Slashdot Mirror
Why Warriors, Not Geeks, Run US Cyber Command Posts
koterica writes "The Washington Post explains why the military prefers to have combat veterans rather than geeks running network security. '"It was supposed to be a war fighter unit, not a geek unit," said task force veteran Jason Healey, who had served as an Air Force signals intelligence officer.
A fighter would understand, for instance, if an enemy had penetrated the networks and changed coordinates or target times, said Dusty Rhoads, a retired Air Force colonel and former F-117 pilot who recruited the original task force members. "A techie wouldn't have a clue," he said.'"
Why not train the geeks to understand all the technical details?
That is entirely what that sounds like.
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
Why can't they be both? I'm sure people are fully capable of understanding tactics as well as programming. The designers of games such as Metal Gear Solid 2 undertook SWAT training to create more realistic AI, and the designers of America's Army clearly had to understand military training and combat situations.
Twinstiq, game news
His comment is proof enough that he should be nowhere near the controls of this Command Post.
Should it not read "Why Asshole Warriors not Geeks run the world?"
A techie would understand if the mailserver were suddenly starting to make base 64 encoded TXT DNS requests to a server in Taiwan or if there was an unusual high number of HTTP requests leaving the network that resulted in a 503 or 302 response.
A Techie would understand how to exploit the kerberos ticket system and how to look for signs of, and reduce, such abuse on the network.
A techie would also more likely understand what anomalies could be a sign of a breach and what was more likely a software error.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
The reality is that this is a military operation and there is no such thing as an out of chain command post. The President currently has the ability to shut down the Internet especially if National Security is at risk. That order would have to follow military chain of command and I would prefer a soldier with real-world experience than a cubicle geek. Also the need to immediately respond to a scuttle order that destroys all of your toys would be followed much more quickly by a soldier. I hate to say that I would actually pause for a few seconds trying to save at least some of my hacks and code source, who wouldn't.
If the attackers are warriors trained to infiltrate networks to look for or alter data then by all means use warriors to defend. Otoh if the attackers are geeks trying to disable or subvert the network itself use geeks to defend.
A fool throws a stone into a well and a thousand sages can not remove it.
That's appropriate. Military command training (at least in the US) focuses on making the right decisions under pressure with contradictory information. The big questions are military: who is the enemy? What are they trying to accomplish? What are their capabilities? What else is going on that benefits from this? Is this is a diversion or the main attack?
The military view of this is quite different from the civilian view. In the civilian sector, there's an ongoing stream of minor attacks to be fended off. Most computer security efforts focus on that. The military thinks of that as people throwing rocks over the fence - an annoyance to be dealt with, but not a serious enemy. They're much more worried about the threat that you don't detect until the enemy pulls the trigger on it.
American "warriors" haven't even had much success with their warmaking abilities over the past 60 or so years.
It was mostly European scientists who won WWII for the Americans, thanks to their development of nuclear technology.
The Korean War was basically a draw. In many ways, it was an outright loss for the Americans, since they've had to keep troops stationed there for decades now, and this is quite costly.
The Vietnam War was indisputably a major loss.
The Cold War was initially thought to be an American "win", but it was more due to problems within the USSR, rather than anything America did. Worst of all, Reagan's policies from that period have clearly been very destructive to America, and are primarily responsible for the current poor state of the economy.
The First Gulf War can barely be considered a war, given that their enemy was almost non-existent, and had itself been subject to a decade of devastating war just before.
The Second Gulf War was a complete failure.
The War in Afghanistan has been nothing but a disaster, as well.
That's a whole lot of failure, for sure.
figuring out what a piece of obscured code actually does when connected to the internet, loading itself into a page making it past a firewall, unpacking itself in RAM, going through all of your cookies and sending those back to an IP address, loading the next snooping segment and going through your mail client, and on and on.
Surely its a lot harder to figure out what that alphabet soup of nonsense abbreviations mean.
