Ask Lt. Col. John Bircher About Cyber Warfare Concepts 236
The Air Force is not the only U.S. military branch trying to come to grips with the electronic side of warfare, both current and future. The U.S. Army Computer Network Operations (CNO)-Electronic Warfare (EW) Proponent (USACEWP), located at Fort Leavenworth, Kansas — home to the U.S. Army's Combined Arms Center — serves as the Army's hub for cyber-electronic concepts and capabilities. This is the organization responsible for developing doctrine, materiel and training to prepare the Army for cyber-electronic engagements. For example, USACEWP has developed training teams to ensure that U.S. commanders and soldiers around the world are fully informed of cyber-electronic capabilities at their disposal. Leading the Proponent's Futures branch is Lt. Col John "Chip" Bircher; Bircher entered the Army in 1989 as an Infantry officer, then served in various command and staff positions, most recently Information Operations (IO). He was the IO Chief for the 25th Infantry Division (Light), Hawaii, and Director of IO for Combined Joint Task Force -76, Bagram, Afghanistan. If you want to know more about the realities and challenges that face an armed, global IT department in a time when electronic warfare is ever more important and dangerous, now's your chance to ask Lt. Col. Bircher some questions. We'll pass on the highest-moderated questions for Lt. Col. Bircher to answer. Usual Slashdot interview rules apply.
Technique? (Score:5, Interesting)
Legal Ramifications (Score:5, Interesting)
Why so many directly connected networks at all? (Score:5, Interesting)
Why aren't there more isolated networks that would require physical contact or interception to get to in the first place? Do sensitive systems really need any connection at all to the conventional internet in the first place?
I know that many places in the DoD do take this approach (people having one computer for safe email and browsing, and a completely different computer for sensitive intel), and certainly it's more expensive and less convenient. But when the internet is basically just a big pathway leading directly to your backdoor, why take any chance at all, ever?
What is that? (Score:5, Interesting)
Include examples.
Compare/contrast with traditional forms of intelligence gathering (wiretaps, listening devices, etc) and their counter-measures.
Interview Question (Score:5, Interesting)
Hacker war... (Score:5, Interesting)
Increasing Complexity & Risk Management? (Score:2, Interesting)
Relationship with the Air Force? (Score:5, Interesting)
Since the Air Force is the U.S. military branch claiming dominance in "cyberspace" (along with air and space), how do you view the Army's relationship with the Air Force in "cyberspace"? Will the Army seek to take over all of the "cyberspace warfare", carve out its own niche in cyberspace, or peacefully coexist with the Air Force?
With respect to leadership in this area across the DoD, do you feel that the Air Force being denied the program executive role for all DoD UAV endeavors represents an opportunity for the Army increase its role with respect to UAVs (as many people see cyberspace and UAVs to be inextricably linked)?
Attacks... (Score:5, Interesting)
China (Score:5, Interesting)
Recruitment (Score:5, Interesting)
What limitations do you observe? (Score:5, Interesting)
Why does the Army have a love affair with Windows (Score:5, Interesting)
Jurisdiction? (Score:5, Interesting)
Avoiding Redundancy or is it Necessary? (Score:5, Interesting)
Source Code (Score:3, Interesting)
I realize this is based on the assumption that we know what OS and programs they are running, but Windows for instance, it's reasonable to assume that most computer users use some form of it either legally aquired or illegally.
And if and if ... (Score:5, Interesting)
Example: the NSA has worked on SELinux.
Timing and relevancy (Score:5, Interesting)
Can you explain what seems to be the US Military arriving at the game in the third inning?
Having had TSEC and observed security processes and procedures, such as tempest precautions some time ago, I'm having trouble understanding why the 'cyber defenses' of the US Military only now seem to be actually realized.
Is the delay due to funding? Priorities? or simply to underestimation of what the rest of the world was up to all this time?
Please be as specific as you are able to be.
Thank you.
Are you running botnets? (Score:5, Interesting)
Slashdotter (Score:2, Interesting)
Threat Assessment (Score:5, Interesting)
How do you perform a threat assessment in the area of cyber-warfare where the physical weapons (as was pointed out in an earlier post) is the keyboard and mouse with much of technology being used as a threat being developed in the U.S?
Thanx,
myke
"Civilian contractors" (Score:5, Interesting)
Hurdles of Cyber Warfare (Score:5, Interesting)
One issue to cyber warfare is linguistics. How does a military unit overcome this? Does the unit consist of people skilled at the various languages used in theater plus the technical concepts required to execute, or are you forced to cooperate with any other agency?
Also, agency cooperation: are there good relationships between the cyberwarfare units and the intelligence community, and can you say whether or not there are SOPs in place that would utilize cyberwarfare units in conjunction with a physical offensive, i.e. disable Three Gorges Dam right before an op.
Thanks for the time!
Computer Literacy (Score:5, Interesting)
Re:Recruitment (Score:2, Interesting)
Obviously quasi-military operations need lots more in the way of security clearance and chains of command, but it seems like civilian-structured government organizations are better suited to many of these tasks than the conventional military. The NSA, DOD, CIA, etc. are full of bright people, many of whom have never done a push-up.
Is it the military that's going to change how it trains and retains, or will it be civilian-based government agencies that start to take over more and more of the functions of technological-based warfare?
