Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Lt. Col. John Bircher About Cyber Warfare Concepts

timothy posted more than 6 years ago | from the please-include-your-gps-coordinates dept.

Security 236

The Air Force is not the only U.S. military branch trying to come to grips with the electronic side of warfare, both current and future. The U.S. Army Computer Network Operations (CNO)-Electronic Warfare (EW) Proponent (USACEWP), located at Fort Leavenworth, Kansas — home to the U.S. Army's Combined Arms Center — serves as the Army's hub for cyber-electronic concepts and capabilities. This is the organization responsible for developing doctrine, materiel and training to prepare the Army for cyber-electronic engagements. For example, USACEWP has developed training teams to ensure that U.S. commanders and soldiers around the world are fully informed of cyber-electronic capabilities at their disposal. Leading the Proponent's Futures branch is Lt. Col John "Chip" Bircher; Bircher entered the Army in 1989 as an Infantry officer, then served in various command and staff positions, most recently Information Operations (IO). He was the IO Chief for the 25th Infantry Division (Light), Hawaii, and Director of IO for Combined Joint Task Force -76, Bagram, Afghanistan. If you want to know more about the realities and challenges that face an armed, global IT department in a time when electronic warfare is ever more important and dangerous, now's your chance to ask Lt. Col. Bircher some questions. We'll pass on the highest-moderated questions for Lt. Col. Bircher to answer. Usual Slashdot interview rules apply.

cancel ×

236 comments

I want to falsify cause for an invasion (0, Flamebait)

bit trollent (824666) | more than 6 years ago | (#23766783)

What is the best way to falsify and then pass on phoney intelligence to fool the country in to supporting a war for oil?

Plese give specific ways to manipulate government agencies in pursuit of this goal.

George W Bush used the National Intelligence Estimate to great effect, but is that still the best tool for the job?

I want to get a guy who hates America elected (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23766991)

What's the best way to get a candidate that hangs with America haters like Rev Wright, his wife, and Al Sharpton elected even though he so obviously hates America.

Note: This candidate refuses to answer any questions about future planning. So we can't distract people with the issues. Please take that into account.

Btw: Please don't take it personally that this candidate wants to downsize you in the middle of a war. You're doing a fine job.

Re:I want to get a guy who hates America elected (0)

Anonymous Coward | more than 6 years ago | (#23767279)

That's COUNTER-TROLL to you.

I have burried my head in the sand (0)

Anonymous Coward | more than 6 years ago | (#23767485)

The country was suckered in to a war for oil and all you can think of is a bunch of mostly irrelivent or made up issues.

Oh, but wait, you also chose to act as though Barack Obama hadn't directly answered specific questions about the future, which of course he has.

You seem to have thoroughly burried your head in the sand.

Great minds like yours have brought America much success! Keep up the good work!

John Bircher? (4, Funny)

Lilith's Heart-shape (1224784) | more than 6 years ago | (#23766793)

Wait a second. Aren't members of the John Birch Society [wikipedia.org] called "John Birchers"? If so, I'd say this poor bastard has an unfortunate name.

Re:John Bircher? (5, Funny)

QRDeNameland (873957) | more than 6 years ago | (#23767273)

His superior officer, Col. Kukla X. Clanner, wasn't available for comment.

Re:John Bircher? (1)

Illbay (700081) | more than 6 years ago | (#23767983)

I believe that Col. Bircher's group is scheduled to deliver a talk next week on the ongoing attempts by terrorists to introduce trojan code into the GNU/Linux project, that would allow them to take control of compromised machines in future. It's being delivered by Colonel S. Compromised.

Re:John Bircher? (1)

Daniel Dvorkin (106857) | more than 6 years ago | (#23767325)

That may well be why he goes by "Chip."

Re:John Bircher? (1)

core_dump_0 (317484) | more than 6 years ago | (#23768199)

At least his name isn't Mike Hunt.

Who's using SlashDot more as a recruiting tool? (-1, Troll)

xxxJonBoyxxx (565205) | more than 6 years ago | (#23766797)

Dear Sir: Who's using SlashDot more effectively as a recruiting tool? The U.S. Army (with posts such as this) or the U.S. Airforce (with its posts relating to its Saturday-morning "CyberSquad" or whatever).

Technique? (5, Interesting)

Manip (656104) | more than 6 years ago | (#23766821)

Does the US Army take advantage of traditional misconfiguration and social engineering techniques in order to compromise a network or are the US government developing a home grown list of exploits to gain access to foreign government systems?

Re:Technique? (2, Informative)

dreamchaser (49529) | more than 6 years ago | (#23767207)

Good question, but I highly doubt he'll answer any questions directly relating to methods used.

