Slashdot Mirror

← Back to Stories (view on slashdot.org)

West Point and Marines Launch Open Cyber Conflict Journal

Posted by Soulskill on from the military-strategy-by-committee dept.

rumint writes: The Army Cyber Institute at West Point and the Marine Corps Cyberspace Command just launched an open journal studying cyber conflict — Cyber Defense Review. It focuses on strategy, operations, tactics, history, ethics, law and policy in the cyber domain. The Cyber Defense Review is positioning itself as the leading online and print journal for issues related to cyber conflict for military, industry, professional and academic scholars, practitioners and operators interested providing timely and important research to advance the body of knowledge in an inherently multi-disciplinary field.

31 comments

  1. why is this even a thing??? by ganjadude · · Score: 1

    Keep mission critical stuff offline, or on a network not running standard protocols

    i dont want the internet to go down everytime some random country wants to get in a pissing contest with another country. This doesnt mean we dont need to take cyber security seriously, we do. but the issue is that cyber warfare should not even be a blip on the radar as anything related to the military should NOT be on the internet!

    --
    have you seen my sig? there are many others like it but none that are the same
    1. Re:why is this even a thing??? by Anonymous Coward · · Score: 0

      If you think not running standard protocols will protect your mission critical stuff, you're the one who isn't taking security seriously.

      Not on the Internet, like that makes a difference. Sneakernet isn't the Internet, but all your classified data can still walk away.

    2. Re:why is this even a thing??? by Anonymous Coward · · Score: 0

      That's a limited view of warfare that doesn't match reality -- military is not the only target of attacks, cyber or not.

    3. Re:why is this even a thing??? by i.r.id10t · · Score: 2

      But there are things that need to be communicated between separate entities, and while it may not be War Games incarnate, I can see how malicious disruption of some things like scheduled bank transfers, etc. could cause some panic and mayhem. Think of it as the newest layer of SIGINT

      --
      Don't blame me, I voted for Kodos
    4. Re:why is this even a thing??? by Dutch+Gun · · Score: 3, Insightful

      My understanding is that the military does have a completely isolated network for critical combat communication, but like any other global-scale organization, they're still probably reliant on the now-civilian internet because of the efficient communication it provides. For instance, communication with contractors, other countries' military forces, and so on are all vital for day to day operations, and probably can't be accomplished with a military-only system because of the sheer scale and scope it would require.

      I just don't think it's as simple as saying "the military should not be on the internet". They either have to try to use it safely and securely, build a completely separate and parallel internet, or go without it. Granted, there's obviously a percentage of material that should always be air-gapped for maximum security, but the bulk of bureaucratic day to day communication and coordination only needs to be reasonably secure, and can probably safely live on the standard internet given reasonable precautions.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    5. Re:why is this even a thing??? by Anonymous Coward · · Score: 1

      Keep mission critical stuff offline, or on a network not running standard protocols

      Well, (depending on the mission) "mission critical stuff" must be online and use standard protocols... that's the whole idea with military networks actually!
      As a Greek, in case of a military conflict, i depend on standard protocols to communicate with other Greeks (and NATO allies), plus anyone trying to communicate must be online...

      i dont want the internet to go down everytime some random country wants to get in a pissing contest with another country. This doesnt mean we dont need to take cyber security seriously, we do. but the issue is that cyber warfare should not even be a blip on the radar as anything related to the military should NOT be on the internet!

      Oh... "the internet"...
      The "military mission critical networks" (usually) are not in "the internet" - CYBER attacks does not only mean internet attacks (or "internet" does not only mean... "the internet"!).

    6. Re:why is this even a thing??? by ToasterMonkey · · Score: 2

      My understanding is that the military does have a completely isolated network for critical combat communication, but like any other global-scale organization, they're still probably reliant on the now-civilian internet because of the efficient communication it provides. For instance, communication with contractors, other countries' military forces, and so on are all vital for day to day operations, and probably can't be accomplished with a military-only system because of the sheer scale and scope it would require.

      I just don't think it's as simple as saying "the military should not be on the internet". They either have to try to use it safely and securely, build a completely separate and parallel internet, or go without it. Granted, there's obviously a percentage of material that should always be air-gapped for maximum security, but the bulk of bureaucratic day to day communication and coordination only needs to be reasonably secure, and can probably safely live on the standard internet given reasonable precautions.

      They have more than a few, and I seriously doubt very much reliance on the Internet because even mediumish sized businesses use private connections between themselves rather than some VPN over the public Internet for critical communications. I'm not saying they don't use the Internet, because you can get to it from their non-secure networks, but their private networks are comprehensive. Anything classified is on those air gapped networks.

      Anyway, the purpose of our military is to defend US. They've got their own shit locked down better than most private organizations would tolerate. The way the Internet was designed, there isn't much the government can do for the rest of us without employing some sort of Great Firewall of China, or... TALK about the problems... like this journal.

      You are right, "XYZ should not be on the Internet" is not the answer. Like abstinence in teenage sex-ed, it can't be THE answer, it's not good enough. The private sector is getting screwed right now, and even if it works for some of us, we can't keep shouting abstinence at the problem.

    7. Re:why is this even a thing??? by tlhIngan · · Score: 2

      Keep mission critical stuff offline, or on a network not running standard protocols

      Airgaps don't work, Stuxnet proved you can still take down an airgapped network (face it - airgaps also mean old vulnerabilities don't get patched because it's way less convenient).

      And proprietary protocols? They exist too.

      But you know what? All this specialty stuff costs way more money. And then you wonder why the military is spending $200 on a network card that can barely do Gigabit speeds, when they can buy a GigE cards for $20. Or $50,000 for a network switch to serve an office.

