Slashdot Mirror
Is the Military Prepared For Cyberwarfare?
pbahra writes "If you think that combating cyber criminals is hard in your organization, imagine doing it in an enterprise with some 18 or so layers of management between the top man (and it is always a man) and the most junior employee. Now imagine that in such an organization, there is a form for everything, that it can take literally decades to buy new equipment, and that you can be jailed for having dirty footwear. But that same organization is charged with helping to defeat shadowy hacker groups who are faster, have better equipment, almost certainly are better funded and don't have to salute every time someone senior walks past them. The modern military is used to operating in what is known as an asymmetric environment, with a distinct imbalance between the two opponents. The problem for the military is that they like to be the big guy. According to a senior officer speaking at the 2011 Annual Defense Lecture in London, when asked if the military was capable of operating at the same speed as their opponents, he admitted they were not."
No.
Our military has a hard enough time managing to fight regular wars. If anyone thinks they are going to be ready for a cyberwar, they are kidding themselves.
It's nice to see the Slashdot is now taking direct plugs from the WSJ.
This is an easy one. They just have to outsource this job (especially the cyber-defense) to more capable companies, say in China!
Yank at Large wrote:
Though the article purports to expose some interesting new misalignment, this is not a new challenge to the military or a host of other organizations. I used to work at IBM in their personal computing division (now known as Lenovo). Our heavy logistics and multiple levels of approval did not allow the company to bring to market fast enough the kinds of machines that could appeal to customers like other companies could. There is, however, a way to leverage large organizations, much as the human body searches for the right antibody for a disease. You produce many different potential solutions, rather than invest all your resources into one or two ‘optimized’ solutions, and once you find one that works, you leverage the ability of a large organization to quickly replicate and apply that solution. So, like some in the article say, it is not a question of having the right people – they probably already do – it’s a question of having the right environment.
And a guy or gal who has the presence of mind and attention to detail to crack viruses probably also has the focus to keep his uniform in good shape, so those are not necessarily mutually exclusive properties.
I love the way he wields his business-speak and manages to use the words leverage, logistics, market, resources, replicate, solutions and optimised with such ease and finesse. Add to that the analogy with the human body and antibodies and I am not sure how this guy is not in charge of the whole world! He's got my vote!
Ah just what we need another war. We got a war on terror, war on drugs, a war on war and a war on not enough war. Lets add a 'Cyber war' so we can get some more tax dollars thrown at us.
The military is over-reliant and over-confident on Windows. Hell they pretty much write their security specifications to whatever Windows does AND they scrutinize non-Windows(particularly Linux machines) much more than they do Windows machines. Relying on Microsoft for anything is just asking to get hacked. I hope(though I know it won't happen) that the next Secretary of Defense will make it his mission to wean the military off of Windows. Not only will it result in a more secure system(probably), it will also save the government money and not make them beholden to the beast of Redmond....
Sadly I know it won't happen because Microsoft is always sure to let senior military officers in charge of this kind of stuff know that when the time is right they are always "looking" for people who have held those positions. IE throw lots of government money at us and we'll make sure you get a do-nothing job with an impressive title and salary to match.
Monstar L
I'm a currently-serving active duty Marine, and the fact that we're not ready for cyberwarfare is symptomatic of our way of doing things. The problem with the US military changing its ways of doing anything is that if there isn't a group of people already trained for the purpose of that new thing, its not gonna get done. Every Marine/sailor/soldier/airman/coastie has a specific job designation when they join up. They may do certain things outside of their scope at times, but "innovation" isn't commonplace or encouraged. It will be years if not a decade or more before an entirely new MOS (Military Occupational Specialty) is created and a training program implemented for the single purpose of creating "cyber-soldiers". Until that happens, the military will rely on other assets within the federal services, or contractors.
Step 1: Make our own hardware again.
Step 2: Remove anything critical to our infrastructure from the damned internet.
Step 3: Remove our government computers from the internet and on to a private intranet where they can log everything and hunt down witches/pedophiles in the government while the rest of us get a pass from ineffective feel-good legislation.
There is not a front line.
Provided security is implemented properly (for the US the NSA appears to have good guidelines and tools to do this, but potentially have back doors for everyone else) it is limited to humans being tricked/corrupted by spy and DOS. It seems a lot more suited to (counter) intelligence agencies.