I have more doubts. (2, Informative)

khasim (1285) | more than 6 years ago | (#23767327)

I doubt that he'll answer ANYTHING with any details. This will be a recruiting and PR piece. His "answers" will be vetted by at least 3 different agencies and any content will have been removed.

Damn! (2, Funny)

Colin Smith (2679) | more than 6 years ago | (#23768147)

And I wanted to know the fastest way to level up.

 

Re:Technique? (2, Insightful)

notdotcom.com (1021409) | more than 6 years ago | (#23767323)

If by "social engineering" you mean "torture", then yes, I'm pretty sure the US excels at social engineering.

How does it feel to be a baby-killer? (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#23766829)

Or at least a puppy-killer?

Legal Ramifications (5, Interesting)

muellerr1 (868578) | more than 6 years ago | (#23766847)

How does the military ensure that it is operating within the law regarding online military offensive activities? Are there any laws or oversight, as such? If so, how are those laws and/or oversight affected by a declaration of war?

Re:Legal Ramifications (1, Insightful)

0racle (667029) | more than 6 years ago | (#23767699)

I'm willing to bet they don't really give a damn.

Re:Legal Ramifications (3, Insightful)

tooler (36824) | more than 6 years ago | (#23768265)

Since war never gets declared anymore, I doubt they've even thought about your latter question.

Why so many directly connected networks at all? (5, Interesting)

BadIdea (1218060) | more than 6 years ago | (#23766871)

I'm interested in why so many sensitive networks are even hooked up to the internet in the first place, or why trivial systems are so often bundled with sensitive ones under the same security frameworks.

Why aren't there more isolated networks that would require physical contact or interception to get to in the first place? Do sensitive systems really need any connection at all to the conventional internet in the first place?

I know that many places in the DoD do take this approach (people having one computer for safe email and browsing, and a completely different computer for sensitive intel), and certainly it's more expensive and less convenient. But when the internet is basically just a big pathway leading directly to your backdoor, why take any chance at all, ever?

Re:Why so many directly connected networks at all? (3, Funny)

Lev13than (581686) | more than 6 years ago | (#23767595)

I'm interested in why so many sensitive networks are even hooked up to the internet in the first place, or why trivial systems are so often bundled with sensitive ones under the same security frameworks.

Good point - I guess if the Internet had been designed by the military (or, say, by a military research group) it certainly wouldn't have ended up this way...

Re:Why so many directly connected networks at all? (2, Interesting)

BadIdea (1218060) | more than 6 years ago | (#23768055)

You probably meant that as a joke, but that actually might be a good point: perhaps the internet's origins in the military have led to some overexposure in modern use that wouldn't have otherwise been the case if it had its roots elsewhere.

Re:Why so many directly connected networks at all? (2, Interesting)

qbzzt (11136) | more than 6 years ago | (#23767901)

Why aren't there more isolated networks that would require physical contact or interception to get to in the first place?

Maybe they have people who can go places and attach wireless / satellite access points to various networks. It's not a safe job, but the military has plenty of jobs that aren't safe.

Re:Why so many directly connected networks at all? (2, Interesting)

Peter Mork (951443) | more than 6 years ago | (#23768099)

It is often the case that the sensitive systems aren't directly connected to the Internet. Instead, the sensitive system gets inadvertently connected to another (less-sensitive) system that is connected to the Internet. The second systems gets compromised, which gives the attacker a way to attack the first system.

For example, as I understand it, a nuclear plant was taken offline by attackers. The control system was not connected to the Internet. However, the management system (payroll, timecards, etc.) was connected to the Internet so that managers could get work done via the Web. Based on some insider knowledge, the attackers subverted the management system, which was mistakenly connected to the control system (by the contractors responsible for the management system). Thus, the attackers were able to shut down the plant. So, the people responsible for the sensitive systems know to keep these systems off the Internet, but mistakes happen.

Re:Why so many directly connected networks at all? (1)

kitgerrits (1034262) | more than 6 years ago | (#23768163)

Sometimes, safer solutions require time and/or hardware that is not available.
Long-distance communications over sat-link is cool, but expensive and limited in capacity.
Sometimes a simple e-mail has a better chance of getting to its intended destination.

What is that? (5, Interesting)

khasim (1285) | more than 6 years ago | (#23766877)

What, specifically, would be a "cyber-electronic engagement".

Include examples.

Compare/contrast with traditional forms of intelligence gathering (wiretaps, listening devices, etc) and their counter-measures.

Re:What is that? (1)

jbeaupre (752124) | more than 6 years ago | (#23767899)

Please write your complete answers in the blue examination book [wikipedia.org]

As a side question... (1)

Foerstner (931398) | more than 6 years ago | (#23768335)

...does the military realize that the only popular use of the prefix "cyber-" to mean "internet-related" is "cybersex?"

Is this really the association they're going for?

Helo, War Mongerer (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23766887)

I am a Slashbot (SEE I SAID HELO INSTEAD OF HELO BECAUSE I AM SO FUCKING SMART ABOUT TECHNOLOGY). Anyway, I hate you and using a whole lot of caps is cruise control for cool.

Did anyone else read this as... (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23766897)

Ask Lt. Col. John to B!+CH About Cyber Warfare Concepts"?

Sorry, I think I need more caffeine before I continue.

Is the US Army aware... (-1, Offtopic)

j00bhaka (916701) | more than 6 years ago | (#23766903)

Is the US Army aware that the internet will soon be packaged and bundled as if it were a TV Channel subscription? (net neutrality)

Interview Question (5, Interesting)

Anonymous Coward | more than 6 years ago | (#23766905)

With the political tilt as it is, a large part of the software development community is likely prejudiced against helping our country. With this in mind, how do you recruit the most creative and skilled people that this country has to offer?

Re:Interview Question (5, Insightful)

Daniel Dvorkin (106857) | more than 6 years ago | (#23767365)

With the political tilt as it is, a large part of the software development community is likely prejudiced against helping our country.

You made a typo there. Here's a correction:

With the political tilt as it is, a large part of the software development community is likely inclined against helping politicians use the Army as a tool to fight wars which harm our country.

Re:Interview Question (3, Interesting)

Anonymous Coward | more than 6 years ago | (#23768107)

No, he's pretty much right. I gave up DARPA contracts and the opportunity to work in the Defense Industry recently because I felt like I had blood on my hands. It wasn't because I thought that the war was bad for America. It's because I didn't want to program guidance systems which lead to the direct death and maiming of civilians. It's because I didn't want to write simulators that teach our soldiers to kill without showing them ramifications of that killing. It's because I don't want to have a hand in collateral damage, no matter how small.

That was no typo (0)

Anonymous Coward | more than 6 years ago | (#23768127)

And your "correction" was just plain idiotic because the military has always been a tool of politicians in carrying out policy.

In helping the military, it helps the country. I just utterly owned and destroyed you.

Re:Interview Question (2, Insightful)

flaming error (1041742) | more than 6 years ago | (#23767617)

a large part of the software development community is likely prejudiced against helping our country
Say what?

If you mean to say lots of us don't support invading foreign countries without causus belli, or we start complaining at the suspension of habeas corpus and being jailed indefinitely without charges, then you're confusing "helping our country" with supporting the government.

Defending Liberty and Supporting our President are not necessarily the same thing.

Re:Interview Question (2, Insightful)

qbzzt (11136) | more than 6 years ago | (#23768075)

With this in mind, how do you recruit the most creative and skilled people that this country has to offer?

Probably he'd rather recruit people who will obey orders to the best of their abilities as long as those orders are legal. I don't think the military is interested in people who want an option to leave if they don't agree with their orders.

There are people who don't make good soldiers. I'm one of them. That doesn't mean that out of a population of ~300 million he won't find the people he's looking for.

Re:Interview Question (1, Informative)

Anonymous Coward | more than 6 years ago | (#23768341)

I'll stay anonymous since I'm an Army Contractor but they would never ask such a question during the interview process. What they will do however is anyone at such level has to go through an extensive background check to gain Security Clearance, asking about each and everything you've done in the past 7 years. And when I say everything, I mean everything!

Hacker war... (5, Interesting)

Notquitecajun (1073646) | more than 6 years ago | (#23766933)

I doubt you could REALLY answer this, but Is the US military playing any sort of role in the semi-undergroung "hacker war" that appears to be going on between China and the US?

And if and if ... (5, Interesting)

khasim (1285) | more than 6 years ago | (#23767409)

And if there actually is a "Hacker War" between us ... and if our military is currently playing a role in such ... are there any civilian applications that will be released to help defend our non-military assets (corporations, education, etc)?

Example: the NSA has worked on SELinux.

Increasing Complexity & Risk Management? (3, Interesting)

networkconsultant (1224452) | more than 6 years ago | (#23766941)

With an ever increasing amount of information on the battle field, how would you limit risk when Murphy's law is not functioning in your favour?

weapons of cyber war (1)

unspokenchaos (1295553) | more than 6 years ago | (#23766955)

keyboard mouse

For us geeks who'd be sitting behind a computer .. (5, Funny)

Anonymous Coward | more than 6 years ago | (#23766957)

to fight. Will we have to go to basic training?

If so, would basic training be to train us to stay up all night, living on pizza, soda, Skittles, and porn?

If so, where do I sign up?!?

