http://www.govexec.com/dailyfed/1007/102907ol.htm By Neil Munro National Journal October 29, 2007 SAN ANTONIO -- Deep in the heart of cyberspace, something new called a Network Warfare and Ops Squadron fights battles 24/7 from a building in a nondescript office park here at Lackland Air Force Base. At one end of the room, a crew monitors the cyberspace highways for the first signs of a hacker infiltration, spreading virus, or network-jamming wave of spam. A second crew rapidly investigates every problem and scrambles other crews to counter each incursion with an armory of specialized software. And all of it is under the watchful eyes of a pyramid of officers and officials that ascends through the departments of Defense, Homeland Security, and Justice and eventually into the Oval Office. Every day, every hour, the squadron reacts to myriad trivial or significant attacks on some of the 650,000 computers that allow the Air Force to pay its personnel, manage day care centers, buy fuel, direct fighter-bombers in Iraq and Afghanistan, and launch nuclear-tipped missiles should the order ever come. But this squadron is very different from the traditional units of leather-jacketed, death-defying pilots soaring through the wild blue yonder. These warriors are mostly office-dwelling private contractors whose skills and actions are bound by a complicated tangle of software and U.S. law rather than the laws of aerodynamics and the limits of physical courage. Yet, these "airmen" play an increasingly important role in the Air Force and the Defense Department, because warfare has spread into cyberspace, just as it long ago spread into air and space. That's why the Air Force has tapped Maj. Gen. William Lord to assemble the Air Force Cyberspace Command by next October, whose job will be to recruit, equip, and train a new corps of cyber-warriors perpetually ready to protect military networks from whatever threats emerge. The new command, Lord said, must also prepare for an offensive role -- to infiltrate or wreck enemy networks and to manipulate enemy leaders, should that action ever be ordered by the president. One goal, he said, is to give future presidents the ability to deter cyber-attacks. The ability to say, "We're not going to blow up your cities, we're going to melt your cities," or at least their electronic infrastructures, can help counter cyber-attacks, Lord said. "It doesn't have to be a weapon that ever gets used," he added. The Air Force already has individual air and space commands, and "this makes sense for them in a lot of ways," said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. "Instead of blowing up power plants, they could get them to stop working" using cyber-warfare, he said. The command will also help the Air Force compete with the other armed services for funding and leadership slots in future cyber-warfare commands, said Mark Rasch, a managing director at FTI, a D.C.-based cyber-security firm. These days, the Air Force isn't playing a prominent combat role in Afghanistan or Iraq, partly because few bombers are needed but also because the Army and Marines have developed their own smart missiles and unmanned surveillance aircraft. And the Navy has established the Naval Network Warfare Command in Norfolk, Va., which focuses on naval "information warfare." The Air Force's cyber-command, Rasch said, "is an attempt to establish a pre-eminent, if not dominant, role in a new arena for war." The command will be a natural development for the Air Force, he said, much like the service's earlier electronic-warfare capabilities and space satellites. In recent months, U.S. officials said they have seen a sharp increase in efforts by hackers, backed by foreign governments, to infiltrate or damage U.S. and other allied information networks. A particular concern is that a government might plant damaging software -- "malware" -- inside a network, or even in new mass-produced computer components. The malware would then surreptitiously send data back to its creators, or even damage the host network during a war or other crisis. In 2006, hackers -- likely backed by the Russian government -- launched a wave of Internet-jamming attacks that crippled the government of Estonia. Also, Beijing is believed to have helped Chinese hackers infiltrate computer networks at the Pentagon and in government offices in Berlin, London, and Paris, according to computer-security experts. Many of these cyber-attacks are monitored, and some are countered, at Lackland, where lunch-table conversations are "a lot of geekspeak" as the contractors, many of them former military members, cooperate and compete to identify new security threats, said Maj. Carl Grant, the commander of Lackland's 33rd Network Warfare Squadron. In 2006, the crews identified and dissected 29 "validated incidents" from among the hundreds of thousands of suspicious events visible on the networks, he said. "We're not arrogant enough to believe that we caught everything," Grant added. The contractors don't live the regimented lives of military personnel, and they don't wear uniforms. But they all have to pass security and background checks. "We have to entrust them with the keys to all of the information on the networks," said Col. Mark Kross, who commands the 26th Network Operations Group, which includes Grant's squadron. Lord's emerging Cyberspace Command is expected to include the Lackland operation and other classified programs as well as exotic aircraft, such as the U2 spy plane, EC-135 electronic-eavesdropping aircraft, EC-130E Commando Solo radio-broadcasting plane, and the EC-130H Compass Call radio-jamming aircraft. Its headquarters will likely consist of several hundred staff overseeing perhaps 20,000 Air Force personnel. They will include software experts, lawyers, electronic-warfare and satellite specialists, and behavioral scientists, Lord said. "You have to reach out to a different kind of recruit," he noted. The command will not direct combat operations, Lord said, but will supply capabilities to the Pentagon's combat commands, such as U.S. Strategic Command and U.S. Central Command, which operate under the direction of the White House. Technically, the armed services do not initiate warfare; they assemble and train forces for use by the combat commanders and the president. Over time, who does what in cyberspace warfare will be decided after debate among government officials, the services, private contractors, and advocates, Lord said. "It's a dialogue we'll end up having." But that debate is already quite advanced. In 2002, for example, President Bush and Congress gave the new Homeland Security Department -- not the Pentagon -- the task of defending the government's civilian computer networks. Industry, meanwhile, greets these developments with a great deal of caution and skepticism. Generally, industry officials are reluctant to see government playing a role in the management of the Internet, which is now so vital for their business operations. For more than a decade, they have lobbied hard against online wiretaps, government-mandated hacker defenses, and making companies legally liable for cyber-security failures. The latest dispute emerged after a Chinese company announced it wanted to buy a minority share in 3Com, a Marlborough, Mass.-based company that supplies anti-hacker software to American companies, and some Air Force contractors. The federal government's Committee on Foreign Investments in the United States is now reviewing the proposed purchase. Industry executives are winning most of these policy battles, in part because much of the public, along with civil libertarians, don't want government officials -- especially the military -- to regulate their use of the Internet. That's why a future U.S. Internet Command is unlikely, and why the White House has instead helped to establish cooperative government-industry centers to counter security threats to banks, electric power companies, railroads, and other vital industrial sectors. "We're continuously reaching out to the private sector because the private sector owns and operates [90 percent] of the critical infrastructure," said Gregory Garcia, the assistant secretary for cyber-security and telecommunications at the Homeland Security Department. "DHS has the authority and credibility, and the trust of the private sector and other [civilian] agencies to help coordinate a national strategy for the protection of cyberspace." The Defense Department, in contrast, and its subordinate services will mainly be tasked with protecting military networks, even if they do sometimes share resources with DHS, Garcia said. "We do recognize we are certainly facing a lot of the same threats and vulnerabilities, so it behooves us to work together," he added. For example, the Estonian government, as a member of the North Atlantic Treaty Organization, asked the Pentagon for aid when the hackers jammed its networks in 2006. In turn, the Pentagon alerted its subordinate units and also coordinated with DHS and U.S. industry to respond, Garcia pointed out. "Together, we did a high-speed, real-time analysis of what was going on in the Estonian networks.... We were all on our monitors, on the phone, communicating through a variety of channels, in real time, day after day, as the attacks were happening." And Gen. Lord noted: "As the world has changed, we have changed." __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Tue Oct 30 2007 - 00:35:18 PST