Leadership

Pentagon has bold plan for digital warfare

Pentagon officials are making plans for a new cyberwarfare strategic command, but the plans still await final details and approval.

In a move similar to President Obama's promise to appoint a cyber czar, the Pentagon intends to create a new military command specifically dedicated to computer warfare operations. This initiative, announced by administration officials on the 28th of May, would be a complement to the civilian "cyber security" initiatives announced the very next day.

This new plan is a response to a number of criticisms and admitted failings of current Department of Defense policies regarding digital warfare. Among the milder criticisms are statements that offensive and defensive operations are segregated and poorly coördinated (if they are coördinated at all). Stepping up the scale of the seriousness of charges of poor policy development and implementation a bit, we find my own earlier article, China chooses FreeBSD as basis for secure OS, which points out areas where China may be moving well ahead of the US military in terms of defensibility. The critiques get more serious from there in discussion of that article, culminating in the following statement from TechRepublic community member pacomj60:

In 1979 I commanded the first USAF cyber team which we called the Red Team. We went after our own systems and everything said today about Vulnerabilities we knew then. No one read the reports.

Criticism doesn't get much more scathing that the kind of demonstration of indifference embodied in the sentence "No one read the reports." It seems things may have turned around, judging by the establishment of a new cyberwarfare command in Fort Meade, MD.

Air Force General Kevin Chilton, commander of the US Strategic Command, said the new cyberwarfare command would require two to four thousand personnel over the next five years. They're still working out the budgeting details.

The plan hasn't been presented to President Obama in full yet, according to the New York Times, and according to the AP story in Slate, Defense Secretary Gates has not yet given final approval for the plan.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

45 comments
deepsand
deepsand

Individual articles listed below.

deepsand
deepsand

June 28, 2009 U.S. and Russia Differ on a Treaty for Cyberspace By JOHN MARKOFF and ANDREW E. KRAMER The United States and Russia are locked in a fundamental dispute over how to counter the growing threat of cyberwar attacks that could wreak havoc on computer systems and the Internet. Both nations agree that cyberspace is an emerging battleground. The two sides are expected to address the subject when President Obama visits Russia next week and at the General Assembly of the United Nations in November, according to a senior State Department official. But there the agreement ends. Russia favors an international treaty along the lines of those negotiated for chemical weapons and has pushed for that approach at a series of meetings this year and in public statements by a high-ranking official. The United States argues that a treaty is unnecessary. It instead advocates improved cooperation among international law enforcement groups. If these groups cooperate to make cyberspace more secure against criminal intrusions, their work will also make cyberspace more secure against military campaigns, American officials say. ?We really believe it?s defense, defense, defense,? said the State Department official, who asked not to be identified because authorization had not been given to speak on the record. ?They want to constrain offense. We needed to be able to criminalize these horrible 50,000 attacks we were getting a day.? Any agreement on cyberspace presents special difficulties because the matter touches on issues like censorship of the Internet, sovereignty and rogue actors who might not be subject to a treaty. United States officials say the disagreement over approach has hindered international law enforcement cooperation, particularly given that a significant proportion of the attacks against American government targets are coming from China and Russia. And from the Russian perspective, the absence of a treaty is permitting a kind of arms race with potentially dangerous consequences. Officials around the world recognize the need to deal with the growing threat of cyberwar. Many countries, including the United States, are developing weapons for it, like ?logic bombs? that can be hidden in computers to halt them at crucial times or damage circuitry; ?botnets? that can disable or spy on Web sites and networks; or microwave radiation devices that can burn out computer circuits miles away. The Pentagon is planning to create a military command to prepare for both defense and offensive computer warfare. And last month, President Obama released his cybersecurity strategy and said he would appoint a ?cybersecurity coordinator? to lead efforts to protect government computers, the air traffic control system and other essential systems. The administration also emphasizes the benefits of building international cooperation. The Russian and American approaches ? a treaty and a law enforcement agreement ? are not necessarily incompatible. But they represent different philosophical approaches. In a speech on March 18, Vladislav P. Sherstyuk, a deputy secretary of the Russian Security Council, a powerful body advising the president on national security, laid out what he described as Russia?s bedrock positions on disarmament in cyberspace. Russia?s proposed treaty would ban a country from secretly embedding malicious codes or circuitry that could be later activated from afar in the event of war. Other Russian proposals include the application of humanitarian laws banning attacks on noncombatants and a ban on deception in operations in cyberspace ? an attempt to deal with the challenge of anonymous attacks. The Russians have also called for broader international government oversight of the Internet. But American officials are particularly resistant to agreements that would allow governments to censor the Internet, saying they would provide cover for totalitarian regimes. These officials also worry that a treaty would be ineffective because it can be almost impossible to determine if an Internet attack originated from a government, a hacker loyal to that government, or a rogue acting independently. The unique challenge of cyberspace is that governments can carry out deceptive attacks to which they cannot be linked, said Herbert Lin, director of a study by the National Research Council, a private, nonprofit organization, on the development of cyberweapons. This challenge became apparent in 2001, after a Navy P-3 surveillance plane collided with a Chinese fighter plane, said Linton Wells II, a former high-ranking Pentagon official who now teaches at the National Defense University. The collision was followed by a huge increase in attacks on United States government computer targets from sources that could not be identified, he said. Similarly, after computer attacks in Estonia in April 2007 and in the nation of Georgia last August, the Russian government denied involvement and independent observers said the attacks could have been carried out by nationalist sympathizers or by criminal gangs. The United States is trying to improve cybersecurity by building relationships among international law enforcement agencies. State Department officials hold out as a model the Council of Europe Convention on Cybercrime, which took effect in 2004 and has been signed by 22 nations, including the United States but not Russia or China. But Russia objects that the European convention on cybercrime allows the police to open an investigation of suspected online crime originating in another country without first informing local authorities, infringing on traditional ideas of sovereignty. Vladimir V. Sokolov, deputy director of the Institute for Information Security Issues, a policy organization, noted that Russian authorities routinely cooperated with foreign police organizations when they were approached. This is not the first time the issue of arms control for cyberspace has been raised. In 1996, at the dawn of commercial cyberspace, American and Russian military delegations met secretly in Moscow to discuss the subject. The American delegation was led by an academic military strategist, and the Russian delegation by a four-star admiral. No agreement emerged from the meeting, which has not previously been reported. Later, the Russian government repeatedly introduced resolutions calling for cyberspace disarmament treaties before the United Nations. The United States consistently opposed the idea. In late April, Russian military representatives indicated an interest in renewed negotiations at a Russian-sponsored meeting on computer security in Garmisch, Germany. John Arquilla, an expert in military strategy at the Naval Postgraduate School in Monterey, Calif., who led the American delegation at the 1996 talks, said he had received almost no interest from within the American military after those initial meetings. ?It was a great opportunity lost,? he said. Unlike American officials who favor tightening law enforcement relationships, Mr. Arquilla continues to believe in cyberspace weapons negotiations, he said. He noted that the treaties on chemical weapons had persuaded many nations not to make or stockpile such weapons. The United States and China have not held high-level talks on cyberwar issues, specialists say. But there is some evidence that the Chinese are being courted by Russia for support of an arms control treaty for cyberspace. ?China has consistently attached extreme importance to matters of information security, and has always actively supported and participated in efforts by the international community dedicated to maintaining Internet safety and cracking down on criminal cyber-activity,? Qin Gang, spokesman for the Foreign Ministry, said in a statement. Whether the American or Russian approach prevails, arms control experts said, major governments are reaching a point of no return in heading off a cyberwar arms race. John Markoff reported from New York, and Andrew E. Kramer from Moscow. Edward Wong and Xiyun Yang contributed reporting from Beijing. Copyright 2009 The New York Times Company

seanferd
seanferd

That's a bit of a poser. Thanks for the article. (All of them, actually.)