Re:For us geeks who'd be sitting behind a computer (4, Insightful)

Daniel Dvorkin (106857) | more than 6 years ago | (#23767447)

You know, you can go through basic training (or some other physically demanding training course) and get in shape ... and still be a geek. Seriously. Build some muscles, lose some fat, and you'll still be just as smart as you were before. I've done it, and so have lots of other folks on /. We didn't magically forget all our geek skills, or undergo some drastic personality transplant.

It's a joke. (0)

Anonymous Coward | more than 6 years ago | (#23767535)

Dude, it's a joke. Get a grip.

Re:For us geeks who'd be sitting behind a computer (4, Funny)

BadIdea (1218060) | more than 6 years ago | (#23767611)

Jooooiiiiiiin uuuuusss. It's bliissssss.......

Re:For us geeks who'd be sitting behind a computer (1)

SpacePirate20X6 (935718) | more than 6 years ago | (#23768185)

Just because I'm in shape and a geek doesn't mean I've stopped eating Mountain Dew and Oreos.

Re:For us geeks who'd be sitting behind a computer (2, Interesting)

Anonymous Coward | more than 6 years ago | (#23768257)

to fight. Will we have to go to basic training?

If so, would basic training be to train us to stay up all night, living on pizza, soda, Skittles, and porn?

If so, where do I sign up?!?

Although the parent posted humorously it does lead into an interesting chain of thought:

Where can one look to educate "him/her"self on information warfare. When recruiting; do you look for a specific mindset, skillset or qualities in candidates for this line of work?

Are there sources of internet where one can start to learn about the subject?

Relationship with the Air Force? (5, Interesting)

El Cubano (631386) | more than 6 years ago | (#23766961)

Since the Air Force is the U.S. military branch claiming dominance in "cyberspace" (along with air and space), how do you view the Army's relationship with the Air Force in "cyberspace"? Will the Army seek to take over all of the "cyberspace warfare", carve out its own niche in cyberspace, or peacefully coexist with the Air Force?

With respect to leadership in this area across the DoD, do you feel that the Air Force being denied the program executive role for all DoD UAV endeavors represents an opportunity for the Army increase its role with respect to UAVs (as many people see cyberspace and UAVs to be inextricably linked)?

Attacks... (4, Interesting)

Notquitecajun (1073646) | more than 6 years ago | (#23766971)

Without diving into details that compromise security, can you reveal anything about the types or quantities of attacks that the US military is able to fend off, and how often they are faced?

Re:Attacks... (4, Funny)

Sloppy (14984) | more than 6 years ago | (#23767601)

Without diving into details that compromise security

Can you imagine what might have happened, if you had not so qualified your question? He might have let the cat out of the bag!

Personally, I would have phrased it this way: "Please tell us everything you're up to. (It's ok. We're cool.)"

Re:Attacks... (0)

gardyloo (512791) | more than 6 years ago | (#23767629)

Without diving into details that compromise security [...]
Thank goodness you put that reminder in there, or he might have given away cooties rat semen!

Dear Lt. Col. Bircher (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#23766989)

Do you prefer pipe or snatch?^w^w^w^w^w^w

What are your views on the outsourcing of military contracts to 3rd parties who typically use lowest-cost Microsoft certified labor?

China (5, Interesting)

je ne sais quoi (987177) | more than 6 years ago | (#23767157)

What is the U.S. Army doing to protect U.S. sensitive information from the frequent number of cyber-attacks originating from inside the People's Republic of China? Is it primarily defensive?

I would like to finally see people talking... (0, Offtopic)

harry666t (1062422) | more than 6 years ago | (#23767169)

...about peace, not warfare.

Re:I would like to finally see people talking... (2, Funny)

maxume (22995) | more than 6 years ago | (#23767343)

Just go down to your local Hippy Dippy Noodles.

Peace is a valid concept (4, Insightful)

circletimessquare (444983) | more than 6 years ago | (#23767685)

however, due to human nature, peace is achieved only with a balance of force, not with an absence of force. In other words, to maintain peace, there will always be a need for armed forces in this world.

If you think it is possible to have a world where there are no armed forces, you are not adovcating for a peaceful world when you say that. You are in fact unknowingly advocating for a more brutal, injust and violent world. This is so simply because you have not yet made yourself acquainted with, or made peace with (no irony intended), certain ugly but unremovable aspects of fundamental human nature.

Or, you could try to remove those aspects of human nature in the name of peace. This sets you down the road to autocracy, and makes you an enemy of free will and free expression. If you wish to continue to respect the notion of free will and free expression, you must understand why a force of arms is always necessary to be at the ready, in the name of peace.

