Slashdot Mirror
Why Warriors, Not Geeks, Run US Cyber Command Posts
koterica writes "The Washington Post explains why the military prefers to have combat veterans rather than geeks running network security. '"It was supposed to be a war fighter unit, not a geek unit," said task force veteran Jason Healey, who had served as an Air Force signals intelligence officer.
A fighter would understand, for instance, if an enemy had penetrated the networks and changed coordinates or target times, said Dusty Rhoads, a retired Air Force colonel and former F-117 pilot who recruited the original task force members. "A techie wouldn't have a clue," he said.'"
That is entirely what that sounds like.
Edward@Tomato - /home/Edward/ man woman
man: no entry for woman in the manual.
"Qua!?"
Well, why not train the warriors to understand all the geeky details?
I would like to think that true geeks learn at a quicker pace than most people, and are generally more adept at problem-solving.
Why can't they be both? I'm sure people are fully capable of understanding tactics as well as programming. The designers of games such as Metal Gear Solid 2 undertook SWAT training to create more realistic AI, and the designers of America's Army clearly had to understand military training and combat situations.
Twinstiq, game news
A techie would understand if the mailserver were suddenly starting to make base 64 encoded TXT DNS requests to a server in Taiwan or if there was an unusual high number of HTTP requests leaving the network that resulted in a 503 or 302 response.
A Techie would understand how to exploit the kerberos ticket system and how to look for signs of, and reduce, such abuse on the network.
A techie would also more likely understand what anomalies could be a sign of a breach and what was more likely a software error.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
I might think that a warrior, who has to learn or die, learns at a quicker pace than most people, and is more adept at problem solving.
Bullshit. Sad but true, soldiers are taught two contradictory things: "return fire" and "follow the Rules of Engagement." This leads to all sorts of trouble, especially since the "Rules of Engagement" for Iraq and Afghanistan are thicker than a copy of Tolstoy's War And Peace in 10-point font.
Add to that the fact that this is not a front-line duty. They're not going to be sitting there personally shot if they don't get something right. What's needed is specialists adept at detecting network intrusion, checking over the logfiles, ensuring that there aren't holes in security in the first place. This isn't reflex action, this is deliberative effort.
Some of them are brilliant
So your entire post contradicts itself in short. Being a warrior, being conditioned to follow orders has nothing to do with whether or not you are good at math and enjoy hard science. There are many, many people who are both. Trying to "sub-divide" it so that you are either a geek or a warrior is really, really stupid.
What I don't understand in the slightest is why the article or /. responses are making a distinction between "veteran" and "techie"?? A veteran is someone with military training and experience. A "techie" (another stupid vague term) is someone with technical training. It seems obvious to me that the right person for this job is someone who falls into both categories, and given the technology used today in the military, there should be plenty of those.
While the quote from the office was pretty stupid, it was also the only real mention of the term "geek" in the article. His point was he wanted competent technical people who also had military training, not "techie" civilians. And if I go in for laser eye surgery, I'd prefer the experienced ophthamologist perform it, not the guy who built the laser.
I was in the USAF and had to deal with pilots fairly often. It's true they are good with their planes, but most of them are rather stupid and would fail most logic tests. (But they tend to have egos the size of Texas, and the dumber they are, the bigger the ego.)
There are exceptions, about 20%, but for the most part, don't let them near anything that's not a plane they've trained on.
You are correct, I am a 10 yr combat veteran and your explanation is exactly why I would never work a Govt / Military position again. It is a virtual breeding ground of stupidity something I am very glad to be free of.
Got Code?
this is generally a case of one guy being smart enough to "think outside the box" and having a supervisor \ commanding officer willing to encourage that instead of quashing it and putting him back in line.
Said people also usually leave the military pretty quickly once their enlistment contract is up.
Ok... reading that article made me cringe.
Cyber Command has reunited the missions.
Though the task force in the early years lacked clout, it did have some notable successes, veterans said. During Moonlight Maze, it issued the first military-wide order to change passwords, said Marc Sachs, who had been an Army engineer. And it instituted precautions to ensure that military networks would be protected against any "Y2K" calamity.
On New Year's Eve 2000, a group of task force members watched a bank of clocks as first Japan, then Australia passed into the new millennium without incident. When that happened, they were confident the United States would follow suit, Sachs recalled.
A few minutes after midnight, Campbell and several other members ascended to the DISA roof top. They gazed across the Potomac River and saw the lights in the capital city still blazing. They lit their cigars and watched the fireworks shoot across the sky.
Their great successes: They changed passwords and their networks were not wiped out by the Y2K bug!
Truly the US has the best "cyber-warfare" capabilities in the world!