Oh wait, you've never seen an assembler dump with all of the nonsense it creates with actual variable names being referred to as the program-base address + offset locations ... Get the idea?
How asinine...
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
The petulance and deluded self-importance of many replies here are all the proof we need that geeks are not suited to the serious business of war.
Ahahahhaha. You clearly are not a nerd
Average military 'warrior' back during highschool days:
Brutish, stupid, loud, failing most classes, spends time treating girls like whores so that they get laid and other time harassing nerds to bolster their egos or assert their alpha status infront of women.
Average 'geek' back during highschool:
Reserved, shy, smart, terrible with social situations especially girls, knows more than the teacher in most classes, spends time getting harassed by above group or building/coding/learning/reading fantasy books.
These two groups are not just opposites, they are enemies. And I do realize that these are stereotypes and that not all people fit into these categorizations. But that doesn't matter. If it doesn't work 10% of the time then what is the point. Guarantee that >10% of techie geeks won't be comfortable working with military assholes and it'll be the worst job they ever have or they'll simply quit. The idea that it would work out is hilarious. It'd be like having the military guys work with a gay hairdressing school. Not unless pigs fly.
The military doesn't like geek or engineering types. They like veterans because of the training and conditioning they've received in following orders. This isn't just the military. It's common in many corporate settings as well.
Give a problem to a soldier and they'll charge at it until its fixed. If its a machine gun nest, they'll keep charging until they run out of bodies. No questions asked. Give a similar problem to a geek and they'll examine the problem and devise a solution that keeps their ass from getting shot off. And they'll push back if the orders don't make sense.
I have a number of friends who are ex-military (Korea, Vietnam and Gulf War). Some of them are brilliant, having gone on to receive PhDs, members of Mensa, etc. And they'll all sit around and bitch about command fuck-ups, inexperienced lieutenants and the number of friends lost due to errors on the battlefield. But ask them to picture a hypothetical situation where they are given an order about how to accomplish a goal. But the order is poorly conceived and will get themselves and their squad killed. But they have a better and safer way to accomplish the task. What do they do? Inevitably, the ex-military folks get this blank look and respond, "Follow orders".
That's the kind of training the commanders (and the PHBs) want.
Have gnu, will travel.
The real reason probably has a lot more to do with the fact that we're even sitting around here on a Saturday afternoon questioning the decision. Geeks tend to think they're smarter than everyone else (just because its usually true, doesn't mean it always is), tend to question authority, and hate to be told what to do. If you give a geek a little bit of authority, they tend to get extremely dictatorial over their small little domain.
The entire point is that this kind of stero-typing is both counterproductive and flat out stupid. The ability to make decisions under pressure has nothing to do with stuff like that. Many famous generals are noted for there intellectual pursuits. Does that make them "not suited to a chain of authority"? Infact spec-ops guys (say like McChrystal) are notorious for the disrespect for chains of command. Yet they are highly successful warriors.
"A fighter would understand, for instance, if an enemy had penetrated the networks and changed coordinates or target times [...] A techie wouldn't have a clue" , said Dusty Rhoads, a retired Air Force colonel and former F-117 pilot. "Those nerds are a threat to our way of life", added Stan Gable, president of the Greek Council and member of the Alpha Beta fraternity.
In case anyone from the "US Cyber Command Post" is reading, I'd like to echo this back to you:
The dead print media explains why carpenters prefer to have experienced wood-workers rather than brain surgeons performing brain surgery. '"It was supposed to be a carpenter unit, not a doctory unit," said task force veteran Json Wheelshoe, who had experience as a carpenter. A carpenter would understand, for instance, how to get to the brain meat, said Cliff Hanger, a retired master craftsmen and former taxi driver who recruited the original task force members. "A surgeon wouldn't have a clue," he said.'"
