Ask the Air Force Cyber Command General About War in Cyberspace

We ran an article about the new Air Force Cyber Command and its recruiting efforts on February 13, 2008. Now Major General William Lord, who is in charge of this effort, has agreed to answer Slashdot users' questions. If you're thinking about joining up -- or just curious -- this is a golden opportunity to learn how our military is changing its command structure and recruiting efforts to deal with "cyberspace as a warfighting domain." Usual Slashdot interview rules apply.

Skynet?

[Trespass]

Have you heard enough Skynet jokes/references/analogies to make you want to kill the next guy that mentions it that thinks he's the King of Comedy?

Re:

[AnomaliesAndrew]

I saw a recruitment commercial today for this very thing on CNN before work. It said that they ward off over 5 million malicious attacks a day at the Pentagon.

My question is... how many military professionals are actually doing any of this work? From what I've heard, all they do is babysit computer screens and private contractors making 4x their pay. If that's the case, sign me up! (as a contractor.)

Already in, how can I help?

[whereizben]

General Lord, I am currently a member of the VT Air National Guard, and I have a bachelor's degree in computer science and work in IT for my civilian job - is there a good way that someone like me can be put to use in this effort without having to go onto active duty and relocate? Thanks - Ben

Re:Already in, how can I help?

[Catskul]

I for one welcome our new General (over)Lord.

Re:

[Frosty Piss]

I ignorant of the organizational relationship, but a friend of mine is Washington Air Guard, and attached to these people at McChord.

Re:

[dedeman]

I don't know if you've even considered moving your reserve allegiance to a different state, but the RIANG has the 102nd Information Warfare Squadron. I used to be in it, and still have some friends that are.

It's a very cool position, but I don't what sort of particulars I should mention on here. Lots of contingency operations for organizations who deal with information warfare (network defense, etc).

I can put you in touch with people, if you'd like.

Re:

[monoqlith]

General Lord - what a fucking sweet name! Good Lord!

In other news, I'm so glad to see that, finally, our international crises are going to be able to be settled by a game of Unreal Tournament.

Remote work?

[Anonymous Coward]

Do you have telecommuting opportunities? Terrorists and criminals don't work out of a giant call center or office building, so I would hope that those fighting against them might not have to either.

As A Military Commander...

[Wandering Wombat]

Does it ever wear you down that you have to look at anything and everything in the world as a potential tool or locale for warfare?

Re:As A Military Commander...

[ScentCone]

looking at things like the internet, which is inherently nonviolent, as a place for warfare

You probably got moddded down because your choice of language suggests a certain naivete.

The internet is nothing until someone uses it. Just like a roadside bomb, a watering can, a butterknife. Since it's pointless to talk about it unless you talk about how it's used, then what you're really talking about are the people that use it, and how they use it. To say that it's inherently non-violent is to say that the people who use it are. Which is demonstrably false. And before someone mentions the non-violence of ones and zeros, please remember that much of warfare (including heading it off before someone tries to start one) is communications, awareness, readiness, and the health of your government, industry and other large systems... all of which now depend on the network. War is about controlling, or denying other people the use of the things that allow them to have power or influence over others - and a mammoth, globe-spanning communications system is now forever going to be a central venue for things very much related to violence. It already is.

Re:

[nexuspal]

Sure he can "Look", but in most instances anyone in the military would be unable to say, direct macro policy. Money can be used as a weapon, yet he, and everybody else in the military do not have the skill, or desire, to get involved with addressing the threats of monetary warfare... So in that regard, there are times when they don't even have the standing to recognize what is going on, let alone address ways to handle the threats that come in a non-direct way.

War on blogs?

[KarMann]

So, what's up with that war on blogs [slashdot.org] we read about recently? You know, the one "so utterly stupid, it makes me want to scream." Not quite your area of responsibility directly, I believe, but certainly of interest to the crowd here.

Re:

[KarMann]

Oh, geez. Let me quote verbatim the entire Slashdot post (which, from other sources I've also seen, is not misrepresenting anything in the least):

"The military's war on blogs [wired.com], first reported last spring, is picking up. Now the Air Force is tightening restrictions [wired.com] on which blogs its troops can read. One senior Air Force official calls the squeeze so 'utterly stupid, it makes me want to scream.'" (emphasis added)

Granted, the old article may have been about the Army, but that wasn't the part I was referring

Unplugging

[The AtomicPunk]

Why has the DoD not simply disconnected from the Internet in light of all the threats and (apparently somewhat successful) attacks from abroad?

