Slashdot Mirror
Why Warriors, Not Geeks, Run US Cyber Command Posts
koterica writes "The Washington Post explains why the military prefers to have combat veterans rather than geeks running network security. '"It was supposed to be a war fighter unit, not a geek unit," said task force veteran Jason Healey, who had served as an Air Force signals intelligence officer.
A fighter would understand, for instance, if an enemy had penetrated the networks and changed coordinates or target times, said Dusty Rhoads, a retired Air Force colonel and former F-117 pilot who recruited the original task force members. "A techie wouldn't have a clue," he said.'"
Why not train the geeks to understand all the technical details?
That is entirely what that sounds like.
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
Why can't they be both? I'm sure people are fully capable of understanding tactics as well as programming. The designers of games such as Metal Gear Solid 2 undertook SWAT training to create more realistic AI, and the designers of America's Army clearly had to understand military training and combat situations.
Twinstiq, game news
His comment is proof enough that he should be nowhere near the controls of this Command Post.
Should it not read "Why Asshole Warriors not Geeks run the world?"
A techie would understand if the mailserver were suddenly starting to make base 64 encoded TXT DNS requests to a server in Taiwan or if there was an unusual high number of HTTP requests leaving the network that resulted in a 503 or 302 response.
A Techie would understand how to exploit the kerberos ticket system and how to look for signs of, and reduce, such abuse on the network.
A techie would also more likely understand what anomalies could be a sign of a breach and what was more likely a software error.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
besides, it is not as if there are not plenty of geeky soldiers. I heard a presentation on how one outfit in Iraq downloaded all this free software because what they had was not sufficient for their needs and they did not have time to go through the procurement process, so they took the free software.
The reality is that this is a military operation and there is no such thing as an out of chain command post. The President currently has the ability to shut down the Internet especially if National Security is at risk. That order would have to follow military chain of command and I would prefer a soldier with real-world experience than a cubicle geek. Also the need to immediately respond to a scuttle order that destroys all of your toys would be followed much more quickly by a soldier. I hate to say that I would actually pause for a few seconds trying to save at least some of my hacks and code source, who wouldn't.
If the attackers are warriors trained to infiltrate networks to look for or alter data then by all means use warriors to defend. Otoh if the attackers are geeks trying to disable or subvert the network itself use geeks to defend.
A fool throws a stone into a well and a thousand sages can not remove it.
You can't fix network problems with live ammo.
Oh yeah? Put a couple of rounds into a slow router and see how fast management authorizes the purchase request for new equipment.
Have gnu, will travel.
That's appropriate. Military command training (at least in the US) focuses on making the right decisions under pressure with contradictory information. The big questions are military: who is the enemy? What are they trying to accomplish? What are their capabilities? What else is going on that benefits from this? Is this is a diversion or the main attack?
The military view of this is quite different from the civilian view. In the civilian sector, there's an ongoing stream of minor attacks to be fended off. Most computer security efforts focus on that. The military thinks of that as people throwing rocks over the fence - an annoyance to be dealt with, but not a serious enemy. They're much more worried about the threat that you don't detect until the enemy pulls the trigger on it.
American "warriors" haven't even had much success with their warmaking abilities over the past 60 or so years.
It was mostly European scientists who won WWII for the Americans, thanks to their development of nuclear technology.
The Korean War was basically a draw. In many ways, it was an outright loss for the Americans, since they've had to keep troops stationed there for decades now, and this is quite costly.
The Vietnam War was indisputably a major loss.
The Cold War was initially thought to be an American "win", but it was more due to problems within the USSR, rather than anything America did. Worst of all, Reagan's policies from that period have clearly been very destructive to America, and are primarily responsible for the current poor state of the economy.
The First Gulf War can barely be considered a war, given that their enemy was almost non-existent, and had itself been subject to a decade of devastating war just before.
The Second Gulf War was a complete failure.
The War in Afghanistan has been nothing but a disaster, as well.
That's a whole lot of failure, for sure.
figuring out what a piece of obscured code actually does when connected to the internet, loading itself into a page making it past a firewall, unpacking itself in RAM, going through all of your cookies and sending those back to an IP address, loading the next snooping segment and going through your mail client, and on and on.
Surely its a lot harder to figure out what that alphabet soup of nonsense abbreviations mean.
