Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Comments: 543 +-   Air Force Cyber Command General Answers Slashdot Questions on Wednesday March 12 2008, @10:41AM

Posted by Roblimo on Wednesday March 12 2008, @10:41AM
from the 30-pushups-and-50-lines-of-code-before-breakfast dept.
military
Here are the answers to your questions for Major General William T. Lord, who runs the just-getting-off-the ground Air Force Cyber Command. Before you ask: yes, his answers were checked by both PR and security people. Also, please note that this interview is a "first," in that Generals don't typically take questions from random people on forums like Slashdot, and that it is being watched all the way up the chain of command into the Pentagon. Many big-wigs will read what you post here -- and a lot of them are interested in what you say and may even use your suggestions to help set future recruiting and operational policies. A special "thank you" goes to Maj. Gen. Lord for participating in this experiment, along with kudos to the (necessarily anonymous) people who helped us arrange this interview.


How do we prevent "mission creep" (Score:5, Insightful)
by Jeremiah Cornelius (137)

It appears that the military is increasingly involved in areas who's jurisdiction was once considered to be wholly in the civil domain. Use of jargon like "cyberspace" seems only to obfuscate and distract from the core issue. This appears an effort to recruit public opinion and defuse the deeper questions that strike at the heart of a free and civil society. I think that if we had a statement that "The private mails are a warfighting domain" would generate a fair amount of debate on the role of the military as opposed to the police, the function of constitutional protection of liberties, and the question of what actually constitutes a state of war.

What are the limits on this jurisdiction? Who enforces these limits, and how is the public informed of that status? How are efforts to extend being safeguarded from creating mission creep that threatens all civil discourse in the United States and abroad form targeting, suppression, propaganda and extra-legal surveillance?

ANSWER:

A very good question. It's a complex issue, but bottom line is that we won't need new laws to be able to fly and fight in cyberspace. The DoD's role in protecting cyberspace is governed by domestic and international law to the same extent as its activities in other domains. Other U.S. agencies, such as the Department of Justice and the FBI, have important and, in many cases, leading roles to play.

Attacks on the US and its Allies by China (Score:5, Interesting)
by Yahma (1004476)

There have been several recent news reports that China has and is engaging in a nationally funded effort to hack into and attack US government computer systems. The German government recently announced that they traced recent aggressive cyber-attacks back to the Chinese government. What, if anything, is being done against this type of cyber-terrorism against us and our allies? Why do we still confer most-favored nation trading status onto a Nation who is actively engaged in efforts to spy on and attacak our government and corporate computer systems?

ANSWER:

Yes, there are lots of news reports on that, but I'm sure you can appreciate the fact that there are other branches of the U.S. government that must answer your foreign policy questions. I can tell you that securing cyberspace is difficult and requires a coordinated and focused effort from our entire society - federal government, state and local governments, the private sector and the American people. The Air Force is working to improve our ability to respond to cyber attacks, reduce the potential damage from such events, and to reduce our vulnerability to such attacks.

Accept, Retain, Solicit good people? (Score:5, Interesting)
by Lally Singh (3427)

General,

Some of the most talented people in computer security tend to have the sort of records that prevent them from getting clearance. Maybe nothing heavily criminal, but enough of a colored background that traditional security clearance mechanisms would throw them out of the room before they get started. Often the same types of minds that are really good at computer security are also the rebel types, who'll have some history. Will you work to get these people in, or are we looking at a bunch of off-the-shelf programmers/admins who've taken a few simple courses in computer security?

Also, how do you plan to attract/retain them? Again, rebel types are some of the best hackers, and they're not likely to go in without incentives. Not due to any lack of patriotism per se, but an unexplored understanding of it. More importantly, they're likely to be anti-establishment types who aren't comfortable in the strict traditional chain of command. Finally, usually the outside industry pays quite well for the good ones. Are you prepared to financially compete for the best?

Finally, will there be any connections back to the research/academic community? You may find academics more happy to help than usual, as cyber warfare can often be nonviolent. Also, will the existing (and immense) capability within the NSA be properly leveraged?

ANSWER:

I believe even the most unlikely candidate, when working for a cause bigger than himself, turns out to be a most loyal ally. Young men and women come into the military for any number of reasons - education, health care, etc. - but end up staying because they believe what they're doing matters. We know money doesn't create loyalty--a sense of purpose does. We'll take what they have to offer, and in turn they might be surprised by what they get back. It's not just our military members either, it's all those who partner with us . . . academia and private industry, our civilians and contractors, too. In the cyber command, there is a purpose and sense of urgency to be ready. You can bet that we leverage all the expertise out there to help us do our job.

Older recruits? (Score:5, Interesting)
by rolfwind (528248)

It seems that in the military traditionally it was always looking for people fresh out of highschool for EMs and if you wanted to get anywhere in the military you had to be either college educated or, to really have a high end military career, start really young in something like the Valley Forge Military Academy and work from there.

In a traditional branch of the army/navy/airforce that is probably as it should be.

But in this area people have to be trained for years, still not know as much as the older hands in the private industry, and before they really know enough their enlistment would be over. Also, it would be unacceptable for an older IT person to join but take a pay cut to a Private's level or perhaps even a Lieutenant's -- so I imagine this branch would have to be somewhat different.

Is the military going to do to reach out toward the older folks who have extensive experience and knowledge outside the military?

ANSWER:

As I work alongside today's Airmen, many with very specialized skill sets in great demand outside the Air Force, I find them to be incredibly well trained and up-to-speed on current technologies. We bring them in from a general practitioner level and take them to expert level in reasonable time ... and well before retirement age indeed! We train them with specific technical skills as well as overarching abilities required to lead in today's environment. You're right in that we couldn't compete in the cyber world without the experts in the civilian industries who give us the technology in the first place, provide the architectures we use, and even the software we need. People don't have to enlist or take a pay cut to help us out. Certain skill sets can also be brought on board as civilians or contractors, and in many cases we do offer compensation competitive with the commercial sector.

Which acts of war should be illegal in cyberspace? (Score:5, Interesting)
by cohomology (111648)

War is never clean.

In conventional warfare, certain actions such as hiding among civilian populations are forbidden. These actions are considered war crimes because of the collateral damage they are likely to cause. What actions in cyberspace do you think should be outlawed? How about intentionally bringing down hospital IT systems, or destroying undersea cables without regard to the effects on civilian populations?

