Air Force Cyber Command General Answers Slashdot Questions 543
Here are the answers to your questions for Major General William T. Lord, who runs the just-getting-off-the ground Air Force Cyber Command. Before you ask: yes, his answers were checked by both PR and security people. Also, please note that this interview is a "first," in that Generals don't typically take questions from random people on forums like Slashdot, and that it is being watched all the way up the chain of command into the Pentagon. Many big-wigs will read what you post here -- and a lot of them are interested in what you say and may even use your suggestions to help set future recruiting and operational policies. A special "thank you" goes to Maj. Gen. Lord for participating in this experiment, along with kudos to the (necessarily anonymous) people who helped us arrange this interview.
How do we prevent "mission creep" (Score:5, Insightful)
by Jeremiah Cornelius (137)
It appears that the military is increasingly involved in areas who's jurisdiction was once considered to be wholly in the civil domain. Use of jargon like "cyberspace" seems only to obfuscate and distract from the core issue. This appears an effort to recruit public opinion and defuse the deeper questions that strike at the heart of a free and civil society. I think that if we had a statement that "The private mails are a warfighting domain" would generate a fair amount of debate on the role of the military as opposed to the police, the function of constitutional protection of liberties, and the question of what actually constitutes a state of war.
What are the limits on this jurisdiction? Who enforces these limits, and how is the public informed of that status? How are efforts to extend being safeguarded from creating mission creep that threatens all civil discourse in the United States and abroad form targeting, suppression, propaganda and extra-legal surveillance?
ANSWER:
A very good question. It's a complex issue, but bottom line is that we won't need new laws to be able to fly and fight in cyberspace. The DoD's role in protecting cyberspace is governed by domestic and international law to the same extent as its activities in other domains. Other U.S. agencies, such as the Department of Justice and the FBI, have important and, in many cases, leading roles to play.
Attacks on the US and its Allies by China (Score:5, Interesting)
by Yahma (1004476)
There have been several recent news reports that China has and is engaging in a nationally funded effort to hack into and attack US government computer systems. The German government recently announced that they traced recent aggressive cyber-attacks back to the Chinese government. What, if anything, is being done against this type of cyber-terrorism against us and our allies? Why do we still confer most-favored nation trading status onto a Nation who is actively engaged in efforts to spy on and attacak our government and corporate computer systems?
ANSWER:
Yes, there are lots of news reports on that, but I'm sure you can appreciate the fact that there are other branches of the U.S. government that must answer your foreign policy questions. I can tell you that securing cyberspace is difficult and requires a coordinated and focused effort from our entire society - federal government, state and local governments, the private sector and the American people. The Air Force is working to improve our ability to respond to cyber attacks, reduce the potential damage from such events, and to reduce our vulnerability to such attacks.
Accept, Retain, Solicit good people? (Score:5, Interesting)
by Lally Singh (3427)
General,
Some of the most talented people in computer security tend to have the sort of records that prevent them from getting clearance. Maybe nothing heavily criminal, but enough of a colored background that traditional security clearance mechanisms would throw them out of the room before they get started. Often the same types of minds that are really good at computer security are also the rebel types, who'll have some history. Will you work to get these people in, or are we looking at a bunch of off-the-shelf programmers/admins who've taken a few simple courses in computer security?
Also, how do you plan to attract/retain them? Again, rebel types are some of the best hackers, and they're not likely to go in without incentives. Not due to any lack of patriotism per se, but an unexplored understanding of it. More importantly, they're likely to be anti-establishment types who aren't comfortable in the strict traditional chain of command. Finally, usually the outside industry pays quite well for the good ones. Are you prepared to financially compete for the best?
Finally, will there be any connections back to the research/academic community? You may find academics more happy to help than usual, as cyber warfare can often be nonviolent. Also, will the existing (and immense) capability within the NSA be properly leveraged?
ANSWER:
I believe even the most unlikely candidate, when working for a cause bigger than himself, turns out to be a most loyal ally. Young men and women come into the military for any number of reasons - education, health care, etc. - but end up staying because they believe what they're doing matters. We know money doesn't create loyalty--a sense of purpose does. We'll take what they have to offer, and in turn they might be surprised by what they get back. It's not just our military members either, it's all those who partner with us . . . academia and private industry, our civilians and contractors, too. In the cyber command, there is a purpose and sense of urgency to be ready. You can bet that we leverage all the expertise out there to help us do our job.
Older recruits? (Score:5, Interesting)
by rolfwind (528248)
It seems that in the military traditionally it was always looking for people fresh out of highschool for EMs and if you wanted to get anywhere in the military you had to be either college educated or, to really have a high end military career, start really young in something like the Valley Forge Military Academy and work from there.