Oh wait, you've never seen an assembler dump with all of the nonsense it creates with actual variable names being referred to as the program-base address + offset locations ... Get the idea?
How asinine...
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
The petulance and deluded self-importance of many replies here are all the proof we need that geeks are not suited to the serious business of war.
I can understand about military situations being distinctly different from civilian ones. But this seems really dumb. What you want is people who can see patterns in stuff happening that nobody else would notice. You want human intrusion detection.
The most dangerous cyber attacks are very subtle. I think talent and familiarity with the technical details are much more important than the ability to make quick decisions under intense pressure.
The ability to make decisions under a lot of pressure can be an important skill, but spotting things that are subtly off, in my experience, requires intimate familiarity with the environment. A person's technical experience has a much greater correlation with that familiarity than combat experience.
Need a Python, C++, Unix, Linux develop
The military doesn't like geek or engineering types. They like veterans because of the training and conditioning they've received in following orders. This isn't just the military. It's common in many corporate settings as well.
Give a problem to a soldier and they'll charge at it until its fixed. If its a machine gun nest, they'll keep charging until they run out of bodies. No questions asked. Give a similar problem to a geek and they'll examine the problem and devise a solution that keeps their ass from getting shot off. And they'll push back if the orders don't make sense.
I have a number of friends who are ex-military (Korea, Vietnam and Gulf War). Some of them are brilliant, having gone on to receive PhDs, members of Mensa, etc. And they'll all sit around and bitch about command fuck-ups, inexperienced lieutenants and the number of friends lost due to errors on the battlefield. But ask them to picture a hypothetical situation where they are given an order about how to accomplish a goal. But the order is poorly conceived and will get themselves and their squad killed. But they have a better and safer way to accomplish the task. What do they do? Inevitably, the ex-military folks get this blank look and respond, "Follow orders".
That's the kind of training the commanders (and the PHBs) want.
Have gnu, will travel.
The real reason probably has a lot more to do with the fact that we're even sitting around here on a Saturday afternoon questioning the decision. Geeks tend to think they're smarter than everyone else (just because its usually true, doesn't mean it always is), tend to question authority, and hate to be told what to do. If you give a geek a little bit of authority, they tend to get extremely dictatorial over their small little domain.
The entire point is that this kind of stero-typing is both counterproductive and flat out stupid. The ability to make decisions under pressure has nothing to do with stuff like that. Many famous generals are noted for there intellectual pursuits. Does that make them "not suited to a chain of authority"? Infact spec-ops guys (say like McChrystal) are notorious for the disrespect for chains of command. Yet they are highly successful warriors.
What I don't understand in the slightest is why the article or /. responses are making a distinction between "veteran" and "techie"?? A veteran is someone with military training and experience. A "techie" (another stupid vague term) is someone with technical training. It seems obvious to me that the right person for this job is someone who falls into both categories, and given the technology used today in the military, there should be plenty of those.
While the quote from the office was pretty stupid, it was also the only real mention of the term "geek" in the article. His point was he wanted competent technical people who also had military training, not "techie" civilians. And if I go in for laser eye surgery, I'd prefer the experienced ophthamologist perform it, not the guy who built the laser.
It works, assuming that the military commander understands that this is both a military and a technical situation. If he sees something that raises a red flag to a military eye, he needs to call the techies' attention to it and have them determine whether it's something the tech ought to be doing or if it's really a problem (which shouldn't take the techies long). By the same token, though, he also has to listen to the techies and, when they see something that doesn't look like something the tech should be doing, pay attention to them and determine whether there's a military reason it's doing that or if it's really a sign of a problem. And if there's a military reason and the techies say "No! If someone's doing that, it's going to open up holes.", listen to them. They know the tech, just like the military guy knows the military side of things, and you can't/shouldn't dismiss the idea that someone on the military side's just being network-clueless and doing the network equivalent of telling a sentry to not demand identification from any HMVs with a general's star painted on them because a general's coming in for an inspection and you don't want to inconvenience him.
Unlike a lot of the rest of the military, techies work best when they know what the goal is and why you want that goal accomplished, and what the restrictions on methods are and why they're there. We've proven in business time and time again that forcing them to just do whatever non-technical management tells them to do results in systems that utterly fail to do the job they're supposed to be doing (even though they meet every single requirement to perfection). There's a reason for the closing line to the filk: "It's just what we asked for, but not what we want!".