ANSWER:

The U.S. military complies with all applicable domestic and international laws, and that will certainly apply equally within cyberspace. The Law of Armed Conflict, for example, arose from a desire among civilized nations to prevent unnecessary suffering and minimize unintended destruction while still waging an effective war. It would be possible, as you mentioned in your scenario, that some who ignore the laws of civilized nations could conduct operations in cyberspace that may have unlawful negative consequences on civilian populations. For us, abiding by these laws, being good at we what do and maintaining a technological advantage over our adversaries provides us a first line of defense. Those who commit unlawful acts would certainly face potential criminal liability for war crimes.

Physical Fitness (Score:5, Interesting)
by spacerog (692065)

General, You were recently quoted in Wired as having said "So if they can't run three miles with a pack on their backs but they can shut down a SCADA system, we need to have a culture where they fit in." Is this an accurate quote? As a former member of the US Army I must say that passing a PT test is not very difficult and the suggestion that some soldiers should be exempt from basic minimum requirements is rather upsetting. Are you actually advocating the relaxation of military physical fitness standards for 'cyber warriors'? Would this not create a double standard and animosity between the cyber command and other sections of the military? Surely there must be other recruitment incentives that can be applied to attract the talent you need.

ANSWER:

I don't disagree with you . . . and I am not advocating changing our PT test. What I am saying is that we, as a military culture, need to look beyond what we've traditionally recruited. The very nature of our military requires that we be able to work in combat conditions and be able to establish and protect our cyber/communications structures and networks in remote, even austere conditions. As anyone who has worked in these austere locations will tell you, being fit is critical to mission success, so I don't foresee or advocate for a relaxation of standards just to bring in this specific type of talent. But, as we know, some of what we do in cyber can be done at home station as well, so what will our force look like in the future? This is something we need to look at and evaluate as we progress in this area.

It is good war is so terrible... (Score:5, Insightful)
by MozeeToby (1163751)

A wise man once said "It is good that war is so terrible, lest we grow too fond of it". If cyberwarfare ever becomes a reality, how do we respond to the fact that is isn't "terrible"?

The direct damage from such warfare would be primarily economic or data security related (rather than a cost in human lives) how do you feel we can prevent it from becoming a monthly, yearly, or daily occurance?

ANSWER:

The fact is we are dealing with this on a daily basis and it won't be going away anytime soon. Not for any of us. The way to shield ourselves from these attacks is to be at the forefront of technology, tactics and procedures relating to operating in cyberspace. We have systems and software that are protected by multiple layers of security and functional redundancy. We train our people to be on the cutting edge of this technology, and we find ways secure our information. We have to take this very seriously because we rely on our networks to conduct military operations all around the world. The person who hates war the most is the warrior who has to go to it ... we want to prevent that.

Criminal vs Warlike Actions (Score:5, Interesting)
by florescent_beige (608235)

General Lord,

Does the AFCC have a mandate to pursue criminals that use information infrastructure to commit crimes, or is your group intended to defend against warlike attacks only?

If the latter is true, how would you distinguish between criminal activity and warlike activity in cyberspace?

ANSWER:

The speed and anonymity of cyber attacks makes it very hard to distinguish what actions would be those of terrorists, criminals, nation states or just some lone prankster. Our command coordinates with government partners such as the DoD's Cyber Crime Center staff, who work with law enforcement officials to investigate and prosecute criminal acts if necessary. A "war-like activity" can also include presenting misleading information to our battlefield commanders. So, we've got to be spot on about authenticating the trusted source of that information in the first place. But, generally speaking, if something is a coordinated attack that would cause disruption or an attack that required a high level of technical sophistication to carry out, that would cause us to take a closer look and recommend a proper response.

Legal Hacking... (Score:5, Funny)
by JeanBaptiste (537955)

Just post a list of the stuff you want hacked and the more patriotic hackers will enjoy doing it for free.

Due to the nature of hacking and what many people do to acquire such skills, they may not want to 'join up' and all that.

But if you post a list of IP's that are okay to bring down, and networks you want information stolen from, with the understanding that the US will not condemn any attacks, and I'm sure more than enough people would do it for free.

Is there anything like this already in place? Cause I got nothing better to do this weekend. Or most any weekend.

ANSWER:

YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.

Could a Cyber Attack Trigger a Real War? (Score:5, Interesting)
by florescent_beige (608235)

General Lord,

I'm curious to know if you have have any criteria that would enable you do decide when a cyber attack is an act of war. Would it be possible for some kind of action inside a network to lead to a shooting war without some kind of overt physical threat occurring first?

ANSWER:

Within the Department of Defense, we are careful not to speculate about what would be considered an act of war. Our nation's elected officials are the ones who will decide what threats to, or actions against our national security will constitute an act of war against the United States. These same leaders will likewise determine what an appropriate response would be, and that could be diplomatic, economic or involve the military to demonstrate the nation's resolve. That's why it's my responsibility to oversee the building of a command that will provide our leaders, through the appropriate chain of command, with many options with which to deter threats in the first place or respond when necessary.

Why was the Air Force tasked with this? (Score:5, Interesting)
by Isaac-Lew (623)

Why should the US Air Force be tasked with this, instead of DISA or NSA, neither of which is tied to a specific branch of the military?

ANSWER:

Don't confuse the fact that we are standing up the Air Force Cyber Command to mean we are the lead for the nation, or the primary command to respond to a particular incident. We are just one part of a combined effort. Our first priority is to work with DoD to defend AF military resources, but many of those resources rely on civilian entities, so we obviously have a keen interest in protecting those items as well. We thought it was the right thing to do to consolidate our efforts and to align all the Air Force cyber-related resources so we can have better command and control. This command will be able to respond better to the needs of our commanders and be the focal point within the Air Force for cyber security and defense missions, as well as respond to emergencies and natural disasters. Make no mistake, we are partners with the other sister services--the Army, Marines, Navy--as well as with DISA, NSA and Homeland Security to name a few. We're all in this together.