In a traditional branch of the army/navy/airforce that is probably as it should be.
But in this area people have to be trained for years, still not know as much as the older hands in the private industry, and before they really know enough their enlistment would be over. Also, it would be unacceptable for an older IT person to join but take a pay cut to a Private's level or perhaps even a Lieutenant's -- so I imagine this branch would have to be somewhat different.
Is the military going to do to reach out toward the older folks who have extensive experience and knowledge outside the military?
ANSWER:
As I work alongside today's Airmen, many with very specialized skill sets in great demand outside the Air Force, I find them to be incredibly well trained and up-to-speed on current technologies. We bring them in from a general practitioner level and take them to expert level in reasonable time ... and well before retirement age indeed! We train them with specific technical skills as well as overarching abilities required to lead in today's environment. You're right in that we couldn't compete in the cyber world without the experts in the civilian industries who give us the technology in the first place, provide the architectures we use, and even the software we need. People don't have to enlist or take a pay cut to help us out. Certain skill sets can also be brought on board as civilians or contractors, and in many cases we do offer compensation competitive with the commercial sector.
Which acts of war should be illegal in cyberspace? (Score:5, Interesting)
by cohomology (111648)
War is never clean.
In conventional warfare, certain actions such as hiding among civilian populations are forbidden. These actions are considered war crimes because of the collateral damage they are likely to cause. What actions in cyberspace do you think should be outlawed? How about intentionally bringing down hospital IT systems, or destroying undersea cables without regard to the effects on civilian populations?
ANSWER:
The U.S. military complies with all applicable domestic and international laws, and that will certainly apply equally within cyberspace. The Law of Armed Conflict, for example, arose from a desire among civilized nations to prevent unnecessary suffering and minimize unintended destruction while still waging an effective war. It would be possible, as you mentioned in your scenario, that some who ignore the laws of civilized nations could conduct operations in cyberspace that may have unlawful negative consequences on civilian populations. For us, abiding by these laws, being good at we what do and maintaining a technological advantage over our adversaries provides us a first line of defense. Those who commit unlawful acts would certainly face potential criminal liability for war crimes.
Physical Fitness (Score:5, Interesting)
by spacerog (692065)
General, You were recently quoted in Wired as having said "So if they can't run three miles with a pack on their backs but they can shut down a SCADA system, we need to have a culture where they fit in." Is this an accurate quote? As a former member of the US Army I must say that passing a PT test is not very difficult and the suggestion that some soldiers should be exempt from basic minimum requirements is rather upsetting. Are you actually advocating the relaxation of military physical fitness standards for 'cyber warriors'? Would this not create a double standard and animosity between the cyber command and other sections of the military? Surely there must be other recruitment incentives that can be applied to attract the talent you need.
ANSWER:
I don't disagree with you . . . and I am not advocating changing our PT test. What I am saying is that we, as a military culture, need to look beyond what we've traditionally recruited. The very nature of our military requires that we be able to work in combat conditions and be able to establish and protect our cyber/communications structures and networks in remote, even austere conditions. As anyone who has worked in these austere locations will tell you, being fit is critical to mission success, so I don't foresee or advocate for a relaxation of standards just to bring in this specific type of talent. But, as we know, some of what we do in cyber can be done at home station as well, so what will our force look like in the future? This is something we need to look at and evaluate as we progress in this area.
It is good war is so terrible... (Score:5, Insightful)
by MozeeToby (1163751)
A wise man once said "It is good that war is so terrible, lest we grow too fond of it". If cyberwarfare ever becomes a reality, how do we respond to the fact that is isn't "terrible"?
The direct damage from such warfare would be primarily economic or data security related (rather than a cost in human lives) how do you feel we can prevent it from becoming a monthly, yearly, or daily occurance?
ANSWER:
The fact is we are dealing with this on a daily basis and it won't be going away anytime soon. Not for any of us. The way to shield ourselves from these attacks is to be at the forefront of technology, tactics and procedures relating to operating in cyberspace. We have systems and software that are protected by multiple layers of security and functional redundancy. We train our people to be on the cutting edge of this technology, and we find ways secure our information. We have to take this very seriously because we rely on our networks to conduct military operations all around the world. The person who hates war the most is the warrior who has to go to it ... we want to prevent that.
Criminal vs Warlike Actions (Score:5, Interesting)
by florescent_beige (608235)
General Lord,
Does the AFCC have a mandate to pursue criminals that use information infrastructure to commit crimes, or is your group intended to defend against warlike attacks only?
If the latter is true, how would you distinguish between criminal activity and warlike activity in cyberspace?
ANSWER:
The speed and anonymity of cyber attacks makes it very hard to distinguish what actions would be those of terrorists, criminals, nation states or just some lone prankster. Our command coordinates with government partners such as the DoD's Cyber Crime Center staff, who work with law enforcement officials to investigate and prosecute criminal acts if necessary. A "war-like activity" can also include presenting misleading information to our battlefield commanders. So, we've got to be spot on about authenticating the trusted source of that information in the first place. But, generally speaking, if something is a coordinated attack that would cause disruption or an attack that required a high level of technical sophistication to carry out, that would cause us to take a closer look and recommend a proper response.
Legal Hacking... (Score:5, Funny)
by JeanBaptiste (537955)
Just post a list of the stuff you want hacked and the more patriotic hackers will enjoy doing it for free.
Due to the nature of hacking and what many people do to acquire such skills, they may not want to 'join up' and all that.
But if you post a list of IP's that are okay to bring down, and networks you want information stolen from, with the understanding that the US will not condemn any attacks, and I'm sure more than enough people would do it for free.
Is there anything like this already in place? Cause I got nothing better to do this weekend. Or most any weekend.
ANSWER:
YGTBKM! LOL! I like your enthusiasm, but you know the Air Force neither encourages nor condones criminal activity.
Could a Cyber Attack Trigger a Real War? (Score:5, Interesting)
by florescent_beige (608235)
General Lord,
I'm curious to know if you have have any criteria that would enable you do decide when a cyber attack is an act of war. Would it be possible for some kind of action inside a network to lead to a shooting war without some kind of overt physical threat occurring first?
ANSWER:
Within the Department of Defense, we are careful not to speculate about what would be considered an act of war. Our nation's elected officials are the ones who will decide what threats to, or actions against our national security will constitute an act of war against the United States. These same leaders will likewise determine what an appropriate response would be, and that could be diplomatic, economic or involve the military to demonstrate the nation's resolve. That's why it's my responsibility to oversee the building of a command that will provide our leaders, through the appropriate chain of command, with many options with which to deter threats in the first place or respond when necessary.
Why was the Air Force tasked with this? (Score:5, Interesting)
by Isaac-Lew (623)
Why should the US Air Force be tasked with this, instead of DISA or NSA, neither of which is tied to a specific branch of the military?
ANSWER:
Don't confuse the fact that we are standing up the Air Force Cyber Command to mean we are the lead for the nation, or the primary command to respond to a particular incident. We are just one part of a combined effort. Our first priority is to work with DoD to defend AF military resources, but many of those resources rely on civilian entities, so we obviously have a keen interest in protecting those items as well. We thought it was the right thing to do to consolidate our efforts and to align all the Air Force cyber-related resources so we can have better command and control. This command will be able to respond better to the needs of our commanders and be the focal point within the Air Force for cyber security and defense missions, as well as respond to emergencies and natural disasters. Make no mistake, we are partners with the other sister services--the Army, Marines, Navy--as well as with DISA, NSA and Homeland Security to name a few. We're all in this together.
Question about Existing Contractors (Score:5, Interesting)
by tachyon13 (963336)
General Lord, I currently work as the exact type of 'cyber warrior' you intend to recruit. But I already have a Top Secret clearance, already familiar with DoD systems, etc. The dynamic with what we call 'Information Assurance' is that of a constant struggle with our contractor management (stay within the contract, the budget, etc) and with our 'warfighter' higher ups (educating them on why they can't have full access from their home in the spirit of "operations are a priority, to hell with security"). So assuming you can get the type of expertise that are eligible for clearances, and that are willing to relocate to Offutt/etc, how are you going to address the core issue of security in the DoD: Operations/budget/schedule will always trump security. Or alternatively, security will always be back burner to 'hot' issues. Thank you for your time.
ANSWER:
Certainly the balance between having access to do our mission and having robust security is an issue where not everyone agrees on just how much to restrict or how much to allow. The Air Force takes the security of its computer networks very seriously and has taken several measures to educate our users and to provide secure means for them to operate. As with many other issues, the Air Force through its commanders, must assess the risks and make a decision. I don't agree or I maybe I just haven't seen where security is always a back burner item.
CyberCommand Location (Score:5, Interesting)
by Mz6 (741941)
General,
Can you explain some about the situation developing between Barksdale AFB and Offutt AFB as they try to fight over the eventual final location for CyberCommand? My thoughts are that finding and recruiting talent, and laying the foundation for such a large wired infrastructure in the Omaha, Nebraska area may be easier to accomplish than in and around Shreveport, LA. What types of things is the DoD looking for when they choose the final location for this new Command?
ANSWER:
The government actually has a regulation that covers the whole process for choosing a location for a command and it's a very defined, thorough process. The bases must meet certain criteria -- existing infrastructure would be just one aspect of many items along with communications or square footage requirements, but there are other considerations, such as the impact to the environment that the Pentagon will consider. I would hope that no matter where it was located, we would still be able to attract the talent needed to work in this exciting command and that all communities see the need to protect this domain.
Security clearence dodged... too bad (Score:5, Interesting)
Re:Right General? (Score:5, Interesting)
Re:The questions are interesting... (Score:3, Interesting)
AGREED (Score:5, Interesting)
Furthermore, we should remember as a group of large agencies, there's bound to be politicking and may not be the level or coordination desired. Of some of this vague area may reflect reality, they don't really know where lines actually exist...
Some things seem beyond the military's ken (Score:3, Interesting)
The issue of Internet security and being on forefront of technology seems to me like it has much more to do with education and intelligence than with the military directly. If you want the country as a whole to be on the forefront of technology, you have to have the highly educated people who create and master said technology. To my mind, this issue becomes more of how we can improve abysmal public schools and the like than what the military can do.
I'm reminded of Foucault, who in Power/Knowledge [stanford.edu] discussed the idea of power in the context of a network or society. The military is embedded in the network of American power, and in the domain of Internet security and the like it seems to rely even more on other parts of the network than it does in other forms of operation like physical combat.
Legal Hacking (Score:5, Interesting)
Not prepared to back up financially (Score:5, Interesting)
So, US Government, please let us know when you're ready to put your money where your mouth is, and we'll subsequently give you the best damn computer security on Planet Earth. Until then, you're just another employer trying to get more than he's paid for out of his staff.
Re:The questions are interesting... (Score:4, Interesting)
Re:Concerning hacking foreign powers (Score:3, Interesting)
that.
I think just doing it to any country that war hasn't been specifically declared on would be a no-no. So being considered an 'Axis of Evil' won't cut it. Plus it could hurt relations.
So in present day, how do we do this in Iraq? Iraq isn't the enemy, force not backed by the government are.
Touchy.
Do it, don't get officially caught, and be smart might be what it boils down to.
Re:AGREED, but some caveats: (Score:5, Interesting)
This indicates something of a culture gap between the kind of hackers who the general presumably wants to recruit and the generals themselves. Paul Graham states it [paulgraham.com] well:
Such "prickly independence" is the opposite of the stereotype of the military that's lodged in my mind. Now, I know that stereotype is somewhat inaccurate, but nonetheless the rebel/renegade streak that runs through many -- though by no means all -- of the creative, intelligent people who often know technology well. I'm not sure I'd go as far as Paul Graham's "most," but I'm definitely going to use "many."
Finally, regarding the tone of the answers, remember too that it's easier for an individual speaking for himself (Neal Stephenson, anyone [slashdot.org]?) to answer candidly than it is for someone who represents millions, especially because the military sometimes has PR problems. If the general says anything forceful, it will be spun around the Internet, quoted -- perhaps out of context -- in newspapers, and generally leave the military open to the PR of others.
I'm not sure how to solve such cultural problems between hacker types who need direct unvarnished honesty ("Where is the mistake in this?") versus PR types in public ("How do I make sure my words won't be used against me?").
Re:The questions are interesting... (Score:5, Interesting)
Currently...
They may have been formally taught various bits of programming and networking, but in some respects are a sort of Davy Crockett with a sharp eye rather than a West Point education.
But CC will no doubt be giving its staff a full rounded training, based upon a growing institutional memory, and experts from other parts of the US government, and academics.
Being a military outfit, I assume it is configured so that if something awful happens, the organisation still survives, and tries to learn from the setback, even if there are losses.
Most of its opponents have a shallow resource base, and actually need to be quite risk averse, since they could not survive a serious problem. CC staff will benefit from this expensively gained experience, and of course often be able to learn things that you could not try if you knew than any error would mean terribly bad personal experiences.
All good news.
But of course, even with careful screening of backgrounds, and various forms of peer review, some will go bad.
These people will be orders of magnitude more dangerous than the random "background noise" hackers.
Although sadly some former servicemen go bad this is typically "retail" level damage, often to themselves. Rarely does this get to a level that is beyond local law enforcement, partly because they no longer have access to the infrastructure of the army. A military pilot who once commanded a bomber armed with nuclear weapons is no more dangerous than his civilian counterpart, and so on.
But in cyberwarfare the playing field is much more even. Outside of the 'A Team', the idea that former servicemen could even survive an attack on substantial conventional forces, much less win is plain dumb. So it is a new type of personnel challenge.
But 5 years from now there will be former Cybercommand veterans, complete with a (very discreet) badge and maybe even reunion parties. Mostly their path will be like former pilots, or other specialists who have a ready market in civilian life. But not always...
They will outclass the current generation of hackers, indeed if they did not, then CC would have not have done it's job properly. That to me is a possible issue.
I don't seriously expect an answer in a public forum, but I wonder if plans are yet in place to somehow manage the risk of this, without seriously impacting their utility whilst in the service.
Generals don't typically take questions from rando (Score:4, Interesting)
When I was in the USAF I wrote a letter to president Nixon, and recieved a very nice and polite reply from a General. So Generals may not answer random people on the internet, but they do answer random servicepeople who write the Comander In Chief.
For the General (Score:1, Interesting)
I had some very high hopes for this Q&A session. You did not deliver on these hopes. A lot of other people here are going to talk (are already talking) about how "content free" your answers were. I'm going to talk instead about how I think you could have done better--in many cases, a lot better.
First, it was probably a mistake for you to come here in the first place. The average Slashdotter has about as much wisdom and insight as a mentally challenged turtle. When you enter this domain, you need to expect discourse to drop to that level. Slashdot is not a forum for insight and erudition: it is principally a forum for young tech-savvy people to throw around their prejudices as if they were established fact. My first suggestion for your after-action review is "what is it you needed to accomplish, and why did you think you could accomplish it here?"
Second, your public affairs staff did you a misservice in how they briefed you for this audience. You're addressing a crowd of people with analytical abilities which border on the profound. (Which, of course, makes the lack of wisdom all the more striking. Data is not information, information is not knowledge, knowledge is not wisdom, as Frank Zappa said.) A large number of Slashdotters are professional programmers, system administrators, mathematicians, physicists, engineers, and more. These are all professions which require the ability to slice apart arguments, statements, propositions. Your answers are absolutely awful in this crowd. Consider your first set of questions:
Your answer, stripped of the PAO gibberish, reduces down to "that's an excellent question, we won't need new laws, we cooperate with other agencies." I think you'll agree that your answer not only failed to answer some of the questions, it failed to answer any of the questions.
General, what would happen to a newly-minted second lieutenant who tried to answer one of your direct questions with such an evasion? Would that lieutenant even have a career by the time you were finished with him? You'd accuse him of sophistry, of insubordination, and--what is worse--you would accuse him of thinking you're an idiot.
General, you must think I'm an idiot. Most of your answers are insults to my intelligence.
Your PAO is probably selling you on a line that in the internet era, all interviews are given to a global audience, and you have to answer with that in mind. If this is the case, get a new PAO. The audience is potentially global, but you definitely have a very select audience in front of you. Optimizing your answers for a potential audience just means that nobody in the wider world will bother reading these pasteboard answers, and the select audience in front of you will walk away believing you have disrespected them. That's fatal in public relations, and your PAO ought to know it.
Third, you are an officer and a gentleman in the United States Air Force. You are to comport yourself at all times in a manner most befitting that uniform you wear. USING STUPID TEXT MESSAGING ACRONYMS MAKES YOU LOOK RIDICULOUS. The people to whom you are speaking may be the most ridiculous, venal and self-absorbed people you've ever met, but you need to be better than that. You need to be an airman.
My uncle was an Air Force counterintelligence officer. One of my best friends recently left USAF OSI. You are not living up to the high standards I have seen them set.
My recommendations are pretty simple:
Re:Suggestions (Score:5, Interesting)
I didn't mean to imply that AF was not military, but from where I was sitting, it sure felt like it. Here is a story that explains why:
Also, I understand that AF jobs like Forward Air Controller had it just as bad as us Army types since he had to be attached to us Army types. I'm also sure that Search and Rescue type jobs had it much worse than I did as they needed to be anywhere with no notice ready to fight their ways in and back out. But, on average, IMHO, only, the AF guys had it much easier than us USArmy types.
An Idea for the General (Score:3, Interesting)
Naturally, the military wouldn't use this every day, but if this effort were heavily publicized through major media outlets and made easy to download and install (initiates contact with home so it bypasses most consumer firewalls without port forwarding, etc). I think you would find the number of cyber patriots to be large indeed.
Of course, if the military ever attempted to tie a backdoor of any kind into this bot client it would create a serious backlash so I would recommend hard coding that this should never be done into the orders to create it as well as public statements. This will help reduce the possibility of a future commander doing so either.
