Suivre ce blog Administration + Créer mon blog
26 avril 2013 5 26 /04 /avril /2013 11:20
Information Warfare : America Gears Up For Cyber War Offensive


April 25, 2013: Strategy Page


The U.S. Department of Defense has revealed that it is now spending $30 million to set up offensive Cyber War operations in the army and air force. Two-thirds of the money is being spent by the air force which has traditionally taken the lead in Cyber War matters. The money is being spent mainly to buy hardware for the hackers, as well as software tools.


Offensive Cyber War involves a lot more than just trying to hack your way into specific enemy computers and networks. First you have to find out what you are up against. This begins with mapping where everything on enemy networks is. China was noted doing this back in 2005 and the mapping they were doing was a prerequisite to a major attack on non-Chinese systems that is still underway.


After the initial mapping you select the best targets. This is done by determining which systems yield the best impact (which ones have the most valuable information and/or are the most vulnerable). Then you go in and collect more information on specific attacks on military targets. After that you carry out the attacks.


The mapping is part of a military operation and the Chinese know that. You have to assume they will respond to the mapping, which is why the mapping is a constant process. Mapping is also done by professional Internet criminals in preparation for their more mercenary attacks (Internet fraud). Over the last decade Internet fraud has been largely taken over by highly disciplined gangs, rather than lots of individual hackers. The gangs are well organized, and have the resources to carry out extensive mapping operations. Thus many periods of heavy mapping activity is usually a prelude to major Internet based heists. Even government and military sites are valuable targets for the Internet hacking gangs, because valuable information can be sold on the black market. Governments have been known to hire the gangs for specific jobs, or simply let it be known on the black market (for data stolen by hackers) that certain types of data held by some governments will fetch a particularly high price.


The most valuable information in Cyber War offensive operations is data from enemy hackers. Stealing their tools and data (especially mapping and target selection data) is the most valuable prize of all. A lot of it is kept off line to prevent that, but one function of mapping is to discover where someone may have screwed up and left some valuable information available via the Internet.


Offensive Cyber War is a full time process, even when your people are not actually trying to hack their way into an enemy site. The Department of Defense announcement of the $30 million budget was largely to build public support for these operations and ensure that the money will keep coming.

Partager cet article
14 février 2013 4 14 /02 /février /2013 07:20



February 13, 2013:  Strategy Page


U.S. Cyber Command (USCYBERCOM) has been operational for two years now and it is encountering some serious problems in recruiting people qualified to deal with the enemy (skilled hackers attacking American networks for whatever reason). People in the software and Internet security business have been telling Cyber Command leaders that they will have to change the way they recruit if they want to get qualified people. That means hiring hackers who lived on the dark side (criminal hacking) at one point or another. Such recruits would not pass the screening usually given to potential government employees who would be handling, and protecting, classified information and critical Internet systems. Few government officials are willing to bend the rules, mainly because no one wants to be responsible for some rogue hacker who got hired without the usual screening. It’s safer to go by the book and use that for your defense when the inadequate recruiting effort leads to a major Cyber War disaster.


Cyber Command is headquartered in Fort Meade (outside Washington, DC), most of the manpower, and capabilities, come from the Cyber War operations the military services have already established. Within Cyber Command there are some smaller organizations that coordinate Cyber War activities among the services, as well as with other branches of the government and commercial organizations that are involved in network security. At the moment Cyber Command wants to expand its core staff from 900 to 4,900 in the next five years. Twenty percent of those new people will be civilians, including a number of software specialists sufficiently skilled to quickly recognize skillful intrusions into American networks and quickly develop countermeasures. That kind of talent is not only expensive but those who possess often have work histories that don’t pass the normal screening. These are the personnel Cyber Command is having a difficult time recruiting.


The big problems are not only recruiting hackers (technical personnel who can deal with the bad-guy hackers out there) but also managing them. The problem is one of culture and economics. The military is a strict hierarchy that does not, at least in peacetime, reward creativity. Troops with good technical skills can make more money, and get hassled less, in a similar civilian job. The military is aware of these problems, but it is slow going trying to fix them.


There have been efforts to fix things. Five years ago, the new U.S. Air For Cyber Command asked for some leeway in recruiting standards and military lifestyle, in order to get the kind of airmen they needed. In a word, the air force wanted geeks, and many of the recruits being sought could not pass the physical fitness test or tolerate the usual military discipline. The more expensive (and increasingly unaffordable) alternative was hiring Internet engineers and hackers as civilian contractors. The air force has, in the meantime, raised its standards for physical fitness, making it more difficult for out-of-shape geeks to get in. But the air force has noted that some hackers are late bloomers. Since air force recruits are the brightest and best educated of all the services, it's been decided to try and identify and train Internet techs from among the new airmen, and then attempt to keep them in for more than one four-year enlistment.


Actually, most military personnel these days could just as well be civilians. Armies have always had civilians along, to perform support functions. The historical term is "camp followers." In times past the ratio of civilians to soldiers was often much higher, something like eight civilians for every one soldier. Only the most disciplined armies (like the ancient Romans at their peak) kept the ratio closer to one to one. But when conscript armies became common in the 19th century, it was suddenly cheaper to replace many of those civilians with conscripts (who were paid a nominal wage). Now that armies are going all-volunteer, it's gone back to the old days, where it's cheaper to have civilians perform a lot of support jobs. This is a trend that's been going on in the American armed forces even before conscription was eliminated in the early 1970s. The effort to recruit more Internet geeks will end up gathering up more camp followers, who will stay "in the camp" to do their job and never need venture into a combat zone where the warriors are working. But the competition from the civilian economy for these highly skilled support personnel is something the ancients didn't have to worry about.


All current Cyber War operations are dependent on contract workers (civilians) for their top technical talent. There is always a shortage of these people, partly because they have to be capable of getting a security clearance. A lot of otherwise qualified technical personnel won't even apply for these Department of Defense jobs because a background check might reveal earlier hacking misadventures they would rather keep secret. Meanwhile, the Department of Defense has assembled a growing group of civilian Cyber War volunteers. Not all have security clearances but in the event of a national Cyber War crisis, that would be less of an issue.


Cyber Command remains partly blinded because it does not have sufficiently skilled people at the heart of their operation who could quickly detect, evaluate, and quickly organize responses to major hacker attacks. At the moment, the most knowledgeable people are working elsewhere (software firms, usually) and have to be asked to help out and are usually nowhere near Cyber Command headquarters.

Partager cet article


  • : RP Defense
  • : Web review defence industry - Revue du web industrie de défense - company information - news in France, Europe and elsewhere ...
  • Contact


Articles Récents