[ISN] Head of Air Force Cyber Command discusses new role, cyberattack defenses

From: InfoSec News (alerts@private)
Date: Wed Jan 23 2008 - 22:33:55 PST


http://www.networkworld.com/news/2008/012308-elder-air-force-cyber-command.html

By Ellen Messmer
Network World
01/23/08 

Air Force Lt. Gen. Robert Elder is head of the Air Force "Cyber 
Command," a newly created organization operated under the 8th Air Force 
headquartered at Barksdale Air Force Base in Louisiana. Elder describes 
the purpose and evolution of the Cyber Command in an interview with 
Network World Senior Editor Ellen Messmer.


What is the "Cyber Command" and what's your role related to it?

I'm responsible for the cyber ops command that runs the network 
operations for the Air Force. We want to integrate cyber operations into 
the Air & Space Operations under the Strategic Command. The cyber ops 
piece was started a year ago by the Secretary of the Air Force. 
Basically, it's organized training and equipment to establish a new 
specialty. Some people are building and operating the network fiber or 
global services over encrypted lines. At the next level, we're trying to 
defend these networks. So we're establishing tactics, techniques and 
procedures to allow us to fight through an attack.


The Air Force has obviously made use of networking for a long time, so 
what's really different about the Cyber Command?

We differentiate between computer network security and computer network 
defense. Once you're through the gate, you're in, so we look at that as 
hostile territory. It's inside defense. Right now, most of what we do 
today is computer network security. But we know our adversaries will 
attack, and we need training and cyber tools.


What kind of attacks are of concern?

Phishing, for example, is a type of attack. We're arming airmen with the 
skills to recognize a phishing attack. We're installing tools to check 
URLs. We're integrating commercial products with our own host-based 
security systems.


How many people are in the Cyber Command today?

There are at least a few thousand people now and it will grow to between 
5,000 and 10,000. Many people are re-assigned from all over the Air 
Force. The goal is to be fully established by October. We can't do 
anything without cyber today, we talk about operations in the cyber 
domain.


Do the other military services, such as the Navy, Army or Marines, have 
anything equivalent to the Air Force Cyber Command?

The Navy has the Naval Network Warfare Command and the Army has U.S. 
Army NETCOM.

We've been discussing defense but does this have offensive capability?

All of this has developed some offensive capabilities, but you would use 
these in a wartime setting. We're developing capabilities to respond to 
an attack. The types of things we're doing are ensuring we can continue 
to defend the U.S. Even if the U.S. comes under an attack, we can 
continue to operate. There are questions, such as how do we deal with 
denial-of-service attacks, spoofing or an adversary trying to alter 
data?


Are you concerned about cyber espionage?

Cyber espionage is a huge issue to us. We're worried about someone 
stealing operational information. Most of our work is done on a 
classified network, but the non-classified net is connected to the 
Internet. We're concerned about users introducing a backdoor through a 
phishing attack or that through something like a thumbdrive, data is 
allowed to flow.


What steps can you take?

People need to be careful about clicking on links, so we're very 
restrictive. We're putting a lot of things in place, like moving toward 
a policy on our firewalls to deny all except by exception. There's a 
registry of sites you're allowed to go to. Today, it's simply a 
blacklist and we block by categories. (Learn more about network access 
control products with our Network Access Control Buyer's Guide. [1])


What would you like to see the high-tech industry work on in terms of 
products or services to support the Air Force Cyber Command?

I'd like to see more work done on being able to identify where an 
attacker has put embedded code, perhaps in a Web site, and detect data 
that may pose a threat to you. We start by looking at commercial 
off-the-shelf products, and that's the kind of thing we look for to 
defend a network.

[1] http://www.networkworld.com/buyersguides/guide.php?cat=866251

All contents copyright 1995-2008 Network World, Inc


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Jan 23 2008 - 22:45:44 PST