Question about Existing Contractors (Score:5, Interesting)
by tachyon13 (963336)

General Lord, I currently work as the exact type of 'cyber warrior' you intend to recruit. But I already have a Top Secret clearance, already familiar with DoD systems, etc. The dynamic with what we call 'Information Assurance' is that of a constant struggle with our contractor management (stay within the contract, the budget, etc) and with our 'warfighter' higher ups (educating them on why they can't have full access from their home in the spirit of "operations are a priority, to hell with security"). So assuming you can get the type of expertise that are eligible for clearances, and that are willing to relocate to Offutt/etc, how are you going to address the core issue of security in the DoD: Operations/budget/schedule will always trump security. Or alternatively, security will always be back burner to 'hot' issues. Thank you for your time.

ANSWER:

Certainly the balance between having access to do our mission and having robust security is an issue where not everyone agrees on just how much to restrict or how much to allow. The Air Force takes the security of its computer networks very seriously and has taken several measures to educate our users and to provide secure means for them to operate. As with many other issues, the Air Force through its commanders, must assess the risks and make a decision. I don't agree or I maybe I just haven't seen where security is always a back burner item.

CyberCommand Location (Score:5, Interesting)
by Mz6 (741941)

General,

Can you explain some about the situation developing between Barksdale AFB and Offutt AFB as they try to fight over the eventual final location for CyberCommand? My thoughts are that finding and recruiting talent, and laying the foundation for such a large wired infrastructure in the Omaha, Nebraska area may be easier to accomplish than in and around Shreveport, LA. What types of things is the DoD looking for when they choose the final location for this new Command?

ANSWER:

The government actually has a regulation that covers the whole process for choosing a location for a command and it's a very defined, thorough process. The bases must meet certain criteria -- existing infrastructure would be just one aspect of many items along with communications or square footage requirements, but there are other considerations, such as the impact to the environment that the Pentagon will consider. I would hope that no matter where it was located, we would still be able to attract the talent needed to work in this exciting command and that all communities see the need to protect this domain.
story

Related Stories

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Air Force Cyber Command General Answers Slashdot Questions 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • The questions are interesting... (Score:5, Insightful)

    by swm (171547) <swmcd@world.std.com> on Wednesday March 12 2008, @10:43AM (#22728724) Homepage
    and the answers are content-free.

    Oh, well. At least they tried.

    • Well what did you expect? (Score:5, Funny)

      by wsanders (114993) on Wednesday March 12 2008, @11:00AM (#22728908) Homepage
      Q: Please g3ve u5 r00t to m133ile l3nche5!
      A; No.

      Q; You suxx0r!
      A; I love my job! { must ... control ... fist .. of .. death ...]

    • Re:The questions are interesting... (Score:5, Insightful)

      by timholman (71886) on Wednesday March 12 2008, @11:02AM (#22728932)

      and the answers are content-free.

      Did anyone seriously expect anything else?

      We live in an age where the press routinely goes over every single word spoken by celebrities, politicians, and public figures, and tries to make a scandal out of any off-hand comment that can be construed to embarrass the speaker.

      Any officer who has not learned to cover his ass and keep his mouth shut will have a short career in today's military.

      • Re:The questions are interesting... (Score:5, Insightful)

        by Firehed (942385) on Wednesday March 12 2008, @12:27PM (#22729962) Homepage
        A perfectly understandable and valid reason for the response, but that doesn't change the fact that most of those responses either dodged the question or answered something entirely different. Or in one case ("YGTBKM!" - which I had to look up), a blatant lie. You can bet your ass that the government would love to hand over a bunch of IP targets to script kiddies to piss off the Chinese government and would happily grant them immunity, if not for the fact that they couldn't sufficiently distance themselves from such a list. I just can't take seriously any answer that says "we don't condone illegal things" coming from anyone in the government, let alone a high-up in the military, even if I were to disregard that whole torture thing. Apologies if that makes you guilty by association, but you know what's going on and still choose to work there.

    • AGREED (Score:5, Interesting)

      by rutledjw (447990) <johnwrutledge@noSPAM.gmail.com> on Wednesday March 12 2008, @11:04AM (#22728966) Homepage
      But I think your second point is most important - they tried. Assuming (hoping?) they really are reading feedback we can hope they will adjust their filters accordingly. being vague on questions such as roles and responsibilities between government agencies will only create a general sense on unease in the general population.

      Furthermore, we should remember as a group of large agencies, there's bound to be politicking and may not be the level or coordination desired. Of some of this vague area may reflect reality, they don't really know where lines actually exist...

      • Re:AGREED, but some caveats: (Score:5, Interesting)

        by ThousandStars (556222) on Wednesday March 12 2008, @11:34AM (#22729342) Homepage
        The general's answers were also interesting because they demonstrate the gap between what we're used to reading on blogs and in /. comments: unfiltered, highly opinionated pseudo-anonymous people who speak only for themselves. There are no or few repercussions for most people if they make a foolish statement or unfairly lay into someone or whatever. But public officials -- and a general is at the very least a semi-public official -- don't have that luxury. So what such a public official will say will be different in tone and content than what we're used to.

        This indicates something of a culture gap between the kind of hackers who the general presumably wants to recruit and the generals themselves. Paul Graham states it [paulgraham.com] well:

        Most imaginative people seem to share a certain prickly independence, whenever and wherever they lived. You see it in Diogenes telling Alexander to get out of his light and two thousand years later in Feynman breaking into safes at Los Alamos. Imaginative people don't want to follow or lead. They're most productive when everyone gets to do what they want.

        Such "prickly independence" is the opposite of the stereotype of the military that's lodged in my mind. Now, I know that stereotype is somewhat inaccurate, but nonetheless the rebel/renegade streak that runs through many -- though by no means all -- of the creative, intelligent people who often know technology well. I'm not sure I'd go as far as Paul Graham's "most," but I'm definitely going to use "many."

        Finally, regarding the tone of the answers, remember too that it's easier for an individual speaking for himself (Neal Stephenson, anyone [slashdot.org]?) to answer candidly than it is for someone who represents millions, especially because the military sometimes has PR problems. If the general says anything forceful, it will be spun around the Internet, quoted -- perhaps out of context -- in newspapers, and generally leave the military open to the PR of others.

        I'm not sure how to solve such cultural problems between hacker types who need direct unvarnished honesty ("Where is the mistake in this?") versus PR types in public ("How do I make sure my words won't be used against me?").

        • Re:AGREED, but some caveats: (Score:5, Insightful)

          by DerekLyons (302214) <fairwater AT gmail DOT com> on Wednesday March 12 2008, @02:18PM (#22731514) Homepage

          Such "prickly independence" is the opposite of the stereotype of the military that's lodged in my mind. Now, I know that stereotype is somewhat inaccurate, but nonetheless the rebel/renegade streak that runs through many -- though by no means all -- of the creative, intelligent people who often know technology well.

          Well, from my decade of service in the USN Submarine Service I'd say that a significant (if not vast) majority of my fellow bubbleheads exhibited the traits of "prickly independence" and "rebel/renegade". From encounters and conversations with other parts of the Navy and other branches of the service over the years I'd say that (outside of the more elite branches, like the Submarine Service) the traits are present in what amounts to only a very slight minority.
           
          Many in the military also tend to be more creative than you might think. Certainly we're trained as most people think, to treat The Book as something to be followed slavishly. What most people don't realize is that we are also schooled in the principles behind The Book so that when the shit hits the fan and The Book has to be tossed over our shoulder - we are ringing the changes [wikipedia.org] rather than merely improvising. (And even when we do have to improvise, we've still got that grounding to work from.)
           
          Which is why the military values those traits - someone who doesn't have them flounders when you have to heave The Book. And the military knows full well that in the real world things will go all pear shaped - its inevitable. (And, inevitably, leads to tension between 'the kind of serviceman you want in peacetime' and 'the serviceman you need in harm's way'.)
           
          The difference between the typical creative person and the military mind, I think, lies in the ability of the military mind to 'switch modes' as it were. The discipline to stay in robot mode when needed, matched with the ability to operate creatively when needed. You can't have artistic tantrums when the bullets are flying, or even in peacetime in garrison.

    • Re:The questions are interesting... (Score:5, Insightful)

      by florescent_beige (608235) on Wednesday March 12 2008, @11:36AM (#22729354) Journal
      There is a whole science to reading speech that is attempting to balance many competing interests.

      In this case I'd list some of the competing interests as:

      Don't want to actually lie.
      Don't want to say anything your worst enemy shouldn't know.
      Don't want to be *perceived* to be doing either of the preceding.
      Want to appear receptive to questions.
      Want to remain politically neutral.

      I'm sure there are many more.

      I did manage to tease out one interesting tidbit from two questions of mine the General was kind enough to answer:

      Question #9: When asked if a cyber-attack could lead to a shooting war, the General replies (to paraphrase) that the response to any given scenario is up to elected officials, not the DoD. Fair enough. But...

      Question #7: When asked about the difference between criminal and military-like actions online, the General replies that, depending on the nature of the attack, his group would "recommend a proper response".

      So, while the ultimate decision is always to be up to the CinC, the DoD isn't without an opinion as the answer to #9 might imply. The real answer would get into operational planning which, of course, can't be revealed.

      Actually I find the answers interesting to parse, knowing that they must have been massaged by so many experts.

      None of which is meant to belittle the fact that the General actually took time to go though this exercise. Very refreshing.

    • Re:The questions are interesting... (Score:5, Insightful)

      by pitonyak (1102049) on Wednesday March 12 2008, @11:42AM (#22729406) Homepage

      I considered some of the answers insightful, for example: "We know money doesn't create loyalty--a sense of purpose does".

      Yes, some answers lacked deep content in that they were the expected carefully worded answer. Unfortunately, these questions almost required such an answer. For example, "Why do we still confer most-favored nation trading status onto a Nation who is actively engaged in efforts to spy on and attack our government and corporate computer systems?" Although this is a very good question, General Lord seems like the wrong person to even attempt that question. The probable complaint is that the answers lacked detail. For example, from the same question "What, if anything, is being done against this type of cyber-terrorism against us and our allies?" The answer lacks detail, but it would be difficult to add detail to his answer without discussing a specific threat. I would have enjoyed that discussion, BTW, and use his answer as a start: "working to improve our ability to respond to cyber attacks, reduce the potential damage from such events, and to reduce our vulnerability to such attacks."

      Thank you General Lord for your time!

      • Re:The questions are interesting... (Score:5, Insightful)

        by thrillseeker (518224) on Wednesday March 12 2008, @11:16AM (#22729142)
        Although I didn't expect much from a military man.

        That's ok - he'll still put his life on the line to protect your right to continue to whine.

        • Re:The questions are interesting... (Score:5, Insightful)

          by qortra (591818) on Wednesday March 12 2008, @11:53AM (#22729516) Homepage

          he'll still put his life on the line to protect your right to continue to whine.
          Point taken. However without detracting even a modicum from the sacrifices that servicemen make, I can sympathize and agree with the grandparents statement that earned this scathing response from you.

          I'm not sure I would really classify these as true answers...Although I didn't expect much from a military man.
          I think this statement was not designed to demean military men as people, but merely as people who can provide new, interesting, and true information to Slashdot. Military people have a responsibility not to divulge important information and a responsibility to "toe the line" with regard to military standards and expectations. Thus, it would be reasonable to not expect much from these answers: it is nearly guaranteed that they would be neither new, nor entirely true (if truth means the entire truth).

        • Re:The questions are interesting... (Score:5, Interesting)

          by DCFC (933633) on Wednesday March 12 2008, @11:57AM (#22729566)
          Most black hat hackers are self taught and/or doing it for fun.
          Currently...
          They may have been formally taught various bits of programming and networking, but in some respects are a sort of Davy Crockett with a sharp eye rather than a West Point education.

          But CC will no doubt be giving its staff a full rounded training, based upon a growing institutional memory, and experts from other parts of the US government, and academics.
          Being a military outfit, I assume it is configured so that if something awful happens, the organisation still survives, and tries to learn from the setback, even if there are losses.
          Most of its opponents have a shallow resource base, and actually need to be quite risk averse, since they could not survive a serious problem. CC staff will benefit from this expensively gained experience, and of course often be able to learn things that you could not try if you knew than any error would mean terribly bad personal experiences.

          All good news.

          But of course, even with careful screening of backgrounds, and various forms of peer review, some will go bad.

          These people will be orders of magnitude more dangerous than the random "background noise" hackers.
          Although sadly some former servicemen go bad this is typically "retail" level damage, often to themselves. Rarely does this get to a level that is beyond local law enforcement, partly because they no longer have access to the infrastructure of the army. A military pilot who once commanded a bomber armed with nuclear weapons is no more dangerous than his civilian counterpart, and so on.

          But in cyberwarfare the playing field is much more even. Outside of the 'A Team', the idea that former servicemen could even survive an attack on substantial conventional forces, much less win is plain dumb. So it is a new type of personnel challenge.

          But 5 years from now there will be former Cybercommand veterans, complete with a (very discreet) badge and maybe even reunion parties. Mostly their path will be like former pilots, or other specialists who have a ready market in civilian life. But not always...

          They will outclass the current generation of hackers, indeed if they did not, then CC would have not have done it's job properly. That to me is a possible issue.

          I don't seriously expect an answer in a public forum, but I wonder if plans are yet in place to somehow manage the risk of this, without seriously impacting their utility whilst in the service.

        • Re:The questions are interesting... (Score:5, Insightful)

          by Daniel Dvorkin (106857) * on Wednesday March 12 2008, @12:07PM (#22729670) Homepage Journal
          That's ok - he'll still put his life on the line to protect your right to continue to whine.

          Yawn. This is the stock answer to any criticism of the military, and it's crap. Yes, the military is important. Yes, military personnel take risks that most civilians don't, and should be honored for their service. But this does not mean that civilians -- you know, the people the military exists for -- shouldn't be able to criticize the military in general, and certainly doesn't mean that they shouldn't criticize individual military personnel when they retreat into bureaucratic doublespeak instead of giving a straight answer to a question. There's a lot that's right with the military. There's also a lot that's wrong. It is the right and duty of the people to call bullshit when they see it, WRT the military or any other part of the government.

          There are countries where this isn't the case, of course. I doubt you'd want to live in any of them.
          • Tell that to the generals who ahve missing limbs, the generals who were on the ground during the last military actions.

            Do you think they wouldn't pick up a gun if needed?

              • Re:The questions are interesting... (Score:5, Interesting)

                by TigerPlish (174064) on Wednesday March 12 2008, @01:21PM (#22730684)

                If anything, being in airforce is less honorable than being a marine, a firefighter, a cop, a paramedic, a janitor even. How much risk do they take bombing cavemen from 20,000 feet?
                HOw about when he's doing 400 kts with a MiG behind him, so close the Russkie can see the grease stains on the American's bird? What then?

                Or how about when a dogface on some beach or mountain or something calls frantically, that they need steel on target NOW dammit? Is the aviator who responds to that frantic call for help less honorable than the dogface who placed it?

                How about when some Marine pilot gets his ride shot out from under him, and an USAF rescue jumper has to go in to retrive? Is he any less honorable than the aviator he's rescuing? The USAF PJ's motto is "...so that others may live." I knew a few. These men never have to buy their own drinks.

                And you assume that we always bomb from FL200 and drop on cavemen. Hah. Ever seen a SAM? It's the size of a freakin' telephone pole, and it comes at you so fast you can't even think. The heaviest bomber lossess were never to other aircraft, it's *always* been the ground fire, be it small-arms, FLaK, or SAMs. The fighters are a bother, but that's why you fly with little friends around (or make your plane invisible.)

                Flyboys earned my respect. I worked with USAF flyboys (and flygrrls!) for 7 years. They may be whiny prima donnas (that's rock star to you punks), but when they put on that jet, they put their lives on the line.

                Just so wankers like you have the right to whine about wankers like them.

                Freakin' groundpounder. Y'all are all the same. All you know about .mil is the pap fed to you on TV.

                I'll tell you this -- there's more honor in the USAF than in Corporate America. not much more, but there's more. They still teach Integrity in the USAF. I think that was dropped in US schools during the "Greed is Good" era. Instead of Integrity, now US schools teach Mediocrity. It's Good Enough, yes?

      • Re:The questions are interesting... (Score:5, Insightful)

        by Thansal (999464) on Wednesday March 12 2008, @11:33AM (#22729318)
        no one comments yet on a General's usage of "YGTBKM! LOL!"?

        Yes, most of the comments were relatively content free, but a few of them had some interesting tidbits. I mean, I didn't expect him to say "Well, here are our plans, and here are full in depth discussions on some rather sensitive topics". From the position he was coming from, I appreciate that amount he DID say. I think he took the questions seriously and provided those answers he could.

        • Re:The questions are interesting... (Score:5, Insightful)

          by Triv (181010) on Wednesday March 12 2008, @12:19PM (#22729840) Journal
          no one comments yet on a General's usage of "YGTBKM! LOL!"?

          Okay. I will. That line was added as a blatant pandering move to the way it's assumed we communicate. He (or rather whoever he showed this to before it got to us) obviously thought that he could get in with us that way without realizing that we, as a whole, aren't anything like the cast of a Verizon commercial. It's as offensive to me as a white guy speaking "black" to a black coworker out of the blue and just as effective.

          There was no content in the questions at all, but he absolutely lost me when I got to that line.

        • Re:The questions are interesting... (Score:5, Informative)

          by couchslug (175151) on Wednesday March 12 2008, @12:30PM (#22729978)
          I'll help translate one bit:

          For example, the USAF (pilots and Rambo types excepted) doesn't need to do PT except for military image reasons.
          The jobs that require it have always done it one way or the other.

          For most of my career (81-07) we avoided it (it is a HUGE non-work-related time suck!) and did important stuff like generating sorties instead. Ways can be found to use useful people and sort out the PT bullshit, but talking about it is verboten because various non-workers and jocks think we need it. It offends people that need PT (or worship "sports PT") to say that those on the working end of maintaining and deploying aircraft do just fine (Gulf War, anyone?) without it. Granted, we had a couple of large folks who had to squeeze to fit down an F-16 intake, but that was merely amusing. There is room for rule adjustment for geeks as a custom if management wants that.

        • Re:The questions are interesting... (Score:5, Informative)

          by truthsearch (249536) on Wednesday March 12 2008, @11:27AM (#22729260) Homepage Journal
          I learned:

          - that they don't believe they need new laws to "fight" in cyberspace.
          - "People don't have to enlist or take a pay cut to help us out."
          - "Within the Department of Defense, we are careful not to speculate about what would be considered an act of war."

            • Re:The questions are interesting... (Score:5, Informative)

              by pthisis (27352) on Wednesday March 12 2008, @01:11PM (#22730530) Homepage Journal
              If not the DoD, then who advises the President on what would be considered an act of war?
              Some DC think tank?

              My guess would be the National Security Council, which consists of the Secretaries of State, Treasury, and Defense, the National Security Advisor, President's Chief of Staff, chief counsel, and economic policy advisor, the Director of National Intelligence (formerly the CIA chief), and the Chairman of the Joint Chiefs (along with the president and vice president). The Chairman of the Joint Chiefs is DoD but doesn't have command authority over combat forces, and their role in such meetings tends to be non-policy (ie they'll outline the options available and discuss different possible approaches, but they generally don't make public policy recommendations).

        • Re:The questions are interesting... (Score:5, Insightful)

          by mdf356 (774923) <mdf356.gmail@com> on Wednesday March 12 2008, @11:49AM (#22729470) Homepage
          Oh yeah, no way they'll make a bunch of hackers do PT

          Er, why the hell not? It's a requirement of the job. There's nothing about PT that's bad for you; in fact, physical exercise sharpens the mind. A soldier is a soldier, and one who isn't trained or able to help his fellow soldier when the crap hits the fan is being a poor soldier. Obviously everyone has their area of expertise; I don't expect everyone to know or be able to do anything. But I'd be pissed if a comrade hadn't at least tried to get strong enough to carry me out if I were unconscious; hadn't learned the basics of first aid, etc.

      • Re:The questions are interesting... (Score:5, Informative)

        by Roblimo (357) on Wednesday March 12 2008, @03:43PM (#22732442) Homepage Journal
        I thought the questions were decent and quite thoughtful.

        Maj. Gen. Lord worked darn hard on those answers, balancing what he *wanted* to say with what he *could* say. In fact, one of his (civilian) staff members told me that this little project -- simple for most Slashdot readers, but touchy for someone with Gen. Lord's rank and high profile -- ate most of his weekend.

        An old expression I learned in the Army: "A General's always on parade."

        As others have pointed out, not only are Generals usually remote figures the typical enlisted person never meets, but they have to be very careful about what they say, especially in public, for both security and career reasons.

        Trust me: this guy's not dumb. And he reads and writes his own email, and knows at least basic l33tspeak and IM-talk. He's been a CIO (military variety) most of his career, dealing with commo and computers and the people who make them work -- and I assure you, both the civilian DoD contractors and the uniformed personnel who do this stuff for the military are just as strange, in their own way, as their civilian counterparts. And a whole lot of them read Slashdot, too. :)

        - Robin

  • Obligatory (Score:5, Funny)

    by linux pickle (974544) on Wednesday March 12 2008, @10:45AM (#22728734)
    I, for one, welcome our William T. Lord overlord.

  • Right General? (Score:5, Funny)

    by esocid (946821) on Wednesday March 12 2008, @10:47AM (#22728758) Journal

    YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.
    Are you sure this is a general and not some 14 year old girl?

  • Consider me impressed. (Score:5, Insightful)

    by InfinityWpi (175421) on Wednesday March 12 2008, @10:48AM (#22728780)
    Some of those answers are obviously 'cleaned up' and somewhat evasive... but some are actually quite nice, and the man actually used 'text speak' in an answer... I'd say the questions and answers came across rather well, given that they had to be combed over. I'd love to hear more candid, off-the-cuff answers but I know that's not really an option when dealing with something of this nature.

  • Security clearence dodged... too bad (Score:5, Interesting)

    by ajs (35943) <ajs.ajs@com> on Wednesday March 12 2008, @10:50AM (#22728802) Homepage Journal
    The security clearance question was dodged. That's too bad. I would love to work for such an organization, and might even have signed up with the Air Force if I thought I could make it into that group when I was younger. However, I know that for silly reasons that have to do more with red tape than any actual wrong-doing on my part, a security clearance is out of the question. If he'd given people some hope that the typical rules regarding security clearances would be relaxed in favor of a more "are you a potential threat" based analysis, he might have won some hearts and minds.

    • Re:Security clearence dodged... too bad (Score:5, Informative)

      by juuri (7678) on Wednesday March 12 2008, @11:03AM (#22728956) Homepage
      A security clearance of Secret is much easier to obtain than many expect. Top Secret can also be obtained somewhat easily, even given a set of questionable actions in the past, based on good interviews with people from your sphere of influence. Special allowance cases are made all the time for either. Many people assume (wrongly) that a past arrest or drug use immediately rule out either. The important parts here are complete honesty, showing a changed "nature" if needed and that your versions of past events match up with other witnesses.

  • Answer #5 about hacking sites (Score:5, Funny)

    by The Fun Guy (21791) on Wednesday March 12 2008, @10:54AM (#22728838) Homepage Journal
    YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.

    p.s. and we know where you live.

    p.p.s. and we told the FBI, DHS and your state and local PD where you live.

    p.p.p.s. and we all have guns.

  • "Cyber Command"? What time is it on Disney? (Score:5, Funny)

    by xxxJonBoyxxx (565205) on Wednesday March 12 2008, @10:54AM (#22728850)
    "Cyber Command"? What time does that show air on the Disney channel?

  • Legal Hacking (Score:5, Interesting)

    by mikeee (137160) on Wednesday March 12 2008, @11:06AM (#22728996)
    This is actually quite a traditional thing; what we used to call Letters of Marque [wikipedia.org] were issued to pirates to 'legalize' their attacks on the enemy. While these were banned by the 1856 Declaration of Paris, the US is not a signatory to that treaty, and theoretically Congress could issues these permissions (it's a power specifically granted them in the Constitution).

  • Not prepared to back up financially (Score:5, Interesting)

    by DTemp (1086779) on Wednesday March 12 2008, @11:09AM (#22729038)
    The General's answer to the third question ("Accept, Retain, Solicit good people?") clearly shows that his answer to "Usually the outside industry pays quite well for the good ones. Are you prepared to financially compete for the best?" is "No."

    So, US Government, please let us know when you're ready to put your money where your mouth is, and we'll subsequently give you the best damn computer security on Planet Earth. Until then, you're just another employer trying to get more than he's paid for out of his staff.

