Slashdot Mirror
West Point and Marines Launch Open Cyber Conflict Journal
rumint writes: The Army Cyber Institute at West Point and the Marine Corps Cyberspace Command just launched an open journal studying cyber conflict — Cyber Defense Review. It focuses on strategy, operations, tactics, history, ethics, law and policy in the cyber domain. The Cyber Defense Review is positioning itself as the leading online and print journal for issues related to cyber conflict for military, industry, professional and academic scholars, practitioners and operators interested providing timely and important research to advance the body of knowledge in an inherently multi-disciplinary field.
But there are things that need to be communicated between separate entities, and while it may not be War Games incarnate, I can see how malicious disruption of some things like scheduled bank transfers, etc. could cause some panic and mayhem. Think of it as the newest layer of SIGINT
Don't blame me, I voted for Kodos
My understanding is that the military does have a completely isolated network for critical combat communication, but like any other global-scale organization, they're still probably reliant on the now-civilian internet because of the efficient communication it provides. For instance, communication with contractors, other countries' military forces, and so on are all vital for day to day operations, and probably can't be accomplished with a military-only system because of the sheer scale and scope it would require.
I just don't think it's as simple as saying "the military should not be on the internet". They either have to try to use it safely and securely, build a completely separate and parallel internet, or go without it. Granted, there's obviously a percentage of material that should always be air-gapped for maximum security, but the bulk of bureaucratic day to day communication and coordination only needs to be reasonably secure, and can probably safely live on the standard internet given reasonable precautions.
Irony: Agile development has too much intertia to be abandoned now.
First, way to post everything as AC.
Second: Really? Two people, in two separate incidents are dead, and a few more wounded and there is "massive panic in Denmark"? Are you fucking kidding me?
That's the same stupidity that had schools 4000 km away go on lockdown because a lone gunman killed one person on a "rampage" on Parliament Hill in Canada.
Sleep your way to a whiter smile...date a dentist!
My understanding is that the military does have a completely isolated network for critical combat communication, but like any other global-scale organization, they're still probably reliant on the now-civilian internet because of the efficient communication it provides. For instance, communication with contractors, other countries' military forces, and so on are all vital for day to day operations, and probably can't be accomplished with a military-only system because of the sheer scale and scope it would require.
I just don't think it's as simple as saying "the military should not be on the internet". They either have to try to use it safely and securely, build a completely separate and parallel internet, or go without it. Granted, there's obviously a percentage of material that should always be air-gapped for maximum security, but the bulk of bureaucratic day to day communication and coordination only needs to be reasonably secure, and can probably safely live on the standard internet given reasonable precautions.
They have more than a few, and I seriously doubt very much reliance on the Internet because even mediumish sized businesses use private connections between themselves rather than some VPN over the public Internet for critical communications. I'm not saying they don't use the Internet, because you can get to it from their non-secure networks, but their private networks are comprehensive. Anything classified is on those air gapped networks.
Anyway, the purpose of our military is to defend US. They've got their own shit locked down better than most private organizations would tolerate. The way the Internet was designed, there isn't much the government can do for the rest of us without employing some sort of Great Firewall of China, or... TALK about the problems... like this journal.
You are right, "XYZ should not be on the Internet" is not the answer. Like abstinence in teenage sex-ed, it can't be THE answer, it's not good enough. The private sector is getting screwed right now, and even if it works for some of us, we can't keep shouting abstinence at the problem.
Airgaps don't work, Stuxnet proved you can still take down an airgapped network (face it - airgaps also mean old vulnerabilities don't get patched because it's way less convenient).
And proprietary protocols? They exist too.
But you know what? All this specialty stuff costs way more money. And then you wonder why the military is spending $200 on a network card that can barely do Gigabit speeds, when they can buy a GigE cards for $20. Or $50,000 for a network switch to serve an office.
COTS has been the goal because the commercial stuff has proven itself to be way more robust, cheaper, and far more advanced than what the military can procure through the usual methods. And more secure, too, just by being out there and pummeled.
Plus well, you have taxpayer groups arguing about why the military is needing all sorts of strange stuff - remember the $400 toilet seat? Now try imagining the headlines on /. when it's revealed that a computer on the inside network cost $10,000 for something already outdated when it was provisioned. Something that they could've gotten at Best Buy for under $1,000 with superior specs. And no, there's nothing special about it - it's not rad hard, not encased in steel or anything. Just a regular PC meant for an office.
Yes, they do.
It's not whether an attack is still possible. It's about reducing the number of people who can successfully attack it.
Stuxnet, as far as I know, depended upon someone physically smuggling in a USB device loaded with 0 day exploits.
So the airgap worked. But their physical security failed.
Not to mention any means of verifying what is running on their systems.
OMG The situation is totally worse. The lone gunman killed somebody, then took a taxi to another location and killed someone else and wounded some other people.
We better just lock down the whole country and do a cavity search on everyone.
Sleep your way to a whiter smile...date a dentist!