Unless you are talking about being offensive what’s the big deal about it, human error/corruption in not following guidelines is hardly complicated at least in theory and a 'kill switch' can solve the DOS problem. Winning a "cyberwar" is not even close to winning an actual war, if you start losing by anything significant you just 'cut the cable'.
I suppose the summary quotes 18 levels because that's approximately the number of ranks in each branch of the military. But it's not really 18 levels of management. Remember the old saying "Privates are for doing things, sergeants are for making certain things get done, officers are for thinking." And even junior officers don't get involved in purchasing decisions. The actual level of management when it comes to purchasing is more like 5 or 6, but even that is a big number.
What really screws things up is that the military purchasing machine is designed for 100k+ of each item with fairly exacting requirements about being easy to operate, able to work in severely adverse conditions, and to be "fair" to everyone wanting to sell to the military. Which means a very complete description (sometimes thousands of pages), open bids, preference to certain categories of bidders, and much else. Oh, and they need to appear accountable for spending all the money that an army sized purchase entails.
So the guys who actually need relatively small amounts of highly specialized equipment are fighting an entrenched bureaucracy who wants to preserve the status quo. Think $500 hammers. I believe it's getting better though, at least in some areas, and the process is getting reduced from decades to months. Even so, they are rarely have the ability to on-line order stuff from commercial vendors and pay with a credit card, although that does happen sometimes.
The guy speaking at the lecture is right - large militaries can't move as fast as small fast moving enemy groups. But when they do move they can usually outspend him by at least 100,000:1. Which probably doesn't help.
The key is to organize like the bad guys - small groups each with their own budget and freedom to use it without having to go up the chain of command.
This is not a technology issue. Three years ago, I walked into a local Burger King and saw a servicewoman using a laptop that was 20% better than my system in every measure, and my laptop at the time was 3 weeks old and Compaq had only sold it for a month when I bought it.
Roughly 2 years ago, however, I saw a recruiter near my apartment. I asked him, if I was to sign up with the Air Force, could he do 2 simple things for me. One, could I get a full waiver from all physical aspects of basic training, and two, could I get guaranteed placement in the cyber warfare division. I was told no on both requests. This is the problem. The US Military is more interested in transferring soldiers who can hack than recruiting actual hackers. This leads to troops who, while they may have some decent level of skill, are not a fifth as competent in anything cyberwarfare does (or rather, should be doing) as most civilian hackers.
Geeks want to defeat America's enemies as badly as anyone else, but we're not going to have our faces slammed into the dirt by some drill sergeant with a chip on his shoulder to do it. We'll never be able to run 10 miles with 100 pounds of gear on our backs, and while most of us could fire a weapon and hit a target, we're not going to go do it in 140 degree heat in the middle of the desert. On the other hand, when the Chinese, Russians, or whoever else are trying to shutdown the power grid for the whole damn east coast, I don't care if the cyberwarfare division can run or shoot or salute - as long as the lights stay on, they can be as sloppy and physically unfit as they like.
This is the problem with the cyberwarfare division. We're unprepared because the Military is too deep into tradition to attract those who are really the "best and the brightest" for the job in question.
Don't worry though. Eventually this'll get farmed out to some defense contractor once the brass realizes it's costing too much and we suck at it, and those companies are more than willing to hire good hackers, whether they can do 50 pushups or not. I just hope it happens before someone like China decides to bite us in the ass.
From a military perspective, cyber-warfare is restricted to figuring out where an attack is coming from and then hitting the source location with a predator drone - collateral damage be damned!! Now that would be true cyber war!! Just think how many hackers would be able to concentrate on the job at hand after a few of their colleagues have become carbon polution or the proxies the have hopped through suddenly vaporized (literally).
And if the military needs to pay a civilian expert to reach that goal, they will - and they won't care if the individual in question has served time for hacking or is a known white hat.
Now, other government agencies who doesn't have the ability do drop a misile through the chimney of those annoying hackers, that is a completely different story... Spy agencies definetely needs a cyber-warfare team - and maybe a really nice bunker for them too ;)
Meus subcriptio est nocens Latin quoniam bardus populus reputo is sanus callidus
The main difference here is, we have to (at least to some degree) follow a bunch of laws, whereas the enemy (organised crime/hackers/etc) do not. its not an even playing field
This is a job for the FBI, CIA, NSA, DHS and whatever other scary three-letter organizations are down there. The military is about the last group on the list qualified to fight a cyberwar. They're useful for taking objectives and escorting in the smart guys. Expecting them to be the smart guys is just silly.