Already done

[daveschroeder]

The classified networks (such as SIPRnet [wikipedia.org] and JWICS [wikipedia.org]) are already not connected to the commodity internet. Only unclassified networks (which can still contain troves of sensitive and other information, and whose interruption can cause havoc in all manner of other ways) are connected to the commodity internet.

The answer is the same for anything else that is connected to the internet: that the benefits -- real or perceived -- of being connected to the internet on the unclassified side, with proper security controls, etc., outweighs the risks.

Re:Already done

[bleh-of-the-huns]

Actually, the SIPR net runs on top of the nipr net, the nipr net is the internet that is connected to the general internet, so technically, the SIPR net is connected to the general internet, but well secured... think of it as a giant closed VPN....

Re:

[bkr1_2k]

Thank you. I was going to respond that the GP was completely wrong, but you did it better than I would have. someone please mod Parent up.

Re:

[daveschroeder]

The actual explanation is a heck of a lot more detailed than I or the person who replied to me could have given (or that I have time to give in a slashdot comment). Suffice it to say that there is no general or routine connectivity between SIPR and the commodity internet. Given that all of the cyber attacks to which I assume the OP was referring are against resources on unclassified networks, the suggestion to "unplug" doesn't really apply, as SIPR and JWICS are sufficiently segregated. SIPR resources are i

Re:

[bleh-of-the-huns]

I intentionally left my description vague, and while the inner workings of how SIPRNET works is technically not classified, it is generally not a good idea to go too deep into its inner workings.

Re:

[djcapelis]

If I recall correctly, SIPRnet is completely segregated.

Re:

[Lavafish]

Major General Lord, Dear Sir, I am a Civilian Engineer currently working for the Army to implement EPACT05 requirements. The wired.com article discusses competition for the location of the Air Force's new Cyber Command. Given the "more connected, monitored, and controlled" direction of EPACT05 and DoD Energy Strategy, do you see value in a distributed Cyber Command? Do you feel that the deployment of Cyber Command at a single post may discourage job applications from potential Civilian employees and experts

How do we prevent "mission creep"

[Jeremiah Cornelius]

It appears that the military is increasingly involved in areas who's jurisdiction was once considered to be wholly in the civil domain. Use of jargon like "cyberspace" seems only to obfuscate and distract from the core issue. This appears an effort to recruit public opinion and defuse the deeper questions that strike at the heart of a free and civil society. I think that if we had a statement that "The private mails are a warfighting domain" would generate a fair amount of debate on the role of the military as opposed to the police, the function of constitutional protection of liberties, and the question of what actually constitutes a state of war.

What are the limits on this jurisdiction? Who enforces these limits, and how is the public informed of that status? How are efforts to extend being safeguarded from creating mission creep that threatens all civil discourse in the United States and abroad form targeting, suppression, propaganda and extra-legal surbeillance?

Cyberwarfare Doctrine

[jlaprise1]

Dear Major General Lord, I'm an academic who has been theorizing and writing about military doctrine in in cyberspace. One problem that I have encountered is in theorizing about what conflict in cyberspace looks like, though Libicki does a fine job. How does your command develop war fighting doctrine in the absence of actual conflict for cyberspace?

National Labs?

[nitroamos]

Why doesn't AFCYBER fit at one of the national labs (e.g. LANL, or LLNL) or NSA?

I thought those were the popular destinations for educated people who want to serve their country, they're already technically oriented, and they already have a lot of really smart people, so it would have seemed to me a good fit. When I'm looking at my employment possibilities, I need a way to differentiate you.

Re:

[jlaprise1]

Neither the national labs nor the NSA have the authority or mandate to conduct military operations. The national labs are put in the service of research questions from other organizations within the government and the NSA is primarily a SIGINT collection organization with some analysis responsibilities centered the interpretation network of networks and their characteristics. They were doing network analysis long before MySpace.

Attacks on the US and its Allies by China

[Yahma]

There have been several recent news reports that China has and is engaging in a nationally funded effort to hack into and attack US government computer systems. The German government recently announced that they traced recent aggressive cyber-attacks back to the Chinese government. What, if anything, is being done against this type of cyber-terrorism against us and our allies? Why do we still confer most-favored nation trading status onto a Nation who is actively engaged in efforts to spy on and attack our government and corporate computer systems?