It works, assuming that the military commander understands that this is both a military and a technical situation. If he sees something that raises a red flag to a military eye, he needs to call the techies' attention to it and have them determine whether it's something the tech ought to be doing or if it's really a problem (which shouldn't take the techies long). By the same token, though, he also has to listen to the techies and, when they see something that doesn't look like something the tech should be doing, pay attention to them and determine whether there's a military reason it's doing that or if it's really a sign of a problem. And if there's a military reason and the techies say "No! If someone's doing that, it's going to open up holes.", listen to them. They know the tech, just like the military guy knows the military side of things, and you can't/shouldn't dismiss the idea that someone on the military side's just being network-clueless and doing the network equivalent of telling a sentry to not demand identification from any HMVs with a general's star painted on them because a general's coming in for an inspection and you don't want to inconvenience him.
Unlike a lot of the rest of the military, techies work best when they know what the goal is and why you want that goal accomplished, and what the restrictions on methods are and why they're there. We've proven in business time and time again that forcing them to just do whatever non-technical management tells them to do results in systems that utterly fail to do the job they're supposed to be doing (even though they meet every single requirement to perfection). There's a reason for the closing line to the filk: "It's just what we asked for, but not what we want!".
this is generally a case of one guy being smart enough to "think outside the box" and having a supervisor \ commanding officer willing to encourage that instead of quashing it and putting him back in line.
Said people also usually leave the military pretty quickly once their enlistment contract is up.
Ok... reading that article made me cringe.
Cyber Command has reunited the missions.
Though the task force in the early years lacked clout, it did have some notable successes, veterans said. During Moonlight Maze, it issued the first military-wide order to change passwords, said Marc Sachs, who had been an Army engineer. And it instituted precautions to ensure that military networks would be protected against any "Y2K" calamity.
On New Year's Eve 2000, a group of task force members watched a bank of clocks as first Japan, then Australia passed into the new millennium without incident. When that happened, they were confident the United States would follow suit, Sachs recalled.
A few minutes after midnight, Campbell and several other members ascended to the DISA roof top. They gazed across the Potomac River and saw the lights in the capital city still blazing. They lit their cigars and watched the fireworks shoot across the sky.
Their great successes: They changed passwords and their networks were not wiped out by the Y2K bug!
Truly the US has the best "cyber-warfare" capabilities in the world!
"The intelligence could be obtained through computers, satellites or other technology, or by more traditional means, he said, recalling the time he sent "a human agent into a foreign marketplace to buy a CD of hacker tools" to better understand a particular attack that had taken place. "
Another triumph!
they bought a bunch of password crackers, keygens, scanners and sniffers.
Any bets on how much of it was really secret and how much of it was merely secret to people who haven't a clue about where such tools can be found normally?
And don't forget, once "warriors" are in charge rather than real network security specialists every attack becomes the actions of whoever the favourite villain is rather than just another botnet herder or teen hacker.
The attacks, dubbed Solar Sunrise, appeared to be coming from overseas, including from the United Arab Emirates. Intelligence officials thought Iraqi President Saddam Hussein might have ordered them.
"It looked as though Saddam was about to take down massive amounts of infrastructure . . . because we were threatening to bomb him," recalled one former intelligence official. Tensions were building. President Bill Clinton was briefed. Senior officials convened another meeting in the Pentagon's "tank," the Joint Chiefs' conference room. The threat was no longer hypothetical, it seemed.
Then the real culprits were identified: A pair of 16-year-old boys in California and a teenager from Israel who had exploited a known vulnerability in the Solaris (UNIX) operating system.
"The nation that makes a great distinction between its scholars and its warriors, will have its thinking done by cowards and its fighting done by fools."
Geeks tend to be "difficult" to work with, they "know" what to do and do it... This is very useful in a field where the management often doesn't know what the f**k is going on, and can't really tell employees what to do, instead the better geeks out there will just figure it out and secure themselves a longstanding job.
Military on the other hand is very strict, and the requirement to follow orders it much more ingrained then the requirement to "figure it out". Thus geeks are terrible for the job, because they're ability to follow exact orders, especially stupid or unethical orders, is not suitable for the recruiters requirements.
