The new chief of U.S. Cyber Command, Gen. Keith Alexander, spoke at my alma mater CSIS in Washington, DC, this morning, and while he purposefully did not make any real news, he had some interesting comments on the policy issues surrounding the new (combatant?) command.
I find it a bit amusing when military officials make declarative statements such as “we will defend our cyberspace.” Okay, well, how are you going to defend cyberspace and still maintain functionality when so much of the military’s network resides on private sector networks? He didn’t explain that one very well; he did throw in the completely useless and overused descriptor “full spectrum” cyber operations.
I think the most interesting thing he said was the military has zero real time situational awareness of its networks. Hmmm, that’s not good. Most attacks are discovered after the fact, he said, when the forensic folks come in to clean up the mess. At that point it’s too late to do much other than learn what vulnerabilities might have been revealed; like using jump drives to transfer data between non-secure and secure computers might also pass along a bug.
Alexander said the military simply lacks a common operational picture of its networks (I wonder if China lacks SA of DOD networks).
On the subject of rules of engagement, Alexander was understandably reluctant to get too far into that one, as it appears to be constantly shifting, but he did say that there would be very different ROE during peacetime and wartime. Like ROE in war zones, I’m sure CYBERCOM will maintain an ambiguity around that one to allow it certain freedom of operations.
Like any good military official, he addressed the more complex issues facing his command by framing them in the form of a question. Such as: What if an adversary uses a neutral state’s networks to bounce their cyber attack through? And, what are the ROE when the U.S. homeland is under attack?
On the issues of civil liberties and privacy, Alexander said the key is oversight by government agencies, the courts and congress. I’m predicting now that CYBERCOM will someday have the largest collection of JAG officers of any command.
– Greg Grant
{ 11 comments… read them below or add one }
Well that's encouraging
It sounds like our military needs to get some 'outside' experts to run their networks. Our military folks are too confined to 'in the box' thinking and they are slowed by greatly by the chain of command. Put a super smart civilian in charge and give that person free reign to make the necessary changes that will minimize some of the dangers that we are facing.
Hah, you can't fool us, Kevin. Very tricky, posting under a different name. Perhaps we should pay this private contractor a lot of money, too.
I'm not Kevin (who ever the hell he is).
Sorry but I did not write this one.
The mil folks will never be completely up to speed. They have a very slow information propagation cycle and are not given the financial resources to bring in the proper level of talent. Only in a communist type country can you demand the smartest people to come work for the state and it should also be noted that those evil states are promoting the engineering workforce and taking most of those jobs away from the US further decreasing our talent pool.
The leverage of control a small sophisticated enemy could have over the country would wipe nearly all our strategic advantages out.
God bless our hackers and snipers :)
The U.S. puts way to much money into its tanks and needs to worry about it's cybernetwork and cyberspace. It's like putting up a brick wall to stop a bomb from falling. Build a bunker to protect yourself!
Another thing I want to point out, the good General says much of the military resides on private sector network-what the hell? The military should have it's own friggin private network. There is tons of buried fiber out there that isn't being used, I say build your own private network and have it carry all of the sensitive info: messaging, weapons systems, secure links, etc etc, and then put everything things else that's not sensitive: email, websites, etc on the public network. Problem solved!
Okay, now I'm just waiting for Howard Schmidt, Obama's Cyber Czar, to come out and refute everything that Gen. Alexander said!
hahaha you all have no clue…. even the good general… this is what happens when the dod makes a command and puts people who aren't even communication officers in charge…. (meaning they dont even have the background in data/telephone/radio technologies within the dod).
Omniprescence is a myth unless you think you're God. Be sure to get innoculated against the sickness of GREED for a false sense of power. Can you hear me now? Or is it that buzzing in your ears? Get your own life. Cheers.