“It’s all-out cyberwar toe-to-toe with the Russkies!”
In 2008, the US military will start to fund a new Air Force “Cyberspace” Command (which will essentially attempt to create an ability for the US to wage warfare within civilian information infrastructures). As is typical with most post-conventional military efforts, the new command will sport:
A huge budget (in tens of billions of dollars) and a massive uniformed/private bureaucracy (tens of thousands of “cyberwarriors”). Standard DoD scaling rules apply — as in a gaggle of personnel drawn from multiple organizations and companies with a patina of training in “cyberwarfare.”
The Air Force (apparently strangers to the term “blowback”) is spending tens of billions of dollars to turn U.S. servicemen into international cybercriminals!
This new Command’s ability to wage cyberwarfare will be judged based on its success in three areas:
Real-world experience and rapid (open source) innovation. Most, if not all, of this experience and innovation in cyberwarfare is gained through criminal activity. Innovation is a product of rapid cycles of competition with software vendors and computer security companies.
Massive self-replication. Think in term of small teams (the smarter, the better) designing software that seizes control of tens of millions of computer systems through various forms of infection.
Deniability. Nearly all of the successful operations conducted in offensive cyberwarfare will require deniability. Post-attack forensics must not point back to a government since these wars/battles will be fought in peacetime . . .Given these requirements, this new Command will likely fail (and badly). To provide contrast, the Russian Business Network (the RBN is a computer criminal syndicate responsible for an estimated 60% of online criminal activity), gets top marks in all of these areas.
I mean, like, wow.
D’you think this stands a snowball’s chance in hell?
And, come to think of it, what will the =patch= look like?
Dubjay: “turn U.S. servicemen into international cybercriminals”
Capable of becoming such, that is. Is it inherently different from training teenagers how to use guns and explosives also training them into being capable of becoming bank-robbers and terrorists?
Personally, I’m not terribly worried about training them to become cybercriminals. Any high-school with an internet connection provides ample training for budding internet assailants.
No, actual cybercriminals! Success is judged on “real-world experience,” which means they will be busting into other folks’ computers and actually breaking the law.
I’d really love to read the rules of engagement, when they develop such.
Not to be a poo or anything but I went to the link and couldn’t find any links.
So essentially I’ve got to take this person’s word for this person’s interpretation of a command structure change I’m taking this person’s word for.
OTOH, it sounds just about like what the husband of a friend of mine did as an officer in the Army National Guard several years ago.
OTOH, “Cyberspace” command sounds… well, I’d expect “Information Technologies Command” or something like that. Hm… looks like that, at least, is accurate enough.
Easy enough to find with Google.
“The Air Force broadly defines cyberspace operations to include not only computer network attack and defense, but also improvised explosive devices in Iraq, terrorist use of GPS and satellite communications, Internet financial transactions by adversaries, radar and navigational jamming, and attacking American servers.”
Yeah, I think we should just ignore all that.
Older stuff I found said the command will be based in Louisiana but recent stuff, from this November, says Richardson is lobbying to bring the USAF Cyberspace Command to New Mexico.
Well if it’s going to New Mexico I obviously think it’s a great idea. Though why the Administration should so oblige Bill Richardson I cannot imagine.
Seriously, though, I think an actual U.S. Cyberspace Command is probably a good idea, and probably a necessity.
But, y’know, it’s going to be like training an army by invading other countries.
You really cannot learn to invade foreign computers without actually invading foreign computers. (Whereas you can train an actual army without invading, say, Poland.)
So what can we do but take the assumption, from a legal point of view, that cyberspace does not actually =belong= to anybody, and therefore we can put our daemons in there wherever we want.
“Well if it’s going to New Mexico I obviously think it’s a great idea.”
;-D
The even older stuff I found, pre-9/11, was the breaking news that “A change to the Unified Command Plan will transfer the Computer Network Defense (CND) mission to US Space Command on Oct. 1. One year after that, Space Command will also pick up the Computer Network Attack (CNA) mission.”
I’m confused. Are you for cybercriminals, or against them? Are you of the opinion that “cybercrime” does not exist, and that penetrating security is only doing the penetree a favor by displaying how penetrable they are? Are you claiming that it’s okay for private citizens to do these things, but verboten for The Government? (Or are you concerned that The Government will claim exactly the opposite–that it’s a priveledged entity that can do things it would arrest the rest of us for doing? Although, as tarl points out, that ship has sailed.)
In any case, it just seems like the 21st-century equivalent of buzzing the Soviet air-defense network to see how good their radars are, or flying TU-95 over Alaska to time how long it takes the F-15s to show up.
I am not “for” cybercrime. By =anybody.=
Just as, generally speaking, I am not in favor of governments doing the sorts of things for which they lock up their own citizens.
However, “governments doing the sorts of things for which they lock up their own citizens” is sort of a definition of the military. Large-scale mayhem is, you hope, the thing that only governments do— assuming of course that anyone does it at all.
Given that cybercrime, particularly that engaged in by pseudo-government entities (i.e., Russia and China), is both a threat to security and to world stability, I’m generally okay with our military learning how to do this stuff.
I just think that this particular effort is clueless, highly expensive, and doomed.
Government hackers should be the equivalent of a special-forces infiltration unit— small, covert, creative, independent, and deniable.
A ten-billion-dollar military bureaucracy devoted to teaching thousands of cyber-warriors how to break into computers is none of these things.
Teaching recruits to commit cybercrime by the book— the same way they teach techs to repair jet engines— is going to be both hilarious and sad.
The Russians and Chinese seem to be doing very well by recruiting people who are =already= cybercriminals. I can understand why we wouldn’t want to do that— especially as the Russians and Chinese seem willing to let these people do actual crime when they’re not conspiring to upload rootkits to DoD computers.
But still . . . where’s Kevin Mitnick when we need him?
Comments on this entry are closed.