December 14, 2015 — I. MotivationAs captured in numerous strategic policy documents and speeches, the need to develop a military cyber profession (MCP) or workforce in America is significant.[1],[2],[3],[4],[5],[6] Unfortunately for the United States military, such development has been hampered by a lack of durable and widely accepted definitions of the MCP, which MORE
|
December 10, 2015 — Joint force commanders exercise mission command across all domains to include land, air, maritime, space, and cyberspace. According to joint doctrine, mission command involves the conduct of military operations through decentralized execution,[1] and this demands that leaders at all echelons exercise disciplined initiative to accomplish missions.[2] However, in the case of military operations in cyberspace, there are aspects of mission command that are not yet fully developed for the joint force.[3] For instance, the emphasis on delegation and decentralization are not always appropriate for situations involving the employment of national level cyberspace capabilities designed to create effects in support of unified action.[4] Army forces are currently incorporating cyberspace as an “operational domain,”[5] and commanders understand how this effort has direct implications for their exercise of mission command in support of unified land operations.[6] In the absence of an operational example, past and current conditions on cyberspace integration will be discussed along with the mission command principle of creating shared understanding. MORE
|
November 19, 2015 — Every year, developed and developing countries increasingly rely on cyberspace infrastructure for economic activity and governance. Specifically, mobile wireless networks are an indispensable component of the cyberspace landscape. This paper explores the necessity of mobile wireless networks during crisis. Mobile networks have proven essential for relief efforts in the aftermath of disasters and during conflicts. The US military trains to respond to such crisis scenarios, but current US cyberspace doctrine primarily focuses on the cybersecurity of its own military cyberspace infrastructure. This mindset does not adequately addresses the imperatives for assisting civil authorities or host nations restore/protect cyber capabilities. To be successful in future contingencies, the US military must integrate mobile network cybersecurity into its operations planning. Even in the poorest communities, mobile wireless networks are becoming fundamental to the governance, economic growth, and social fabric. The US military must train and deploy teams that can rapidly restore and secure these mobile networks. MORE
|
November 18, 2015 — In 2013, The Decade of War Working Group released a “Decade of War: Enduring Lessons from a Decade of Operations.” The document captured the critical lessons from a decade of combat experience in Iraq and Afghanistan. Absent from this document were insights regarding the employment of US cyber capabilities. This omission should not imply that after a decade of war, the United States cannot delineate key insights into military cyber operations. The Decade of War publication did extensively examine the impacts of General Purpose Force (GPF) – Special Operations Force (SOF) integration. This examination provides a cornerstone for necessary future synergies between Cyber and GPF in order to achieve unity of effort, effective intelligence defensive cyber operations, and optimization of offensive cyber effects. Following a GPF – SOF model, the US military should view cyber forces as a member of the combined arms team, establish fusion cells at the tactical level of war, and imbed cyber personnel as liaisons in tactical organizations to develop a true common operating picture and achieve unity of effort. MORE
|
November 17, 2015 — The past few weeks have seen a remarkable shift in Syria. Russian fighter jets are bombing opponents of Syrian President Bashar al-Assad.[1] At least a few thousand Russian soldiers are now on Syrian soil.[2] And the Obama administration is scrambling to re-calibrate its policy positions toward Syria in light of these developments. Yet there is good reason to suspect that Russian plans for Syria go beyond the mere presence of conventional military forces. For the United States to begin managing the Russian presence in Syria effectively, it will soon have to come to terms with the prospect of Russian cyber attacks in Syria, as well. MORE
|
November 16, 2015 — The Department of Defense (DoD), and the US Army, are rapidly expanding the positions and personnel to operate in the cyberspace domain, one of the five independent warfighting domains [1]. Recognizing the importance of integrating cyber operations throughout the Army led to the recent creation of a new cyber branch, the first new branch in decades. Filling these new positions with the best qualified personnel is not an easy task.
The DoD Cyberspace Workforce Strategy of 2013 lays outs requirements to assess aptitude and qualifications, noting “not all successful cyberspace personnel will have a Science, Technology, Engineering and Math (STEM) background. Rather, a broad range of experiences can lead to a qualified cyberspace employee.” The Strategy directs developing aptitude assessment methods to identify individuals’ thinking and problem-solving abilities as tools for recruitment. Further, it directs DoD to evaluate the “availability or development” of assessment tools to identify military candidates for cyberspace positions [2].
This paper begins with a discussion of the issues surrounding aptitude assessment and continues by identifying several existing test instruments. It then identifies testing results and finishes with several recommendations for talent identification.
MORE
|
November 6, 2015 —
The stated purpose of the Department of Defense (DoD) Law of War Manual is “to provide information on the law of war to DoD personnel responsible for implementing the law of war and executing military operations.”[1] Judge advocates are responsible for advising commanders regarding laws applicable to operations, but ultimately commanders are accountable for the consequences of their operations. At over 1,100 pages, the Manual is too detailed to be useful reading for commanders, who must be concerned with every aspect of the mission; the intended audience for the Manual is judge advocates. If DoD intended for the Manual to help judge advocates advise commanders regarding operations in cyberspace, however, it might have used more of the pages providing detailed discussions of realistic cyber issues.
MORE
|
October 30, 2015 — I recently retired from active duty after a 35 year career in the U.S. military, the past decade of which has been devoted to the sometimes mysterious cyber world. I would like to offer some insight into the personal lessons that I’ve learned during my experience helping stand up U.S. Cyber Command and while working cyber policies and strategies at the Pentagon. Although I’ve learned many lessons, the three that I’ve chosen to share in this article are, in my view, especially important for leaders in both the public and private sectors … because we are all becoming increasingly connected through modern information technology. This means we all share in the exploding opportunities as well as the escalating risks. Below are my top three lessons and I will attempt to add more context in subsequent paragraphs to help both government and industry leaders understand why all sectors of society should care about these key points:
MORE
|
October 30, 2015 — “Teenage kid hacks into the CIA directors email.” It sounds like a faux headline from a 1980s Matthew Broderick film. In the age of sophisticated Intrusion Detection Systems, and a billion-dollar cybersecurity industrial complex that is present to prevent such absurdities, one would hope that such taglines are only something that a Hollywood writer could drum up. MORE
|
October 28, 2015 — Our data is not secure. That is the attitude you should take when interacting with providers online or when providing data at a point of sale. We must take the position that important personal data will be compromised at some point and we should therefore be prepared to enact a plan to reduce our vulnerabilities from its loss. According to the 2015 Verizon data breach report, there were over 2100 confirmed data breaches (pg5). These malicious attacks are conducted against the full range of providers that we all interact with, to include health insurers, financial institutions, educational institutions, and specialty services. MORE
|