Thursday, December 16, 2010

What flavor of Cyber War Fail for the 24th Airforce?


In its response to the Wikileaks incident - our new cyber commands have not covered themselves with glory. Is it a failure of vision, imagination, leadership, professionalism, or just gross malpractice?

Over at USNIBlog, - Galrahn is asking what exactly is going on and gives you plenty to ponder.
... the DoD treats information as a weapon and that viewpoint represents an Achilles heal of the DoD. Because information is treated as a weapon, the DoD often resorts to old doctrine when dealing with an information threat – and the tactics used to deal with the threat become remarkably predictable.
...
In the context of information being seen as a weapon by the DoD, and thus a threat to the DoD; it is hardly surprising that the first major public action taken in response to Wikileaks by the United States Air Forces elite cyber command is to build a big wall – after all, when you are under attack one is supposed to build a defense, right? The US Air Force cannot possibly be criticized enough for this action, because it goes against everything the DoD has supposedly learned about information warfare.
...
Whether the 24th Air Force realizes it or not, the DoD has functionally surrendered the information environment to the Wikileaks adversary because the DoD refuses to engage the adversary, ...
Remember my post there from earlier this year?

We unwisely asked for it and now we have it - now we have to execute.

My take? I'll go back to my post linked earlier - the US Military should have no role in cyber attack against civilian entities (which Wikileaks is). For two reasons:

1. Most importantly; this is a law enforcement job. The US military should stay away from this. We have a Constitution for a reason. Full stop.
2. We are staffing our "Information Warrior" billets with Staff officers who do not have the background, temperament or career path to be cyber-war professionals. Some things the military does well - this ain't one of them.

We have many civilian institutions that can do this, and will do this better. This is one rice bowl that no one in uniform should be proud of. It warps our actions and threatens our liberty.

Read it all.

16 comments:

ewok40k said...

It can be (indirectly) biggest damage Assange and his cotravelleres done th the US. Or, maybe, a contribution of theirs by exposing Chinese Great Firewall mentality at  the US national command level.
China's first action concerning Wikileaks was, predictably, to cut off all inhabitants of the Great Firewall from such dangerous and subvertive information. US putting itself alongside China in policy seems like beginnings of Sino-American Alliance from Firefly... (yep, I am sci-fi geek)

QSPN said...

Although each of the Service Academies has added cyber-warfare-related courses, the military shouldn't rely on the Service Academies in this area. The Service Academies are the best at some things, but--all the party line pablum aside--academics isn't one of them.

If you want the best talent, you have to go where it is, because you can't manufacture it. And the best talent is at top civilian schools such as Berkeley, Brown, Caltech, Carnegie Mellon, Harvard, MIT, and Stanford. At least some of these schools have ROTC Units. I suggest starting (and continuing) the search there.

Stu said...

I'd love the opportunity to build a team to work these issues and would try to find a way to bring some unconventional types on AD as Warrant Officers. 

Bubba Bob said...

QSPN makes an excellent point.  The skillset of a good infantry officer and the abilities of a good hacker are not the same.  

We need young men trained to hop over the lip of a trench yelling, "follow me."  That same young man is not going to be an A1 hacker.

But here is the real question, how did such a low-level enlisted man have access to so much information?  If we don't bother to keep our secrets, secret, should we really get upset if they leak out?

SWON6RET said...

1,  Someone tell me what this 24th AF is all about, please include how we have a 10th FLT without ships.
2. When is the execution of the guilty party - if necessary water board him after CM & before execution to gain any required info.
4. If "Cyberfor" can't jump down the wires and stop WIKILEAKS then "flying objects should jump out of the water and elimiate their servers" one at a time.  We can use plasible deniability  - "don't know how the submarine TOMAHAWK inventory is off by x numbers".

Redeye80 said...

So, is Wikileaks a US civilian website? Run by US citizens?  I think the answer to both questions is no. In my pea brain, this is espionage, pure and simple.  Wikileaks is a threat to our national security and should be taken down. Soft kill or hard kill no matter.

As far as IW staffing, the problem is not finding the "right" people, that can easily be done.  The real issues is O-5s and up cannot figure out how to control those resources.  Hackers normally don't fit the military mold.  We have to think outside the box to make this work.  The problem is Wikileaks is inside our OODA loop.

DM05 said...

AF thinks this is their gravy train, and it looks perty on the ppt. Yes sir, General...You bring up excellent points about a) posse com b) 40 y/o staff weenies trying to do "cyber warfare". If we were serious, and it was right - a big question - a USAFR Sgt or 2LT, coming from a tech background, would be enabled as CO to pick up a dozen hackers, all under the age of 25 to do battle more effectively.