The other possibility is that the bot net could fall into the hands of a third party. While this is possible, and it probably isn't possible to make it impenetrable all you really need to do is make it secure enough that its easier to establish your own illicit botnet. People are doing just that every day so that barrier can't be that high.
Translation (Score:1, Interesting)
A: bottom line is that we won't need new laws
T: In fact, we don't even need the laws we already have
Q: What, if anything, is being done against [Attacks on the US and its Allies by China]
A: other branches of the U.S. government
T: But when they give me the green light, I'll give them holy Armageddon. Count on it.
Q: Accept, Retain, Solicit good people?
A: You can bet that we leverage all the expertise out there to help us do our job.
T: We find someone with the requisite skills, guys with names like "Snake Pliskin" or "Kevin Mitnick", and implant time bombs in their necks, which we'll deactivate upon successful mission completion.
Q: Older recruits?
A: Certain skill sets can also be brought on board as civilians or contractors
T: Try WalMart.
Q: Which acts of war should be illegal in cyberspace?
A: The U.S. military complies with all applicable domestic and international laws
T: I misinterpreted your question because I have a really guilty conscience.
Q: Physical Fitness
A: This is something we need to look at and evaluate
T: Put down your Doritos and Mountain Dew and go for a walk, you lazy butt.
Q: It is good war is so terrible...
A: The person who hates war the most is the warrior who has to go to it
T: But of course, it's love and hate. I was born to be a warrior. And I love my job. Damn I love my job.
Q: is your group intended to defend against warlike attacks only?
A: if something is a coordinated attack
T: Can you say "Predator"?
Q: Post a list of the stuff you want hacked and the more patriotic hackers will enjoy doing it for free.
A: the Air Force neither encourages nor condones criminal activity
T: Please talk to the CIA.
Q: decide when a cyber attack is an act of war.
A: Our nation's elected officials are the ones who will decide
T: It's an act of war when Bush hears it from Cheney who hears it from Satan who is a puppet of Cowboy Neal.
Q: Why was the Air Force tasked with this?
A: We are just one part of a combined effort
T: Can you say "Predator"?
Q: constant struggle
A: not everyone agrees on just how much to restrict or how much to allow.
T: Let me work from home or I'll terminate your damn contract
Q: such a large wired infrastructure in the Omaha, Nebraska area may be easier to accomplish than in and around Shreveport, LA.
A: The government actually has a regulation that covers the whole process
T: Not my call. The choice largely depends on which commercial interests have bought the most powerful congressmen.
Re:Not prepared to back up financially (Score:4, Interesting)
Literally, his answer was no. It has to be: We haven't had a major incident in order to raise the issue to an election crisis for Congress. Thus, the ROI perceived (stress this is a perception issue, not a reality issue) by politicians on spending more for military cyber-security is dwarfed by the ROI companies can actually return from new products. Thus, private industry will employ the experts.
Having said that, the implication in "It's not just our military members either, it's all those who partner with us . . . academia and private industry, our civilians and contractors, too." is that they can - and must (for practical financial reasons) partner with private industry. It's not like the world's experts in aircraft design are in the Air Force: they work at Boeing, Northrop, EDS, etc.
I believe he's saying the same thing here. He can't expect to afford the experts, as they should be working for the companies developing the tools used by the military. However, he can still leverage their expertise, as those companies can be partners to the military, and those well-paid workers in private industry should expect to be helping and training the members of his command (and perhaps even developing new features that the military gets first access to).
Re:The questions are interesting... (Score:4, Interesting)
Open Source (Score:2, Interesting)
What is going to be the policy for Open Source? As you probably know there is a great prevalence in the Black Hat community to use open source for their tools.
What is going to be the policy for use of tools that would be considered black hat in nature? IE: Is the USAF going to have the latest versions of MPACK with the full subscription?
In China, there is a cottage industry of hackers that are paid after they pull off hacks, is there going to be any situations where that occurs here?
What is your opinion of the paper "Unrestricted Warfare" by Qiao Liang and Wang Xiangsui? Is this going to be part of the foundation for the USAF CC or is the program's posture going to be purely defensive in nature?
Thank you
Re:The questions are interesting... (Score:3, Interesting)
The debate over what is considered an act of war is one of politics and policy, and isn't at all related to what the DoD does beyond, "is what we are going to do a violation of US/international policy or law?"
* Obviously this isn't physically possible from a remote location, but I was unable to think of a cyber attack that would sufficient grounds for war.