Re:I would like to finally see people talking... (1)

qbzzt (11136) | more than 6 years ago | (#23768135)

How about Pax Romana [wikipedia.org] ?

Recruitment (5, Interesting)

caljorden (166413) | more than 6 years ago | (#23767199)

Does the US Air Force, or any branch of the armed services, currently recruit for cyber-related positions directly? Or is it a requirement that all members come out of the standard armed services personnel? If there is currently no system for recruiting the best and brightest CS/IT/Security personnel from the civilian population, would that ever be considered?

Re:Recruitment (5, Insightful)

db32 (862117) | more than 6 years ago | (#23767651)

I can answer this one for you. Yes they do. The Air Force in particular has been getting much more active in advertising it's increasing need for the intel/cyber style missions. You basically go through the same process everyone else does.

1. Go to the recruiter and say "I want to do XYZ". If you are lucky you will get a recruiter that isn't a slimeball and will actually help you do specifically what you want. Hit or miss here, some are really amazing folks that know how to work things, others are asshats that know how to sleaze kids in. Do your research first. Non military and recruiters are about the last people you want to talk to for "how it really is" information, one is clueless and comes up with nonsense stories, the other has a clue and comes up with nonsense stories. Currently active or recently retired people will have the best information, though it will frequently be a bit dated. It is best to refine your questions with them and then ask specific pointed questions of the recruiters.

2. Go to the MEPS (Military Entrance Processing Station I believe) and do the tests. ASVAB being the big one here, all branches use these scores in one way or another to determine what jobs you are qualified to do. This isn't exactly a hard test by any stretch, more than anything it gives the military a guess as to how complex of a school they can send you to without wasting money on you failing out. You will also go through the whole physical thing, eye tests, piss tests, blah blah blah.

3. Go to the career manager folks. Each branch has a different name for them and this part will typically happen at the MEPS. Again, much like recruiters they are hit or miss. However, they have a bit better of an excuse. They aren't there to convince you to join so much as for you to tell them what specific job you want to do. These are the people that look up your scores and compare that to job requirements and then check for openings in that job. They process tons of people per day, many of which have no idea what they want to do other than "work on computers" or "fix planes" or whatever. The key to coming out of this is to do your research well before you go. Narrow down what you want to do to a few jobs and know their code for whichever branch you are talking to. These people are experts at human resources stuff, not the details of whatever career you want. They probably won't be able to answer much unless they came from that career or know someone in that career. The best bet is to get your recruiter to arrange some time to meet people in the career field you are interested in and get the answers that way.

4. Go to basic training. Everyone goes, no way past that.

5. Go to your school. Each branch does this a bit differently, but after basic training you will go to the school for your chosen job. This could be 2 weeks long, it could be 2 years long, all depends on the job.

6. Pray for your assignment. Now you are in, you have the career you want, and now it is a roll of the dice. You go where they need your career, period. There are a number of programs to finagle your way around to places you want, but don't expect any of them to help you much in your early days. Your best bet here is to do a damned good job, don't be a fuckup, and let your supervisors know what your goals are. Good supervisors will help you get where you want to go. Above all else, don't expect it to happen quickly.

National Guard units basically follow the same steps, except for the assignment process. With the Guard you will be joining a specific unit when you enlist. So you will already know exactly what your assignment will be. The Guard units are able to do much more targeted recruiting because of this. The Active Duty world you kind of go into a big pot and stay there unless you managed to get into special assignments (usually by being really good at what you do and leaning forward for opportunities).

Re:Recruitment (2, Insightful)

fprintf (82740) | more than 6 years ago | (#23767701)

http://interviews.slashdot.org/article.pl?sid=08/02/29/1733222 [slashdot.org]

If you look at past interviews with the Air Force and Army, you will find that they work with a significant number of contractors. So you do not need to be "in the armed forces" to work on anti-cyber terrorism.

Obviously you need to be able to get a security clearance.

Re:Recruitment (2, Interesting)

BadIdea (1218060) | more than 6 years ago | (#23767723)

This is a really important question going forward. A lot of military recruitment seems to still be somewhat centered around the sorts of "grunt"-based wars we were fighting decades ago. But there's no reason a fat out of shape guy who happens to be a brilliant programmer needs to go through boot camp and get shouted at by a drill instructor, or learn how to march, just to be part of a group devoted to fighting cyber-terrorism.

Obviously quasi-military operations need lots more in the way of security clearance and chains of command, but it seems like civilian-structured government organizations are better suited to many of these tasks than the conventional military. The NSA, DOD, CIA, etc. are full of bright people, many of whom have never done a push-up.

Is it the military that's going to change how it trains and retains, or will it be civilian-based government agencies that start to take over more and more of the functions of technological-based warfare?

