7 August 2014

IN SUPER SECRET CYBER WAR GAME, PRIVATE SECTOR TECHIES PUMMEL ACTIVE-DUTY CYBER WARRIORS

by Fortuna's Corner
August 5, 2014
In Super Secret Cyber War Game, Civilian/Private-Sector Techies Pummel Active-Duty Cyber Warriors — Establishment Of A Cyber Surge Capacity Needed 
 
http://www.fortunascorner.wordpress.com

Andrew Tilghman, writing in the August 4, 2014 edition of TheArmyTimes, writes that “when the military’s top cyber warriors gathered last year (2013), inside a secret compound,” inside NSA’s headquarters at Ft. Meade, Maryland, “for a classified war game exercise, a team of active-duty [military] troops faced off against several teams of reservists. And, the active-duty team, apparently took a beating,” writes Mr. Tilghman.

“They were pretty much obliterated,” said one Capital Hill staffer who attended the exercise,” wrote Mr. Tilghman. “The active-duty team didn’t even know they’d been attacked,” the staffer added. “The [cyber] exercise highlights a sensitive question emerging inside the military’s cyber warfare community about what future roles reservists will play in the Pentagon’s overall cyber force.” “At stake, Mr. Tilghman adds, “is a massive pot of money; and, thousands of military jobs for a critical mission that will be mostly shielded from budget cuts slamming nearly every other part of the force under sequestration.”

Real-World Experience

“The cyber warfare mission is unique, many experts say, in that reservists bring training and expertise from their work in the civilian sector that can be far more advanced than what’s found in the military itself,” notes Mr. Tilghman. “While military missions like the infantry or submarine warfare have no direct civilian counterpart, some reservists are full-time cyber security experts on Wall Street; or, software programmers with top technology firms, especially those attached to National Guard units in high-tech hotspots like California’s Silicon Valley, Seattle, and northern Virginia,” he noted. “The guys and gals who work day jobs in suits and ties — or tie dyes and blue jeans — a lot of them have real-world experience in cyber that is far and above the limited skills that…..regular military people have,” said Matthew Aid, a technology and intelligence expert, and author of “The Secret Sentry, The Definitive History Of The National Security Agency.”

“Yet, many reservists fear that active-duty leaders at the Pentagon and U.S. Cyber Command (USCYBERCOM), are drawing up preliminary plans that do not specifically include reserve component units in the mission,” Mr. Tilghman notes. “That debate will heat up,” he adds, “later this year; Congress has ordered the DoD to prepare a report on its cyber warfare plans, with special focus on “requirements for both active duty and reserve components,” as well as civilian assets,” according to legislation enacted last year.”

Reservists Shut Out?

“USCYBERCOM, which began operations in 2010, is developing a specialized joint force of about 6K cyber warriors, assigned to 133 teams, that will train for a range of missions, from defending DoD networks, to mounting offensive [cyber] operations, to disabling enemy systems,” Mr. Tilghman writes. “A preliminary plan calling for a force mix of 80 percent active duty troops and 20 percent civilians — has sparked concern from reserve component leaders,” he added. “The Reserve Forces Policy Board (RFPB) is drawing up a recommendation for Secretary of Defense (SECDEF) Chuck Hagel, urging him to make sure that reserves are also represented.” “I don’t know the right mix; but, I guarantee you its not 100 percent [active duty] and zero [reserves],” said Arnold Punaro, Chairman of the RFPB, a federal advisory group established by Congress. “It defies common sense to think that industry, in particular our high-tech industries, are not moving at light speed compared to the way that government works. We are urging the SECDEF to take a hard look at going all active duty,” Punaro said in an interview.