santeewelding
santeewelding

Think on that; think on it here and in so many other ways.

deepsand
deepsand

To be of value, they require an effective means of being enforced. On the other hand, while a treaty may serve to lend both legal & public support for it, enforcement can be had in the absence of a treaty. Furthermore, given the difficulties inherent in attempting to predict the measures required for counteracting future threats in a virtual environment, a treaty can functionally do no more than set forth general goals. One need look only to the difficulty that present Law has, and has always had, in dealing with technological changes in order to understand the futility of here relying on treaties for any more than a gesture of good will.

deepsand
deepsand

June 13, 2009 Cyberwar Privacy May Be a Victim in Cyberdefense Plan By THOM SHANKER and DAVID E. SANGER WASHINGTON - A plan to create a new Pentagon cybercommand is raising significant privacy and diplomatic concerns, as the Obama administration moves ahead on efforts to protect the nation from cyberattack and to prepare for possible offensive operations against adversaries? computer networks. President Obama has said that the new cyberdefense strategy he unveiled last month will provide protections for personal privacy and civil liberties. But senior Pentagon and military officials say that Mr. Obama?s assurances may be challenging to guarantee in practice, particularly in trying to monitor the thousands of daily attacks on security systems in the United States that have set off a race to develop better cyberweapons. Much of the new military command?s work is expected to be carried out by the National Security Agency, whose role in intercepting the domestic end of international calls and e-mail messages after the Sept. 11, 2001, attacks, under secret orders issued by the Bush administration, has already generated intense controversy. There is simply no way, the officials say, to effectively conduct computer operations without entering networks inside the United States, where the military is prohibited from operating, or traveling electronic paths through countries that are not themselves American targets. The cybersecurity effort, Mr. Obama said at the White House last month, ?will not ? I repeat, will not ? include monitoring private sector networks or Internet traffic.? But foreign adversaries often mount their attacks through computer network hubs inside the United States, and military officials and outside experts say that threat confronts the Pentagon and the administration with difficult questions. Military officials say there may be a need to intercept and examine some e-mail messages sent from other countries to guard against computer viruses or potential terrorist action. Advocates say the process could ultimately be accepted as the digital equivalent of customs inspections, in which passengers arriving from overseas consent to have their luggage opened for security, tax and health reasons. ?The government is in a quandary,? said Maren Leed, a defense expert at the bipartisan Center for Strategic and International Studies who was a Pentagon special assistant on cyberoperations from 2005 to 2008. Ms. Leed said a broad debate was needed ?about what constitutes an intrusion that violates privacy and, at the other extreme, what is an intrusion that may be acceptable in the face of an act of war.? In a recent speech, Gen. James E. Cartwright, vice chairman of the Joint Chiefs of Staff and a chief architect of the new cyberstrategy, acknowledged that a major unresolved issue was how the military ? which would include the National Security Agency, where much of the cyberwar expertise resides ? could legally set up an early warning system. Unlike a missile attack, which would show up on the Pentagon?s screens long before reaching American territory, a cyberattack may be visible only after it has been launched in the United States. ?How do you understand sovereignty in the cyberdomain?? General Cartwright asked. ?It doesn?t tend to pay a lot of attention to geographic boundaries.? For example, the daily attacks on the Pentagon?s own computer systems, or probes sent from Russia, China and Eastern Europe seeking chinks in the computer systems of corporations and financial institutions, are rarely seen before their effect is felt inside the United States. Some administration officials have begun to discuss whether laws or regulations must be changed to allow law enforcement, the military or intelligence agencies greater access to networks or Internet providers when significant evidence of a national security threat was found. Ms. Leed said that while the Defense Department and related intelligence agencies were the only organizations that had the ability to protect against such cyberattacks, ?they are not the best suited, from a civil liberties perspective, to take on that responsibility.? Under plans being completed at the Pentagon, the new cybercommand will be run by a four-star general, much the way Gen. David H. Petraeus runs the wars in Afghanistan and Iraq from Central Command in Tampa, Fla. But the expectation is that whoever is in charge of the new command will also direct the National Security Agency, an effort to solve the turf war between the spy agency and the military over who is in charge of conducting offensive operations. While the N.S.A.?s job is chiefly one of detection and monitoring, the agency also possesses what Michael D. McConnell, the former director of national intelligence, called ?the critical skill set? to respond quickly to cyberattacks. Yet the Defense Department views cyberspace as its domain as well, a new battleground after land, sea, air and space. The complications are not limited to privacy concerns. The Pentagon is increasingly worried about the diplomatic ramifications of being forced to use the computer networks of many other nations while carrying out digital missions ? the computer equivalent of the Vietnam War?s spilling over the Cambodian border in the 1960s. To battle Russian hackers, for example, it might be necessary to act through the virtual cyberterritory of Britain or Germany or any country where the attack was routed. General Cartwright said military planners were trying to write rules of engagement for scenarios in which a cyberattack was launched from a neutral country that might have no idea what was going on. But, with time of the essence, it may not be possible, the scenarios show, to ask other nations to act against an attack that is flowing through their computers in milliseconds. ?If I pass through your country, do I have to talk to the ambassador?? General Cartwright said. ?It is very difficult. Those are the questions that are now really starting to emerge vis-?-vis cyber.? Frida Berrigan, a longtime peace activist who is a senior program associate at the New America Foundation?s arms and security initiative, expressed concerns about whether the Obama administration would be able to balance its promise to respect privacy in cyberspace even as it appeared to be militarizing cybersecurity. ?Obama was very deliberate in saying that the U.S. military and the U.S. government would not be looking at our e-mail and not tracking what we do online,? Ms. Berrigan said. ?This is not to say there is not a cyberthreat out there or that cyberterrorism is not a significant concern. We should be vigilant and creative. But once again we see the Pentagon being put at the heart of it and at front lines of offering a solution.? Ms. Berrigan said that just as the counterinsurgency wars in Iraq and Afghanistan had proved that ?there is no front line anymore, and no demilitarized zone anymore, then if the Pentagon and the military services see cyberspace as a battlefield domain, then the lines protecting privacy and our civil liberties get blurred very, very quickly.? Copyright 2009 The New York Times Company

santeewelding
santeewelding

In my droll sense, intimate revetment in the sense of, "self". Or, do I not understand the thing of it all?