What limitations do you observe? (5, Interesting)

Anonymous Coward | more than 6 years ago | (#23767229)

Conventional military is bound by the Geneva convention. To date, there is no international law governing military info-war. Are you therefore no longer bound not to attack civilian targets? Is scrambling hospital records to create civilian deaths by mistreatment considered a valid attack?

Re:What limitations do you observe? (1)

Applekid (993327) | more than 6 years ago | (#23767805)

I love parent's question, and therefore love them and hate not having mod points.

Why does the Army have a love affair with Windows (5, Interesting)

Anonymous Coward | more than 6 years ago | (#23767275)

the worlds most insecure operating sytem? Seriously, I just had to go through the Army accreditation process at work, and all the guidelines basically say that Windows is the most secure according to the army. Several of the policies do nothing to increase security but are windows only features, a not so subtle hint that if you want to be "secure" you should be using Windows. The policies also states that since open source is "unsupported" you should use a commercial OS unless you can find "support" for the open source software. The scrutiny that the Linux/Unix machines are put through is MUCH more than Windows machines are. Windows machines are basically said to be "secure" if you apply all the patches and set a couple of settings. Its as if the Army considers Windows to be the most secure instead of the least secure. The whole security accreditation process seemed to be a giant push for us to move to Windows, which means that in my opinion the whole exercise was intellectually bankrupt. Why does the Army continue to push windows despite its absolutely horrendous security track record?

Re:Why does the Army have a love affair with Windo (2, Interesting)

gardyloo (512791) | more than 6 years ago | (#23767741)

Interesting, because at the DoE- (mainly) and DoD- (partly) funded lab at which I work, Linux and Unix (and things like OSX) users are given much *less* scrutiny than those using Windows.

Re:Why does the Army have a love affair with Windo (2, Informative)

0p7imu5_P2im3 (973979) | more than 6 years ago | (#23768251)

Yeah, I've always found it hilarious that the IA (Information Assurance) guys tout the glorious impenetrable securities of Windows, even though nothing missions critical runs on Windows.

Ironically, the reason they are pushing Windows is not the security. It's the control. With windows you can remotely disable pretty much anything within a Domain. A person could have administrative access on their Domain attached work station and still not be able to do anything beyond what the Domain administrator allows.

If you have root access on a Linux machine, they can't do anything short of removing your physical workstation to keep you from installing, or even compiling, your own software. And with Linux, you can manipulate network communication that, while possible, is extremely difficult in Windows.

Most importantly though, with regard to control, is that the DoD knows most of the backdoors in Windows. Linux is watched over by millions of people. Chances are, the DoD doesn't know any more backdoors in Linux than you or I.

Being Proactive (1)

Cormacus (976625) | more than 6 years ago | (#23767297)

What kind of proactive steps are being taken in advance of any cyber dust-ups? We frequently see articles that talk about security holes used for attacks that could have been closer earlier. Is closing these security holes a priority? Also, with increasing numbers of infrastructure control systems (power grid, etc) being attached to the internet, is the defense of targets like these being attended to?

Jurisdiction? (5, Interesting)

Caerdwyn (829058) | more than 6 years ago | (#23767333)

Given that the most likely targets for cyber warfare are civilian targets, and that the perpetrators will likely be either non-government organizations or non-military employees of foreign governments, how do you see the jurisdiction question playing out? In particular, at what point are there handoffs in investigation, arrest, and prosecution between the US military, the FBI, and local authorities of affected civilian targets?

Avoiding Redundancy or is it Necessary? (5, Interesting)

introspekt.i (1233118) | more than 6 years ago | (#23767361)

What steps is the Army taking to avoid overlap with the Air Force's "cyber warfare" program(s)? Is avoiding overlap considered necessary, or is redundancy considered a good thing? Are there plans to collaborate on large scale with the Air Force, or keep the programs isolated from one another?

Source Code (2, Interesting)

g0bshiTe (596213) | more than 6 years ago | (#23767391)

In the event of a "Cyber Attack" (read we go after them) would the task force secure source code, to search for hidden vectors of attack?

I realize this is based on the assumption that we know what OS and programs they are running, but Windows for instance, it's reasonable to assume that most computer users use some form of it either legally aquired or illegally.

Timing and relevancy (5, Interesting)

zappepcs (820751) | more than 6 years ago | (#23767411)

It's common knowledge that what we call the Internet was suckled by the military. Black-hat and white-hat security conferences and practices have been an active part of Internet security for over a decade.

Can you explain what seems to be the US Military arriving at the game in the third inning?

Having had TSEC and observed security processes and procedures, such as tempest precautions some time ago, I'm having trouble understanding why the 'cyber defenses' of the US Military only now seem to be actually realized.