Army LTC. Valerie Henderson a DoD spokeswoman, said “the active-reserve force mix for the cyber mission remains” under current analysis” as directed by Congress last year; and, noted that “no decisions have been finalized.” “We are pursuing reasonable solutions from the perspective of all parties involved,” she said. “Active and Reserve cyber warriors each have distinct skills; and, the optimal force mix will include both,” said Army Colonel Greg Conti, Director of the Army Cyber War Institute at the U.S. Military Academy in West Point, New York. “Think of it in terms of football — there is an offense and a defense; and people who know the game can swap positions. But, there are certainly differences,” Col. Conti added. “I think the active military is probably stronger in the current military operations; and, how to integrate what they do — with traditional kinetic military operations. And, you need people who have current situational awareness of threat actors.” “For example,” he added, “specific details of the Chinese navy’s communications networks, or the operating systems underlying Iranian air defense systems — are unfamiliar to most civilian tech professionals. Yet, reservists who come from the private sector, “are probably able to focus more intensely on the discipline of the technology,” Conti added. “There is some natural mission areas that emerge, and each force has natural strengths,” he contended.

Specialists Versus Generalists

“Underlying the debate,” writes Mr. Tilghman, “are concerns about the military’s ability to adapt quickly. In addition to standing up operational cyber warfare teams, the military services also need to develop specific guidance for recruiters targeting people with these skills; develop professional schools with a long-term curriculum; and, create career paths and manpower management tools for the thousands of troops who will be pursuing careers in cyber warfare. That last mission may be the most challenging,” he notes. “Fostering a highly specialized cyber force may be at odds with the military’s tradition of cultivating generalists — who change jobs frequently,” Mr. Tilghman wrote. “The military unfortunately has a nasty habit of taking people who have expertise in a particular area….and using them as truck drivers or cooks,” Aid said. “And promoting the most highly-skilled cyber warriors — may be difficult in a system based on rank, and time-in-grade,” he added. “I’ve heard senior leaders say their is a skill inversion,” Conti said. “Some of the most talented people are at the lieutenant and captain level. We have our traditional, hierarchical way of doing things. What we are looking at is a cultural shift for the military in how things are done.” “Military leaders want to make cyber warfare a top priority; but, major change does not come immediately. The regular military wants in; but, its going to take some time. You can’t just take an Arabic linguist who was in Afghanistan and cross-train him into a cyber security expert overnight,” Aid said.

My Two Cents

I do not think anyone would argue with the supposition that the vast majority of the best and the brightest with respect to cyber are not in uniform; nor, government civilians. Granted, we do have some very special, and highly-talented cyber warriors on the government payroll — especially in the U.S. Intelligence Community. And, we probably never will. One thing to consider would be the establishment of an elite team of cyber ‘warriors’ that the DoD and the rest of government could call upon — in situations where U.S. national security is threatened: i.e., a Cyber 9/11, or when faced with a large-scale cyber attack on the homeland or our forces overseas. Perhaps, we could pay a yearly stipend, to those who are employed in the private-sector and Silicon Valley — in exchange for their support and cooperation when a national cyber emergency is declared. Or, establish a civilian cyber “SEAL” roster of individuals who could be tapped — much like the draft — to help in times of great cyber crisis. We may have to consider a cyber draft under these circumstances, as the Edward Snowden event has shown — there is a palpable mistrust of the U.S. government’s cyber activities — by those very individuals and corporations, Universities, Think-Tanks, etc. that we would need in times of a cyber crisis, or cyber 9/11. We should consider what it would take to implement a cyber surge capacity of talented, elite, cyber warriors.

Additionally the military and intelligence agencies need to practice scenarios where they are disconnected — for a period of time — from their IT ecosystem and networks. We have to assume that an adversary or opponent in the future will attempt to degrade or takedown our critical IT infrastructure; as well as, degrade our weapons systems that are not only network enabled; but, network dependent. How one restores trust, in the aftermath of such an event/s is also crucial. Just ask Target how difficult it has been to recapture their customer base and the online shopper — in the aftermath of last year’s breach during the height of the Christmas shopping season. V/R, RCP

No comments: