“I’m omnipotent. That’s ‘potent’, with an ‘omni’ in front if it.”

It sure applies to SWMBO.

Just some perspective…

I called SWMBO to let her know we were busting up the furniture, and she was floating around in the sunshine in Hawaii.

So here’s a corollary: The closer SWMBO is to Hawaii, the less she cares about the fistfights and eye-poking here….

Definitions of terms like “digital ecosystem” that are more than theoretical language might be more difficult than anticipated to validate. The concept of soldiers in the thick of the fight as a force of “social engineering”? I am a skeptic.

I would also like to know what constitutes a “cyber soldier”, particularly with regard to what scope, reach, and authority that entity has for offensive and defensive cyber operations, and just what that support for the warfighter might entail. And how that might differentiate from current combat support and service support functions.

Castles, moats, and catapults aside, what we have often failed to recognize is that those who look to exploit our network vulnerabilities ALWAYS have the upper hand, especially upon initial exploitation of a vulnerability.

There are widely varied opinions as to how well DoD understands the cyber realm. DoD cyber capability often seems to be couched in terms of a digital contest reminiscent of the “guns versus armor” paradigm. In reality, the vulnerability of our networks, large and small, civilian and military, is a far more complex and interwoven set of human and cultural (and technical) factors than we tend to recognize. Certainly more complex than DoD could ever hope to influence or control.

Whether such a landscape represents only opportunities, I will say this: Like everywhere else on the battlefield, the enemy has a vote. He is adaptable, determined, focused, and capable. Something else to remember: It is axiomatic that the more primitive our enemy, the less our technological advantage means.

I will wait and see how much our network centricity and technological advantage means before I say it represents only opportunity. I am going to need some pretty convincing “ferinstances”.

Then we find ourselves in disagreement. I don’t believe Cyber-conflict in the digital ecosystem can conform to an existing legal and policy context in regards to execution; in this case it appears our disagreement would be in the policy area of rules of engagement. I do not believe in a philosophical approach that suggests that posture for cyber-conflict is one of building moats and castle walls, indeed I subscribe to theories of cyber-conflict that include catapults. I believe the digital ecosystem is far too complex to be confined to traditional offensive and defensive constructs for insuring the integrity of information – and I want to emphasize the focus must be the assurance of information quality and integrity.

Defending the digital ecosystem is like defending the Atlantic Ocean – we have to be careful not to get stuck focused on the medium and because the ecosystem is mostly a commercial space. That is why we must also be judicial in our strike packages, and why I prefer the term cyber “smart bombs”.

Do not get lost in understanding the strategic intent of cyber warfare used in the context of this discussion – which is to insure the quality and integrity of the information, and when possible, disrupt the quality and integrity of the information stolen by our adversaries. Just as we assume risk when we broadcast unencrypted information, we should recognize that in the digital ecosystem, those who attempt to eavesdrop on our signals should be forced to assume risk as well. A “smart bomb” should not be defined “destructive payload”, indeed the best payloads would intentionally not be.

I do recognize there are serious issues in the development of cyber warfare today; indeed I am familiar with many of them. The absence of a clear set of basic definitions only touches the surface. The challenge for organizations to optimize cyber overall and ensure synchronization and complementary interactions between offensive and defensive elements of the people, processes and products is an immense challenge that the DoD is only beginning to tackle, and will likely take many years just to build a foundation of.

With that said, on a military battlefield, I see a future relationship where soldiers on the ground are the social engineers supporting cyber soldiers and cyber soldiers in turn support the soldiers on the ground. A simple construct, one that if put into practice, looks at exploitation of our information system as both a challenge and opportunity every time. In this case, given what we know – all I see is opportunity. I have every reason to believe – in this case – the DoD does as well.

For the particular instance of tapping into unencrypted video downlink, you are correct in your assertions. But that is relative tinker toys, and I am quite chagrined that we STILL have unencrypted video downlink. (We had such when I flew Pioneer UAVs for the USMC in the early 1990s!)

But some of your assertions are clearly wider than that. Your last paragraph in particular talks about “military cyber battlefield”. One of the by-products of the flattening of communications and information architecture in a network-centric warfare approach is that the lines are increasingly blurred. This is not only true between the three levels of war, but also between civilian/military architecture.