Is the delay due to funding? Priorities? or simply to underestimation of what the rest of the world was up to all this time?

Please be as specific as you are able to be.

Thank you.

Re:Timing and relevancy (1)

jank1887 (815982) | more than 6 years ago | (#23768381)

The military's been in it all along. It's just that the word Cyber finally got cool. Soon they'll turn it into a verb: Private, cyber that paradigm shift NOW!!

Never forget that the government, and especially the military, is just a big, inefficient, management heavy 1970's style corporation.

Are you running botnets? (4, Interesting)

advocate_one (662832) | more than 6 years ago | (#23767463)

no text

Slashdotter (2, Interesting)

slotdawg (1301999) | more than 6 years ago | (#23767477)

Do you frequent slashdot often to read news and breakthroughs in IT? How does the government disseminate whether threats of attack are legitimate or just hoaxes?

Re:Slashdotter (1)

gardyloo (512791) | more than 6 years ago | (#23767669)

How does the government disseminate whether threats of attack are legitimate or just hoaxes?
I suspect that should be "determine", not "disseminate", but either is an interesting question.

Re:Slashdotter (1)

slotdawg (1301999) | more than 6 years ago | (#23767825)

Thanks gardyloo... my head is in the clouds today

Threat Assessment (5, Interesting)

mykepredko (40154) | more than 6 years ago | (#23767545)

As I understand it, every military in the world assess the threat its opponents pose by their capabilities rather than perceived intents.

How do you perform a threat assessment in the area of cyber-warfare where the physical weapons (as was pointed out in an earlier post) is the keyboard and mouse with much of technology being used as a threat being developed in the U.S?

Thanx,

myke

"Civilian contractors" (5, Interesting)

faloi (738831) | more than 6 years ago | (#23767597)

Do you foresee a high utilization of civilian contractors? Knowing that there are some restrictions on people that can be recruited into the Army for any number of reasons (asthma, medications, criminal records), do you see a need for either more lax recruiting guidelines for some of the "front line" troops in the cyber warfare field, or a higher use of civilian (or at least non-Army) personnels?

Re:"Civilian contractors" (1)

jbeez (691930) | more than 6 years ago | (#23767797)

I would agree that to really tap into the potential of the resources that possibly couldn't enter the armed forces for one reason or another, or didn't want to, would be a very smart move. Nothing against the men and women of our services, but I know there is some unbelievable talent floating around out there that has nothing to do with the military but could really help our national network security.

Re:"Civilian contractors" (1)

fprintf (82740) | more than 6 years ago | (#23767821)

http://interviews.slashdot.org/article.pl?sid=08/03/12/1427252 [slashdot.org]

In an interview with Slashdot, Major General Lord of the US Airforce responded "Certain skill sets can also be brought on board as civilians or contractors, and in many cases we do offer compensation competitive with the commercial sector."

I suspect the answer would be similar from the Army. The first answer will be a recruiting answer, how they use the talents of significant number of young men and women, but ultimately they also need to rely upon contractors.

Hurdles of Cyber Warfare (5, Interesting)

Digital Ebola (29327) | more than 6 years ago | (#23767649)

Greetings,

One issue to cyber warfare is linguistics. How does a military unit overcome this? Does the unit consist of people skilled at the various languages used in theater plus the technical concepts required to execute, or are you forced to cooperate with any other agency?

Also, agency cooperation: are there good relationships between the cyberwarfare units and the intelligence community, and can you say whether or not there are SOPs in place that would utilize cyberwarfare units in conjunction with a physical offensive, i.e. disable Three Gorges Dam right before an op.

Thanks for the time!

Platform Choice (0)

Anonymous Coward | more than 6 years ago | (#23767709)

The US armed forces could cut their vulnerability up to 90% by using MacOS or *nix. That isn't religion, it's fact.

So you tell me: if the answer is so plain, why is the military basing so much of the Network-Centric Warfare (NCW) (AKA Network-Centric Operations [NCO]) on known insecure (and non-securable) platforms?

Computer Literacy (5, Interesting)

AioKits (1235070) | more than 6 years ago | (#23767717)

What level of computer literacy do you feel the Commander-In-Chief and those reporting to them should have in order to comfortably and accurately convey the importance of a given situation/threat the USACEWP encounters?

Daemon? (2, Interesting)

Viking Coder (102287) | more than 6 years ago | (#23767743)

Have you read the book "Daemon" [amazon.com] by Leinad Zeraus? Or how about "The Footprints of God" [amazon.com] by Greg Iles?
Do you think The Singularity is approaching, and if so, do you think you're prepared for it?