I don't understand the assumption that geeks have to be wussies. I'm certainly not a wuss on the intellectual level. Physically I'd get my ass beat down but intellectually I can hold my own with anybody.
Oppenheimer was an American born in New York City. Einstein took the oath to achieve American citizenship in 1940.
By that logic, the Cypriots must have the most powerful military in the world.
Not really. The problems within the USSR were largely caused by pressures due to their participation within the Cold War. In a sense, the U.S. won the Cold War by out-producing the Soviets.
The First Gulf War was nothing but a display of muscle to show Saddam Hussein that he didn't know who he was messing with.
It depends on how you define success. If by "success" you mean did the U.S. achieve regime change? No failure there. If by "success" do you mean did the U.S. achieve peace in Iraq? If so, I'm fairly sure that was never a goal of the U.S. military.
Again, no. The goals in Afghanistan were: 1) overthrow the Taliban (check) 2) bring various members of Al Qaeda to justice (check) 3) capture Osama Bin Laden. The status of the 3rd item is, at best, inconclusive, but the other 2 goals have been largely achieved.
My blog
"The nation that makes a great distinction between its scholars and its warriors, will have its thinking done by cowards and its fighting done by fools."
Hey, that's not fair. A lot of them have to fight weight gain.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
I guess what scares me is how out of touch these 'experts' are. I, for one won't be sleeping better.... Mostly because none of these guys understand a 'geek' would build a firewall an enemy couldn't penetrate, detect the hack, backtrace the IP and deploy units to capture the enemy. (Or do the geeks have to do that to?). Essentially you're putting this decision in the hands of people who don't know enough to make this decision. Truth is they don't know enough to know they don't know enough.
Oppenheimer was an astrophysicist who was hired for his administrative abilities, Einstein had nothing to do with the atom bomb program, aside from signing a letter (which he did not write). Niels Bohr, Enrico Fermi, Teller, Ulam, Von Newmann, Bethe all left Europe and became Americans, it is true, but it's important to recognize they came to America for essentially negative reasons -- their home wouldn't tolerate them anymore. If Germany had been merely totalitarian and persecuted Poles instead of Jews, do we dare guess how many of "our" atomic scientists would have simply stayed in Germany? Most of these people also made their critical insights while still in Europe under the auspices of European governments, like Lise Meitner.
By that logic, the Cypriots must have the most powerful military in the world.
This doesn't follow.
This is still debated, and even granting that it's true, it's basically impossible to apply this lesson to conflicts with, say Iraq or Iran. Or Al Qaeda. I was reading a quote from George F. Kennan recently:
I'll take an actual cold warrior's opinion over some glib, handwaving slashdotter.
And an opportunity for us to promise to come to the aid of anti-governemnt Kurds and Shiites in the North and South, which we promptly refused to support and allowed to be slaughtered, belatedly imposing no-fly zones. And an opportunity for the US and UK to impose ineffective and internally radicalizing sanctions which hollowed out Iraqi society. And occasionally drop bombs under the auspices of "Desert Fox" et al. And draw Hussein into closer alliances with muslim militants.
As long as we define success in terms that would be unrecognizable to someone who was present at the decision to go to war, we have succeeded. And it only cost $800 billion and a few hundred thousand lives, and we are left with a nation state that teeters on the edge of sectarian civil war, and will likely settle as a client of Iran.
And it only cost $300 million, maybe 40k lives, and has occupied our military for 9 years. The magic thing about war, of course, is that it evades all cost-benefit analysis. No matter how many hajis you kill, it never seems to make the cockpit doors any stronger.
But let's not beat around the bush. The project of redefining success is to protect the stainless reputation of our military, despite the fact that the US's strategic position in the world has been in
Don't blame me, I voted for Baltar.
Does this mean I am generally unable to understand the reasons behind those requirements? Of course not. I just did not care. Not my job.
On another non-military project I got the task to help to develop some traffic simulation models. There I did quite a few consistency checks for the incoming data. Guess my customer was stupid to give me the job. According to the article (no, I did not the original) some old war veteran should have been much better suited for this task and might have been cheaper.
Utter nonsense. If those changes can be determined by statistical or other algorithms then this most likely belongs to the tasks where a computer outperforms a human being considerably. To develop such a system is geek work. If not, it does not matter who does the guesswork. Rolling dices would probably as good.