"Please describe the scientific nature of the 'whammy'" - Agent Scully
None of you commenting seem to know anything about how our cyber warfare or information dominance warfare communities are organized or operated in the military. Half of you are dealing in hypotheticals, and the other half of you are just incorrect, and none of you have the need to know or clearance to begin to know the answers to these issues. I know bickering on the internet is unpreventable, but this is just a bit silly. Let the people that know what they're talking about be concerned with these issues.
I think you have hit the nail on the head. Its exactly the same in the UK. If I were a young computer security whizkid I think that a job with GCHQ (rough equivalent to NSA) or MI5 (rough equivalent to CIA) would be prestigious and attractive. But the army ... not very prestigious and there's always the possibility that if you upset your CO you end up on the front line in Afghanistan. Now I admire the people who do fight on the front line it would not be my career choice, and I suspect not that of most computer nerds.
The military has a certain structure to make sure VERY large scale things remain coordinated - thus the associated bureaucracy. Sure, it'll take decades for the Defense Equipment and Support to clean up the mess in procurement, but let's assume for a moment they could and hit a more commercial frame of mind and speed.
They would still lose the battle.
The problem is in the way security is now managed. For the last 5 years, everyone has settled down into a fine routine of process, patching and playthings: the same kit (with more bells under the guise of "upgrades" to borrow several chapters from the MS book on how to milk customers) , formalised processes using standards and patching ad infinitum - I am positive that apart from EDLIN.exe and the background graphics, all other WinXP code in C:/WINDOWS has been replaced at least 10 times by now, judging by the size of downloads over the life of an installation.
We are losing the battle.
The reason goes back to something that especially the military ought to know: we have become predictable. Unless we change that, we have a problem that will only get worse.
Insert
If you nuke them. The cyber kind of stops.
Well retaliation by force does appear to be part of the US strategies to combat hacking. The problem is that it is not always clear who is responsible. for example when Iran was hacked by the stuxnet worm there was speculation that it could have originated in the USA, Germany, Israel, the UK and I even read one suggestion that it was an Australian group.
Even though the USA thinks that a military response is valid I doubt if it would act in a similar situation, and I think it would have condemned any attacks by Iran when they did not know for certain who attacket them in the first place.
Also it is increasingly likely that if the US military or infrastructure is likely to be from a "non national" group, possibly even acting from within the USA. This makes a military response very difficulty.
Back in the old days, governments would authorize private parties to go out and do bad things to the enemies of the governments.
http://en.wikipedia.org/wiki/Letter_of_marque
Reviving that concept might work better than trying to use the military for a task it's not optimized for.
Are you Americans blind and deaf? The problem of the US military is that it is ridiculously large and the recent wars have literally ruined the US! Cyberwarfare? You guys must be nuts---or at least, you politicians seem to be nuts. Exaggerated spendings on US military have done more harm to US society in the past decade under 2x Bush and, yes, also Obama than any "cyber warfare" could ever do in 100 years!
Get a life! Stop going to war and get a military budget comparable to other countries.
And regarding cyber warfare: Why don't you spend your billions on development for languages like Ada or Haskell (as opposed to C/C++), give away high-quality compilers for free, invest in safe open source technologies, stop trying to spy on your own citizens (no more backdoors), and offer free security auditing. That's 10x more effective than creating another 10 top-security money-burning "cyber warfare" centers.
I got the impression that the chap from the Wall Street Journal had already written his article and was trying to get the presenters to confirm his assumptions and then was put out when the presenters we a bit dismissive of his questions.
"“Military people are working within the context of rules of engagement and working within that system. Those constraints will always be there. Will it slow down the speed of our responses? Yes I am certain it will. It is it important that we do things in the right and proper way? Yes absolutely it is."
i.e. Should we nuke some kid's house just because he's tried to hack into GCHQ? No, we'd send the police around, slower and less effective but the right response to the threat. Faster is not always better....
If you like and feel very suitable for your word, as long as the quality assurance, as long as you believe in their own eyes, although to buy. As long as you feel that you put on beautiful, whether it is after shoes, clothes or hat, adorn article, can bring you a good mood. If see you also like you of beautiful the shoes, you and see you people would think to be in a good mood. If you like to see you of beautiful dress up and sincerely appreciate your word, so you and you like people would think heart is sweet. A good mood is difficult to buy. Fashion shoes with beautiful girl, feeling good
Well retaliation by force does appear to be part of the US strategies to combat hacking [guardian.co.uk].
