Slashdot Mirror
Why Warriors, Not Geeks, Run US Cyber Command Posts
koterica writes "The Washington Post explains why the military prefers to have combat veterans rather than geeks running network security. '"It was supposed to be a war fighter unit, not a geek unit," said task force veteran Jason Healey, who had served as an Air Force signals intelligence officer.
A fighter would understand, for instance, if an enemy had penetrated the networks and changed coordinates or target times, said Dusty Rhoads, a retired Air Force colonel and former F-117 pilot who recruited the original task force members. "A techie wouldn't have a clue," he said.'"
That is entirely what that sounds like.
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
I would like to think that true geeks learn at a quicker pace than most people, and are generally more adept at problem-solving.
Why can't they be both? I'm sure people are fully capable of understanding tactics as well as programming. The designers of games such as Metal Gear Solid 2 undertook SWAT training to create more realistic AI, and the designers of America's Army clearly had to understand military training and combat situations.
Twinstiq, game news
A techie would understand if the mailserver were suddenly starting to make base 64 encoded TXT DNS requests to a server in Taiwan or if there was an unusual high number of HTTP requests leaving the network that resulted in a 503 or 302 response.
A Techie would understand how to exploit the kerberos ticket system and how to look for signs of, and reduce, such abuse on the network.
A techie would also more likely understand what anomalies could be a sign of a breach and what was more likely a software error.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I might think that a warrior, who has to learn or die, learns at a quicker pace than most people, and is more adept at problem solving.
Bullshit. Sad but true, soldiers are taught two contradictory things: "return fire" and "follow the Rules of Engagement." This leads to all sorts of trouble, especially since the "Rules of Engagement" for Iraq and Afghanistan are thicker than a copy of Tolstoy's War And Peace in 10-point font.
Add to that the fact that this is not a front-line duty. They're not going to be sitting there personally shot if they don't get something right. What's needed is specialists adept at detecting network intrusion, checking over the logfiles, ensuring that there aren't holes in security in the first place. This isn't reflex action, this is deliberative effort.
Some of them are brilliant
So your entire post contradicts itself in short. Being a warrior, being conditioned to follow orders has nothing to do with whether or not you are good at math and enjoy hard science. There are many, many people who are both. Trying to "sub-divide" it so that you are either a geek or a warrior is really, really stupid.
You are correct, I am a 10 yr combat veteran and your explanation is exactly why I would never work a Govt / Military position again. It is a virtual breeding ground of stupidity something I am very glad to be free of.
Got Code?
this is generally a case of one guy being smart enough to "think outside the box" and having a supervisor \ commanding officer willing to encourage that instead of quashing it and putting him back in line.
Said people also usually leave the military pretty quickly once their enlistment contract is up.
Ok... reading that article made me cringe.
Cyber Command has reunited the missions.
Though the task force in the early years lacked clout, it did have some notable successes, veterans said. During Moonlight Maze, it issued the first military-wide order to change passwords, said Marc Sachs, who had been an Army engineer. And it instituted precautions to ensure that military networks would be protected against any "Y2K" calamity.
On New Year's Eve 2000, a group of task force members watched a bank of clocks as first Japan, then Australia passed into the new millennium without incident. When that happened, they were confident the United States would follow suit, Sachs recalled.
A few minutes after midnight, Campbell and several other members ascended to the DISA roof top. They gazed across the Potomac River and saw the lights in the capital city still blazing. They lit their cigars and watched the fireworks shoot across the sky.
Their great successes: They changed passwords and their networks were not wiped out by the Y2K bug!
Truly the US has the best "cyber-warfare" capabilities in the world!
"The intelligence could be obtained through computers, satellites or other technology, or by more traditional means, he said, recalling the time he sent "a human agent into a foreign marketplace to buy a CD of hacker tools" to better understand a particular attack that had taken place. "
Another triumph!
they bought a bunch of password crackers, keygens, scanners and sniffers.
Any bets on how much of it was really secret and how much of it was merely secret to people who haven't a clue about where such tools can be found normally?
And don't forget, once "warriors" are in charge rather than real network security specialists every attack becomes the actions of whoever the favourite villain is rather than just another botnet herder or teen hacker.
The attacks, dubbed Solar Sunrise, appeared to be coming from overseas, including from the United Arab Emirates. Intelligence officials thought Iraqi President Saddam Hussein might have ordered them.
"It looked as though Saddam was about to take down massive amounts of infrastructure . . . because we were threatening to bomb him," recalled one former intelligence official. Tensions were building. President Bill Clinton was briefed. Senior officials convened another meeting in the Pentagon's "tank," the Joint Chiefs' conference room. The threat was no longer hypothetical, it seemed.
Then the real culprits were identified: A pair of 16-year-old boys in California and a teenager from Israel who had exploited a known vulnerability in the Solaris (UNIX) operating system.
"The nation that makes a great distinction between its scholars and its warriors, will have its thinking done by cowards and its fighting done by fools."
I know, we don't like to actually read TFA, but they did say something about their "war fighters" being more adept at detecting whether the enemy had "...penetrated the networks and changed coordinates or target times..."
It sounds like they have determined that the only way a breach could be detected is if someone had actually gotten in and broken some of their toys. Given that assumption, flawed as it may be, having the guys who are proficient with the toys watch over said toys makes sense. They are already intimately familiar with them and would arguably be best equipped to notice anything out of the ordinary. Of course, this line of thinking is badly flawed. Network security is a unique and, at the highest level, rather esoteric skill set. Throwing missile techs at the job is deeply and dangerously stupid.
Oh yeah? Put a couple of rounds into a slow router and see how fast management authorizes the purchase request for new equipment.
Well it has to go through the unit's procurement office, and then to Command so it can be routed to the quartermaster's office who will send you the same model with the same faults because that's what the mission documents specify. That's if they have surplus on hand.
If not, then a bid will be put out for replacement hardware. The bid will be reviewed and passed to the Congressional Armed Services Committee for budgeting, where it will eventually be awarded to some important Congressman's Nephew so he can go and stump that he "got jobs for this district" when elections come around again. The bid will be low to win, but there will be unexpected delays and cost overages. The hardware itself will be made in the USA, and consist of one fully-functional-but-kinda-shitty router from China complete with back doors and a sticker (also produced in China) that's applied in the USA to finish the product. It will get to you a year after it was requisitioned.
Of course, when it shows up you'll curse, because your unit commander will have already gone out and bought a real router to replace the bullet-ridden one that has performed better than the old one ever did for a fraction of the cost of the new one. It will have to be sold for pennies on the dollar when the replacement shows up, in theory. Nobody cares about that, though, and the overpriced router will sit in it's box on a pallet somewhere, further reinforcing the belief that the people in the field know how to run this organization better than the pencil necks in requisition. You see, the people in the field are people of action, and the other are bureaucrats.
Any people who have served, feel free to correct/embellish.
I am become