"The intelligence could be obtained through computers, satellites or other technology, or by more traditional means, he said, recalling the time he sent "a human agent into a foreign marketplace to buy a CD of hacker tools" to better understand a particular attack that had taken place. "
Another triumph!
they bought a bunch of password crackers, keygens, scanners and sniffers.
Any bets on how much of it was really secret and how much of it was merely secret to people who haven't a clue about where such tools can be found normally?
And don't forget, once "warriors" are in charge rather than real network security specialists every attack becomes the actions of whoever the favourite villain is rather than just another botnet herder or teen hacker.
The attacks, dubbed Solar Sunrise, appeared to be coming from overseas, including from the United Arab Emirates. Intelligence officials thought Iraqi President Saddam Hussein might have ordered them.
"It looked as though Saddam was about to take down massive amounts of infrastructure . . . because we were threatening to bomb him," recalled one former intelligence official. Tensions were building. President Bill Clinton was briefed. Senior officials convened another meeting in the Pentagon's "tank," the Joint Chiefs' conference room. The threat was no longer hypothetical, it seemed.
Then the real culprits were identified: A pair of 16-year-old boys in California and a teenager from Israel who had exploited a known vulnerability in the Solaris (UNIX) operating system.
"The nation that makes a great distinction between its scholars and its warriors, will have its thinking done by cowards and its fighting done by fools."
Does this mean I am generally unable to understand the reasons behind those requirements? Of course not. I just did not care. Not my job.
On another non-military project I got the task to help to develop some traffic simulation models. There I did quite a few consistency checks for the incoming data. Guess my customer was stupid to give me the job. According to the article (no, I did not the original) some old war veteran should have been much better suited for this task and might have been cheaper.
Utter nonsense. If those changes can be determined by statistical or other algorithms then this most likely belongs to the tasks where a computer outperforms a human being considerably. To develop such a system is geek work. If not, it does not matter who does the guesswork. Rolling dices would probably as good.
I know, we don't like to actually read TFA, but they did say something about their "war fighters" being more adept at detecting whether the enemy had "...penetrated the networks and changed coordinates or target times..."
It sounds like they have determined that the only way a breach could be detected is if someone had actually gotten in and broken some of their toys. Given that assumption, flawed as it may be, having the guys who are proficient with the toys watch over said toys makes sense. They are already intimately familiar with them and would arguably be best equipped to notice anything out of the ordinary. Of course, this line of thinking is badly flawed. Network security is a unique and, at the highest level, rather esoteric skill set. Throwing missile techs at the job is deeply and dangerously stupid.
Oh yeah? Put a couple of rounds into a slow router and see how fast management authorizes the purchase request for new equipment.
Well it has to go through the unit's procurement office, and then to Command so it can be routed to the quartermaster's office who will send you the same model with the same faults because that's what the mission documents specify. That's if they have surplus on hand.
If not, then a bid will be put out for replacement hardware. The bid will be reviewed and passed to the Congressional Armed Services Committee for budgeting, where it will eventually be awarded to some important Congressman's Nephew so he can go and stump that he "got jobs for this district" when elections come around again. The bid will be low to win, but there will be unexpected delays and cost overages. The hardware itself will be made in the USA, and consist of one fully-functional-but-kinda-shitty router from China complete with back doors and a sticker (also produced in China) that's applied in the USA to finish the product. It will get to you a year after it was requisitioned.
Of course, when it shows up you'll curse, because your unit commander will have already gone out and bought a real router to replace the bullet-ridden one that has performed better than the old one ever did for a fraction of the cost of the new one. It will have to be sold for pennies on the dollar when the replacement shows up, in theory. Nobody cares about that, though, and the overpriced router will sit in it's box on a pallet somewhere, further reinforcing the belief that the people in the field know how to run this organization better than the pencil necks in requisition. You see, the people in the field are people of action, and the other are bureaucrats.
Any people who have served, feel free to correct/embellish.
I am become
You're an idiot, the military doesn't stick any moron on a nuclear submarine, or in a command and control computer lab.
And yet...
Sub Trouble
My fellow officers were surprised by my failure, and wondered aloud why I hadn't used the "study guide." When my second exam arrived, so did the so-called study guide, which happened to be the answer key for the nuclear qualification exam I was taking. I was furious. Defiantly, I handed back the answer key to the proctor and proceeded to take the exam on my own. I failed again. My boss, the ship's engineer officer, started to document my failures with formal counseling so that he could fire me.
The most competent junior officer on our ship ran to my rescue, confiding that none of the other officers had passed the exam legitimately; the exam was just an administrative check-off. "Swallow your pride," he told me, and just get it done.