COTS Journal

Close the Cyber Security Gap

By: Pete Yeatman, Publisher

Too many of us—including those in government—are sticking their heads in the sand when it comes to cyber security and cyber warfare. Almost thirty years ago, reality started to hit home that government-funded development of electronics was no longer leading the way; commercial development was. Our perceived enemies would be able to develop better electronics than our military using standard components purchased in stores—although possibly less durable than what the mil-spec industry could provide. An unwanted but necessary shift was made to enable our military to utilize the more leading-edge commercial technologies. Today we find ourselves in a similar situation when it comes to cyberspace and the use of remotely manned vehicles.

The easiest item to get off the table is the domestic use of remotely manned vehicles. We already have laws governing the use of deadly force within the United States by local, state and federal officials. Remotely manned vehicles are just another weapon. Our federal government can now read the brand off a cigarette package from a satellite—and can probably do even better as technology advances. State and local law enforcement use planes and helicopters with high-powered optics. Meanwhile we have laws against Peeping Toms as well as public nuisance for civilians. Internationally it’s a different story, but we already have policies in place for the elimination of persons to be considered terrorists and a threat to the U.S. or its people. Again remotely manned vehicles are only a tool. If we have an issue with this policy, it needs to include guns, knives, poison, bombs and so on. Yes, all operations have the probability of collateral damage. But again, this is a general discussion.

One of the things we covet almost as much as our personal security is our free and easy use of cyberspace. As individuals we communicate, research, document and even annoy people with our personal electronic devices. Commerce completely depends on cyberspace and moves faster than Moore’s Law to eliminate the number of personnel needed and increase cyberspace dependence. This massive dependence now includes the military in order to move the vast amount of information and communication bandwidth that it is now handling.

The Chinese water torture doesn’t seem like it would work, but it does: one drop of water hitting the forehead every second or two for long periods of time. This comes from a culture that has time and can slowly work to achieve its goals. China’s military buildup is not for a planned military confrontation with the United States; it is mostly to enable it to intimidate less formidable and less technology-dependant adversaries. China’s plan for the U.S. is to gain greater control economically and to disrupt or disable our dependence on communication and cyberspace to achieve its interests and goals. It has tested an ability to disrupt satellites and made numerous test attacks (through hackers) on commercial enterprises. Right now these attacks are meant to temper opinions and operations that China does not like. Management of companies that have been attacked must at a minimum subconsciously weigh the decision on some of its policies.

Up until 2004, the DoD required that Information Assurance (IA) experts had not only book training but also hands-on training—call it an apprenticeship or journeyman training. However, in 2004 the DoD issued Directive 8570 mandating that IAs receive specific certifications from outside contractors without any hands-on training. Lower costs and probably some happy contractors were the result. Cyber security and warfare are a bit of a cat and mouse game where experience and working with mentors is absolutely key. We need to do more than what some tax return mills do to educate their tax advisors.

Rather than having endless meetings on cyber defense and warfare, our legal pundits and Congress should consider the urgency of the problem, and that this is not an academic exercise that can endure years of endless debate. Yes, we need to consider the big issue of third-party consequences when repelling a cyber attack or initiating a counterattack. It is crazy to stall and restrict research into cyber defense and warfare until it can be assured that any such effort will not cause an interruption to Jane Doe’s individual iPhone. 

We need to bolster up the U.S. Army’s Cyber Command, at the expense of politicians’ protected programs. With tight controls, we need to hire high-quality private contractors to develop cyber defense and even develop counter attacks. Industry now has more better trained and experienced personnel to put on these programs than the military. As the DoD and Congress move forward in developing a military budget—around what has to be a new military vision—the focus has to be on the world’s shifting threats and how to employ the best the U.S. has to offer in preparation. The one thing that has always been our strength has been our ability to develop whatever’s necessary, quickly and efficiently. Just like 30 years ago, we need to do that now—not only with product but also with training. It is imperative that military personnel attend conferences to not only learn about policy, technology and products; but also to exchange information among fellow individuals doing the same thing.  

 

© 2009 RTC Group, Inc., 905 Calle Amanecer, Suite 150, San Clemente, CA 92673