Re:Why does the Army have a love affair with Windo (Score:3, Interesting)
Daemon? (Score:3, Interesting)
Do you think The Singularity is approaching, and if so, do you think you're prepared for it?
Are We At War? (Score:5, Interesting)
Is there any traditional military precedent for tolerating these attacks to the extent we do? Is that hesitancy making us weaker, so our eventual delayed military (or "cyber-military") response will be compromised from winning the conflict to our satisfaction?
At what point do these attacks constitute acts of war, does that need to be declared by Congress, and how does the "cyber command" change its response at that point?
Re:Why so many directly connected networks at all? (Score:3, Interesting)
Maybe they have people who can go places and attach wireless / satellite access points to various networks. It's not a safe job, but the military has plenty of jobs that aren't safe.
Re:Why so many directly connected networks at all? (Score:2, Interesting)
A military brat asks: (Score:3, Interesting)
In your work as Director of IO for Combined Joint Task Force -76, what were your greatest challenges in Afghanistan? What technology threats other than IEDs were your greatest concern?
Re:Why so many directly connected networks at all? (Score:3, Interesting)
It is often the case that the sensitive systems aren't directly connected to the Internet. Instead, the sensitive system gets inadvertently connected to another (less-sensitive) system that is connected to the Internet. The second systems gets compromised, which gives the attacker a way to attack the first system.
For example, as I understand it, a nuclear plant was taken offline by attackers. The control system was not connected to the Internet. However, the management system (payroll, timecards, etc.) was connected to the Internet so that managers could get work done via the Web. Based on some insider knowledge, the attackers subverted the management system, which was mistakenly connected to the control system (by the contractors responsible for the management system). Thus, the attackers were able to shut down the plant. So, the people responsible for the sensitive systems know to keep these systems off the Internet, but mistakes happen.
Re:Interview Question (Score:3, Interesting)
Re:For us geeks who'd be sitting behind a computer (Score:2, Interesting)
If so, would basic training be to train us to stay up all night, living on pizza, soda, Skittles, and porn?
If so, where do I sign up?!?
Where can one look to educate "him/her"self on information warfare. When recruiting; do you look for a specific mindset, skillset or qualities in candidates for this line of work?
Are there sources of internet where one can start to learn about the subject?
Re:Attacks... (Score:3, Interesting)
Personally, I would have phrased it this way: "Please tell us everything you're up to. (It's ok. We're cool.)"
Re:Relationship with the Air Force? (Score:2, Interesting)
The US Strategic Command often, not always, has its commander come from either the Air Force or the Navy (with one exception, Marine General James Cartwright), as they have the preponderance of strategic nuclear weapons (AF with ICBMs and long-range strategic bombers and Navy with sea-launched ballistic missiles (SLBMs)--the triad).
That all leads to my question: Do you foresee the eventual formation of another unified command like USSTRATCOM whose area of responsibility is that of maintaining US dominance of cyberspace--with each of the services providing their own forces to this unified command? How long until we have USCYBERCOM?
Re:China (Score:5, Interesting)
West Point (Score:1, Interesting)
I'm ok with doing something related to combat arms, but I'd be really interested doing something related to IW or Signals. Is there anything that I could do during MOS selection to increase my chances of getting one of these MOS's? And what can I expect as an IW officer--will I be sitting in Kansas or deployed abroad? Lastly, what role does the Army play in IW that differs from what the Navy or Air Force are doing?
Re:John Bircher? (Score:3, Interesting)
"It was named after John Birch, a United States military intelligence officer"
Re:Why does the Army have a love affair with Windo (Score:2, Interesting)
Point taken; I stand corrected.
Let me rephrase:
Until SELinux, if you had root access on a Linux machine, they couldn't... yadda, yadda, yadda...
I'd still argue that there is a general lack of knowledge in the DoD regarding SELinux since it has only recently been added to RHEL. And this further supports the misguided notion that Windows Domains offer more control because the network admins in the military consider them easier to configure due to that lack of knowledge.
Just to satisfy my curiosity (and show my lack of knowledge): is there a way to configure SELinux remotely in real time? For instance, say I found out about a major vulnerability in Adobe Reader version blah.blah.blah. Could I disable versions equal to that and lower remotely the moment I found out, or would it not take effect until some amount of time until the next SELinux policy update (like a restart)?
Recruitment Methods? (Score:1, Interesting)
And how do they know the recruit is a good candidate? I mean, theres a big difference between a user and a programmer. I've met a fair number of people who, in my opinion, are borderline tech-illiterate, and yet the military recruiters found them to be good candidates and hired them.
Last but no least, how many geniuses that haven't smoked pot more then just a couple times have been accepted? Come on, its ridiculous to have a policy that says one is not eligible if they smoked pot more then 3 times in there life. People, smart successful people, experiment, even for a short period in their early 20's.
I guess that also unleashes another horde of inequalities: what about the gays? Oh, i guess they aren't really people, so fuck-em, right?
Re:Legal Ramifications (Score:3, Interesting)
This is a terrible job to have that other 5% of the time, because it makes you the designated fall guy when something happens. Especially when an order comes down from on high to ignore the law, and just get something done.
I imagine the same legal assistants will be present to inform commanders of whether a target is legal or not in regards to cyber warfare.