deepsand
deepsand

Black cannot be distinguished from white with eyes closed. Revetment would require withdrawal from the realm of data/tele-comm.

deepsand
deepsand

May 31, 2009 Cyberwar Contractors Vie for Plum Work, Hacking for the United States By CHRISTOPHER DREW and JOHN MARKOFF MELBOURNE, Fla. The government?s urgent push into cyberwarfare has set off a rush among the biggest military companies for billions of dollars in new defense contracts. The exotic nature of the work, coupled with the deep recession, is enabling the companies to attract top young talent that once would have gone to Silicon Valley. And the race to develop weapons that defend against, or initiate, computer attacks has given rise to thousands of ?hacker soldiers? within the Pentagon who can blend the new capabilities into the nation?s war planning. Nearly all of the largest military companies ? including Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon ? have major cyber contracts with the military and intelligence agencies. The companies have been moving quickly to lock up the relatively small number of experts with the training and creativity to block the attacks and design countermeasures. They have been buying smaller firms, financing academic research and running advertisements for ?cyberninjas? at a time when other industries are shedding workers. The changes are manifesting themselves in highly classified laboratories, where computer geeks in their 20s like to joke that they are hackers with security clearances. At a Raytheon facility here south of the Kennedy Space Center, a hub of innovation in an earlier era, rock music blares and empty cans of Mountain Dew pile up as engineers create tools to protect the Pentagon?s computers and crack into the networks of countries that could become adversaries. Prizes like cappuccino machines and stacks of cash spur them on, and a gong heralds each major breakthrough. The young engineers represent the new face of a war that President Obama described Friday as ?one of the most serious economic and national security challenges we face as a nation.? The president said he would appoint a senior White House official to oversee the nation?s cybersecurity strategies. Computer experts say the government is behind the curve in sealing off its networks from threats that are growing more persistent and sophisticated, with thousands of intrusions each day from organized criminals and legions of hackers for nations including Russia and China. ?Everybody?s attacking everybody,? said Scott Chase, a 30-year-old computer engineer who helps run the Raytheon unit here. Mr. Chase, who wears his hair in a ponytail, and Terry Gillette, a 53-year-old former rocket engineer, ran SI Government Solutions before selling the company to Raytheon last year as the boom in the military?s cyberoperations accelerated. The operation ? tucked into several unmarked buildings behind an insurance office and a dentist?s office ? is doing some of the most cutting-edge work, both in identifying weaknesses in Pentagon networks and in creating weapons for potential attacks. Daniel D. Allen, who oversees work on intelligence systems for Northrop Grumman, estimated that federal spending on computer security now totals $10 billion each year, including classified programs. That is just a fraction of the government?s spending on weapons systems. But industry officials expect it to rise rapidly. The military contractors are now in the enviable position of turning what they learned out of necessity ? protecting the sensitive Pentagon data that sits on their own computers ? into a lucrative business that could replace some of the revenue lost from cancellations of conventional weapons systems. Executives at Lockheed Martin, which has long been the government?s largest information-technology contractor, also see the demand for greater computer security spreading to energy and health care agencies and the rest of the nation?s critical infrastructure. But for now, most companies remain focused on the national-security arena, where the hottest efforts involve anticipating how an enemy might attack and developing the resources to strike back. Though even the existence of research on cyberweapons was once highly classified, the Air Force plans this year to award the first publicly announced contract for developing tools to break into enemy computers. The companies are also teaming up to build a National Cyber Range, a model of the Internet for testing advanced techniques. Military experts said Northrop Grumman and General Dynamics, which have long been major players in the Pentagon?s security efforts, are leading the push into offensive cyberwarfare, along with the Raytheon unit. This involves finding vulnerabilities in other countries? computer systems and developing software tools to exploit them, either to steal sensitive information or disable the networks. Mr. Chase and Mr. Gillette said the Raytheon unit, which has about 100 employees, grew out of a company they started with friends at Florida Institute of Technology that concentrated on helping software makers find flaws in their own products. Over the last several years, their focus shifted to the military and intelligence agencies, which wanted to use their analytic tools to detect vulnerabilities and intrusions previously unnoticed. Like other contractors, the Raytheon teams set up ?honey pots,? the equivalent of sting operations, to lure hackers into digital cul-de-sacs that mimic Pentagon Web sites. They then capture the attackers? codes and create defenses for them. And since most of the world?s computers run on the Windows or the Linux systems, their work has also provided a growing window into how to attack foreign networks in any cyberwar. ?It takes a nonconformist to excel at what we do,? said Mr. Gillette, a tanned surfing aficionado who looks like a 1950s hipster in his T-shirts with rolled-up sleeves. The company, which would allow interviews with other employees only on the condition that their last names not be used because of security concerns, hired one of its top young workers, Dustin, after he won two major hacking contests and dropped out of college. ?I always approach it like a game, and it?s been fun,? said Dustin, now 22. Another engineer, known as Jolly, joined Raytheon in April after earning a master?s degree in computer security at DePaul University in Chicago. ?You think defense contractors, and you think bureaucracy, and not necessarily a lot of interesting and challenging projects,? he said. The Pentagon?s interest in cyberwarfare has reached ?religious intensity,? said Daniel T. Kuehl, a military historian at the National Defense University. And the changes carry through to soldiers being trained to defend and attack computer and wireless networks out on the battlefield. That shift can be seen in the remaking of organizations like the Association of Old Crows, a professional group that includes contractors and military personnel. The Old Crows have deep roots in what has long been known as electronic warfare ? the use of radar and radio technologies for jamming and deception. But the financing for electronic warfare had slowed recently, prompting the Old Crows to set up a broader information-operations branch last year and establish a new trade journal to focus on cyberwarfare. The career of Joel Harding, the director of the group?s Information Operations Institute, exemplifies the increasing role that computing and the Internet are playing in the military. A 20-year veteran of military intelligence, Mr. Harding shifted in 1996 into one of the earliest commands that studied government-sponsored computer hacker programs. After leaving the military, he took a job as an analyst at SAIC, a large contractor developing computer applications for military and intelligence agencies. Mr. Harding estimates that there are now 3,000 to 5,000 information operations specialists in the military and 50,000 to 70,000 soldiers involved in general computer operations. Adding specialists in electronic warfare, deception and other areas could bring the total number of information operations personnel to as many as 88,700, he said. Copyright 2009 The New York Times Company

deepsand
deepsand

May 29, 2009 Pentagon Plans New Arm to Wage Cyberspace Wars By DAVID E. SANGER and THOM SHANKER WASHINGTON The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare. The military command would complement a civilian effort to be announced by President Obama on Friday that would overhaul the way the United States safeguards its computer networks. Mr. Obama, officials said, will announce the creation of a White House office ? reporting to both the National Security Council and the National Economic Council ? that will coordinate a multibillion-dollar effort to restrict access to government computers and protect systems that run the stock exchanges, clear global banking transactions and manage the air traffic control system. White House officials say Mr. Obama has not yet been formally presented with the Pentagon plan. They said he would not discuss it Friday when he announced the creation of a White House office responsible for coordinating private-sector and government defenses against the thousands of cyberattacks mounted against the United States ? largely by hackers but sometimes by foreign governments ? every day. But he is expected to sign a classified order in coming weeks that will create the military cybercommand, officials said. It is a recognition that the United States already has a growing number of computer weapons in its arsenal and must prepare strategies for their use ? as a deterrent or alongside conventional weapons ? in a wide variety of possible future conflicts. The White House office will be run by a ?cyberczar,? but because the position will not have direct access to the president, some experts said it was not high-level enough to end a series of bureaucratic wars that have broken out as billions of dollars have suddenly been allocated to protect against the computer threats. The main dispute has been over whether the Pentagon or the National Security Agency should take the lead in preparing for and fighting cyberbattles. Under one proposal still being debated, parts of the N.S.A. would be integrated into the military command so they could operate jointly. Officials said that in addition to the unclassified strategy paper to be released by Mr. Obama on Friday, a classified set of presidential directives is expected to lay out the military?s new responsibilities and how it coordinates its mission with that of the N.S.A., where most of the expertise on digital warfare resides today. The decision to create a cybercommand is a major step beyond the actions taken by the Bush administration, which authorized several computer-based attacks but never resolved the question of how the government would prepare for a new era of warfare fought over digital networks. It is still unclear whether the military?s new command or the N.S.A. ? or both ? will actually conduct this new kind of offensive cyberoperations. The White House has never said whether Mr. Obama embraces the idea that the United States should use cyberweapons, and the public announcement on Friday is expected to focus solely on defensive steps and the government?s acknowledgment that it needs to be better organized to face the threat from foes attacking military, government and commercial online systems. Defense Secretary Robert M. Gates has pushed for the Pentagon to become better organized to address the security threat. Initially at least, the new command would focus on organizing the various components and capabilities now scattered across the four armed services. Officials declined to describe potential offensive operations, but said they now viewed cyberspace as comparable to more traditional battlefields. ?We are not comfortable discussing the question of offensive cyberoperations, but we consider cyberspace a war-fighting domain,? said Bryan Whitman, a Pentagon spokesman. ?We need to be able to operate within that domain just like on any battlefield, which includes protecting our freedom of movement and preserving our capability to perform in that environment.? Although Pentagon civilian officials and military officers said the new command was expected to initially be a subordinate headquarters under the military?s Strategic Command, which controls nuclear operations as well as cyberdefenses, it could eventually become an independent command. ?No decision has been made,? said Lt. Col. Eric Butterbaugh, a Pentagon spokesman. ?Just as the White House has completed its 60-day review of cyberspace policy, likewise, we are looking at how the department can best organize itself to fill our role in implementing the administration?s cyberpolicy.? The creation of the cyberczar?s office inside the White House appears to be part of a significant expansion of the role of the national security apparatus there. A separate group overseeing domestic security, created by President George W. Bush after the Sept. 11 attacks, now resides within the National Security Council. A senior White House official responsible for countering the proliferation of nuclear and unconventional weapons has been given broader authority. Now, cybersecurity will also rank as one of the key threats that Mr. Obama is seeking to coordinate from the White House. The strategy review Mr. Obama will discuss on Friday was completed weeks ago, but delayed because of continuing arguments over the authority of the White House office, and the budgets for the entire effort. It was kept separate from the military debate over whether the Pentagon or the N.S.A. is best equipped to engage in offensive operations. Part of that debate hinges on the question of how much control should be given to American spy agencies, since they are prohibited from acting on American soil. ?It?s the domestic spying problem writ large,? one senior intelligence official said recently. ?These attacks start in other countries, but they know no borders. So how do you fight them if you can?t act both inside and outside the United States?? John Markoff contributed reporting from San Francisco. Copyright 2009 The New York Times Company

deepsand
deepsand

May 11, 2009 Cyberwar Cadets Trade the Trenches for Firewalls By COREY KILGANNON and NOAM COHEN WEST POINT, N.Y. ? The Army forces were under attack. Communications were down, and the chain of command was broken. Pacing a makeshift bunker whose entrance was camouflaged with netting, the young man in battle fatigues barked at his comrades: ?They are flooding the e-mail server. Block it. I?ll take the heat for it.? These are the war games at West Point, at least last month, when a team of cadets spent four days struggling around the clock to establish a computer network and keep it operating while hackers from the National Security Agency in Maryland tried to infiltrate it with methods that an enemy might use. The N.S.A. made the cadets? task more difficult by planting viruses on some of the equipment, just as real-world hackers have done on millions of computers around the world. The competition was a final exam of sorts for a senior elective class. The cadets, who were computer science and information technology majors, competed against teams from the Navy, Air Force, Coast Guard and Merchant Marine as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. Each team was judged on how well it subdued the threats from the N.S.A. The cyberwar games at West Point are just one example of a heightened awareness across the military that it must treat the threat of a computer attack as seriously as it does an attack carried out by a bomber or combat brigade. There is hardly an American military unit or headquarters that has not been ordered to analyze the risk of cyberattacks to its mission ? and to train to counter them. If the hackers were to succeed, they could change information on the network and cripple Internet communications. In the desert outside Las Vegas, in a series of inconspicuous trailers, some of the most highly motivated hackers in the United States spend their days and nights probing the military?s vast computer networks for weaknesses to exploit. These hackers ? many of whom got their start as teenagers devoted to computer screens in their basements ? have access to the latest in attack software. Some of it was developed by cryptologists at the N.S.A., the nation?s largest intelligence agency, where most of the government?s talent for breaking and making computer codes resides. The hackers have an official name ? the 57th Information Aggressor Squadron ? and a real home, Nellis Air Force Base. The Army last year created its own destination for computer experts, the Network Warfare Battalion, where many of the cadets in the cyberwar games hope to be assigned. But even so, the ranks are still small. The Defense Department today graduates only 80 students a year from its cyberwar schools, causing Defense Secretary Robert M. Gates to complain that the Pentagon is ?desperately short of people who have capabilities in this area in all the services, and we have to address it.? Under current Pentagon budget proposals, the number of students cycled through the schools will be quadrupled in the next two years. Part of the Pentagon?s effort to increase the military?s capabilities are the annual cyberwar games played at the nation?s military academies, including West Point, where young cadets in combat boots and buzz cuts talk megabytes instead of megatons on a campus dotted with statues of generals, historic armaments and old stone buildings. While the Pentagon has embraced the need for offensive cyberwarfare, there were no offensive maneuvers in the games last month, said Col. Joe Adams, who teaches Information Assurance and stood at the head of the classroom during the April exercise. Cadet Joshua Ewing said he and his fellow Blue Team members ?learn all the techniques that a hacker would do, and we try to beat a hacker.? These strategies are not just theoretical. Most of these cadets will soon be sent to Afghanistan to carry out such work, Cadet Ewing said. When the military deploys in a combat zone or during a domestic emergency, establishing a secure Internet connection is an early priority. To keep things humming, the military?s experts must fend off the ordinary chaos of the Internet as well as attacks devised to disable the communications system, like flooding e-mail servers with so many junk messages that they collapse. Underscoring how seriously the cadets were taking the April games, the sign above the darkened entranceway in Thayer Hall read ?Information Warfare Live Fire Range? and the area was draped with camouflage netting. One group had to retrieve crucial information from a partly erased hard drive. One common method of hiding text, said Cadet Sean Storey, is to embed it in digital photographs; he had managed to find secret documents hidden this way. He was seeking a password needed to read encrypted e-mail he had located on the hard drive. Other cadets worked in tandem, as if plugging a leaky dam, to keep the entire system working as the N.S.A. hackers attacked the engine that runs a crucial database as well as the e-mail server. They shouted out various Internet addresses to inspect ? and usually block ? after getting clearance from referees. And there was that awkward moment when the cadet in charge, Salvatore Messina, had to act without clearance because the attack was so severe he couldn?t even send an e-mail message. The cadets in this room do get their share of ribbing. But one cadet, Derek Taylor, said today?s soldiers recognize that technological expertise can be as vital as brute force in saving lives. West Point takes the competition seriously. The cadets who helped install and secure the operating system spent a week setting it up. The dean gives a pep talk; professors bring food. Brian McCord, part of the team that installed the operating system, said he was chosen because his senior project was deeply reliant on Linux. The West Point team used this open-source operating system, freely available on the Internet, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems. ?It seems weird for the Army with its large contracts to be using Linux, but it?s very cheap and very customizable,? Cadet McCord said. It is also much easier to secure because ?you can tweak it for everything you need? and there are not as many known ways to attack it, he said. West Point emerged victorious in the games last month. That means the academy, which has won five of the last nine competitions, can keep the Director?s Cup trophy, which is displayed near a German Enigma encoding machine from World War II. Cracking the Enigma code helped the Allies win the war, and the machine is a stark reminder of the pivotal role of technology in warfare. Thom Shanker contributed reporting from Washington. Copyright 2009 The New York Times Company

