Nov. 19, 2015

The High Importance of Mobile Networks During Crisis

Every year, developed and developing countries increasingly rely on cyberspace infrastructure for economic activity and governance. Specifically, mobile wireless networks are an indispensable component of the cyberspace landscape. This paper explores the necessity of mobile wireless networks during crisis. Mobile networks have proven essential for relief efforts in the aftermath of disasters and during conflicts. The US military trains to respond to such crisis scenarios, but current US cyberspace doctrine primarily focuses on the cybersecurity of its own military cyberspace infrastructure. This mindset does not adequately addresses the imperatives for assisting civil authorities or host nations restore/protect cyber capabilities. To be successful in future contingencies, the US military must integrate mobile network cybersecurity into its operations planning. Even in the poorest communities, mobile wireless networks are becoming fundamental to the governance, economic growth, and social fabric. The US military must train and deploy teams that can rapidly restore and secure these mobile networks.

Nov. 18, 2015

SOF – GPF Integration: A Model for Cyber Operations

In 2013, The Decade of War Working Group released a “Decade of War: Enduring Lessons from a Decade of Operations.” The document captured the critical lessons from a decade of combat experience in Iraq and Afghanistan. Absent from this document were insights regarding the employment of US cyber capabilities. This omission should not imply that after a decade of war, the United States cannot delineate key insights into military cyber operations. The Decade of War publication did extensively examine the impacts of General Purpose Force (GPF) – Special Operations Force (SOF) integration. This examination provides a cornerstone for necessary future synergies between Cyber and GPF in order to achieve unity of effort, effective intelligence defensive cyber operations, and optimization of offensive cyber effects. Following a GPF – SOF model, the US military should view cyber forces as a member of the combined arms team, establish fusion cells at the tactical level of war, and imbed cyber personnel as liaisons in tactical organizations to develop a true common operating picture and achieve unity of effort.

Nov. 17, 2015

Putin’s Cyber Strategy in Syria: Are Electronic Attacks Next?

The past few weeks have seen a remarkable shift in Syria. Russian fighter jets are bombing opponents of Syrian President Bashar al-Assad.[1] At least a few thousand Russian soldiers are now on Syrian soil.[2] And the Obama administration is scrambling to re-calibrate its policy positions toward Syria in light of these developments. Yet there is good reason to suspect that Russian plans for Syria go beyond the mere presence of conventional military forces. For the United States to begin managing the Russian presence in Syria effectively, it will soon have to come to terms with the prospect of Russian cyber attacks in Syria, as well.

Nov. 16, 2015

Cyber Aptitude Assessment: Finding the Next Generation of Enlisted Cyber Soldiers

The Department of Defense (DoD), and the US Army, are rapidly expanding the positions and personnel to operate in the cyberspace domain, one of the five independent warfighting domains [1]. Recognizing the importance of integrating cyber operations throughout the Army led to the recent creation of a new cyber branch, the first new branch in decades. Filling these new positions with the best qualified personnel is not an easy task. The DoD Cyberspace Workforce Strategy of 2013 lays outs requirements to assess aptitude and qualifications, noting “not all successful cyberspace personnel will have a Science, Technology, Engineering and Math (STEM) background. Rather, a broad range of experiences can lead to a qualified cyberspace employee.” The Strategy directs developing aptitude assessment methods to identify individuals’ thinking and problem-solving abilities as tools for recruitment. Further, it directs DoD to evaluate the “availability or development” of assessment tools to identify military candidates for cyberspace positions [2]. This paper begins with a discussion of the issues surrounding aptitude assessment and continues by identifying several existing test instruments. It then identifies testing results and finishes with several recommendations for talent identification.

Nov. 6, 2015

Cyberspace and the Law of War

The stated purpose of the Department of Defense (DoD) Law of War Manual is “to provide information on the law of war to DoD personnel responsible for implementing the law of war and executing military operations.”[1] Judge advocates are responsible for advising commanders regarding laws applicable to operations, but ultimately commanders are accountable for the consequences of their operations. At over 1,100 pages, the Manual is too detailed to be useful reading for commanders, who must be concerned with every aspect of the mission; the intended audience for the Manual is judge advocates. If DoD intended for the Manual to help judge advocates advise commanders regarding operations in cyberspace, however, it might have used more of the pages providing detailed discussions of realistic cyber issues.

Oct. 30, 2015

Personal Lessons about Effective Cyber Policies and Strategies

I recently retired from active duty after a 35 year career in the U.S. military, the past decade of which has been devoted to the sometimes mysterious cyber world. I would like to offer some insight into the personal lessons that I’ve learned during my experience helping stand up U.S. Cyber Command and while working cyber policies and strategies at the Pentagon. Although I’ve learned many lessons, the three that I’ve chosen to share in this article are, in my view, especially important for leaders in both the public and private sectors … because we are all becoming increasingly connected through modern information technology. This means we all share in the exploding opportunities as well as the escalating risks. Below are my top three lessons and I will attempt to add more context in subsequent paragraphs to help both government and industry leaders understand why all sectors of society should care about these key points:

Oct. 30, 2015

Senior Leader Vulnerabilities

“Teenage kid hacks into the CIA directors email.” It sounds like a faux headline from a 1980s Matthew Broderick film. In the age of sophisticated Intrusion Detection Systems, and a billion-dollar cybersecurity industrial complex that is present to prevent such absurdities, one would hope that such taglines are only something that a Hollywood writer could drum up.

Oct. 28, 2015

Our Data is Not Secure

Our data is not secure. That is the attitude you should take when interacting with providers online or when providing data at a point of sale. We must take the position that important personal data will be compromised at some point and we should therefore be prepared to enact a plan to reduce our vulnerabilities from its loss. According to the 2015 Verizon data breach report, there were over 2100 confirmed data breaches (pg5). These malicious attacks are conducted against the full range of providers that we all interact with, to include health insurers, financial institutions, educational institutions, and specialty services.

Oct. 23, 2015

Army Vulnerability Response Program: A Critical Need in the Defense of our Nation

Many major corporations have standing “bug bounty” programs that monetarily reward participants for identifying vulnerabilities in their products and responsibly disclosing the findings to the company. These programs help ensure vulnerabilities end up in the correct hands and lead to products that are more secure. In contrast, the Army does not have a central location for responsibly disclosing vulnerabilities found through daily use, much less a program that can permit active security assessments of networks or software solutions. Without a legal means to disclose vulnerabilities in Army software or networks, vulnerabilities are going unreported and unresolved. The critical necessity of an Army vulnerability response program will be highlighted throughout this paper as well as a proposed implementation to better defend our networks and sensitive information.

Oct. 23, 2015

Book Review: Ghost Fleet – Scary, Accessible, Entertaining and Plausible – The Future Implications of Cyber Attacks

Singer, P. W., and Cole, August. Ghost Fleet: A Novel of the Next World War. New York: Houghton Mifflin Harcourt Publishing Company, 2015, 416pp. When it comes to cyber Pearl Harbor metaphors, this book takes the cake. Providing a disturbingly realistic take on a connected future warfare scenario Singer and Cole immerse the reader into a world that lies just beyond the horizon. Their tale of interwoven fact and fiction is a quick and entertaining must read for all who would belittle the potential disruptive attributes of cyberspace and a networked way of war that has become increasingly pervasive from modern strategy and tactics down to acquisitions and manpower assessments.