Posted on Nov 9, 2013
Col Regional Director, Whem/Ssa And Congressional Liaison
10.4K
74
71
9
9
0
Based on the current situation, are we investing appropriate amounts of time, resources, funding, and training into the cyber realm? Given the low cost and relative ease that an adversary may inflict damage (distract, disrupt and/or support other kinetic or non-kinetic actions), are we appropriately investing in and preparing for the future, or are 'we' content w/ the current status quo? Please note that the question uses 'we' in ref. to the U.S. and Federal Gov't as a whole (vs. a strictly DoD or individual/collective services' Cyber/Comms communities point-of-view). The idea here is to encourage a thoughtful discussion on where we are, where we've been, and where we may go (or may need to go) in the future. Please feel free to share any research, experiences, thoughts, resources, and/or pertinent facts... and please be mindful of OPSEC as well. Thank you for taking the time to seriously consider and discuss this subject; thank you for all that you do, and... see you all in the discussion threads! 
Edited >1 y ago
Avatar feed
Responses: 44
CPT All Source Intelligence
5
5
0
Sir, we cannot be well protected from cyber threats via enhancements to our military capabilities because of the nature of our unique American society.  Other nations have more governmental control over key utilities, power sources, IT infrastructure, financial institutions, etc and can enforce cyber security protocols.  We do not have that.  Moreover, our military is quite dependent on private industry (contracting firms, software - e.g., Adobe, Microsoft, utilities, Bank of America/Citibank, Dell), so an effective attack on these partners would impact military operations, no matter how well protect ourselves.  Offers of government assistance to private industry are reflexively seen as a move toward government control.  This is not to say that we should not do everything possible to keep ourselves at the forefront of cybersecurity, but we cannot imagine that this single faceted approach will work to provide the kind of national protection that is the traditional role of the U.S. Armed Forces.  
(5)
Comment
(0)
Avatar small
1SG First Sergeant
3
3
0
Edited 11 y ago
While this will be a long post of mostly generalities, I hesitate to go into specifics so please bear with me.


There are several emergent opinions on this discussion in regards to the way we have acted, the way ahead, and the particiapation of other services IT MOS'd Soldiers in combating this threat, and I want to make a couple of points on each, and add a couple of other thoughts to the pot that some may not have considered.

Firstly in regards to the way that we as not only a nation, but also as the military, have reacted to past threats and attacks, we must remember that from the professional aspect of IT security, we can have as many preventative measures in place as we want, but we are always fighting a reactive battle. While some may not see it that way, the reality is that way most vulnerabilities are discovered is by an attempted attack or a successful one, it is only at that point can the vulnerability be assessed and mitigated. From a national perspective, we can not truely regulate or mandate the levels of security for individuals, simply because of our freedoms, and I do not have a problem with that. But at the same time, there are numerous regulations and best practices that are in place for the civilian world, primarily the corperate arena, that are in place to help prevent the types of successful attacks that we have witnessed lately. From a government/military standpoint, we have the added benifit of more strict regulation and oversight which help combat the threats that are currently out there. The government networks are more secure than the civilian counterparts, but the reality is that no network is ever 100% secure, as you must always balance secutiry with useability. Every once and a while you will see a news story on a thwarted attack on a government network, but how many go unnoticed or unpublicised? Historically the government networks have been much more successful in combating cyber threats than the civilian ones, with the exception of insider threats such as Manning or Snowden.

The way ahead for this arena of battle is training, training, and more training. The technology is always progressing, and neccessary knowledge level of the attackers is steadily decreasing. The tools used by hackers are becoming more and more complicated and advanced, but their interface and ease of use is such that an unskilled user can wreak havok on a network with nothing more than a few simple command lines or mouse clicks. The only way that we can combat these attacks in the future is to continue on the path that we are currently on, but with more training, down to the lowest levels. Without going into details, we as a military are progressing very well to combat the current and emerging threats out there, though everyone must understand that this is an ever evolving battlefield, not only in landscape, but also in the weapons that are used. 