deepsand
deepsand

May 1, 2009 Cyberwar Iranians and Others Outwit Net Censors By JOHN MARKOFF The Iranian government, more than almost any other, censors what citizens can read online, using elaborate technology to block millions of Web sites offering news, commentary, videos, music and, until recently, Facebook and YouTube. Search for ?women? in Persian and you?re told, ?Dear Subscriber, access to this site is not possible.? Last July, on popular sites that offer free downloads of various software, an escape hatch appeared. The computer program allowed Iranian Internet users to evade government censorship. College students discovered the key first, then spread it through e-mail messages and file-sharing. By late autumn more than 400,000 Iranians were surfing the uncensored Web. The software was created not by Iranians, but by Chinese computer experts volunteering for the Falun Gong, a spiritual movement that has beem suppressed by the Chinese government since 1999. They maintain a series of computers in data centers around the world to route Web users? requests around censors? firewalls. The Internet is no longer just an essential channel for commerce, entertainment and information. It has also become a stage for state control ? and rebellion against it. Computers are becoming more crucial in global conflicts, not only in spying and military action, but also in determining what information reaches people around the globe. More than 20 countries now use increasingly sophisticated blocking and filtering systems for Internet content, according to Reporters Without Borders, a Paris-based group that encourages freedom of the press. Although the most aggressive filtering systems have been erected by authoritarian governments like those in Iran, China, Pakistan, Saudi Arabia and Syria, some Western democracies are also beginning to filter some content, including child pornography and other sexually oriented material. In response, a disparate alliance of political and religious activists, civil libertarians, Internet entrepreneurs, diplomats and even military officers and intelligence agents are now challenging growing Internet censorship. The creators of the software seized upon by Iranians are members of the Global Internet Freedom Consortium, based largely in the United States and closely affiliated with Falun Gong. The consortium is one of many small groups developing systems to make it possible for anyone to reach the open Internet. It is the modern equivalent of efforts by organizations like the Voice of America to reach the citizens of closed countries. Separately, the Tor Project, a nonprofit group of anticensorship activists, freely offers software that can be used to send messages secretly or to reach blocked Web sites. Its software, first developed at the United States Naval Research Laboratories, is now used by more than 300,000 people globally, from the police to criminals, as well as diplomats and spies. Political scientists at the University of Toronto have built yet another system, called Psiphon, that allows anyone to evade national Internet firewalls using only a Web browser. Sensing a business opportunity, they have created a company to profit by making it possible for media companies to deliver digital content to Web users behind national firewalls. The danger in this quiet electronic war is driven home by a stark warning on the group?s Web site: ?Bypassing censorship may violate law. Serious thought should be given to the risks involved and potential consequences.? In this cat-and-mouse game, the cat is fighting back. The Chinese system, which opponents call the Great Firewall of China, is built in part with Western technologies. A study published in February by Rebecca MacKinnon, who teaches journalism at the University of Hong Kong, determined that much blog censorship is performed not by the government but by private Internet service providers, including companies like Yahoo China, Microsoft and MySpace. One-third to more than half of all postings made to three Chinese Internet service providers were not published or were censored, she reported. When the Falun Gong tried to support its service with advertising several years ago, American companies backed out under pressure from the Chinese government, members said. In addition, the Chinese government now employs more than 40,000 people as censors at dozens of regional centers, and hundreds of thousands of students are paid to flood the Internet with government messages and crowd out dissenters. This is not to say that China blocks access to most Internet sites; most of the material on the global Internet is available to Chinese without censorship. The government?s censors mostly censor groups deemed to be state enemies, like the Falun Gong, making it harder for them to reach potential members. Blocking such groups has become more insidious as Internet filtering technology has grown more sophisticated. As with George Orwell?s ?Newspeak,? the language in ?1984? that got smaller each year, governments can block particular words or phrases without users realizing their Internet searches are being censored. Those who back the ragtag opponents of censorship criticize the government-run systems as the digital equivalent of the Berlin Wall. They also see the anticensorship efforts as a powerful political lever. ?What is our leverage toward a country like Iran? Very little,? said Michael Horowitz, a fellow at the Hudson Institute who advises the Global Internet Freedom Consortium. ?Suppose we have the capacity to make it possible for the president of the United States at will to communicate with hundreds of thousands of Iranians at no risk or limited risk? It just changes the world.? The United States government and the Voice of America have financed some circumvention technology efforts. But until now the Falun Gong has devoted the most resources, experts said, erecting a system that allows the largest number of Internet users open, uncensored access. Each week, Chinese Internet users receive 10 million e-mail messages and 70 million instant messages from the consortium. But unlike spam that takes you to Nigerian banking scams or offers deals on drugs like Viagra, these messages offer software to bypass the elaborate government system that blocks access to the Web sites of opposition groups like the Falun Gong. Shiyu Zhou, a computer scientist, is a founder of the Falun Gong?s consortium. His cyber-war with China began in Tiananmen Square in 1989. A college student and the son of a former general in the intelligence section of the People?s Liberation Army, he said he first understood the power of government-controlled media when overnight the nation?s student protesters were transformed from heroes to killers. ?I was so disappointed,? he said. ?People believed the government, they didn?t believe us.? He decided to leave China and study computer science in graduate school in the United States. In the late 1990s he turned to the study of Falun Gong and then joined with a small group of technically sophisticated members of the spiritual group intent on transmitting millions of e-mail messages to Chinese. Both he and Peter Yuan Li, another early consortium volunteer, had attended Tsinghua University ? China?s Massachusetts Institute of Technology. Mr. Li, the son of farmers, also came to the United States to study computer science, then joined Bell Laboratories before becoming a full-time volunteer. The risks of building circumvention tools became clear in April 2006 when, Mr. Li later told law enforcement officials, four men invaded his home in suburban Atlanta, covered his head, beat him, searched his files and stole two laptop computers. The F.B.I. has made no arrests in the case and declined to comment. But Mr. Li thinks China sent the invaders. Early on, the group of dissidents here had some financial backing from the International Broadcasting Bureau of the Voice of America for sending e-mail messages, but the group insists that most of its effort has been based on volunteer labor and contributions. The consortium?s circumvention system works this way: Government censorship systems like the Great Firewall can block access to certain Internet Protocol addresses. The equivalent of phone numbers, these addresses are quartets of numbers like 209.85.171.100 that identify a Web site, in this case, google.com. By clicking on a link provided in the consortium?s e-mail message, someone in China or Iran trying to reach a forbidden Web site can download software that connects to a computer abroad that then redirects the request to the site?s forbidden address. The technique works like a basketball bank shot ? with the remote computer as the backboard and the desired Web site as the basket. But government systems hunt for and then shut off such alternative routes using a variety of increasingly sophisticated techniques. So the software keeps changing the Internet address of the remote computer ? more than once a second. By the time the censors identify an address, the system has already changed it. China acknowledges that it monitors content on the Internet, but claims to have an agenda much like that of any other country: policing for harmful material, pornography, treasonous propaganda, criminal activity, fraud. The government says Falun Gong is a dangerous cult that has ruined the lives of thousands of people. Hoping to step up its circumvention efforts, the Falun Gong last year organized extensive lobbying in Congress, which approved $15 million for circumvention services. But the money was awarded not to the Falun Gong consortium but to Internews, an international organization that supports local media groups. This year, a broader coalition is organizing to push for more Congressional financing of anti-filtering efforts. Negotiations are under way to bring together dissidents of Vietnam, Iran, the Uighur minority of China, Tibet, Myanmar, Cuba, Cambodia, Laos, as well as the Falun Gong, to lobby Congress for the financing. Mr. Horowitz argues that $25 million could expand peak usage to as many as 45 million daily Internet users, allowing the systems to reach as many as 10 percent of the Web users in both China and Iran. Mr. Zhou says his group?s financing is money well spent. ?The entire battle over the Internet has boiled down to a battle over resources,? he said. ?For every dollar we spend, China has to spend a hundred, maybe hundreds of dollars.? As for the Falun Gong software, it proved a little too popular among Iranians. By the end of last year the consortium?s computers were overwhelmed. On Jan. 1, the consortium had to do some blocking of its own: It shut down the service for all countries except China. Copyright 2009 The New York Times Company