  • Urgent Message (Score:5, Funny)

    by florescent_beige (608235) on Wednesday March 12 2008, @11:10AM (#22729040) Journal
    From: Joint Chiefs
    To: General Lord
    Encoding: S00per Seekrit COd3 #5

    Ixnay on the LOL-ay, mkay?

  • Major General Lord? (Score:5, Funny)

    by Anonymous Coward on Wednesday March 12 2008, @11:11AM (#22729058)
    My God, how many stars is that?

  • Securing your own assets (Score:5, Insightful)

    by Rorschach1 (174480) on Wednesday March 12 2008, @11:56AM (#22729562) Homepage
    If this really IS being followed at the highest levels, then I can't help but comment.

    I worked at a certain major AFSPC base for almost a decade as a contractor. Back in the early days, when we first got a base-wide Internet connection, the local Comm Squadron was free to implement security systems as they saw fit, and we had some good stuff in place - we sorted out the Sidewinder mess that CITS dumped on us, added our own IDS, and made the best of our home field advantage, setting up tripwire alarms and things on hosts scattered throughout the network to catch internal scanning.

    This was all done by contractors, mind you, and it got done because we liked what we were doing, took pride in doing a good job of it, and we had support from the squadron commander. The blue suiters had a very high turnover rate, with average retention at something like 6-9 months for the folks down at our level. None of them ever learned to do much besides process NOTAM paperwork and handle accreditation pacakges.

    Once the MAJCOM started taking control of the security stuff, our defensive posture went to crap. What we'd done didn't fit with the overall plan, so it was all removed. We were left with poorly-implemented downward-directed systems operated by poorly-trained drones. Every week we'd have to explain to these people (mostly MAJCOM-level people, the AFCERT folks were usually a little better) basic concepts like IP spoofing (I wrote a 2-page form letter on the subject), and teach them how to read their own ASIM logs.

    I have to say that the aggressor squadron teams that'd come in and attack the network knew their stuff. And of course they were able to break in every time. But it felt a little like being armed with a paintball gun and having the Marines sent at you. We KNEW how to help prevent, detect, and respond to these attacks, but we weren't given the authority, time, or resources to do anything about it.

    If Cyber Command is going to do anything useful on the defensive side of things, then the best thing they can do, IMO, is to deploy a small garrison force to each base and give them the responsibility for base network defense. Let them interface directly with the BNCC, and plan on having them in one place for AT LEAST 18-24 months. Let all of these forces communicate with each other at the working level to share information and strategies. Some of our most productive contacts were those we made with other bases on our own initiative, and not through the chain of command. Keep the chain of command in the loop, but let the people at the bottom talk to each other.

    Most importantly, make it clear that their job is security, and not paper pushing. Certainly there's always going to be paperwork involved, but when I left, the CND office did nothing BUT push paper, and paper that was largely worthless. Not a single thing they did would have ever helped to detect an attack from within the base network.

    I don't mind saying all of this, and I'll be happy to say plenty more, because I don't work there any more, and I frankly don't care to ever get another penny of Air Force money. I WOULD like to know that the trend toward totally incompetent central management of base security is being reversed, though.

  • Culture problems (Score:5, Informative)

    by claytongulick (725397) on Wednesday March 12 2008, @01:00PM (#22730392) Homepage
    I've found that military/government culture is generally about a decade behind corporate culture. For example, when I was in the Navy they were pushing this "TQL" stuff, which was a bad rehash of the popular 80's TQM "Total quality management" initiatives. Corporate culture had moved past that particular management flavor of the week, but the military was just getting into it.

    I see a similar thing with hiring practices. I'm a vet, and a talented senior developer and quite patriotic (in a libertarian/contstitutionalist sense). I decided a couple years ago to try to offer my services to the government.

    I went to the usual places, such as usajobs and looked at or applied for various development positions. Most of the jobs were such a hassle to apply for, I didn't even make it past the first stage. You couldn't even talk to a human being until you had filled out a bunch of different forms, put together a "package", submitted it, had it rejected for some minor error, resubmitted it etc...

    Many of the jobs had degree requirements and wouldn't even talk to me.

    After going through all this for weeks, I didn't get a single response back. Nothing. So I figured "oh well, I gave them a chance" and I accepted one of the multitude of positions head hunters were clamoring for me to take, for a much better salary than was being offered by any of the government positions.

    The punchline to this story is that about four months after all this (and after I was happily settled into my new job), I got a couple calls from those agencies saying that my package had finally passed review and asking if I was available for an interview. Four months!

    With a process like that, how is the government supposed to hire talented people?

  • USAF getting bad advice? (Score:5, Insightful)

    by Venik (915777) on Wednesday March 12 2008, @01:05PM (#22730450)
    Reading Lord's comments I couldn't help the feeling that I was listening to a service delivery manager from one of those outsourcing companies like CSC or Unisys. All that stuff about "we know money doesn't create loyalty" and "we leverage all the expertise out there" sounds painfully familiar. And after they run out of BS and the fog of confusion finally clears, you realize that all of your Unix servers are supported by two guys in Hyderabad, who share one Solaris 2.6 certificate and know less about Unix than my cat. The worst thing USAF can do is take advice from the outsourcing industry.

    A good pay is how your employer shows you that your work and your experience are appreciated. And knowing that you are appreciated is what makes you a happy employee. And happy employees tend to be loyal to their employers. So, yes, money does create loyalty. Lord says that "in many cases we do offer compensation competitive with the commercial sector". While this may be true, working for the USAF as a civilian contractor is not like working in the commercial sector. There's a whole different level of crap that you need to put up with. So, if the USAF is serious about this Cyber Command business, they need to do a whole lot better than just salaries that are "competitive... in many cases". When hiring, don't go for the quantity - you are not planning a cyber-invasion of China - but go for quality instead.

    Speaking of quality, while Lord understands that they "need to look beyond what we've traditionally recruited", he is still under the impression that the USAF can "bring them in from a general practitioner level and take them to expert level in reasonable time". Of course, this depends on their definition of "reasonable time", but somehow I don't think they mean 10-20 years. They are probably talking about a couple of years at most. I remember reading a resume of a guy claiming to have "reached the Unix guru level". I just had to bring him in for an interview: I wanted to see what a Unix guru looked like. Apparently, some time in the past ten years the minimum guru requirements have been significantly lowered.