That says "If we want, we may choose to consider an attack made on behalf of a State or Organization to be an Act of War."
It's basically a warning to foreign governments that if you hack us, and piss us off, we might decide to blow some shit up in return. We actually don't even need to say it, but it makes things a little "smoother" with the UN and other governments.
Consider that ANY type of "espionage" is also considered an Act of War, and we catch spies all the time. Notice that we have never actually gone to war or even retaliated with military force due to spying.
Is hard to see how this is a issue. A pistol don't need a permanent conexion to the internet. As much, can have a firmware, that can only be updated manually. Or can have a secure protection to a protected and encrypted lan, completelly separated from the net.
If we are talking about military people in a office, with computers. All normal rules apply. Just don't chose real security or feel good security. Feel good security is done buying products. Real security involve thinking, doing things right, hiring good personal, having rules and following these rules.
Cyberwarfare is a bit dramatic, is not? sounds like the fearmongering people selling "feel good security" would do.
-Woof woof woof!
The real question is: are the cyberhackers prepared for thermonuclear war?
If Slashdot were chemistry it would look like this:Cadaverine
According to wikipedia, the US military budget for 2010 was $663.8 billion. Clearly they don't spend all of that on cyber stuff, but if you're counting 18 layers of management then you're talking the whole organization, so you should count their whole budget too.
For those in the USA speaking their mind on the US Cyber capability: They are talking about the British, so move along..
A military in general preparing for "Cyberwar" will not have every grunt learn metasploit. There will be a few ultra bright people who get access to all the intelligence related to the enemy capability and develop recommendations based upon current threats and capabilities. These recommendations will be taken to the IT management and they will balance everything together to decide what is an acceptable risk so they can do their mission safely. Once such balance is using Windows because we all know how much cheaper a contract for thousands of windows admins vs thousands of Linux admins (plus the endless turf wars of what distro/version/etc). Yes Windows is buggy and less secure, but it is more well known and therefore cheaper when you are contracting support for an entire military.
In this new age of "cyberwar", there will be hacks and these hacks will not indicate anyone "winning" or "loosing". Just like in real war there will be casualties, but hopefully people are learning from mistakes. "Cyberwar" is also highly misunderstood, by EVERYONE. Anonymous getting 90,000 email addresses and passwords to a website is not a major "win" for them. They hacked the hell out of that site, but if the site was to register for some bullshit mandatory class run by contractors and was a one use deal? What did they really gain? Not much except to learn a bunch of email addresses and maybe try the passwords in case of re-use. No warfighting infrastructure was lost yet the media would lean toward calling it a "cyberwar win" for anonymous.
Any military is as ready for cyberwar as Sony, AT&T and any other ultra large organization.
Maybe the military should treat their Cyber Warfare division like it was special forces. Special forces units often play by their own rules which is why they're able to get things done quickly and efficiently. A Cyber Warfare division could work in the same way. No need for the riciculous sea of regualtions. Retain enough regulation and discipline to maintain military order while allowing flexibility.
When we speak of the military as a lumbering bureaucracy, let's bear in mind there are also smart, mobile, very adaptable teams within that huge organization: the special forces. If the military has any sense at all then cyber-warriors will be organized and commanded more like special forces than like an infantry division.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Cyber "warfare" is not warfare in any traditional sense of the term. The military's entire mentality and organizational structure is completely unsuited for such a task. They should get the fuck out of the business and governments should form teams of actual white-hat hackers to do this kind of thing.
One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
Of course the military isn't ready for cyberwarfare. They are always fighting the last war. Recent articles have come out about how the Pentagon is finally restructuring itself to fight terrorism, meaning they've done away with mass troop movements in favor of lots of small actions. Which will work great until we get into a war with China, which will both hack our systems and require mass troop movements. Chinese military doctrine has expressly stated it means to do just that along with financial warfare (suddenly dumping all dollar reserves), shutting off the Panama Canal (which they now control) to impede the American navy, and lots of other outside-the-box thinking.
Do what you can, with what you have, where you are.
A definitive 'no.' As a soldier working in networking, I can guarantee that the Army's understanding of security, our equipment, and most specifically our training are approaching a decade behind the enterprise world, for a number of reasons. The most prominent is that soldiers not only aren't adequately trained to operate even a minimalist network to modern standards, most have no desire or opportunity to improve the state of things.