deepsand
deepsand

April 28, 2009 Cyberwar U.S. Steps Up Effort on Digital Defenses By DAVID E. SANGER, JOHN MARKOFF and THOM SHANKER This article was reported by David E. Sanger, John Markoff and Thom Shanker and written by Mr. Sanger. When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group?s computers and altered information that drove them into American gun sights. When President George W. Bush ordered new ways to slow Iran?s progress toward a nuclear bomb last year, he approved a plan for an experimental covert program ? its results still unclear ? to bore into their computers and undermine the project. And the Pentagon has commissioned military contractors to develop a highly classified replica of the Internet of the future. The goal is to simulate what it would take for adversaries to shut down the country?s power stations, telecommunications and aviation systems, or freeze the financial markets ? in an effort to build better defenses against such attacks, as well as a new generation of online weapons. Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them. Thousands of daily attacks on federal and private computer systems in the United States ? many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls ? have prompted the Obama administration to review American strategy. President Obama is expected to propose a far larger defensive effort in coming days, including an expansion of the $17 billion, five-year program that Congress approved last year, the appointment of a White House official to coordinate the effort, and an end to a running bureaucratic battle over who is responsible for defending against cyberattacks. But Mr. Obama is expected to say little or nothing about the nation?s offensive capabilities, on which the military and the nation?s intelligence agencies have been spending billions. In interviews over the past several months, a range of military and intelligence officials, as well as outside experts, have described a huge increase in the sophistication of American cyberwarfare capabilities. Because so many aspects of the American effort to develop cyberweapons and define their proper use remain classified, many of those officials declined to speak on the record. The White House declined several requests for interviews or to say whether Mr. Obama as a matter of policy supports or opposes the use of American cyberweapons. The most exotic innovations under consideration would enable a Pentagon programmer to surreptitiously enter a computer server in Russia or China, for example, and destroy a ?botnet? ? a potentially destructive program that commandeers infected machines into a vast network that can be clandestinely controlled ? before it could be unleashed in the United States. Or American intelligence agencies could activate malicious code that is secretly embedded on computer chips when they are manufactured, enabling the United States to take command of an enemy?s computers by remote control over the Internet. That, of course, is exactly the kind of attack officials fear could be launched on American targets, often through Chinese-made chips or computer servers. So far, however, there are no broad authorizations for American forces to engage in cyberwar. The invasion of the Qaeda computer in Iraq several years ago and the covert activity in Iran were each individually authorized by Mr. Bush. When he issued a set of classified presidential orders in January 2008 to organize and improve America?s online defenses, the administration could not agree on how to write the authorization. A principal architect of that order said the issue had been passed on to the next president, in part because of the complexities of cyberwar operations that, by necessity, would most likely be conducted on both domestic and foreign Internet sites. After the controversy surrounding domestic spying, Mr. Bush?s aides concluded, the Bush White House did not have the credibility or the political capital to deal with the subject. Electronic Vulnerabilities Cyberwar would not be as lethal as atomic war, of course, nor as visibly dramatic. But when Mike McConnell, the former director of national intelligence, briefed Mr. Bush on the threat in May 2007, he argued that if a single large American bank were successfully attacked ?it would have an order-of-magnitude greater impact on the global economy? than the Sept. 11, 2001, attacks. Mr. McConnell, who left office three months ago, warned last year that ?the ability to threaten the U.S. money supply is the equivalent of today?s nuclear weapon.? The scenarios developed last year for the incoming president by Mr. McConnell and his coordinator for cybersecurity, Melissa Hathaway, went further. They described vulnerabilities including an attack on Wall Street and one intended to bring down the nation?s electric power grid. Most were extrapolations of attacks already tried. Today, Ms. Hathaway is the primary author of White House cyberstrategy and has been traveling the country talking in vague terms about recent, increasingly bold attacks on the computer networks that keep the country running. Government officials will not discuss the details of a recent attack on the air transportation network, other than to say the attack never directly affected air traffic control systems. Still, the specter of an attack that could blind air traffic controllers and, perhaps, the military?s aerospace defense networks haunts military and intelligence officials. (The saving grace of the air traffic control system, officials say, is that it is so old that it is not directly connected to the Internet.) Studies, with code names like Dark Angel, have focused on whether cellphone towers, emergency-service communications and hospital systems could be brought down, to sow chaos. But the theoretical has, at times, become real. ?We have seen Chinese network operations inside certain of our electricity grids,? said Joel F. Brenner, who oversees counterintelligence operations for Dennis Blair, Mr. McConnell?s successor as national intelligence director, speaking at the University of Texas at Austin this month. ?Do I worry about those grids, and about air traffic control systems, water supply systems, and so on? You bet I do.? But the broader question ? one the administration so far declines to discuss ? is whether the best defense against cyberattack is the development of a robust capability to wage cyberwar. As Mr. Obama?s team quickly discovered, the Pentagon and the intelligence agencies both concluded in Mr. Bush?s last years in office that it would not be enough to simply build higher firewalls and better virus detectors or to restrict access to the federal government?s own computers. ?The fortress model simply will not work for cyber,? said one senior military officer who has been deeply engaged in the debate for several years. ?Someone will always get in.? That thinking has led to a debate over whether lessons learned in the nuclear age ? from the days of ?mutually assured destruction? ? apply to cyberwar. But in cyberwar, it is hard to know where to strike back, or even who the attacker might be. Others have argued for borrowing a page from Mr. Bush?s pre-emption doctrine by going into foreign computers to destroy malicious software before it is unleashed into the world?s digital bloodstream. But that could amount to an act of war, and many argue it is a losing game, because the United States is more dependent on a constantly running Internet system than many of its potential adversaries, and therefore could suffer more damage in a counterattack. In a report scheduled to be released Wednesday, the National Research Council will argue that although an offensive cybercapability is an important asset for the United States, the nation is lacking a clear strategy, and secrecy surrounding preparations has hindered national debate, according to several people familiar with the report. The advent of Internet attacks ? especially those suspected of being directed by nations, not hackers ? has given rise to a new term inside the