted to be sure, but still. Companies make use of it for important business reasons. There are probably control systems for infrastructure on the net, and so on.

So, the government has an interest in making sure it work well. That would include being able to deal with a cyber attack. After all, protecting classified data does little good if the the infrastructure of the US is taken out. The government itself is only useful in so much as it can govern and protect the country.

Reasons like this are why things like AES exist. When the NSA was started, it was just a signals intelligence agency. Intercept communications, break codes, etc. While that's still a massive part of what they do, they were also instructed to work on securing the nation's computers. That was what lead to things like DES and AES. The government wanted businesses to have good crypto. Seems like they are serious too, AES has been analyzed for years, and remains extremely strong.

Same kind of shit here. They want to figure out how to protect important things on the regular Internet from attack. They are also probalby interested in counter attack capability. After all, other countries rely on the Internet too. Could be very useful in warfare.

Good defense starts with having lots and lots of contingency plans.

I am the very model of a modern Cyber General

[Arancaytar]

I am the very model of a modern Cyber General
I've information secretive and knowledge technological
I know my way around the tubes and quote the cryptological
From Adi, Bruce and Len to Ron in order alphabetical!

Re:I am the very model of a modern Cyber General

[interkin3tic]

You mean the Major-General's song from pirates of penzance.

I am the very model of a modern Major-General,
        I've information vegetable, animal, and mineral,
        I know the kings of England, and I quote the fights historical
        From Marathon to Waterloo, in order categorical

Re:I am the very model of a modern Cyber General

[_Sprocket_]

http://www.youtube.com/watch?v=iSloW2coCDQ

Re:I am the very model of a modern Cyber General

[Arancaytar]

There is a wonderful device called the Google that helps people cover up embarrassing gaps in their knowledge of pop culture.

http://gooogle.com/search?q=i+am+the+very+model+of

Re:I am the very model of a modern Cyber General

Owww. You have a four-digit Slashdot id, but you don't even know your Gilbert and Sullivan?

Please turn in your geek card.

Re:Remember you are .mil and to .mil you shall ret

[1s44c]

The Internet is a network of networks of computers. It's not a military playground, and just because DARPA were involved in the creation of it doesn't make it American property.

Anything of critical importance such as military kit, medical kit, power, gas, and water infrastructure should not be on the Internet at all.

How is this not NSA

[qbzzt]

The NSA is an intelligence agency, I assume this means their primary purpose is to collect information. They might hack into a computer, but that would be to the purpose of obtaining information. The military is supposed to conduct offensive operations. Things like breaking into computers running dams or the electric grid to disable them. Psychological warfare by breaking into Web sites and changing what they show. Spreading disinformation into enemy communication channels.

Basically, this is probably about doing low level nasty things when the situation doesn't call for an all out shooting war, and making sure an enemy can't trust his networked computer systems in case of an all out war. I'm pretty sure the US isn't the only one doing this.

Actually not the problem.

[nten]

I've been reading "cyberwar" by Richard Clark. He didn't have anything bad to say about the guy in the story, except that he was the only person willing to take a (pretty much identical) position, that Clark had himself vacated. According to the book the US is actually very very good at cyber attack. But he also says that businesses, he specifically calls out Microsoft, have lobbied extensively, not just to have the government look the other way from their bugs, and keep using their software, but to not regulate security for private business. DHS protects .gov, this cyber thingy protects .mil. No one protects .com and .org. None of the companies want to have security regulations placed on them (including power grid, and financial systems), and neither the previous administration or this one wants to force them. I'm generally against regulation and consider it a bad thing (tm), (its like my department noting they are going to hire more managers, again), but he does make a compelling case. The guys (apparently a very small group) he spoke with at blackhat apparently were persuaded as well, though they (and he) are worried about what sort of oversight is needed, to prevent privacy and worse abuses. Its all well and good to force ISPs to disconnect people detected to be part of botnets until they get their machine cleaned, but false positives that correlate strangely with unpopular opinions on the websites is a truly frightening idea. On the other side, who can argue that FDIC insured banks don't have an obligation to keep the insured money safe per the guidelines of the insurer?

Matthew 7:5

[Max_W]

"Hypocrite! First get rid of the log in your own eye; then you will see well enough to deal with the speck in your friend's eye."

The good old US of A is the leading spam generating country by May 24, 2010: http://www.spamhaus.org/statistics/countries.lasso . It's got on the first place spam-wise in the world.

As far as I know the US army cannot act on the territory of the United States. But the spam is destroying our businesses. Colleagues have to spend a lot of time to deal with spam. Even filters do not help anymore.

It it the police, not army, who has to deal with cyber criminals. And also there is a role for Interpol and ITU.