Materiel isn't a typo in the summary (3, Informative)

Starlet Monroe (512664) | more than 6 years ago | (#23767811)

There's a "material" tag on the story pointing out an apparent typo. I can't ever seem to get tags to behave for me, so I'll post a reply instead. In military talk, "materiel" is a specific term to refer to the stuff we need to fight a battle. It has specific and distinct connotations in supply management, and it used correctly in this article's summary.

Like on Star Trek (1)

Intron (870560) | more than 6 years ago | (#23767861)

What do you do about the problem where a computer is informed that it has made a logic error and it starts spewing smoke and then explodes violently?

Are We At War? (5, Interesting)

Doc Ruby (173196) | more than 6 years ago | (#23767895)

What is the "cyber command" doing to protect the US from current serious attacks on major Federal government sites, including the attacks on sensitive Congressional sites [slashdot.org] reported this week?

Is there any traditional military precedent for tolerating these attacks to the extent we do? Is that hesitancy making us weaker, so our eventual delayed military (or "cyber-military") response will be compromised from winning the conflict to our satisfaction?

At what point do these attacks constitute acts of war, does that need to be declared by Congress, and how does the "cyber command" change its response at that point?

What value does doign it in the Army add? (4, Insightful)

scorp1us (235526) | more than 6 years ago | (#23767909)

We already know that the USAF has a cyber-warfare division. Given that all network attacks are fundamentally based in IP Packets, it stands to reason that the Army and USAF would be duplicating work, while creating an opportunity for lack of communication.

Would you agree that a special, single cyber-defense branch should be created to assist all branches of the military as well as non-military?

Generally the armed forces are never known for technical prowess. (They are more consumers than creators) The role of creation comes from contractors. Why shouldn't we rely on contractors to perform these functions when contractors already obtain top-secret clearances? Contractors compete for projects which ensures a level of cost limitation (lets face it, Cost+ rips off the tax payer), continual advancement (beyond what the enemy throws at us).

Why should the armed forces be doing this in-house?

Re:What value does doign it in the Army add? (1)

scorp1us (235526) | more than 6 years ago | (#23768001)

Clarifications: Cost+ was only possible by the large scale of operations. Any network based attack would not require the same scale of operations, meaning a small private team could provide significant value. Small private teams are plentiful, meaning an award of a Cost+ contract is unlikely.

On 2nd thought, I retract my challenging questions because I don't want to be labeled an enemy combatant, stripped of my Habeus Corpus rights and thrown in GitMo for questioning the wisdom of the military and by construct, the presidency.

Look at all the cowardly trolls (1)

DaveV1.0 (203135) | more than 6 years ago | (#23768037)

When did /. turn into coward troll central? Is it spill over from Digg or something?

A military brat asks: (2, Interesting)

UncleTogie (1004853) | more than 6 years ago | (#23768087)

In your work as Director of IO for Combined Joint Task Force -76, what were your greatest challenges in Afghanistan? What technology threats other than IEDs were your greatest concern?

Making defenses availible to the tax payers (4, Insightful)

scorp1us (235526) | more than 6 years ago | (#23768215)

Would you support the release of information and software (Like Security-Enhanced Linux from the NSA) regarding successful defensive configurations and strategies to the general public so that the tax payer can derive additional benefits from your work? Surely the private industries in this country are valuable and may be attacked in order to cause economic harm.

What limitations or rules would you use for release of such information?

what is your mandate? (0)

Anonymous Coward | more than 6 years ago | (#23768229)

Do you protect US assets, or just US military assets? Where do you draw the boundary that says, 'this is a military action, this is a criminal one?' On the Internet it seems that boundary is ambiguous, and there are criminal organizations with offensive assets (botnets, for example) that more than rival the assets of many countries.

Re:what is your mandate? (1)

jstoner (85407) | more than 6 years ago | (#23768285)

aack-forgot I wasn't logged in... this was me

Defensive or offensive? (1)

qbzzt (11136) | more than 6 years ago | (#23768291)

What part of your job is to defend US systems, and what to prepare to attack against systems used by opposing forces?

Also, do you see the existence of your department as a possible deterrent for hostile organizations to use IT effectively?

Is it... (1)

Nathrael (1251426) | more than 6 years ago | (#23768331)

Is it possible to work for the USACEWP as a civilian, like it is possible to work as an civilian engineer at research institutions like Picatinny? Would someone who wants to work at the USAVEWP do background checks to obtain proper clearance?

scope of activities (0, Redundant)

nickhart (1009937) | more than 6 years ago | (#23768419)

Several questions for the Lt. Col. Is his unit responsible for planting bogus media stories to prop up public opinion for their occupations? Do they censor soldiers' blogs, or censor soldiers' access to information via the Internet? And on a more personal note, during his time at Bagram did the screams of tortured prisoners interfere with his concentration or productivity?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...