Pentagon and the National Security Agency: ?hybrid warfare.? It describes a conflict in which attacks through the Internet can be launched as a warning shot ? or to pave the way for a traditional attack. Early hints of this new kind of warfare emerged in the confrontation between Russia and Estonia in April 2007. Clandestine groups ? it was never determined if they had links to the Russian government ? commandeered computers around the globe and directed a fire hose of data at Estonia?s banking system and its government Web sites. The computer screens of Estonians trying to do business with the government online were frozen, if they got anything at all. It was annoying, but by the standards of cyberwar, it was child?s play. In August 2008, when Russia invaded Georgia, the cyberattacks grew more widespread. Georgians were denied online access to news, cash and air tickets. The Georgian government had to move its Internet activity to servers in Ukraine when its own servers locked up, but the attacks did no permanent damage. Every few months, it seems, some agency, research group or military contractor runs a war game to assess the United States? vulnerability. Senior intelligence officials were shocked to discover how easy it was to permanently disable a large power generator. That prompted further studies to determine if attackers could take down a series of generators, bringing whole parts of the country to a halt. Another war game that the Department of Homeland Security sponsored in March 2008, called Cyber Storm II, envisioned a far larger, coordinated attack against the United States, Britain, Canada, Australia and New Zealand. It studied a disruption of chemical plants, rail lines, oil and gas pipelines and private computer networks. That study and others like it concluded that when attacks go global, the potential economic repercussions increase exponentially. To prove the point, Mr. McConnell, then the director of national intelligence, spent much of last summer urging senior government officials to examine the Treasury Department?s scramble to contain the effects of the collapse of Bear Stearns. Markets froze, he said, because ?what backs up that money is confidence ? an accounting system that is reconcilable.? He began studies of what would happen if the system that clears market trades froze. ?We were halfway through the study,? one senior intelligence official said last month, ?and the markets froze of their own accord. And we looked at each other and said, ?Our market collapse has just given every cyberwarrior out there a playbook.? ? Just before Mr. Obama was elected, the Center for Strategic and International Studies, a policy research group in Washington, warned in a report that ?America?s failure to protect cyberspace is one of the most urgent national security problems facing the new administration.? What alarmed the panel was not the capabilities of individual hackers but of nations ? China and Russia among them ? that experts believe are putting huge resources into the development of cyberweapons. A research company called Team Cymru recently examined ?scans? that came across the Internet seeking ways to get inside industrial control systems, and discovered more than 90 percent of them came from computers in China. Scanning alone does no damage, but it could be the prelude to an attack that scrambles databases or seeks to control computers. But Team Cymru ran into a brick wall as soon as it tried to trace who, exactly, was probing these industrial systems. It could not determine whether military organizations, intelligence agencies, terrorist groups, criminals or inventive teenagers were behind the efforts. The good news, some government officials argue, is that the Chinese are deterred from doing real damage: Because they hold more than a trillion dollars in United States government debt, they have little interest in freezing up a system they depend on for their own investments. Then again, some of the scans seemed to originate from 14 other countries, including Taiwan, Russia and, of course, the United States. Bikini Atoll for an Online Age Because ?cyberwar? contains the word ?war,? the Pentagon has argued that it should be the locus of American defensive and offensive strategy ? and it is creating the kind of infrastructure that was built around nuclear weapons in the 1940s and ?50s. Defense Secretary Robert M. Gates is considering proposals to create a Cyber Command ? initially as a new headquarters within the Strategic Command, which controls the American nuclear arsenal and assets in space. Right now, the responsibility for computer network security is part of Strategic Command, and military officials there estimate that over the past six months, the government has spent $100 million responding to probes and attacks on military systems. Air Force officials confirm that a large network of computers at Maxwell Air Force Base in Alabama was temporarily taken off-line within the past eight months when it was put at risk of widespread infection from computer viruses. But Mr. Gates has concluded that the military?s cyberwarfare effort requires a sharper focus ? and thus a specific command. It would build the defenses for military computers and communications systems and ? the part the Pentagon is reluctant to discuss ? develop and deploy cyberweapons. In fact, that effort is already under way ? it is part of what the National Cyber Range is all about. The range is a replica of the Internet of the future, and it is being built to be attacked. Competing teams of contractors ? including BAE Systems, the Applied Physics Laboratory at Johns Hopkins University and Sparta Inc. ? are vying to build the Pentagon a system it can use to simulate attacks. The National Security Agency already has a smaller version of a similar system, in Millersville, Md. In short, the Cyber Range is to the digital age what the Bikini Atoll ? the islands the Army vaporized in the 1950s to measure the power of the hydrogen bomb ? was to the nuclear age. But once the tests at Bikini Atoll demonstrated to the world the awesome destructive power of the bomb, it became evident to the United States and the Soviet Union ? and other nuclear powers ? that the risks of a nuclear exchange were simply too high. In the case of cyberattacks, where the results can vary from the annoying to the devastating, there are no such rules. The Deterrence Conundrum During the cold war, if a strategic missile had been fired at the United States, screens deep in a mountain in Colorado would have lighted up and American commanders would have some time to decide whether to launch a counterattack. Today, when Pentagon computers are subjected to a barrage, the origin is often a mystery. Absent certainty about the source, it is almost impossible to mount a counterattack. In the rare case where the preparations for an attack are detected in a foreign computer system, there is continuing debate about whether to embrace the concept of pre-emption, with all of its Bush-era connotations. The questions range from whether an online attack should be mounted on that system to, in an extreme case, blowing those computers up. Some officials argue that if the United States engaged in such pre-emption ? and demonstrated that it was watching the development of hostile cyberweapons ? it could begin to deter some attacks. Others believe it will only justify pre-emptive attacks on the United States. ?Russia and China have lots of nationalistic hackers,? one senior military officer said. ?They seem very, very willing to take action on their own.? Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare. Over the decades, a number of limits on action have been accepted ? if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker?s power grid if that would also shut down its hospital systems, its air traffic control system or its banking system? ?We don?t have that for cyber yet,? one senior Defense Department official said, ?and that?s a little bit dangerous.? Copyright 2009 The New York Times Company

