[ISN] Cyber Warriors

From: InfoSec News (alerts@private)
Date: Tue Oct 30 2007 - 00:20:51 PST


http://www.govexec.com/dailyfed/1007/102907ol.htm

By Neil Munro  
National Journal  
October 29, 2007

SAN ANTONIO -- Deep in the heart of cyberspace, something new called a 
Network Warfare and Ops Squadron fights battles 24/7 from a building in 
a nondescript office park here at Lackland Air Force Base.

At one end of the room, a crew monitors the cyberspace highways for the 
first signs of a hacker infiltration, spreading virus, or 
network-jamming wave of spam. A second crew rapidly investigates every 
problem and scrambles other crews to counter each incursion with an 
armory of specialized software. And all of it is under the watchful eyes 
of a pyramid of officers and officials that ascends through the 
departments of Defense, Homeland Security, and Justice and eventually 
into the Oval Office.

Every day, every hour, the squadron reacts to myriad trivial or 
significant attacks on some of the 650,000 computers that allow the Air 
Force to pay its personnel, manage day care centers, buy fuel, direct 
fighter-bombers in Iraq and Afghanistan, and launch nuclear-tipped 
missiles should the order ever come.

But this squadron is very different from the traditional units of 
leather-jacketed, death-defying pilots soaring through the wild blue 
yonder. These warriors are mostly office-dwelling private contractors 
whose skills and actions are bound by a complicated tangle of software 
and U.S. law rather than the laws of aerodynamics and the limits of 
physical courage. Yet, these "airmen" play an increasingly important 
role in the Air Force and the Defense Department, because warfare has 
spread into cyberspace, just as it long ago spread into air and space.

That's why the Air Force has tapped Maj. Gen. William Lord to assemble 
the Air Force Cyberspace Command by next October, whose job will be to 
recruit, equip, and train a new corps of cyber-warriors perpetually 
ready to protect military networks from whatever threats emerge.

The new command, Lord said, must also prepare for an offensive role -- 
to infiltrate or wreck enemy networks and to manipulate enemy leaders, 
should that action ever be ordered by the president. One goal, he said, 
is to give future presidents the ability to deter cyber-attacks. The 
ability to say, "We're not going to blow up your cities, we're going to 
melt your cities," or at least their electronic infrastructures, can 
help counter cyber-attacks, Lord said. "It doesn't have to be a weapon 
that ever gets used," he added.

The Air Force already has individual air and space commands, and "this 
makes sense for them in a lot of ways," said James Lewis, director of 
the technology and public policy program at the Center for Strategic and 
International Studies. "Instead of blowing up power plants, they could 
get them to stop working" using cyber-warfare, he said.

The command will also help the Air Force compete with the other armed 
services for funding and leadership slots in future cyber-warfare 
commands, said Mark Rasch, a managing director at FTI, a D.C.-based 
cyber-security firm. These days, the Air Force isn't playing a prominent 
combat role in Afghanistan or Iraq, partly because few bombers are 
needed but also because the Army and Marines have developed their own 
smart missiles and unmanned surveillance aircraft. And the Navy has 
established the Naval Network Warfare Command in Norfolk, Va., which 
focuses on naval "information warfare."

The Air Force's cyber-command, Rasch said, "is an attempt to establish a 
pre-eminent, if not dominant, role in a new arena for war." The command 
will be a natural development for the Air Force, he said, much like the 
service's earlier electronic-warfare capabilities and space satellites.

In recent months, U.S. officials said they have seen a sharp increase in 
efforts by hackers, backed by foreign governments, to infiltrate or 
damage U.S. and other allied information networks. A particular concern 
is that a government might plant damaging software -- "malware" -- 
inside a network, or even in new mass-produced computer components. The 
malware would then surreptitiously send data back to its creators, or 
even damage the host network during a war or other crisis.

In 2006, hackers -- likely backed by the Russian government -- launched 
a wave of Internet-jamming attacks that crippled the government of 
Estonia. Also, Beijing is believed to have helped Chinese hackers 
infiltrate computer networks at the Pentagon and in government offices 
in Berlin, London, and Paris, according to computer-security experts.

