Archive for the 'Cyber' Category
From The Jaws of Victory
The final battle of Epipole showed the pitfalls of over-reliance on communications and single circuits. During the Athenian siege of Syracuse during the Peloponnesian War, the Syracusans countered the attempt of Athens to wall in the city by building a counter-wall past the projected path of Athenian battlements. The Syracusans had gained a critical blocking position, and Athenian General Demosthenes concocted a plan to dislodge the defenders. Athenian forces found themselves stalled during the daytime battles outside the counter-wall, when their enemies could easily observe and rally against them. General Demosthenes planned a night-time strike on the counter-wall. The well-organized night-time attack completely overwhelmed and nearly destroyed the first garrison. As the alarm was sounded, the Athenians rushed forward before allowing themselves to re-organize and re-identify. When the first real resistance was met, the ensuing disaster is worth citing in full:
In the Navy, our concept of an organization is dominated by the “chain of command” and the quintessential “org chart,” both of which are vertically focused. These concepts do a good job of telling us who we work for, and who works for us. However, they serve little purpose in outlining with whom we should work. These relationships are horizontal in nature and help us navigate the seams of an organization, seams which are readily apparent in a traditional, vertically-focused “org chart.” While vertical relationships are key to authority and responsibility, effective innovation, planning, and execution are typically dependent on horizontal relationships.
The Chief Petty Officers’ Mess is well known for establishing horizontal relationships. Chiefs utilize relationships established during CPO 365 and within the Chiefs’ Mess to solve problems and accomplish the mission. In essence, the effectiveness of the Chiefs’ Mess is based in large part on these horizontal relationships. These horizontal relationships need not be limited to the Chiefs’ Mess, however. Command members at all ranks, officer and enlisted, can and should seek to establish these relationships in order to make themselves and their command or organization more effective.
A good example is the somewhat recent emphasis on the N3/N2 (Ops/Intel) relationship, linking the operator to the intelligence professional, and vice versa. The result has been greater synchronization between these supporting entities. Another example is the establishment of the Information Dominance Corps (IDC), which seeks to establish a close working relationship between information-focused communities. Regardless of where these information-focused professionals work in an organization, a roadmap for their horizontal relationships has been pre-established by the formation of the IDC. The possibilities for horizontal relationships are truly endless, while the potential value in establishing and utilizing these relationships is immeasurable.
Establishing a horizontal relationship takes little effort. Warfare qualification programs, command functions, social events, and command organizations, such as the First Class Petty Officers Association, all encourage the establishment of horizontal relationships. Getting out of your work space and interacting with your peers is another method. Share each other’s roles and responsibilities and seek to identify overlap, and common or supporting efforts. Then establish a relationship and ensure you leverage it whenever necessary or feasible.
Horizontal relationships need not be limited to your own command or organization. Establishing relationships with other commands or supporting staffs can be beneficial as well. Horizontal relationships can also be established within a wider community, leveraging the collective thoughts of a large, diverse group. Tools like the IDC Self-Synchronization website enable establishment and utilization of such relationships.
So the next time you think about the chain of command or look at an org chart, focus on the horizontal vice vertical aspects of the organization. Identify the seams and look for places to establish horizontal relationships, relationships that will help make you and the command more effective. Then set out to navigate the seams.
LCDR Chuck Hall is an Information Warfare Officer and member of the Information Dominance Corps. He enlisted in the Navy in 1988 and served 13 years as a Cryptologic Technician (Interpretive) prior to commissioning as a CWO2. Subsequently selected for LDO, he transitioned to the Restricted Line once he completed his BA in Middle Eastern Studies. He currently serves on the CCSG-8 staff, embarked in USS DWIGHT D. EISENHOWER. When at home he enjoys spending time with his wife and three amazing children. He has also contributed to Connecting the Dots with his blog post Waiting to Lead.
Well, you might have missed some really good information – except that you can still view some of the key presentations and panels by watching them on USNI’s YouTube page and get a summary of each day’s summary here.
Almost like being there except you miss the giveaways at the vendor’s booth.
Also, given that Midrats has Super Bowl “Best of” going this Sunday, it’s a way to get your “talking ’bout National Security” fix.
Kevin Mitnick, the infamous hacker and social engineer turned security consultant, gave a presentation at this year’s History Conference at the Naval Academy today. He gave numerous examples of extracting information from people and companies by using their own trust and knowledge against them. His demonstrations likely startled many of the audience members with the range of methodologies and, more importantly, the success rate.
Some may look at the seemingly endless list of ways attackers can obtain what they’re looking for and throw their hands up in despair. It’s important to take a step back and consider some important factors in responding to, and hopefully mitigating, attack vectors.
Technology alone won’t save you. If you fight technology with technology, you’ll lose. All the firewalls and intrusion detection systems in the world won’t be a guarantee that networks won’t be breached. There’s no such thing as an impenetrable system, and no such thing as bugless software. Kevin’s demonstration of exploiting vulnerabilities in widely used commercial software proves this. Moreover, this isn’t just software being used in the private sector. Many of the exploits he demonstrated take advantage of software that’s become an integral part of the way the military handles its information. As if this weren’t enough, the files used to carry out every successful exploit passed antivirus scanning without incident, and were run on fully patched, up-to-date systems.
That’s not to say technological security measures are pointless; far from it. Strong passwords, multi-factor authentication, limited access permissions, and strict data management are as important now as they’ve ever been. Placing full faith in their protection, however, is misguided.
- Midrats this Sunday, May 17 2013 – Episode 167: Intellectual Integrity, PME, and NWC
- Remembering our Fallen Coast Guard Shipmates and their Families
- On Midrats 10 Mar 13, Episode 166: “Expeditionary Fleet Balance”
- Guest Post by LTJG Matthew Hipple: From Epipolae to Cyber War
- For Strength and Courage: Neptunus Lex