deepsand
deepsand

All current initiatives, whether joint or branch operations, are under branch commands.

jgarcia
jgarcia

"... Among the milder criticisms are statements that offensive and defensive operations are segregated and poorly co?rdinated (if they are co?rdinated at all)..." How do they konw aobut offensive operations? Shouldn't they be top secret black ops? I undestand the need of a national strategy, but I think they are making to much noise about it, always pointing that implementation will requiere a lot of funding...mmmm...that makes me think...

mhenriday
mhenriday

this article is almost certainly part of psy-op campaign on the part of certain circles in the Pentagon, designed to 1) convince the unwary that no such command presently exists, and 2) to drum up support, both within and outside the agency for recruiting those ?two to four thousand personnel?, who will not come cheap.... Henri

BALTHOR
BALTHOR

Computer warfare can only be accomplished by using computer virus.Virus files are the only way to enter another's computer.For computer virus to work there would have to be many virus in a computer's chips.These files would even distort the system's logic.It's a good thing that Cad Cam can count on accurate computations from our beleaguered machines.

Spitfire_Sysop
Spitfire_Sysop

This straw man attack is inherently flawed and makes little sense. I guess it depends on what your definition of a "virus" is. The terminal services server built in to M$ Windows allows full control of your computer remotely (just one example). Turning this feature on, or "forced entry" in to it may or may not rely on viral code depending on how you have it set up. It takes only one good virus on one computer to compromise a whole network that trusts the compromised computer. No distortion of computer logic is required and the only "chips" that need be affected is the RAM. I would like to think that securing computers is a simple task for the DoD but no matter how robotic their external appearance, they are very human and you know what that means...

boxfiddler
boxfiddler

would say that humans are a virus... I might agree.

pfx84a
pfx84a

Will never work, Washington is based on political appointed employees above those who are experts. These clowns are everywhere at the top levels and are rarely serious about what they are in charge of, just there collecting a check. Then at the top of that you have company's catering to these political appointees for contracts and this can supersede any project requirements or wants from the experts working under said employee since said political employee is the boss and makes the rules. I would think that most people who are knowledgeable enough to be dangerous in computer security would not be anywhere near a government job out of the sheer frustration of it all. I ran away from it... Philmeaux http://themisanthropiccyclist.blogspot.com/

NotSoChiGuy
NotSoChiGuy

The government perpetuates the spiel that there aren't enough highly trained technical workers in the US. This endeavor would seem to require a good number of highly trained technical workers. So, will the government hire on visa workers to protect our national interests, or will large quantities of domestic tech talent magically appear when it suits their needs? Hmmmmm?????? ?:|

The Scummy One
The Scummy One

or will they hire complete idiots and tell them to 'do your best'?

NotSoChiGuy
NotSoChiGuy

Secure our nation; contracts to the lowest bidder = ad placed. "Chinese hackers send Virginia-class sub to nuke Paris. World reaction mixed." will be the subsequent headline! ;)

boxfiddler
boxfiddler

when I see it. Even then, I'll only believe half of it.

adakar_sg
adakar_sg

1: Dont connect sensetive data to the internet 2: Dont connect sensetive data to the internet 3: Dont connect sensetive data to the internet Now dont give stupid people sensetive information or access to the internet :)

The Scummy One
The Scummy One

So when does Joshua or Skynet come online? :^0 Well, honestly, it is a step in the right direction I think. Just wondering how bad they'll botch it

apotheon
apotheon

The computer's proper name was WOPR, but I'll go with Joshua for now: Who says it isn't already online? The events of WarGames (with minor corrections) could have played out in the real world without the general public ever noticing.

The Scummy One
The Scummy One

Joshua is a good name for a computer destroying the world. WOPR just sounds so untrustworthy! So my new identity should be WOPR or Joshua???

apotheon
apotheon

So my new identity should be WOPR or Joshua??? Not you -- but maybe BALTHOR.

apotheon
apotheon

To be fair, all that's notably bold about it so far is the fact that it's evidently huge, involving thousands of people over the next five years. What do you think -- is this a step in the right direction?

femtobeam
femtobeam

So far President Obama has a plan and has created offices for USCIO and USCTO. At the DNI, announcements have already been made. The Air Force, Navy and Army all have active programs as does NASA and DARPA. Behind the scenes there are existing "projects" underway at the CIA, NSA, and the Secret Service. Little known nor understood is the DOE program. None of these hold a candle to the subcontractors who all "do their own thing". Outside of the US, or should I say inside, are the State sponsored programs outlined in the annual DOD report to Congress concerning China, for example. What this means is more ability and sharing information is what the US DOD has been doing with our so-called allies. This leads to our weakening and their gain as they produce all the equipment for electronic warfare which is no longer electronic. It is optical, brain targeting and deadly.

Ocie3
Ocie3

The more available and/or common that computers have become (even when mainframes were the principal computers), the more that experience has repeatedly revealed that proactive, not just reactive, measures must be implemented to secure the information systems that they make possible. Creating networks among them introduces even more risks. These things have been known for about 40 years, now. It is essentially impossible to meaningfully evaluate current Pentagon plans without much more information about them. At this time, we can only hope that their proposal(s) will implement an effective defense against external threats, bearing in mind that sometimes the best defense is a good offense.

theguru1995
theguru1995

Just one question, can I help and where do I sign up? Well, two questions...

bboyd
bboyd

Many locations across the USA, or any US embassy.

theguru1995
theguru1995

Great,but do they accept 42 year olds? Or is this a diffrent program? Cheers

santeewelding
santeewelding

But I doubt you would respond. Not so long as you and they and so many others prettify "warfare", so as to play with it. One does not play war. I am myself perilously close saying even that.

Editor's Picks