Many of these cyber-attacks are monitored, and some are countered, at 
Lackland, where lunch-table conversations are "a lot of geekspeak" as 
the contractors, many of them former military members, cooperate and 
compete to identify new security threats, said Maj. Carl Grant, the 
commander of Lackland's 33rd Network Warfare Squadron. In 2006, the 
crews identified and dissected 29 "validated incidents" from among the 
hundreds of thousands of suspicious events visible on the networks, he 
said. "We're not arrogant enough to believe that we caught everything," 
Grant added.

The contractors don't live the regimented lives of military personnel, 
and they don't wear uniforms. But they all have to pass security and 
background checks. "We have to entrust them with the keys to all of the 
information on the networks," said Col. Mark Kross, who commands the 
26th Network Operations Group, which includes Grant's squadron.

Lord's emerging Cyberspace Command is expected to include the Lackland 
operation and other classified programs as well as exotic aircraft, such 
as the U2 spy plane, EC-135 electronic-eavesdropping aircraft, EC-130E 
Commando Solo radio-broadcasting plane, and the EC-130H Compass Call 
radio-jamming aircraft.

Its headquarters will likely consist of several hundred staff overseeing 
perhaps 20,000 Air Force personnel. They will include software experts, 
lawyers, electronic-warfare and satellite specialists, and behavioral 
scientists, Lord said. "You have to reach out to a different kind of 
recruit," he noted.

The command will not direct combat operations, Lord said, but will 
supply capabilities to the Pentagon's combat commands, such as U.S. 
Strategic Command and U.S. Central Command, which operate under the 
direction of the White House. Technically, the armed services do not 
initiate warfare; they assemble and train forces for use by the combat 
commanders and the president. Over time, who does what in cyberspace 
warfare will be decided after debate among government officials, the 
services, private contractors, and advocates, Lord said. "It's a 
dialogue we'll end up having."

But that debate is already quite advanced. In 2002, for example, 
President Bush and Congress gave the new Homeland Security Department -- 
not the Pentagon -- the task of defending the government's civilian 
computer networks.

Industry, meanwhile, greets these developments with a great deal of 
caution and skepticism. Generally, industry officials are reluctant to 
see government playing a role in the management of the Internet, which 
is now so vital for their business operations. For more than a decade, 
they have lobbied hard against online wiretaps, government-mandated 
hacker defenses, and making companies legally liable for cyber-security 
failures. The latest dispute emerged after a Chinese company announced 
it wanted to buy a minority share in 3Com, a Marlborough, Mass.-based 
company that supplies anti-hacker software to American companies, and 
some Air Force contractors. The federal government's Committee on 
Foreign Investments in the United States is now reviewing the proposed 
purchase.

Industry executives are winning most of these policy battles, in part 
because much of the public, along with civil libertarians, don't want 
government officials -- especially the military -- to regulate their use 
of the Internet. That's why a future U.S. Internet Command is unlikely, 
and why the White House has instead helped to establish cooperative 
government-industry centers to counter security threats to banks, 
electric power companies, railroads, and other vital industrial sectors.

"We're continuously reaching out to the private sector because the 
private sector owns and operates [90 percent] of the critical 
infrastructure," said Gregory Garcia, the assistant secretary for 
cyber-security and telecommunications at the Homeland Security 
Department. "DHS has the authority and credibility, and the trust of the 
private sector and other [civilian] agencies to help coordinate a 
national strategy for the protection of cyberspace."

The Defense Department, in contrast, and its subordinate services will 
mainly be tasked with protecting military networks, even if they do 
sometimes share resources with DHS, Garcia said. "We do recognize we are 
certainly facing a lot of the same threats and vulnerabilities, so it 
behooves us to work together," he added.

For example, the Estonian government, as a member of the North Atlantic 
Treaty Organization, asked the Pentagon for aid when the hackers jammed 
its networks in 2006. In turn, the Pentagon alerted its subordinate 
units and also coordinated with DHS and U.S. industry to respond, Garcia 
pointed out. "Together, we did a high-speed, real-time analysis of what 
was going on in the Estonian networks.... We were all on our monitors, 
on the phone, communicating through a variety of channels, in real time, 
day after day, as the attacks were happening."

And Gen. Lord noted: "As the world has changed, we have changed."


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Tue Oct 30 2007 - 00:35:18 PST