    Programming and system administration are not those fields where you can turn a rookie into an expert in reasonable time. The time required will be most unreasonable. For example, a good sysadmin is not someone with encyclopedic knowledge of "man" files, but someone with a big database in his head of stuff that broke down and how it was fixed. Theoretical knowledge is important - comp-sci degrees, training, certificates, etc. - but what really matters is experience - years and years of it. So hire the most experienced personnel you can afford and hold on to them as if the security of your country depended on it. Guys who are good, know they are good, so you need good ego-stroking skills to keep them around. Hint: pinning medals to their chests is not going to help, but a fatter paycheck might. So the approach along the lines of "we'll take what they have to offer, and in turn they might be surprised by what they get back" is not going to work. The people USAF needs are of that certain age where they don't like and can ill afford surprises.

    "The U.S. military complies with all applicable domestic and international laws, and that will certainly apply equally within cyberspace..." And that's what everyone is afraid of. But, hey, as long as they wear uniforms while hacking networks, they should be in the clear as far as the Geneva conventions are concerned.

    • Re:Suggestions (Score:5, Informative)

      by ArcherB (796902) * on Wednesday March 12 2008, @11:00AM (#22728914) Journal

      Using people's suggestions is not the Air Force way. Though, in this instance, they can't rebut with the normal "Deal with it, you're in the military."
      Actually, the Air Force, or "Chair Force" as we in the Army liked to call it, was the most "civilian" military branch.

      We in the Army had Billets (dorm like rooms). Air Force personnel had what looked like apartments.

      Our Billets were subject to inspection at any time, 24/7. Air Force living quarters were more of less off limits to their NCO's and officers.

      We worked from 7:00am to whenever we were done, weekends were worked about 50% of the time. Air Force personnel worked from 9:00 to 5:00, with weekends off.

      When we went to the field, we slept on our tanks. Air Forcer personnel stayed in air conditioned tents or hotels(!!!).

      It seemed to me that those in the Chair Force had jobs. We were in the military.

      Of course, this is all from my personal experience. There are some more lax army positions that the one I had and I'm sure that there are some hard-core Air Force jobs, but on average, the Air Force people had it so much better than we did.

      • Re:Suggestions (Score:5, Funny)

        by qoncept (599709) on Wednesday March 12 2008, @11:14AM (#22729094) Homepage
        I just got out of the Air Force after six years. I'm not making things up -- that was the response to suggestions that there were no better arguments against. Perfect example: the hot water in the dorms was brown (not tinted -- BROWN) for years. "We had it tested. It's safe." Um.. IT'S FUCKING BROWN! I sat at a computer 8 hours a day. Sometimes 6 if no one was looking. I lived in an air conditioned tent for 4 months. I lived in a closet, where I had the ability arranged my furniture only because I had played Tetris and I ate garbage served by the laziest, dumbest people I've ever met in my life for 3 years. The Air Force sucks, and I'm sure you're right -- the Army was worse.

        • Re:Suggestions (Score:5, Interesting)

          by ArcherB (796902) * on Wednesday March 12 2008, @12:23PM (#22729910) Journal
          You are correct to suggest that my experience with AF (and Army) personnel was limited. I got out in 1994, btw.

          I didn't mean to imply that AF was not military, but from where I was sitting, it sure felt like it. Here is a story that explains why:

          We had just come back from the field and were cleaning our equipment at the motor pool. We had been in the field for three weeks, with no shower, bathroom, mess hall or any of the other comforts of the rear (that didn't sound right!). When we slept, we slept where we were. I was a tanker (M1A1 Heavy Common) so where we were was always on the tank. We got about 4 hrs a night, with one hour radio watch. We were in the motor pool cleaning our equipment because we were scheduled to back to the field in a week. In the two years I was in (the bare minimum... there was no way in Hell I was re-upping), we never spent three solid weeks in the rear. OSUT (One Station Unit Training... Basic + AIT in one shot) was actually the easy part for me. Anyway, as we were in the motor pool, some AF guys pulled up asking where they could fuel up. I sent one of them to my XO since maybe the LT might know. That was his job, after all. While waiting I was talking to the rest of these guys (three guys and one... female). I asked them if they spent any time in the field. One of them responded "Oh yeah! Lots of time." I explained that we slept on our tanks and asked what the living conditions were for them. Another responded, "Last year we spent three months in the field, total. One month was in an AC tent. The other two was in a hotel." I walked away, disgusted at my choice of branches!
          Now, of course, there were some Army units that had the apartment style barracks, and things were starting to lighten up for us when I got out. We got a new SGT Major who saw that re-enlistment numbers sucked and wanted to make life better for us. He was single and didn't like the idea that married soldiers had it so much better than us single enlisted non-NCO's. He allowed us... actually encouraged us to paint our hallways and rooms however we liked. He even dropped by one Friday evening to check out the work. He stopped by one room where they had a painted a stripe around the room. We were in there smokin', jokin' and drinkin'.. heavily. He walked in, we called "AT EASE!". He put us at rest, checked the place out and said he liked it. He did not mention the mess the room was in and ignored that fact that about half the guys in the room were under drinking age. He just said he liked it, told us we could do more to our rooms if we liked and left. He was also starting to make it so that NCO's in need of a detail could not just raid the billets looking for warm bodies at all hours of the week. "If those living off post are not available for details, then neither are these guys." Inspections were scheduled well in advance and "pop-inspections" were only for contraband and hygiene (nothing that would attract roaches and so on) So, yeah, it was changing for us combat arms types, but nothing near the point where we had our own rooms. Still, since we were never really in our living quarters, it didn't really make much of a difference. Not all units got the treatment we did and some had it better. I don't know what happened to 3/18 Cav when the SGT Major left, either.

          Also, I understand that AF jobs like Forward Air Controller had it just as bad as us Army types since he had to be attached to us Army types. I'm also sure that Search and Rescue type jobs had it much worse than I did as they needed to be anywhere with no notice ready to fight their ways in and back out. But, on average, IMHO, only, the AF guys had it much easier than us USArmy types.

Search
"Remember, extremism in the nondefense of moderation is not a virtue." -- Peter Neumann, about usenet

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.