Difference In Culture

[Chabil Ha']

Major, it seems to me (and others at /.) that the cultures that most geeks espouse run counter to the perceptions of the military. This being, for example, showing up at a consistent designated hour, opposition to wearing a standard uniform, having an overly strict form of discipline, etc.

How do you propose to reconcile those conflicts and establish your organization with any semblance of 'geek cred' to get the real talent you sound interested in attracting? What sorts of 'carrots' will you wave to attract people?

Re:

[bkr1_2k]

Why is it that geeks think of themselves in this regard? Seriously, not all intelligent, geeky people are slobs who can't keep regular hours. Being a geek doesn't mean you shun daylight or social interaction and definitely doesn't mean you shun discipline, despite what movies and some programmers might have you think. If you think it doesn't take discipline to work through a problem, methodically, deliberately, and to conclusion, be it coding, hardware, or some combination, I'd say you need to rethink yo

Re:

[Omestes]

I think the geek stereotype exists because it has some true points. I know a lot of clean, orderly geeks, but I also know my share of Mt. Dew swilling slobs. The former blend in to the general population and thus aren't as noticeable, while the latter, when they venture from their basement are noticeable.

I think this comes from the fact that us geeks aren't very social BY NATURE, we sit about all day (no matter the cleanliness of the individual) and work on little boxes than no one really quite understand

Re:

[bkr1_2k]

My point is that for whatever reason, slashdot thinks geeks only fall into the programmer/recluse category, which simply isn't true. "us geeks" fall into all categories, social and non-social by nature.

I'll also say that being "smarter, as a whole, than the average person, which doesn't help our communication skills" is complete crap. Acting like you're smarter than everyone else is a problem for communication, but if you are, in fact, smarter than the average person you should be smart enough to compensa

Major-General Stanley

[Jeremiah Cornelius]

He's the very model of a modern, Major General!

I am the very model of a modern Major-General,
I've information vegetable, animal, and mineral,
I know the kings of England, and I quote the fights historical
From Marathon to Waterloo, in order categorical;
I'm very well acquainted, too, with matters mathematical,
I understand equations, both the simple and quadratical,
About binomial theorem I'm teeming with a lot o' news

Re:Major-General Stanley

[jollyreaper]

Oh for fuck's sake, at least do something with the song!

        I am the very model of a modern cyber-General,
                I've information on viruses, digital, and veneral,
                I know the pings of the LAN, and I know the games historical
                From Marathon to Pikachu, in order categorical;
                I'm very well acquainted, too, with matters quite impractical,
                I endlessly retell old jokes, both the tired and scatological,
                About conspiracy theories I'm teeming with a lot o' news
                My many fanciful facts pin it squarely on the Jews.

                Though I've never touched a woman i've watched a lot of porn;
                Gigabytes and gigabytes, a greater expert was surely never born:
                I've information on viruses, digital, and veneral,
                I am the very model of a modern cyber-General.

Re:

[Jeremiah Cornelius]

Nearly brilliant!

Re:

[drinkypoo]

Though all my better programs that self-reference recursively
Have only been obtained through expert spying, done subversively,
But still, for input vegetable, animal and mineral,
I've built a better model than the one at Data General. [traditionalmusic.co.uk]

Re:

[jollyreaper]

Hmmm... And the panel says...

+3 Funny and Creative
-1 Screwed up the Rhythm

Cut me some slack, I'm white and nerdy.

Re:

[martin-boundary]

Not to nitpick, but civilians aren't part of the military hierarchy. That means the rules that apply to you don't apply to them. If they want to call him Major, they damn well have the right to call him Major. Think of it as an endearing nickname for him, if that helps :)

relaxing rules

[i.r.id10t]

Is it possible that rules would be relaxed to allow the types of people that can do the job already but may not be "fit" or a "good fit" for/in military service, or is the plan to take airmen and train them to do what you want them to be able to do? Would a civilian with the proper skillset be able to act as a contractor without enlisting, etc?

Re:

[Notquitecajun]

No. Now DROP and give me TWENTY!

Re:

[mother_reincarnated]

I think he was asking if someone highly qualified but gay could be a civilian contractor... But if you still want to respond with "drop and give me twenty"...

And if the GP wasn't, then I am- First my ground assumptions:
This is an entirely different battlefield with entirely different physical constraints and requirements.
The particular KSAs involved tend to be found in persons that had some degree of social isolation.
Hard-core 'cyber' geeks tend towards fat, scrawny, gay, lesbian, blind in one eye, flat fo

Older recruits?

[rolfwind]

It seems that in the military traditionally it was always looking for people fresh out of highschool for EMs and if you wanted to get anywhere in the military you had to be either college educated or, to really have a high end military career, start really young in something like the Valley Forge Military Academy and work from there.

In a traditional branch of the army/navy/airforce that is probably as it should be.

But in this area people have to be trained for years, still not know as much as the older hands in the private industry, and before they really know enough their enlistment would be over. Also, it would be unacceptable for an older IT person to join but take a pay cut to a Private's level or perhaps even a Lieutenant's -- so I imagine this branch would have to be somewhat different.

Is the military going to do to reach out toward the older folks who have extensive experience and knowledge outside the military?

A question about requirements

[downix]

A great portion of the minds you would need in order to facilitate this are not of what is traditionally classified as "fit for service." Would those requirements be altered in order to cast a larger net for a talent pool?

Re:

[tsm_sf]

Out of mod points but what a great question. "not fit for service" could be read as "diametrically opposed to the practices and philosophies of the military". Is the military really the best branch of government to handle this problem?

Re:

[Notquitecajun]

Yes it is. There has to be an ample defense of international cyber-attacks against government organizations, particularly by either state or large organized elements. We're not talking about some random script-kiddies or rogue America-haters here. Those are criminal, and therefore police/FBI problems.

Attacks by possible state-sponsored elements - think Chinese or Iranians (if they could ever get their heads out their rear); or organized non-state groups such as al-Qaeda - are military problems (you coul

Which acts of war should be illegal in cyberspace?

[cohomology]

War is never clean.

In conventional warfare, certain actions such as hiding among civilian populations are forbidden. These actions are considered war crimes because of the collateral damage they are likely to cause. What actions in cyberspace do you think should be outlawed? How about intentionally bringing down hospital IT systems, or destroying undersea cables without regard to the effects on civilian populations?

Re:Which acts of war should be illegal in cyberspa

[TubeSteak]

What actions in cyberspace do you think should be outlawed? How about intentionally bringing down hospital IT systems, or destroying undersea cables without regard to the effects on civilian populations?

How is destroying an undersea cable any different from destroying power plants, water treatement centers, bridges, airports and other pieces of infrastructure... all of which are sound military tactics? Heck, taking out communications is more important that any of the other things I've listed.

The entire point of doing these things is to create an effect on the civilian population.
Civil chaos is a good way to draw resources away from the enemy's military effort.
Long story short: Minimize civilian casualties

Re:

[Plutonite]

That is an interesting philosophical discussion (they always happen, on slashdot, don't they?), and I would contest many of your points.

Is there any part of civilian infrastructure that is not target-able by current moral standards of warfare? Before you answer that, your statement:

Minimize civilian casualties, but try to make them as miserable as possible

is pretty controversial. What do you mean miserable? Is a hospital being deprived access to the systems that facilitate saving peoples lives (directly or otherwise) being made "miserable"? Or is it a crime? And why is it allowe

Re:

[Plutonite]

Dude, if you dont use sarcasm tags they WILL mod you down :)

Re:

[blueskies]

You must either be from a fly over state or still in high school to be this ignorant. Evidently killing women and children is a good thing to you. Ask the Japanese how that went for them in ww2 after raping and killing whole populations.

Re:

[Plutonite]

I agree the reality is different, but I would not change my values on the battlefield because others in the "free world" have decided to cause fatal diseases among a civilian populace by bombing water stations, or engaged in organized (literally sanctioned) brutal sexual humiliation, or gang rape and murder of 14 year old girls and their families. Our governments need to work with OUR values, not the other way round.

USAF Mining Data Useage Patterns to Find Thoughtcr

[Jeremiah Cornelius]

If shutting down access [slashdot.org] to blogs isn't enough to create resentment, the Air Force is "developing data mining technology [cnet.com] meant to root out disaffected insiders based on their e-mail activity--or lack thereof." With "Probabilistic Latent Semantic Indexing" [spacewar.com] a graph is constructed of social network interactions from an organization's e-mail traffic "If a worker suddenly stops socializing online, abruptly shifts alliances within the organization, or starts developing an unhealthy interest in "sensitive topics," the system detects it and alerts investigators."

Physical Fitness

[spacerog]

General, You were recently quoted in Wired as having said "So if they can't run three miles with a pack on their backs but they can shut down a SCADA system, we need to have a culture where they fit in." Is this an accurate quote? As a former member of the US Army I must say that passing a PT test is not very difficult and the suggestion that some soldiers should be exempt from basic minimum requirements is rather upsetting. Are you actually advocating the relaxation of military physical fitness standards for 'cyber warriors'? Would this not create a double standard and animosity between the cyber command and other sections of the military? Surely there must be other recruitment incentives that can be applied to attract the talent you need.

- Space Rogue

Re:

[zarthrag]

When I was in basic (not long ago - 03) The requirements went WAAAY up, and I'm quite fit (by geek standards, at least). Most slashdotters wouldn't make it in the door. Not saying that they should be exempt, but the standard is high.

Re:

[rolfwind]

I thought requirements were relaxed in the mean time to attract recruits because of Iraq (and even the age requirement got greatly bumped up).

Re:Physical Fitness

[bkr1_2k]

According to this web site PT standards haven't gone up at all in recent history since those are about the same (roughly) as when I was in the military in the early 90s. I was in the Air Force, but trained with all services during tech school so I was quite familiar with Army standards of the time. http://usmilitary.about.com/od/army/a/afpt.htm [about.com]

For soldiers 22-26 it's 40 push ups (in 2 minutes), 50 sit ups (in 2 minutes) and 16:36 time for the 2 mile run. Those values only get easier for older soldiers. If you think "most slashdotters" wouldn't make it in the door, I think you're sadly mistaken. Those are particularly easy values for anyone remotely fit to attain, and not particularly difficult for many people who aren't that fit. Obviously there is a contingent of folks who are sadly out of shape, for whatever reason, that it would be difficult for but it's far from "most" even in the slashdot community, I'd guess.

Re:

[Notquitecajun]

As a corollary, if you CAN'T meet the above requirements, and it takes you more than a month to get there, and you're not too old or disabled...

You have fitness issues that need correcting. Period.

When the USA finally gets "IT"...

[PC and Sony Fanboy]

When the US military is run by people who are representative of their population, and understand the composition of their country, they may be successful in persuading the best and brightest minds to work for them. As an observer here in canada (and we're not THAT much better for this), the american system tends to use the stick, not the carrot, in order to persuade its citizens to do the right thing - which discourages experimentation! The US military is percieved as being much worse.

Basic Training

[fistfullast33l]

My question would be, what can I expect training to be like? Obviously I would expect to go through some kind of basic training similar to regular recruits, but what kind of technical training would occur? If I'm in ROTC and getting a Bachelors or Associates in Computer Science or Math, is there some form of advanced training that is necessary? What platforms/technologies can I expect to use? Are there different types - networking, application security or even some form of hardware protection? How abou

Preferred Skillset?

[katch22]

General Lord, I am currently a Computer Science student attending a U.S. university, and I am curious as to what skills you would like to see in potential recruits for the USAF Cyber Command. What areas of expertise are preferred over others?

Are you prepared for this?

[djcapelis]

Security professionals thrive in an environment where authority is questioned, basic assumptions are always challenged and diversity of thought is critical. Even the idea of uniforms is going to drive away the professionals you need to set up this type of institution. Do you believe that setting up this type of institution within the military is even a good idea? Do you think that perhaps there's a more appropriate environment for it? Are you entirely aware of what kinds of challenges you face in recruiting top-notch people for this type of thing? Would you even know a top-notch security professional if you saw one? They're not easy to identity unless you're another security professional. Are you? Do you really have what it takes to try and lead this type of organization?

If so, can you tell me why you chose ASP to run your website? Won't you have enough trouble recruiting as is without alienating some open-source loving folks right off the bat?

So far everything I've seen about this organization is riddled with basic mistakes. I wish you the best of luck but I'm just not convinced you have any idea what you're getting yourself into with this initiative.

What tech do you have that came from the stargate?

[Joe The Dragon]

What tech do you have that came from the Stargate? and what is really going on at Cheyenne Mountain Operations Center?

Name Change

[spacerog]

General,
Perhaps the reason you are having difficulty in attracting top talent is partly due to the name of your unit. Cyber Command? Sorry, but that just sounds soooo 1980's. How about Electronic Defense Command or something, anything without the word 'cyber' in it. Seriously, have there been any thoughts about a name change?
- Space Rogue

Re:

[show me altoids]

This from a guy named "Space Rogue."

(j/k)

Re:

[realisticradical]

iForce

Re:

[bkr1_2k]

iFarce

There, fixed that for you.

Re:

[Plutonite]

This is the DoD, not the church. Please keep religious affiliation aside.

It is good war is so terrible...

[MozeeToby]

I wise man once said "It is good that war is so terrible, lest we grow too fond of it". If cyberwarfare ever becomes a reality, how do we respond to the fact that is isn't "terrible"?

The direct damage from such warfare would be primarily economic or data security related (rather than a cost in human lives) how do you feel we can prevent it from becoming a monthly, yearly, or daily occurance?

Criminal vs Warlike Actions

[florescent_beige]

General Lord,

Does the AFCC have a mandate to pursue criminals that use information infrastructure to commit crimes, or is your group intended to defend against warlike attacks only?

If the latter is true, how would you distinguish between criminal activity and warlike activity in cyberspace?

Will the USAF Cyber Command be full of TPS reports

[Joe The Dragon]

Will the USAF Cyber Command be full of TPS reports and other crap like long wait times with lots of paper work to get small thing like adding ram, getter better systems, install new software and other things?

Will you be forced on to the standard USAF window base image with limited admin accounts like how the navy and marine systems that are a Big mess are setup?

Will you use mac and linux like how the army does?

Legal Hacking...

[JeanBaptiste]

Just post a list of the stuff you want hacked and the more patriotic hackers will enjoy doing it for free.

Due to the nature of hacking and what many people do to acquire such skills, they may not want to 'join up' and all that.

But if you post a list of IP's that are okay to bring down, and networks you want information stolen from, with the understanding that the US will not condemn any attacks, and I'm sure more than enough people would do it for free.

Is there anything like this already in place? Cause I got nothing better to do this weekend. Or most any weekend.

Re:

[Kuciwalker]

It could be like letters of marque!

Re:

[bughunter]

I'm not a software pirate.

I'm a software privateer!

I really hope this gets asked

[Nemilar]

This is something I really hope gets asked. A lot of the comments here seem to be of the "the people you need aren't going to fit in with the military structure" as well as, "are you sure you even know what you're getting into doing this?"

I think Internet Privateers, a sibling-comment suggests, would be perfectly legitimate - and as effective, if not more effective, than an organized USAF "cyber attack" on, e.g, the PRC. I don't doubt the need for a "cyber command" to protect American information infrastr

Great stories

[qoncept]

This is a great opportunity to hear military propaganda. For those interested, the simple truth is that the Air Force is finally acting reducing the number of programmers and other computer-related jobs and contracting them out, and trying to look "tough" by deploying to forward locations. You know -- the type the Army and Marines are trained for.

Will you be forced on to the standard USAF window

[Joe The Dragon]

Will you be forced on to the standard USAF window base image with limited admin accounts like how the navy and marine systems that are a Big mess are setup?

Will you use Mac and Linux like how the army does?

Could a Cyber Attack Trigger a Real War?

[florescent_beige]

General Lord,

I'm curious to know if you have have any criteria that would enable you do decide when a cyber attack is an act of war. Would it be possible for some kind of action inside a network to lead to a shooting war without some kind of overt physical threat occurring first?

CyberCommand Location

[Mz6]

General,

Can you explain some about the situation developing between Barksdale AFB and Offutt AFB as they try to fight over the eventual final location for CyberCommand? My thoughts are that finding and recruiting talent, and laying the foundation for such a large wired infrastructure in the Omaha, Nebraska area may be easier to accomplish than in and around Shreveport, LA. What types of things is the DoD looking for when they choose the final location for this new Command?

Re:

[Notquitecajun]

As a Louisianian, my response to this is that Nebraskans may be smarter, but Louisianians can cook better. Even if Shreveport is really East Texas with legalized gambling.

Actually, Barksdale has a nearby resource - it's called Louisiana Tech University, one of the good cheap engineering schools in the USA.

International Development and AFCC's Tool Set

[florescent_beige]

General Lord,

Some of the "hacker" types that I understand the AFCC is looking for probably will prefer to work with Linux and Linux applications.

Due to the international nature of software like Linux that has been developed through the "free" paradigm, would this be allowed? These tools will have been produced by nationals from many different countries, perhaps even those that the United States could find itself fighting a cyber war against.

Re:

[florescent_beige]

Non-issue; Linux and OSS is well used within the DoD, even if not acknowledged at the highest levels. The issue always comes up, and then is shot down. They're even using commercial software from Germany (X-Ways) and many other foreign nations.

I have no doubt this is true. What I'm interested in is hearing a General and a CO's perspective.

I have some experience with the International Traffic in Arms Regulations (ITAR) rules, since I'm Canadian and sometimes work for US companies that have dual-use technology. Certain people, depending on their background, are prohibited from working for certain US companies in certain roles.

The fact that FOSS often involves community support could theoretically mean someone in Iran or China could be asked t

SCADA Warfare

[StickyWidget]

General, during current war operations it is common procedure to target areas of enemy infrastructure (electricity, water, gas, transportation, communications) with the intent to disable or destroy. As the systems being used to control this infrastructure are becoming more and more interconnected, and increasingly use standard computers and interconnections (i.e. TCP/IP and Internet), this could potentially become another method of attacking enemy infrastructure.

Will there be a doctrine for cyber attacks

The very model of a modern major general...

[MadUndergrad]

What is the meaning of mamelon and ravelin?

Accept, Retain, Solicit good people?

[Lally Singh]

General,

      Some of the most talented people in computer security tend to have the sort of records that prevent them from getting clearance. Maybe nothing heavily criminal, but enough of a colored background that traditional security clearance mechanisms would throw them out of the room before they get started. Often the same types of minds that are really good at computer security are also the rebel types, who'll have some history. Will you work to get these people in, or are we looking at a bunch of off-the-shelf programmers/admins who've taken a few simple courses in computer security?

      Also, how do you plan to attract/retain them? Again, rebel types are some of the best hackers, and they're not likely to go in without incentives. Not due to any lack of patriotism per se, but an unexplored understanding of it. More importantly, they're likely to be anti-establishment types who aren't comfortable in the strict traditional chain of command. Finally, usually the outside industry pays quite well for the good ones. Are you prepared to financially compete for the best?

      Finally, will there be any connections back to the research/academic community? You may find academics more happy to help than usual, as cyber warfare can often be nonviolent. Also, will the existing (and immense) capability within the NSA be properly leveraged?

      I'm glad to see our DoD taking our nation's networked security seriously. Right now it's just a bad, bad joke.

Best of Luck!

-Lally Singh

cyber warfare can often be nonviolent

[Dareth]

cyber warfare can often be nonviolent

I think you meant non-destructive. See the casualties will all be virtual and tallied up by computers on both sides. The people who were "killed" in each attack, even if from a third neutral party starship, will be expected to report to the disintegration chambers at their designated time.

This is absolutely necessary to ensure our respective infrastructures remain intact. It is better that our wars are fought in cyberspace. Wouldn't you rather the front lines be Se

My question is:

[drspliff]

I have no doubt that when stockpiling security researchers and analysts, much as Google do and other companies do, will result in lots of creative projects and ideas regardless of what the military's goals are; however, are these going to be returned to Americans, educational institutions and the international community?

Or will it be another case of knowledge hoarding with no return to the tax payers who funded it?

Whata moniker...

[Chyeld]

Major, General, Lord? Phew, I imagine you have alota fun with that one.

Why was the Air Force tasked with this?

[Isaac-Lew]

Why should the US Air Force be tasked with this, instead of DISA or NSA, neither of which is tied to a specific branch of the military?

Random Questions

[Ilan Volow]

1. Is there any age limit? Would someone who is in their mid-30's still qualify?

2. Would the Cyber Command overlook the policy on those with ADD who take a medication (Ritalin, etc) for this condition?

3. Can I get caffeine-laced MRE's?

4. What are Rules Of Engagement in Cyberwarfare?

5. What will Cyber Command's relationship be with regards to Homeland Security's Cyber Sercurity divison? What steps will you take to ensure sharing of information while not stomping on each other's toes?

Cyber Commander

[imgod2u]

Is the Cyber Commander's uniform a robe and wizard hat?

How are you doing...

[Deliveranc3]

Infiltrating encryption and security software at the source, have you noticed large amounts of server corruption to distribute compromised software.

Are there any plans to put backdoors in domestic encryption software?

Why are you lying?

eh hemmm

[djupedal]

"We ran an article about the new Air Force Cyber Command and its recruiting efforts on February 13, 2008."

See, this is the issue with /.

Wired ran an article, and /. simply rode those coattails. Claiming otherwise isn't trivial, is open to legal action and...assumes that /. readers are pretty dumb as a group, when the opposite is actually the truth. The dolts that run /. are the dumb ones.