In a sense, the U.S. won the Cold War by out-producing the Soviets.
This is a myth perpetuated by some on the right and in the military. The Soviet Union collapsed under its own mismanagement, incompetence, imperialism, and paranoia (sound like another country you know of?). The US did very little to actually hasten the collapse except for exist as a scapegoat they could blame all their problems on without actually addressing any internal issues. Moreover, the USSR was never a credible threat to US national security but it made political sense to pretend like they were.
If you build it, nerds will come. Soylentnews.org
I don't know where to begin to address this ridiculous idea. I served in the U.S. Army Infantry in the 80's and I'm willing to bet that I know a hell of a lot more combat veterans than you do. This notion that the military wants mindless automatons who follow orders without question is so utterly at odds with the the training I received that it's laughable. One of the most prized characteristics a soldier or Marine can possess is the ability to improvise, especially under pressure (read: people shooting at you).
Contrary to popular belief fostered by countless poorly made war movies, combat units don't exist merely to break things and hurt people. It's about the mission, and they accomplish their mission by the threat of force, and failing that, by its application. The major reason fighting men and women put themselves in harm's way is not out of some sense of bravado or a thirst for glory. It's for the bonds of brotherhood they feel with their comrades and the reluctance to let them down by not doing their jobs.
Many geeks tend to be loners, and in my experience have an inflated sense of superiority over those they consider to possess a lesser intellect. They tend to have zero understanding of the leap of faith required to put their very lives in someone else's hands, and conversely to accept that the lives of their buddies depend on their performing their part, no matter the personal dangers they may face. People who have never served don't truly understand the willingness to sacrifice for the greater good: the lives of your brothers; the successful completion of your mission; the knowledge that your mission is an essential part of a greater effort.
I had the privilege of serving with many true warriors, men who desire peace above all and truly believed that a warrior's role is to end war, and if it's necessary to fight, to accomplish their mission with the minimum of bloodshed. These men adhered to the philosophy that the ultimate expression of the warrior ethic is to mold themselves through hard training, sacrifice, and an almost ascetic self-discipline, into weapons that a potential adversary would be loath to face, thereby avoiding conflict altogether. Nations start wars for one reason, and one reason only: because they think they can win. True warriors frown on wars of aggression and consider the outbreak of war to be a dramatic failure of political leadership, on one or both sides. In my experience, being both a warrior and a pacifist is not a dichotomy. And let me add that not all warriors carry weapons. Warriors are those willing to sacrifice for something greater. Firefighters, cops, nurses, teachers, EMT's count many warriors among their number, and in my view Richard Stallman is absolutely a warrior.
Any leader worth his salt will also devise a solution that minimizes the danger to his men, while also accomplishing the mission. On July 1st, 1916, the opening day of the Battle of the Somme, the British Army marched across no man's land, rifles at the ready, dress-right-dress in perfect formation, toward the German positions. The acres of barbed wire channeled them into tight masses towards the few gaps, which German machine gunners had already ranged. The British suffered 26,000 casualties that day, the worst one-day loss in their long military history. Even though the high command were fully aware that 17th Century-style mass attacks were useless against automatic weapons, they discounted the machine guns and refused to alter their traditional tactics. Notably, one young British officer ordered his men to advance across t
I know, we don't like to actually read TFA, but they did say something about their "war fighters" being more adept at detecting whether the enemy had "...penetrated the networks and changed coordinates or target times..."
It sounds like they have determined that the only way a breach could be detected is if someone had actually gotten in and broken some of their toys. Given that assumption, flawed as it may be, having the guys who are proficient with the toys watch over said toys makes sense. They are already intimately familiar with them and would arguably be best equipped to notice anything out of the ordinary. Of course, this line of thinking is badly flawed. Network security is a unique and, at the highest level, rather esoteric skill set. Throwing missile techs at the job is deeply and dangerously stupid.
Oh yeah? Put a couple of rounds into a slow router and see how fast management authorizes the purchase request for new equipment.
Well it has to go through the unit's procurement office, and then to Command so it can be routed to the quartermaster's office who will send you the same model with the same faults because that's what the mission documents specify. That's if they have surplus on hand.