The 'operators,' those setting up equipment, are all junior enlisted, and are saddled with normal 'soldiering' stuff as priority over any training in networking or administration. The 'management' has to fight other branches and levels of management to get anything done at all, and has to rely on those soldiers who make time to improve their skills enough to be competent at lower levels. And at the echelons above reality, nobody seems to have a clue as to the fundamentals of making devices talk.
The conflicts in the Middle East have been indicative of our pondwater-speed capabilities, and the direction my corps is moving is not set to improve the situation. One thing to remember, the only requirement to get my job in the Army is a relatively high score on the entrance exam, notorious for having abysmal standards. Many, if not most, soldiers in my corps have never considered working in IT of any sort. Keep that in mind when discussing our capabilites.
I propose we pass a law requiring that the military win at least *one* of the wars they're already in before we let them have a new one.
SJW: Someone who has run out of real oppression, and has to fake it.
Starting with the original article, it's clear that a lot of the people talking about how bad the military is have no experience in the military. Similarly, most of those talking from military experience have little or no knowledge of commercial practices.
The considered going with Apple, but Steve Jobs scared them way more than any enemy military.
Then they considered Unix, but couldn't find anyone who could still remember all the commands.
Then they considered going with Linux, but that started a huge argument over which distro was best. That was 10 years ago, and the argument is still going on.
SJW: Someone who has run out of real oppression, and has to fake it.
is it part of plan to make it look like we have no idea while we really have a good top secret cyber warfare group somewhere?
I work at SPAWAR, a division of the Navy with a rather large budget and the directive to make sure we gain a dominant position in this this cyber-war thing.
We're an RDT&E and "acquisitions" organization primarily consisting of civilians.
We still have many of the problems a normal military organization would have. Chief among those is a paralyzing risk aversion. The politicization of the upper levels of the military means that our Admiral (and we go through Admirals pretty quick around here) generally doesn't want us doing anything that would get him embarrassed, like having a project fail. We used to have our own foundry (in an old WWII era bunker) until they decided it was too financially risky to have around... yeah, that's worked out well. I hope they like back doors on their missile guidance chips.
I'll take the dress code and the immense, extraordinarily top heavy management structure, as long as they start letting us do some real work again.
In reviewing this, I find it amazing that Laura Callahan (the former senior deputy director at DHS who resigned in 2004 after an investigation found out that she had received three degrees from a diploma mill in Evanston, Wyoming) is now working again for US Cyber Command as a GS-14 employee as of May 2011. If you google her name, you'll find the entire story of what her lack of qualifications did to several government agencies and the white house (clinton e-mail scandal). My question is that how did someone with a history of misleading investigators get hired for this type of position (which no doubt involves access to classified information ala NIPR/SIPRnet, JWICS, etc) given her previous 'fraudulent' degrees. A check of OPM regulations shows that lying or misleading investigators in the course of a background investigation, including prior bad acts, and falsification of academic credentials is grounds for termination, or being marked ineligible for hiring. I would suggest if the military wants to keep losing ground, all it needs to do is to continue to hire persons like Ms. Callahan and watch the damage unfold. As for the part of outsourcing, you might want to ask Booz Allen Hamilton and IRC federal about their recent break in by Anonymous and the loss of sensitive information and PII.
Didn't the military create the net, shouldn't they be leading it?
"almost certainly are better funded "... Sorry, I could not read past that comment.
Which country's military are we talking about?
The three laws of thermodynamics:(1) You can't win. (2) You can't break even. (3) You can't even quit.
So long as the cyber community is as ignorant of military cyber security as this poster is, the US is safe.
You want to touch anything of importance on the military network, you need physical access. Have fun hacking MS products on the front side and discovering where soldiers are drinking that weekend, how many new chairs are being ordered for the office, and which officers are having an affair.
Information is important though, and 90,000 E-mail addresses can be used for nefarious deeds.
Cyberwarfare is very real and can cause meatspace casualities. Russia found that out with their exploding pipeline. Iran found that out with Stuxnet. The US found that out with power grid failures traced to compromised machines.
Don't forget that information is intelligence. Say Elbonia manages to get a document showing the names and addresses of Latveria's military workers and their families. This can be used for blackmail or extortion to get people working in sensitive spots to give up information. A little kidnapping of someone's daughter for a period of time can cause even the most top secret info on a Doombot to end up in Elbonian hands.
We ignore this method of "combat" at our peril.