You're an idiot, the military doesn't stick any moron on a nuclear submarine, or in a command and control computer lab. That's why they have aptitude tests. The fact is this article is dumb for two reasons: it assumes the military does no testing on who is at any given job, and that the military doesn't train people to do their specific tasks. Most people in command and control are from the Air Force...and anyone can tell you that just like not anyone get to fly a jet, not just anyone gets to sit in front of a computer with root access. You'd think all the geeks on Slashdot would be able to figure that out...
I guess what scares me is how out of touch these 'experts' are. I, for one won't be sleeping better.... Mostly because none of these guys understand a 'geek' would build a firewall an enemy couldn't penetrate, detect the hack, backtrace the IP and deploy units to capture the enemy. (Or do the geeks have to do that to?). Essentially you're putting this decision in the hands of people who don't know enough to make this decision. Truth is they don't know enough to know they don't know enough.
Oppenheimer was an astrophysicist who was hired for his administrative abilities, Einstein had nothing to do with the atom bomb program, aside from signing a letter (which he did not write). Niels Bohr, Enrico Fermi, Teller, Ulam, Von Newmann, Bethe all left Europe and became Americans, it is true, but it's important to recognize they came to America for essentially negative reasons -- their home wouldn't tolerate them anymore. If Germany had been merely totalitarian and persecuted Poles instead of Jews, do we dare guess how many of "our" atomic scientists would have simply stayed in Germany? Most of these people also made their critical insights while still in Europe under the auspices of European governments, like Lise Meitner.
By that logic, the Cypriots must have the most powerful military in the world.
This doesn't follow.
This is still debated, and even granting that it's true, it's basically impossible to apply this lesson to conflicts with, say Iraq or Iran. Or Al Qaeda. I was reading a quote from George F. Kennan recently:
I'll take an actual cold warrior's opinion over some glib, handwaving slashdotter.
And an opportunity for us to promise to come to the aid of anti-governemnt Kurds and Shiites in the North and South, which we promptly refused to support and allowed to be slaughtered, belatedly imposing no-fly zones. And an opportunity for the US and UK to impose ineffective and internally radicalizing sanctions which hollowed out Iraqi society. And occasionally drop bombs under the auspices of "Desert Fox" et al. And draw Hussein into closer alliances with muslim militants.
As long as we define success in terms that would be unrecognizable to someone who was present at the decision to go to war, we have succeeded. And it only cost $800 billion and a few hundred thousand lives, and we are left with a nation state that teeters on the edge of sectarian civil war, and will likely settle as a client of Iran.
And it only cost $300 million, maybe 40k lives, and has occupied our military for 9 years. The magic thing about war, of course, is that it evades all cost-benefit analysis. No matter how many hajis you kill, it never seems to make the cockpit doors any stronger.
But let's not beat around the bush. The project of redefining success is to protect the stainless reputation of our military, despite the fact that the US's strategic position in the world has been in
Don't blame me, I voted for Baltar.
In a sense, the U.S. won the Cold War by out-producing the Soviets.
This is a myth perpetuated by some on the right and in the military. The Soviet Union collapsed under its own mismanagement, incompetence, imperialism, and paranoia (sound like another country you know of?). The US did very little to actually hasten the collapse except for exist as a scapegoat they could blame all their problems on without actually addressing any internal issues. Moreover, the USSR was never a credible threat to US national security but it made political sense to pretend like they were.
If you build it, nerds will come. Soylentnews.org
I know, we don't like to actually read TFA, but they did say something about their "war fighters" being more adept at detecting whether the enemy had "...penetrated the networks and changed coordinates or target times..."
It sounds like they have determined that the only way a breach could be detected is if someone had actually gotten in and broken some of their toys. Given that assumption, flawed as it may be, having the guys who are proficient with the toys watch over said toys makes sense. They are already intimately familiar with them and would arguably be best equipped to notice anything out of the ordinary. Of course, this line of thinking is badly flawed. Network security is a unique and, at the highest level, rather esoteric skill set. Throwing missile techs at the job is deeply and dangerously stupid.