If not, then a bid will be put out for replacement hardware. The bid will be reviewed and passed to the Congressional Armed Services Committee for budgeting, where it will eventually be awarded to some important Congressman's Nephew so he can go and stump that he "got jobs for this district" when elections come around again. The bid will be low to win, but there will be unexpected delays and cost overages. The hardware itself will be made in the USA, and consist of one fully-functional-but-kinda-shitty router from China complete with back doors and a sticker (also produced in China) that's applied in the USA to finish the product. It will get to you a year after it was requisitioned.
Of course, when it shows up you'll curse, because your unit commander will have already gone out and bought a real router to replace the bullet-ridden one that has performed better than the old one ever did for a fraction of the cost of the new one. It will have to be sold for pennies on the dollar when the replacement shows up, in theory. Nobody cares about that, though, and the overpriced router will sit in it's box on a pallet somewhere, further reinforcing the belief that the people in the field know how to run this organization better than the pencil necks in requisition. You see, the people in the field are people of action, and the other are bureaucrats.
Any people who have served, feel free to correct/embellish.
I am become
No, the second gulf war was a complete and utter failure. We sent troops in to prevent Al Qaeda from gaining WMDs from Saddam. We lost thousands of lives on our side and they lost at least 10x as many and the objective turned out to be completely pointless, as Saddam didn't have any WMDs and he wasn't in any sort of talks with Al Qaeda.
In other words we lost a huge number of our personnel for nothing at all, that's about as big a failure as you're going to get. Worse is the fact that after we invaded, then we got terrorists going in. And it gave us a huge black eye with the folks that we needed to get on our side.
I suppose that it could've ended up without any state at all there and they could've got WMDs, but that's really not any worse, considering that now we've got Iran using their weapons to menace other nations as a result of our incompetence.
The service was made a little less decent when marketing REMFs sold the brass on the "warrior" terminology.
One of the highlights of my career was pulling a trick out of my geek toolbox to keep a combat unit mobile one sunny afternoon. When the Top commented "That is how you soldier," it meant more to me than any of the fruit salad ever pinned on my greens.
So a real warrior can look at 1000's of bombing coordinates and see if one's out of place?
That's amazing but I can build an AWK script in an afternoon for that and it'll get 100% accuracy when tuned and I can go do other things and the real warrior can go put boots on the ground.
Ex-Army here btw.
This "warrior" shit is quite stupid when what we really want is soldiers instead of the berzerk dumb vikings Rumsfeld wanted when he shut down all those training courses. It's going to take a few years to recover from his attempt to "change the culture".
Some of the most intelligent technical people I know are ex-military from a few years back. It takes all types, and the military used to know that. I really can't see a non-political reason why the usual practice of rotating people around to give them the experience they need was not followed instead of having the team above. If you want a good radar technician with infantry experience then you give that good technician the experience instead of expecting quick results the other way.
It just looks like the politics of somebody seeing on part of the force as "worthless" and putting their own guys in. Nothing to see here apart from poor management.
Whereas a techie would know that for the last 3 months they failed to penetrate the network and their target was to access the coordinates or target times ... Our To a hammer everything looks like a nail. What we want to do is prevent the successful attacks, not detect a successful attack and the "warriors" don't generally have a clue to distinguish between a spam phishing attack and a coordinated attempt to break security.
"The FUD of war."(tm) Tjp
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
If your idea of security is in noticing a malicious modification, good luck to you. I hope your data-set is really small, and your attacker is really stupid.
Which soldier is going to know that 47.345 should actually be 47.346? You're just betting that the attacker is making large obvious changes.
The techie's not going to care what the number is. The techie is simply going to see if the number is different than it was before -- or if anyone broke in in the first place.
Intrusion-detection is rarely, if ever, about checking to see if the content data has changed.
Why do we bother to hire real doctors to work in medical units? Aren't they going to have trouble figuring out whether or not someone was shot? Shouldn't we train military people to operate on wounded soldiers?
Sheesh! This is yet another case of the average person thinking technical people spend years learning what they know and somehow they are not valuable experts the way other specialists are.
-Todd
Omne ignotum pro magnifico.
But one of them will usually have a hard time keeping his mouth shut about it.
Any techie with real security know-how (from either side - both is better) and who has read Sun Tzu (therefore knowing better than the military how to conduct a war) could handle anything given the manuals. You want the best in cyber warfare and that is someone who eats, sleeps and shits the stuff. You're going to throw an Air Force pilot at a security breach? Would you have your pole-vaulter run the 1,000 meter for your team?