What if this alternative existed for Mitnick?

[Anonymous Meoward]

One of the storied stereotypes of the hacker domain is that of the nabbed "black hat" being impressed Into a "white hat" role. (Think Leonardo DiCaprio's role in "Catch Me If You Can".) However, the US armed forces no longer offer service as an alternative to prison (last I checked anyway), even though it offers a hacker in such a position the best deal he or she may ever get.

Would you seriously consider trying to exploit the talents of convicted hackers if you thought those talents could be a viable asset?

Question about Existing Contractors

[tachyon13]

General Lord, I currently work as the exact type of 'cyber warrior' you intend to recruit. But I already have a Top Secret clearance, already familiar with DoD systems, etc. The dynamic with what we call 'Information Assurance' is that of a constant struggle with our contractor management (stay within the contract, the budget, etc) and with our 'warfighter' higher ups (educating them on why they can't have full access from their home in the spirit of "operations are a priority, to hell with security"). So assuming you can get the type of expertise that are eligible for clearances, and that are willing to relocate to Offutt/etc, how are you going to address the core issue of security in the DoD: Operations/budget/schedule will always trump security. Or alternatively, security will always be back burner to 'hot' issues. Thank you for your time.

Cyberwarfare and the Law

[arik181]

During times of war, special laws come into effect. The killing of another human being, normally considered one of the most heinous of crimes, is a legitimate practice under combat conditions. My question is this: Does the law come into play at all during cyberwarfare, or is "code" the new law, as far as the USAF is concerned? Does cyberwarfare relate more closely to a covert operation? If there is a strict legal framework for cybercombat, what are its fundamental aspects?

How does it affect people outside the US?

[baboonlogic]

I am an Indian and what the US does have non-trivial effects on my day to day life. US military publicly and actively declaring meddling with the internet to be a part of their job can amongst other things motivate my political overlords into some kind of action.

Like everything else this has both good and bad effects for me. I don't think our establishments here have a very good idea of what freedom of speech means and they could easily do some wrong here. On the other hand it opens up business opportunit

Lord Major General Lord

[Jardine]

Is there a scenario where it would be possible for Major General Lord to obtain the title of "Lord"? Because then he'd be Lord Major General Lord. And that would be awesome. Not quite as awesome as Major Major Major Major, but still awesome.

flexibility

[Eil]

General Lord,

I served proudly as an active duty member of the United States Air Force for 4 years and then in the Reserves for another 4 years. Although the Air Force is generally regarded as the most "modern" of the U.S. military branches, I still found that the overall structure was too rigid to take me where I wanted to go, so I followed my inner geek and moved fully into the civilian sector.

You said, 'We have to change the way we think about warriors of the future.' At first, I guessed that you would hire these individuals into government contractor positions, but the Wired article implies otherwise. Many of the brightest security experts, by nature, are highly independent and have a noted distaste for many of the standards that being in the Air Force require, such as basic training, dress and appearance, and physical fitness. How far will the Cyber Command bend the traditional standards in order to persuade the best and brightest in the security field to sign up into a military career?

Supermilworms

[cybrpnk2]

General Lord-

Superworms [wormblog.com] such as Storm [wired.com] represent perhaps the greatest threat to the internet becasue their stealthy natures allows the organization of millions of computers into a covert zombie botnet before their true exploit is finally launched. Will Cyber Command launch offensive operations to hunt down and destroy superworms already imbedded in cyberspace civilian computers, or create supermilworms (new word for CC use if you wish, with zero Google hits) that covertly draft millions of civilian cyberspace computers as secret War Reserve resources available for future callup and deployment in a future cyberspace battle?

National Guard Role?

[BanjoBob]

Dear Gen Lord:

In major campaigns, the National Guard (and Air National Guard) play a significant role and are often the front line service. How do you see the individual state Guard units participating? In addition, what Civilian roles will be both a part of the Guard and contracted to the Guard?

Re:

[WeeLad]

What are some of the differences between this and other parts of the military, in terms of application requirements, benefits, pay, etc?

... and possibly as a follow up ... Why specifically is the Air Force the branch of the U.S. military to pursue this? Is there something about the USAF that makes it a better fit than the Navy or Army?

Re:

[jollyreaper]

Overrated? Come on! You can't tell me that Air Force Cyber Command doesn't sound like something that would be fighting Cobra.