You also stated that “going offensive with cyber “smart bombs” is a legitimate response to unauthorized network intruders in a war zone”. Much of what my original comments address is that particular assertion, which I believe dangerous, naive, and patently false.

We captured insurgents and gear, meaning we have physical evidence by which to base many assumptions. It also appears we have accumulated evidence in more than one instance.

I am not talking about defending national infrastructure here, rather taking steps to go after those who would be snooping unencrypted airwaves of our UAV networks. Nothing suggested here is as complicated as you are making it, and none of what I am suggesting would be a guideline for national infrastructure protection.

Maybe you see botnets and ghostnets, but what I see are specific human targets with specific hardware (which we have apparently captured) and specific software (again, captured – meaning we know which type and version) monitoring a specific signal (which we have full control over).

It is not some feat of engineering nor does it require complex code to go after specific targets when you have so much specific information about your targets, indeed tailoring to your target is precisely what allows you to avoid the kind of problems you are suggesting may happen.

If done right, the same methodology can also be how you insure the data from the UAV is authentic.

In the cyber security world I know, effective payload delivery would insure those laptops would never touch the internet again without us knowing all about it. Not even sure what you are talking about in some of your response, because this is not a national infrastructure defense recommendation, rather how to deal with a specific issue in a warzone.

There are a number of assertions you make in your post for which there is considerable room for doubt.

The first is that we may have an understanding of the technical capabilities of the insurgents. I would submit that they have whatever capabilities they can buy. Like so many other entities, nation-states and NSAs, they no longer have the requirement for resident knowledge or capability. “Hacker for hire” is increasingly the prevalent modus operandi. There are plenty of eastern European folks with immense talent and knowledge willing to work for the highest bidder.

Second, the idea that insurgent “networks” exist in the form that ours does is one of the second-order faults to the network-centric warfare concept. It is wonderful if we happen to fight the United States. But until then, our networks remain a massive vulnerability, while the insurgent “networks”, what there are of them, are likely extremely limited and focused on a short-term and narrowly-defined task. “Disruption” is unlikely, and if achieved, is far less meaningful for the enemy than for us.

Third, and most importantly, the assertion that “cyber “smart bombs” is a legitimate response to unauthorized network intruders in a war zone” is dangerously naive.

Attribution remains nearly impossible against a talented cyber adversary. Tracks are covered easily, intrusions and attacks (DoS, DDoS) are made by proxy, sometimes through dozens or hundreds of “bots”. Attacking and potentially disrupting a network of unwitting “bots” may have disastrous consequences. The computer that is attacking or intruding a DoD network (or other supporting architecture) may be a hospital mainframe in Seoul, or Moscow, or St. Louis. Or a SCADA host for an electric power distributor on the Eastern Seaboard. Or a DoD machine carrying critical capabilities into theater.

Additionally, “intrusion” is often undetectable with current tools. Common tactics of cyber adversaries include introducing keystroke loggers (http://blog.usni.org/2009/12/12/dod-and-social-media/) onto network machines, thereby gleaning passwords of authorized users. This is not done at random, but focused on users who have specific network access for the functions the hacker is interested in usurping, or connections to the machine that does. Intrusion detection or anomaly detection systems have very little chance of alerting a network administrator that such a penetration has taken place. As far as the network is concerned, the hacker is an authorized user performing functions and transactions within his/her normal range of activities.

There has been much talk in recent years of giving “offensive cyber capabilities”, a euphemism for authorizing cyber attacks, to tactical commanders. This is a course of action that courts catastrophe. Such talk has as its basis a wild overestimation on our abilities to detect and attribute cyber attacks, and a vast UNDERestimation of the capabilities of our adversaries to find/hire/rent the technology necessary to present a serious threat to our military and civilian critical cyber infrastructure.

Decisions on authorizing and conducting offensive cyber operations need to remain at the level of National Command Authority. Cyber efforts for DoD systems, including UAVs, GPS (M-code), communications, etc., need to be focused on protection and encryption. We have built ourselves a network centric environment, for better or worse. Reducing the vulnerabilities of that environment is Job One.

Just some thoughts….