Re:The questions are interesting... (Score:5, Interesting)
Or how about when a dogface on some beach or mountain or something calls frantically, that they need steel on target NOW dammit? Is the aviator who responds to that frantic call for help less honorable than the dogface who placed it?
How about when some Marine pilot gets his ride shot out from under him, and an USAF rescue jumper has to go in to retrive? Is he any less honorable than the aviator he's rescuing? The USAF PJ's motto is "...so that others may live." I knew a few. These men never have to buy their own drinks.
And you assume that we always bomb from FL200 and drop on cavemen. Hah. Ever seen a SAM? It's the size of a freakin' telephone pole, and it comes at you so fast you can't even think. The heaviest bomber lossess were never to other aircraft, it's *always* been the ground fire, be it small-arms, FLaK, or SAMs. The fighters are a bother, but that's why you fly with little friends around (or make your plane invisible.)
Flyboys earned my respect. I worked with USAF flyboys (and flygrrls!) for 7 years. They may be whiny prima donnas (that's rock star to you punks), but when they put on that jet, they put their lives on the line.
Just so wankers like you have the right to whine about wankers like them.
Freakin' groundpounder. Y'all are all the same. All you know about
I'll tell you this -- there's more honor in the USAF than in Corporate America. not much more, but there's more. They still teach Integrity in the USAF. I think that was dropped in US schools during the "Greed is Good" era. Instead of Integrity, now US schools teach Mediocrity. It's Good Enough, yes?
Re:The questions are interesting... (Score:3, Interesting)
ILITGuy
Re:The questions are interesting... (Score:3, Interesting)
When I was hanging out with the Marines, they said (not really jokingly) that their cooks were trained to kill you with their utensils. The idea was that no matter what job you were doing, if your camp got invaded then your first priority was fighting. In that light, of course military hackers need to be fit. If your group ends up tapping fibers in Afghanistan and is discovered by the local warlord, you better be able to defend yourself.
Not Content Free (Score:4, Interesting)
Some things I think I came away with:
- Overall, he seems willing to pursue candidates who might otherwise have not been "military material."
- They seem to be setting up a framework of SOME sort under which multiple intelligence agencies are able to cooperate effectively. According to my understanding, this is a drastic departure from the current state of affairs.
- They WILL be dealing with domestic targets, if only in cooperation with other domestic law enforcement bodies. This was the impression I got from their answers, but it might be reading too far into it (though I doubt it).
- Assuming the former is true, they are going to try to do an end run around domestic and civilian cyber law. The sense I got from the evasiveness (reading into what he avoided answering), was that they have no intention of abiding by the same laws that civilians and domestic law enforcement are forced to obey. My guess is it's going to be more of the same, "this is national security, those laws don't apply to us," bullshit we've been seeing for the last 8 years out of the painfully fascist leanings of the current powers that be.
While I often read too much into what isn't said, the real impression I'm getting is that they're going to try to parlay the military nature of this new cyber command into an excuse to avoid obeying the current legal restrictions faced by domestic agencies. If you thought this whole fiasco with AT&T was bad, just wait until the military gets their fingers in the cookie jar. (BEWARE the goddamn military-industrial complex. I may sound paranoid, but that's the greatest danger out there to our freedom.)
Re:The questions are interesting... (Score:3, Interesting)
Reference Admiral Fallon who was either fired, or resigned yesterday as head of Centcom, because of his excessive honesty in this Esquire article [esquire.com] or General Shinseki who had his head taken off for pointing out the Iraq war was being waged with to few troops and they wouldn't be able to control Iraq during or after the invasion. Someone what Fallon said in that article completely escape censorship, but it didn't certainly "shorten" his career. I wager he was so sick of the Bush administration he didn't care if his career ended, just so he could get away from them.
Honesty in military chain of command is an incredibly complex problem. You can't really have loose cannons saying controversial things or publicly contradicting their superiors especially the Commander in Chief. The military has to answer to chain of command and to its civilian leaders in our system. If they don't you risk a coup and military dictatorship.
On the other hand when the Commander in Chief and Secretary of Defense are completely incompetent, and do stupid things, which appears to be the case with Bush and Rumsfeld(Gates is a lot better than Rumsfeld) you have to hope that the men and women in the military will know when to say no, reject wrongful orders, and tell the American public the truth, even if it costs them their careers.