Anonymous said...

1.Sweden has too good air defence for Tomahawks, Switzerland pretty much too. Heard the names Bofors and Oerlikon? They are amongst the reasons why Hitler never invaded either country...
2.You dont want US spec ops replaying the Ranbow Warrior spectacle. European police is quite competent (as growing list of foiled AQ plots shows).
3.Finally, as much as you want to Tomahawk NYTimes, that would be definitely breaking posse comitatus - and many other acts :P

ewok40k said...

that was me from another computer, to be clear

milprof said...

Allow gays to serve openly and you get much better recruiting access to those top talent pools.  Just sayin'....

LT B said...

Saying a huge amount of hackers are gay?  Please, just cause they have zits and pocket protectors, drink too much cola and have bad diets does not make them gay.  :)

Anonymous said...

most computer geeks, and by extension hackers is completely asexual, afaik... they like girls usually, but only in jpeg format

milprof said...

No, not that hackers in particular are gay, I'm saying that the military's ability to recruit at top colleges would be higher if the ban were removed -- more ROTC units, more cooperation from career offices, less informal discouragement from faculty members, fewer students who themselves hesistate to join up because they don't want to join a discriminatory organization.   Coming out of that civilian academic world I'm somewhat familiar with this, and DADT really is a big dragging anchor when it comes to attitudes towards the military on elite college campuses.

Timmy said...

I have been a proponent for a while of spinning off "Cyber Warfare" into it's own service for a couple of reasons.

1) Cyber Warriors aren't like your typical infantry soldiers where speed = life.  I.e. someone "flying a desk" really has no need to be able to sprint looking for cover in a firefight.  Therefore most of the physical fitness standards go out the window.  Lots of the best folks I know that could do this job are overweight and rarely see sunshine :-)

2) This mission doesn't mesh well with any of the core competencies of the existing services.  This was really a stretch for the Air Force to take this on. "Air, Space, and Cyberspace"?  The only linkage between Space and Cyberspace is that they rhyme.  The service with what I believe to be the most relevant heritage and experience would actyally be the Navy, since Navies in general have always had to be good at Cryptography, but even that is really a small slice of what cyber warfare is.

You could set this service up without even investing in a lot of bricks and mortar.  People can launch a cyber attack while sitting on the couch in front of the TV with a Broadband Connection.  This also expands the available talent pool to pick from.  Heck you could even set up a Reserve and do your One Weekend a month and two weeks a year from the comfort of your own home.  I'd sign up without pay just for the fun of it.

I commend the Air Force and the Navy for stepping up and trying to fill the gap, but I just don't think doing Cyber Warfare within the existing services will really work well going forward.  Will there be a need for some boots on the ground to do some Cyber Warfare?  Absolutely! I'm thinking of things you need physical proximity for like hacking Wireless LANS, Intercept Capability, and more brute force attacks like Jamming IED's.  But the vast majority of Cyber Warfare can be done by someone who couldn't pass the Fitness/Medical to get into one of the existing services to save their life (I'm including myself in this category).

QSPN said...

Although I agree with your general theory that military recruiting would be easier if DADT is repealed, I disagree with some of your analysis.

If DADT is repealed, many schools will NOT invite ROTC back on campus because, for those schools, DADT is an excuse to hide hatred/mistrust of the military by individuals with power at the respective school. Those schools simply will find another excuse (budget problems, lack of space, etc.).

Since many faculty members overtly deride the military at virtually any opportunity, "informal discouragement" really isn't a big problem.

Nor is DADT a "big dragging anchor" when it comes to attitudes towards the military on elite college campuses. Instead, it's an issue espoused (rightly) by some that gets a lot of play among liberals and the media. For those seriously considering military service, it's typically not a big issue unless they themselves are gay.

Although I am not an academic, I attended an elite college and my children attended elite colleges. My comments reflect prior discussions with them, so my perspective is not just that of a dead parrot pining for the fjords.

milprof said...

It will vary by university; in my experience DADT is a larger share of it than you are suggesting, especially among students and among younger faculty; what you describe is more true of the 'Boomers'.  For ROTC at MIT, for example, although there is an active ROTC program there it has been controversial for the last 20 years, due to DADT.  In general MIT is a military friendly campus, but they are also quite serious about their non-discrimination policy, and the collision of those two values has caused a lot of angst there.