      COTS has been the goal because the commercial stuff has proven itself to be way more robust, cheaper, and far more advanced than what the military can procure through the usual methods. And more secure, too, just by being out there and pummeled.

      Plus well, you have taxpayer groups arguing about why the military is needing all sorts of strange stuff - remember the $400 toilet seat? Now try imagining the headlines on /. when it's revealed that a computer on the inside network cost $10,000 for something already outdated when it was provisioned. Something that they could've gotten at Best Buy for under $1,000 with superior specs. And no, there's nothing special about it - it's not rad hard, not encased in steel or anything. Just a regular PC meant for an office.

    8. Re: why is this even a thing??? by Anonymous Coward · · Score: 0

      It doesn't really matter what the military does cyber or otherwise. What matters is their intent, and generally speaking it's s***. As long as the public is mind-f***** into thinking that all their communication being insecure is the way to go, the military will not do any better. Take their journal and shove it up their ass. When they start blowing chunks, then they can hire somebody to decipher it. Secure enough for ya?

    9. Re:why is this even a thing??? by khasim · · Score: 2

      Airgaps don't work, ...

      Yes, they do.

      ... Stuxnet proved you can still take down an airgapped network ...

      It's not whether an attack is still possible. It's about reducing the number of people who can successfully attack it.

      Stuxnet, as far as I know, depended upon someone physically smuggling in a USB device loaded with 0 day exploits.

      So the airgap worked. But their physical security failed.

      Not to mention any means of verifying what is running on their systems.

    10. Re:why is this even a thing??? by Anonymous Coward · · Score: 0

      military should NOT be on the internet!

      Question: Do you even know about ARPANET?

      So, basically, if the military builds a bridge or road, and then it becomes primarily used by citizens, it shouldn't ever use that road anymore? Especially if it means being cautious while doing so? Heaven's forbid some helpless military need take a risk.

    11. Re:why is this even a thing??? by mjwalshe · · Score: 1

      yeh right you do know that in order to develop stuxnet they had to build a compete copy of one of those cascades only 3 or 4 nation states have that level of sophistication

  2. You dominate a domain by making it irrelevant by Karmashock · · Score: 1

    Hard to understand why any of this is complicated in a real full out war.

    Smash the enemy communications networks and they're not on the internet at all at that point. What is left is whatever your own military hardened communications networks are... and all you have to do there is keep the battered remnants of the enemy out of your own systems.

    That is assuming a small engagement.

    Assuming a big one... the issue is best left to communications specialists that will be tasked with keeping systems linked to the internet properly firewalled.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  3. Um by Anonymous Coward · · Score: 0

    "Cyber warfare" is just using private systems to send data to one private system, which voluntarily sends it on to another private system, which voluntarily sends it on to another private system, and so on. Internet routing isn't some law of nature. This isn't like real warfare, where persons and/or their property are trespassed against.

    At best this is "economic warfare", in which the rules of some human system is exploited cunningly for the benefit of one party. And the government has no business favouring anyone in economic war - it is not a corporate welfare provider. Next you'll be telling me that the primary purpose of intelligence agencies is not to protect against foreign threats of violence but to provide a competitive advantage for large American firms.

    1. Re: Um by Anonymous Coward · · Score: 0

      There's so much idiocy in that post that it hurts.

  4. Re:Islamic Terrorism hits Denmark by davester666 · · Score: 2, Insightful

    First, way to post everything as AC.
    Second: Really? Two people, in two separate incidents are dead, and a few more wounded and there is "massive panic in Denmark"? Are you fucking kidding me?

    That's the same stupidity that had schools 4000 km away go on lockdown because a lone gunman killed one person on a "rampage" on Parliament Hill in Canada.

    --
    Sleep your way to a whiter smile...date a dentist!
  5. Could we please rename Cyber? by Anonymous Coward · · Score: 0

    I know this is trivial but the "Cyber" name is so 90s it's driving me nuts, not sure if anyone else is in the same boat?

    I propose "Digital" Defense!

    1. Re: Could we please rename Cyber? by Anonymous Coward · · Score: 0

      Seeing as how 'do you cyber' is short for online intercourse, this is wholly inappropriate but very pertinent to conflicts. Someone tried to slip one in there!

  6. Digital on Digital by Anonymous Coward · · Score: 0

    It may be that the ultimate weapon on the digital on digital warfare is rapid backup restore. Now, they did remember to backup, didn't they?

  7. I can help ... by CaptainDork · · Score: 1

    Target and Sony and some banks were hacked.

    The end.

    Now, let's start the journal about how we rip out all this candy-ass Internet shit and do it right this time.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:I can help ... by mjwalshe · · Score: 1

      Circuit Switched forever and some where Vint Cerf is crying and rocking backwards and forwards :-)

  8. cyberdefensereview.org down by Anonymous Coward · · Score: 0

    Seems they can't keep their godaddy hosted site up

  9. Defending against Cyber Conflict? by lippydude · · Score: 1

    They could start by not hosting it on Microsoft-IIS/7.5 ..

  10. A Hacking Target by Anonymous Coward · · Score: 0

    Somebody will try to get their inquisitive probes to the readers and contributors, eventually. They go where their targets are plenty and sea is full.

  11. Re:Islamic Terrorism hits Denmark by davester666 · · Score: 2

    OMG The situation is totally worse. The lone gunman killed somebody, then took a taxi to another location and killed someone else and wounded some other people.

    We better just lock down the whole country and do a cavity search on everyone.

    --
    Sleep your way to a whiter smile...date a dentist!
  12. Re:Islamic Terrorism hits Denmark by Anonymous Coward · · Score: 0

    We better just lock down the whole country and do a cavity search on everyone.

    don't threaten me with a good time... 8O