Currently viewing the tag: "national cyber security. national cybersecurity"

Download (PDF, 212KB)

I was a 3rd Class Midshipman at Maine Maritime Academy when Vice Admiral Arthur K. Cebrowski and John J. Garstka put together this Proceedings article.  I had walked on to an NROTC program, buckled down on my academics and earned a scholarship.    I remember reading it and thinking that it was a bit of a “flashback” vice forward looking.  But that was mostly because I had grown up with these items.  I’d had the Atari, the Commodore 64, and even a suitcase 286 loaned to me to “play” with.  But having experienced much of what is talked about in the paper I encourage another review of the document.  I’ve put together a few of the items that I find most important to where the Navy has come with the Information Dominance Corps, where it has fallen short, and where it can work to overtake it’s missteps.

Admiral Jay Johnson said it is “a fundamental shift from what we call platform-centric warfare to something we call network-centric warfare.” This was operationally shifted effectively, however the man, train, and equip entity remained focused on providing platform-centric leaders (Aviation, Surface, Submarines).  I would argue that since the start of this decade, warfare we exercise has always been technology-centric but from the days of recognizing network as an enabler for Naval missions it has shifted from the network-centric that Cebrowski described to  information-centricty and this centricity is only becoming more prominent and identifiable.

Vice Admiral (ret.) Arthur K. Cebrowski

Cebrowski’s three main themes still hold true with information-centricity:

  • The shift in focus from the platform to the network
  • The shift from viewing actors as independent to viewing them as part of a continuously adapting ecosystem
  • The importance of making strategic choices to adapt or even survive in such changing ecosystems
We’ve started to network everything (not well in some cases) but the information has become dominant.  The legacy platforms we still man-train-equip are becoming simple sensory platforms for the information-centricity in the global battlespace.
Intellectual Capital – Information-based processes are the dominant value-adding processes in both the commercial world and the military. Yet the military fails to reward competence in these areas. “Operator” status frequently is denied to personnel with these critical talents, but the value of traditional operators with limited acumen in these processes is falling, and ultimately they will be marginalized, especially at mid-grade and senior levels. The war fighter who does not understand the true source of his combat power in such things as CEC, Global Command and Control System, and Link-16 simply is worth less than those who do. The services must both mainstream and merge those with technical skills and those with operational experience in these areas. These are the new operators.”
I don’t think I could come up with a better summation for why there is a push for:
  • the Information Dominance Corps to become a URL (right or wrong for the long term good of the Navy);
  • better implementation of these systems to ensure the Human Computer Interaction (and understanding by the human) is so important;
  • the development of a significant core of technologists within the U.S. Navy;
  • the increase of this core in personnel number and improvement in ability.

Financial Capital – although the Navy made an effective transition into the network-centric era it has now allowed those networks to wane.  The sensors available to the U.S. Military are unable to reach the forces afloat as it would flood and exceed the capabilities of the supporting infrastructure.  While the corporate Navy looks for IT inefficiencies reduce costs the afloat forces require significant resources to bring them into the current generation of technology (again Big Navy and the U.S. Navy have always been technology-centric) in order to move the supporting information-centric element.

Transformation Process- The ponderous acquisition process remains; technology speed of advance has only increased.  I’ve heard more than 50 FO/GO and their equivalent civilian counterparts state this problem over the last 7 years and yet it continues to remain.  We own these rules – the U.S. Government and the Department of Defense.  Call it a Grand Challenge – we’ve seen the model that has worked for USSOCOM; make it the model for everything and move on.  We’ll find the issues with this new model and another, better model one will develop.

I want to ensure I’m not opposing an adversary in the future while worrying about a National Deficit in the $15 trillion realm.  I want this reduced, eliminated and operate at a surplus.

Let’s become the lender; Let’s return to be the global leader!

[via Proceedings]

Download (PDF, 190KB)

I happened across the Ocean’s Trilogy (Ocean’s Eleven / Ocean’s Twelve / Ocean’s Thirteen) [Blu-ray]
deal for $13.99
that Amazon has today and remembered the “Pinch” in Ocean’s Eleven.  It also reminded me of one of the discussion points of the recent Security Jam in which I participated.  So with that let’s take a look at a real “Pinch.”

“Electromagnetic Pulse (EMP) is an instantaneous, intense energy field that can overload or disrupt at a distance numerous electrical systems and high technology microcircuits, which are especially sensitive to power surges. A large scale EMP effect can be produced by a single nuclear explosion detonated high in the atmosphere. This method is referred to as High-Altitude EMP (HEMP). A similar, smaller-scale EMP effect can be created using non-nuclear devices with powerful batteries or reactive chemicals. This method is called High Power Microwave (HPM).” – Clay Wilson (report above)

One of the discussion topics argued that an EMP was a Cyber Weapon; I completely disagree.  With that said the following is a quick excerpt of my comments on that argument:

I’d like to point out that previous attacks on Cyberspace have come from the physical medium and will continue to come mainly from that environment, in a Military context, more often than not.  A 500lb kinetic bomb on the power station and backup generators will create a similar effect on a targeted aspect of Cyberspace.  An EMP weapon would be just as difficult to use as a Cyberspace based weapon.  The boundaries of an EMP weapon’s effect are not easily identifiable, the verification of the desired result difficult to determine, and when used poorly can create significant 2nd and 3rd order detrimental effects.

I would list an EMP in the Electronic Warfare (EW) arsenal with potential and probable Cyberspace effects.  Justification for this would be that much of the Cyberspace focus is on Computer Network Attack, Exploitation, and Defense.  An EMP weapon will have significant ramification on the infrastructure to conduct these missions but will also wreak havoc on the Electromagnetic Spectrum.

A focus on adding an EMP capability to the arsenal would foster and require the continued development and implementation of hardened electronic suites.  This is extremely costly and would require reviews of both the DoD infrastructure as well as the National Critical Infrastructure to determine hardening requirements.

EMP is an EW weapon with Cyberspace effects.  A Cyberspace weapon comes from within Cyberspace.  Try not to blur the lines simply because Cyber is the popular term of the moment.

So what do you think?

[Report via FAS]

Download (PDF, 50KB)

Yesterday I had the pleasure of attending “Supply Chain Security – Do you know who your insiders are?” by Bob Hutchinson, Senior Manager, Sandia National Laboratories’ Information Security Sciences Group.

The key aspect of his presentation that I took away was the National Labs’ ability to control and prevent compromise of the Nuclear Weapons supply chain.  And that the lessons learned from almost 7 decades of experience could be applied to the supply chain risk of Information Technology.  We’ve solved most problems before it simply takes effort to find where.

This analogy led me to investigate a bit more and I discovered Bob’s statement to the United States House of Representatives Committee on Energy and Commerce, Subcommittee on Communications and Technology.  His 4 key points are:

  1. While strategic data theft of intellectual property and national secrets has become a focus recently do not lose sight of the malicious data modification threat.
  2.  Examine and be aware of your Information Technology aspects of your supply chain; from the software applications and patches to the sub-components of each piece of hardware (and it’s obvious supporting software -firmware).
  3. While developing the manner and mechanism for Cyber information sharing between Government and Industry there must be a strategy associated with it.  This strategy could then be used to assist in an adversary “self-identifying.”
  4. Identifying the Nation’s noted “profound shortage of qualified cyber security experts.” He adds that having been tasked by DoE, Sandia to has built “a program that’s more like a medical residency than a trade certification” and that this model is much more appropriate to creating the requisite cyber security experts for the nation.

[via HE&CC]

Set your Twitter account name in your settings to use the TwitterBar Section.