Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is the Military Prepared For Cyberwarfare?

Posted by Soulskill on from the not-until-they-can-email-hand-grenades dept.

pbahra writes "If you think that combating cyber criminals is hard in your organization, imagine doing it in an enterprise with some 18 or so layers of management between the top man (and it is always a man) and the most junior employee. Now imagine that in such an organization, there is a form for everything, that it can take literally decades to buy new equipment, and that you can be jailed for having dirty footwear. But that same organization is charged with helping to defeat shadowy hacker groups who are faster, have better equipment, almost certainly are better funded and don't have to salute every time someone senior walks past them. The modern military is used to operating in what is known as an asymmetric environment, with a distinct imbalance between the two opponents. The problem for the military is that they like to be the big guy. According to a senior officer speaking at the 2011 Annual Defense Lecture in London, when asked if the military was capable of operating at the same speed as their opponents, he admitted they were not."

7 of 147 comments (clear)

  1. ah just what we need by Dyinobal · · Score: 4, Interesting

    Ah just what we need another war. We got a war on terror, war on drugs, a war on war and a war on not enough war. Lets add a 'Cyber war' so we can get some more tax dollars thrown at us.

  2. One word: Windows by antifoidulus · · Score: 4, Insightful

    The military is over-reliant and over-confident on Windows. Hell they pretty much write their security specifications to whatever Windows does AND they scrutinize non-Windows(particularly Linux machines) much more than they do Windows machines. Relying on Microsoft for anything is just asking to get hacked. I hope(though I know it won't happen) that the next Secretary of Defense will make it his mission to wean the military off of Windows. Not only will it result in a more secure system(probably), it will also save the government money and not make them beholden to the beast of Redmond....

    Sadly I know it won't happen because Microsoft is always sure to let senior military officers in charge of this kind of stuff know that when the time is right they are always "looking" for people who have held those positions. IE throw lots of government money at us and we'll make sure you get a do-nothing job with an impressive title and salary to match.

    --
    Monstar L
    1. Re:One word: Windows by HBI · · Score: 5, Informative

      I would disagree, but not entirely. Yes, the US military is over-reliant on Windows. That said, Windows gets lots of scrutiny - much more than competing OS. The fact that Windows has an entirely broken security model is not lost on those responsible for CND (computer network defense) within the armed forces. Unfortunately, the means of fixing it is mostly via STIGs, "security and technical implementation guides" produced by NSA. This results in an OS which mostly won't run software and can't communicate over a network. This is why the STIG is supposed to be applied with consciousness of the impact on software, and with some delicacy to preserve capabilities. This does not stop those responsible for purported security scans and IA (information assurance) inspections from mandating the application of said STIGs across the board as a prerequisite for allowing your systems on the network, with the results you'd expect.

      Getting an exception to the STIG requires getting a general officer* to sign off on a risk, which is a career-ending move if there is some kind of penetration attributable to the exception. So they aren't really interested in doing that much.

      I suppose computers that don't work correctly are "secure", in the sense that it's hard to get data off a computer that isn't used as a resource, but rather a boat anchor. Still, this doesn't say much for the military ultimately achieving much in cyberwarfare or even CND by breaking their systems by default.

      The root of the problem is that most people that go into IA or CND in the military are nontechnical or just incompetent. It's not the trade that you'd choose if you were savvy, and being surrounded by a good percentage of idiots can't be pleasant. There are some very, very smart people within the system but I wonder personally how any of them stand the general level of incompetence. I can't get a straight answer out of them except for "duty", which may be the real one.

      That said, the whole infrastructure is on the wrong track to gaining true capability. Needs changing.

      * Each agency has a "Designated Approving Authority" or DAA. It's usually the highest ranking person at said agency. That is who takes ownership of risk.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  3. FUBAR = Normal by Edgewood_Dirk · · Score: 4, Informative

    I'm a currently-serving active duty Marine, and the fact that we're not ready for cyberwarfare is symptomatic of our way of doing things. The problem with the US military changing its ways of doing anything is that if there isn't a group of people already trained for the purpose of that new thing, its not gonna get done. Every Marine/sailor/soldier/airman/coastie has a specific job designation when they join up. They may do certain things outside of their scope at times, but "innovation" isn't commonplace or encouraged. It will be years if not a decade or more before an entirely new MOS (Military Occupational Specialty) is created and a training program implemented for the single purpose of creating "cyber-soldiers". Until that happens, the military will rely on other assets within the federal services, or contractors.

  4. How to prepare for cyberwar by Xenkar · · Score: 4, Interesting

    Step 1: Make our own hardware again.
    Step 2: Remove anything critical to our infrastructure from the damned internet.
    Step 3: Remove our government computers from the internet and on to a private intranet where they can log everything and hunt down witches/pedophiles in the government while the rest of us get a pass from ineffective feel-good legislation.

    1. Re:How to prepare for cyberwar by bky1701 · · Score: 4, Insightful

      Step 4: Close government-mandated security holes in software the CIA and FBI asked for.

      --
      Great Intellect...
  5. Privateers by Beryllium+Sphere(tm) · · Score: 4, Interesting

    Back in the old days, governments would authorize private parties to go out and do bad things to the enemies of the governments.

    http://en.wikipedia.org/wiki/Letter_of_marque

    Reviving that concept might work better than trying to use the military for a task it's not optimized for.