Oh yeah? Put a couple of rounds into a slow router and see how fast management authorizes the purchase request for new equipment.
Well it has to go through the unit's procurement office, and then to Command so it can be routed to the quartermaster's office who will send you the same model with the same faults because that's what the mission documents specify. That's if they have surplus on hand.
If not, then a bid will be put out for replacement hardware. The bid will be reviewed and passed to the Congressional Armed Services Committee for budgeting, where it will eventually be awarded to some important Congressman's Nephew so he can go and stump that he "got jobs for this district" when elections come around again. The bid will be low to win, but there will be unexpected delays and cost overages. The hardware itself will be made in the USA, and consist of one fully-functional-but-kinda-shitty router from China complete with back doors and a sticker (also produced in China) that's applied in the USA to finish the product. It will get to you a year after it was requisitioned.
Of course, when it shows up you'll curse, because your unit commander will have already gone out and bought a real router to replace the bullet-ridden one that has performed better than the old one ever did for a fraction of the cost of the new one. It will have to be sold for pennies on the dollar when the replacement shows up, in theory. Nobody cares about that, though, and the overpriced router will sit in it's box on a pallet somewhere, further reinforcing the belief that the people in the field know how to run this organization better than the pencil necks in requisition. You see, the people in the field are people of action, and the other are bureaucrats.
Any people who have served, feel free to correct/embellish.
I am become
No, the second gulf war was a complete and utter failure. We sent troops in to prevent Al Qaeda from gaining WMDs from Saddam. We lost thousands of lives on our side and they lost at least 10x as many and the objective turned out to be completely pointless, as Saddam didn't have any WMDs and he wasn't in any sort of talks with Al Qaeda.
In other words we lost a huge number of our personnel for nothing at all, that's about as big a failure as you're going to get. Worse is the fact that after we invaded, then we got terrorists going in. And it gave us a huge black eye with the folks that we needed to get on our side.
I suppose that it could've ended up without any state at all there and they could've got WMDs, but that's really not any worse, considering that now we've got Iran using their weapons to menace other nations as a result of our incompetence.
The service was made a little less decent when marketing REMFs sold the brass on the "warrior" terminology.
One of the highlights of my career was pulling a trick out of my geek toolbox to keep a combat unit mobile one sunny afternoon. When the Top commented "That is how you soldier," it meant more to me than any of the fruit salad ever pinned on my greens.
If your idea of security is in noticing a malicious modification, good luck to you. I hope your data-set is really small, and your attacker is really stupid.
Which soldier is going to know that 47.345 should actually be 47.346? You're just betting that the attacker is making large obvious changes.
The techie's not going to care what the number is. The techie is simply going to see if the number is different than it was before -- or if anyone broke in in the first place.
Intrusion-detection is rarely, if ever, about checking to see if the content data has changed.
Why do we bother to hire real doctors to work in medical units? Aren't they going to have trouble figuring out whether or not someone was shot? Shouldn't we train military people to operate on wounded soldiers?
Sheesh! This is yet another case of the average person thinking technical people spend years learning what they know and somehow they are not valuable experts the way other specialists are.
-Todd
Omne ignotum pro magnifico.
Well, the article does little to shed any real light on their reasoning. Apparently it's something like this:
"Warriors are better than geeks, because I am a warrior, I'm the boss, and I say so. So there."
But one of them will usually have a hard time keeping his mouth shut about it.
A military leader runs the show, aided by technical advisors. The soldiers are geeks in this case, and the battlefield is the network.
In industry it's often a business guy in charge. He/she presumably understands how business works more than geeks do. Preferably the leaders will have specialized understanding of what they are in charge of, but that's not necessary. This is not nearly as much a stretch of the imagination as the title suggests.
The real issue here is that as many of us are geeks, we'd like to think we should be in charge, in business, military, anything. Having hung out on /. for some time now, I get the sense that most of us aren't, and that makes issues out of non-issues.