For example, the day the White House authorized the use of torture, something Bush once again endorsed with a veto last week, was the day the military had just cause to reject the legitimacy of their Commander in Chief and chain of command. The men and women in the military have the highest stake in upholding the Geneva conventions and military code. If they ever become prisoners of war they have no basis for demanding the protection of those same conventions, if they are torturing prisoners and violating those conventions themselves. You can argue semantics whether "enemy combatants" fall under those protections, and Al Qaeda may torture its prisoners, but its a simple fact if you torture you completely lose the moral high ground, and the damage you do to your cause far out weighs any benefit you got from the suspect intelligence you get through torture when the victim will say anything to make you stop. For example I seriously doubt Al Qaeda was planning to attack the library tower in Los Angeles because it has no strategic value. But because someone being tortured said it was a target, the Bush administration has used it ever since as a "success" story in stopping an attack an in rationalizing the use of torture.
self taught and doing it for fun. (Score:5, Interesting)
I am not worried about the veterans, unless they are self taught. And in that case I'd make sure not to do anything that would leave them feeling betrayed. Think about what Kevin Mitnick did to the FBI after working with them. People don't realize, there are far better then Kevin out there. The best ones are the ones you'll never hear about, they are ghosts.
The best ones also have a strong sense of right and wrong, it's just different from what most peoples views are.
As for myself, being told I can't do or accomplish something is the strongest motivator.
It's not a conscious thing, it's almost obsessive compulsive and no malice or desire for any gain what so ever, nether data or money.
Just thrill or fulfillment of some deep subconscious need.
In high school I couldn't help when walking by a row of locker in an empty hallway to unlock 20 locker in a row that had master locks on them, then re-lock the locks on upside down. And see how fast I could do it. I'd won many bets that way.
Same for teacher bathrooms, the school safe. (just opened the door 1 inch then closed it again) They ended up putting me in charge of the schools computers in my senor year since I already had full access and knew much more then the consultant that they had that barely could update there COBOL source code.
Over the years, I have built my own modems from scratch, build and sould the first PC sound devices, wrote the first code to play 6 Bit digital audio on the PC's internal speaker. Built early home made packet radios, spread spectrum radios on CB's.
Reverse engineered many BIOS/ boot ROM's, copy protection, viruses, crack games, AOL and Compuserve account, phreaked, security systems, vending machines, Cable TV, cell phones, GPS, you named it.
When one malicious hacker that messed with me later asked a friend to get a copy of 286 AMI Bios from me, I even put a defanged non-contagious version of Jerusalem B virus into it so that it installed the TSR portion every time he formatted a disk. Specifically so it would aways infect ever disk he touches. Specifically designed to get detected so no one would ever trust floppies from him. He used to be a big wares guy, but I put a quick end to that.
Over the years I have gotten into so many things and ever left a trace, just popped in, poked around, got board and moved on.
In the process I have learn so much and had written so much code, that I have become a seasoned kernel hacker in both BSD and Linux with a strength in networking.
Another thing people don't realize, Hacker don't aways have a specific target but meander, and see where it goes.
I think Bruce Schneider pointed out was they go the weak points, like don't open the lock but go in over the drop ceiling tiles.
The reality is that heavy lock is more likely to attract them if for no other reason then out of curiosity. What the hell is in there that requires so much security? It's like a giant puzzle and solving it, quenches ones curiosity.
Anyhow now that I probably said too much, just for the record, I stopped the illegal stuff a long long time ago, now that I have probably gotten myself on some watch list.
These days, I focus on understanding SPAM (towards blocking, tracing etc), defending DOS, P2P, ECIP and flow control, Video and data compression, mathematics, Cracking DRM and FOSS coding. It still fulfills the rebel side of me, and also accomplishes something useful.
Re:The questions are interesting... (Score:3, Interesting)
It's a more polite version of YGBSM. Google it [google.com] and you'll see why it's been sanitized further. It has a history [wikipedia.org] in the Air Force going back to at least Vietnam, so I'd be more careful with that "n00b" label if I were you.
I've got a question (Score:3, Interesting)
I've been in IS now for over a decade, almost exclusively as a blackhat. In the past few years I've gotten into doing "unconventional" threat response - blackhats can be the best whitehats, y'know, learning through doing. Now tell me, why should I go in at an entry level paygrade when I can make more as a civilian? What gaurentees do I have of immunity? Why should I bring my tricks to your trade, when it's unlikely I'd be in an enviornment of trust anyways? As is I've got a juvi record and wouldn't get a sec. clearance anyways. I've got alot to lose by going in, including the trust and respect of those around me, whom I've been running with for 12 years -- but nothing of gain is apparent. What about the risk of being given a different AFSC? I've got some friends that went in 13D together, showed up to boot, and were told they were 11B now.
These are the thoughts on our minds. Personally, I've been considering enlisting for a long time now, but USMC. Give me some real answers(unlike those posted above), some gaurentees on paper, and maybe I'll consider USAF. 'Til then, no way.