Realistically, the US needs another branch of the Armed Services just for whitehat/blackhat work. In the past where the nastiest hack attempt was a student hacking a rival university to rm -rf / the student , NSA/NIST was sufficient enough. However, with every country that has more than an Apple //c with a modem is wanting to go after the US, there needs to be a solid effort by the US government in this department. China and Russia understand this -- they have divisions of their military just dedicated to blackhat and whitehat activities.
Lets call it "The War on Stupid/Ignorance"
in fact this could replace the War on Drugs (and a few other things) if done properly.
Get the DOD to cross link resources to the DOE.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Here's the person charged with Network Defense for the Army: Lt. Gen. Susan S. Lawrence, As the G-6, Lawrence supports the Chief of Staff of the Army and Army Staff in performing information management, network operations (including computer network defense), force structure, and the equipping and employment of signal forces. Hardly a "18 or so layers of management between the top man (and it is always a man)". Although only 5% of the general officers in the Army are women, it's hardly the sausage fest the author of this article believes it to be. I wonder if the writer of the article is aware of the gender and racial makeup of our dead and wounded? Got a complaint about that? Twat.
This is one of those absolute nonsensical non-issues, which only makes sense if the person posting it is completely and tehnically ignorant??? Obviously, with Narus boxes at all the major switching centers, in the US, China (for the Chinese, that is, not against them), and other countries, plus having those Narus boxes located at EPs (that's Exchange Points, or IXPs to any and all newbies, who frequently misconstrue that term and think we mean "ISP" -- Internext eXchange Points, or EPs, the physical connections where groups of major exchange connections occur), and with backdoors in Micro$oft (advapi.dll, etc.), Apple and Google, etc, for the convenience of the privatized US intel establishment, plus their forensics software allowing them to plug into and control PCs and networks (enstart.exe, etc., ever noticed it????), and probably other stuff I'm as yet unaware of -- it would seem like they've got things pretty down pat -- and are completely unconcerned with China, since they've shipped everything to them over the past some years!
Dood, please see my earlier comment --- you appear to be hopelessly nontechnoid with regard to Internet, Narus, forensic software, and a host of other subjects.....Man oh man, the illiterates on this site lately -- espcially those nimrods trashing me from their very own abject ignorance --- should only be posting in Scandinaiva.
The US military is already outsourcing to private security firms (e.g. Blackwater). One serious issue, however, is that accountability is no longer a strong concept. If you've outsourced security, and, well, a little torture here or there ensues - who really pays for it? The military points the finger away from themselves, *maybe* the security firm loses funding, but the indigenous peoples still hate Americans all the same. If the US outsourced cybersecurity in this manner, what accountability would anyone have that they were on the up-and-up 100% of the time?
I agree 100% what you said. And it won't happen unless someone like Rickover steered building Nuclear Navy.
We laughed at the british armies when we read about the Revolutionary War in school. They would just stand there and take no cover but wait for the enemy to shoot them. They were stupid because of their rules. We laughed at that.
... lists the issuance of letters of marque as a war crime. Not to mention that they applied to war at sea, not in cyberspace. Not to mention that I'm not real comfortable with the idea of subcontracting our national security affairs to LulzSec (or equivalent).
I'm sort of dubious that we even NEED a "cyber" "warfare" capability, but if we do, maybe getting the military to do it isn't such a bad thing.
Great. Find them first. They're using the internet. They don't all have to be in the same place. Or even the same continent.
"I disagree with you" does not equal "flamebait."
... but I just noticed that the point of closing the Panama Canal was to deny access to US Navy ships, vs. merchants. That makes even less sense - the US Pacific fleet could whip the Chinese fleet all by itself, several times over, without any help from the Atlantic fleet.
What the DoD needs to do is stand up a new branch of defense. Take the best they have right now for Cyber and make that a new branch under the DoD. Then have them come up with new MOSs for security and go out and hire some people and recruit others and train. Much like how they made Seal Team 6, used current Seals with a new mission mandate. The new Secretary of Cyber would report directly to the Sec Def.
"Dood", you haven't got the faintest clue who I am, what I know and what I do for a living, and I'm not going to enlighten you. Suffice to say you appear to be using the wrong orifice for communication.
You can pick up chatter with intercept, but the bad guys vary their method of transmission which means you'd need to grab everything. Too much hay to find fewer needles, and *if* you find needles you may discover it's old school OTP, which means you can't convert unless their messages are a bit longer - you need the code book.. The problem with the grab-it-all approach is that you get a lot more data to discard than with a targeted approach.