As for our Soldiers that hold IT based MOS's, it is very difficult to try to fit them into the equation of IT security. The amount of time that a security professional is able to spend on a specific network will of course dictate how well they know and understand that network. That level of understanding will of course make it easier to identify problems, security concerns, or attacks. With the turnover of Soldiers due to PCS moves, promotions, or any action that moves the Soldier from a familiar network to a new one, it is like starting over at ground zero all over again. That being said, that does not mean that our Soldiers should not be training themselves to be able to make an impact, as SGM Brainard stated, Skillport has all the tools that are required, and it is free of charge. To obtain the industry certifications is still not all that difficult either, as they can be obtained and paid for through the education center as well. Unfortunately, from what I have experienced, it is uncommon for our Soldiers to actually be working on our networks while stateside.

To bridge the gap left by the rotation of military personnel, we have contractors and GS employees. While there is always some hesitation in placing trust in civilians to do important military functions, these personnel allow for a continuity of knowledge and experience. In most cases these individuals are already established and certified IT professionals, and are familiar enough with the networks to be able to identify problems and potential threats. Additionally they can be a fountain of knowledge to our Soldiers, sharing experience and giving some hands-on training where appropriate. 


(3)
Comment
(0)
Avatar small
SGT Sr Satcom Systems Operator/Maintainer
3
3
0
The simplest answer is no.  I work in a heavily cyber environment.  Soldiers in this field constantly need specific technical classes and a lot of hands on in a working environment which they are not receiving, and from what I have experienced a lot of leaders are not using the resources they have available to their fullest extent.  They rely too heavily on the few experienced people we have left from deployments.  They use shortcuts that could allow a disgruntled soldier easy access to secret information.  The one MOS (25D) that the Army has created is very narrowminded in the pool of soldiers it takes from that it severely hampers other more skilled soldiers from entering that field and improving the cyber environment.  What we need is signal and cyber soldiers to be in classes consistently and when they are not in classes they should be working with their equipment until they know all they possibly can about it.  But that is just this E4's opinion take it for what you think it is worth.
(3)
Comment
(0)
SGT Sr Satcom Systems Operator/Maintainer
SGT (Join to see)
11 y
I respectfully disagree SGM, it is lax IA enforcement and poor LAN and domain management that has led to the most information leaks from our cyberspace.  While not technically cyber it is the access point to cyber and the most vulnerable point at that.  As a caveat to the training being available I have been doing it, however I think it should be less of a motivational effort and more of a requirement for soldiers while working any IT or cyber environment.
(4)
Reply
(0)
SGT William B.
SGT William B.
11 y
I think there's merit in both sides of the argument, but I'm inclined to agree with SGM Brainard.  As an IT contractor on the civilian side, IA enforcement/management does not fall in with the technical side of the cyber realm.  I can say that many of the "system administrators" I've seen during my employment are people that learned through the "monkey-see, monkey-do" style of instruction and information retention.  

Education is a must.  However, I think that where the military is struggling the most is in finding quality soldiers that not only meet recruitment standards, but also have the educational/technical background and capacity to wage war in the cyber domain.  As an example of how badly we are hurting for IT professionals, the military was at one point (may still be) giving a mandatory, two-part test designed to gauge a soldier's knowledge regarding IT concepts and overall intelligence/logical problem solving skills.  Out of my AIT class (218 personnel), 3 passed the first test, including myself.  The three of us either did not pass the test, or were not Active Duty soldiers (at the time, or at least how it was explained to me, you had to be active duty to be reassigned if you passed the test).

Compound this lack of IT professionals in a US Army uniform with a leeching system of contract companies providing "essential" IT/IA services to the Army, including recruiting those few qualified personnel at a much higher wage than what they could ever make in the military, and it just makes the problem that much more difficult to solve.  
(1)
Reply
(0)
SGT Cda 564, Assistant Team Sergeant
SGT (Join to see)
>1 y
Hard to compete with Google, Microsoft, Banking institutes and so on when it comes to top tier IT personnel. If you are at the top of your "game" why would you join the Army when you could be starting out at 75,000 a year in an A/C office with little to no regulations on PT, clothing, hair, etc. 

  How do we compete with corporations paying that large amount of money for the same job? 
(2)
Reply
(0)
SSG Ed Mikus
SSG Ed Mikus
>1 y
We compete by making it so prestigious to be in DoD cyber that people line up for the chance to put that on their resume
(1)
Reply
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

close