However, you cannot develop targets without on-the-ground intel, but that's the stuff that's been abandoned. When done properly, HUMINT gets the ball rolling, with SIGINT providing the further surveillance provided it is legally permissible (and here I'd love to advocate transparency - some people DO actually make an effort to do it right).
But we've generally walked away from HUMINT and now have to face the music for it. Especially IT security has become staggeringly predictable, and is thus easy to defeat.
Insert
Versions of Windows, for 1 thing, since around 2004 or so.
Secondly, Linux 2.6 in its KERNEL ALONE has 4x++ the amount of unpatched security vulnerabilities than Windows Server 2008 does (& yes, remote vulnerabilities too in Linux still are open as well), & the Windows Server ones (Windows7's too) have valid + easy workarounds as well!
In fact, All of what MS gives you for business & development has LESS UNPATCHED SECURITY VULNERABILITIES than does Linux 2.6x mainstream kernel alone... AND, LAMP setups are the MOST EXPLOITED BY PHISHERS!
Proof of my statements? Ok, here goes:
Yes - Despite all those "Open 'SORES'" eyes (most of whom couldn't code to SAVE THEIR LIVES mind you) allegedly poring over Linux code, how come it has that many more unpatched bugs than Windows 7 has, hmmm??
Closed source is HARDER for hacker/crackers to attack as well, because you're stuck either disassembling it (especially tough with kernel level debuggers) OR fuzzing it, either is tougher than searching out problems in Linux, which you just load into a compiler & step trace its "Open 'SORES'" code with to find screwups in security... hence it still has more security bugs, AND, they are unpatched (despite all the "Open 'SORES'" eyes poring over it, lol!)
Fact, period!
In fact, Linux's kernel ALONE has 3.5x the # of unpatched bugs the ENTIRE SUITE/ARRAY OF WHAT MICROSOFT GIVES YOU TO DO BUSINESS & DEVELOPMENT WITH!
Proof? Ok:
This data's ALL from a respected source (secunia.com) for known security vulnerabilities unpatched:
---
Vulnerability Report: Microsoft SQL Server 2008: (07/10/2011)
http://secunia.com/advisories/product/21744/
Unpatched 0% (0 of 1 Secunia advisories)
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (07/10/2011))
http://secunia.com/advisories/product/17543/
Unpatched 0% (0 of 6 Secunia advisories)
Vulnerability Report: Microsoft Exchange Server 2010: (07/10/2011)
http://secunia.com/advisories/product/28234/
Unpatched 0% (0 of 0 Secunia advisories)
Vulnerability Report: Microsoft SharePoint Server 2010: (07/10/2011)
http://secunia.com/advisories/product/29809/
Unpatched 0% (0 of 0 Secunia advisories)
Vulnerability Report: Microsoft Forefront Endpoint Protection 2010: (07/10/2011)
http://secunia.com/advisories/product/34343/
Unpatched 0% (0 of 1 Secunia advisories)
Vulnerability Report: Microsoft Office 2010: (07/10/2011)
http://secunia.com/advisories/product/30529/?task=advisories
Unpatched 0% (0 of 7 Secunia advisories)
Vulnerability Report: Microsoft Virtual PC 2007: (07/10/2011)
http://secunia.com/advisories/product/14315/
Unpatched 0% (0 of 1 Secunia advisories)
Vulnerability Report: Microsoft Internet Explorer 9.x: (07/10/2011)
http://secunia.com/advisories/product/34591/
Unpatched 0% (0 of 1 Secunia advisories)
Vulnerability Report: Microsoft Visual Studio 2010: (07/10/2011)
http://secunia.com/advisories/product/30853/?task=advisories
Unpatched 0% (0 of 2 Secunia advisories)
Vulnerability Report: Microsoft DirectX 10.x:
(07/10/2011)
http://secunia.com/advisories/product/16896/
Although you can probably put up enough firewalls, and move to a secret DNS server, or add other anti-spyware, the question to ask is: How do you protect yourself from an inside attack? How can you be sure that in the hundreds of senior military IT people, you do not have someone there who, on a mission, would break the system from the inside. A war must be defended on all fronts.
Leslie Satenstein Montreal Quebec Canada
You sound like an NSA noobie, dood, and your response makes ZERO technically sense in regard to my comments. Cease and desist!!!! sgt_doom