Archive for the 'Cyber' Tag
This week, Sea Control Asia Pacific looks at cyber security in the region. Natalie Sambhi, of the Australian Strategic Policy Institute (ASPI), interviews her colleague Klée Aiken from ASPI’s International Cyber Policy Centre about the major cyber issues facing Australia, ICPC’s new report on cyber maturity in the Asia Pacific, what cyber maturity means and how it’s measured, China’s and India’s respective cyber capacities, and what this all means for the individual internet user.
In his piece, “Imminent Domain,” ADM Greenert suggests that the EM and Cyber spectrums need now be considered a stand-alone domain of conflict. Respectfully, we’re already there. The electronic environment, wired and unwired, is an obsession for defense planners. In CYBERCOM, the EM-Cyber spectrum practically has its own unified command. The navy’s component of CYBERCOM, the “10th Fleet,” in name harkens back to ADM Greenert’s example of the rise of sub-surface warfare. From the military’s fears over an assassin’s mace style EMP attack to the public’s obsession in movies like Live Free, Die Hard and games like Black Ops 2, the awareness is more than there. While we may have recognized this new environment, ADM Greenert is right in that we have not taken this challenge to heart. If forces are going to operate as if the EM-Cyber spectrum is a domain of warfare, they must act as they would in the physical battlefield on the tactical level, not just the strategic: take cover, stay organized, and interrupt the enemy’s OODA loop.
From The Jaws of Victory
The final battle of Epipole showed the pitfalls of over-reliance on communications and single circuits. During the Athenian siege of Syracuse during the Peloponnesian War, the Syracusans countered the attempt of Athens to wall in the city by building a counter-wall past the projected path of Athenian battlements. The Syracusans had gained a critical blocking position, and Athenian General Demosthenes concocted a plan to dislodge the defenders. Athenian forces found themselves stalled during the daytime battles outside the counter-wall, when their enemies could easily observe and rally against them. General Demosthenes planned a night-time strike on the counter-wall. The well-organized night-time attack completely overwhelmed and nearly destroyed the first garrison. As the alarm was sounded, the Athenians rushed forward before allowing themselves to re-organize and re-identify. When the first real resistance was met, the ensuing disaster is worth citing in full:
Much has been written of late about “Creating Cyber Warriors” within the Navy’s Officer Corps. In fact, three prominent and well-respected members of the Navy’s Information Dominance Corps published a very well articulated article by that very title in the October 2012 edition of Proceedings. It is evident that the days of feeling compelled to advocate for such expertise within our wardroom are behind us. We have gotten passed the WHY and are in the throes of debating the WHAT and HOW. In essence, we know WHY we need cyber expertise and we know WHAT cyber expertise we need. What we don’t seem to have agreement on is WHO should deliver such expertise and HOW do we get there.
As a proud member of both the Cryptologic Community and the Information Dominance Corps, I feel confident stating the responsibility for cultivating such expertise lies squarely on our own shoulders. The Information Dominance Corps, and more specifically the Cryptologic and Information Professional Communities, have a shared responsibility to “Deliver Geeks to the Fleet.” That’s right, I said “Geeks” and not “Cyber Warriors.” We don’t need, and despite the language many are using, the Navy doesn’t truly want “Cyber Warriors.” We need and want “Cyber Geeks.” Rather than lobby for Unrestricted Line status, which seems to be the center of gravity for some, we should focus entirely on delivering operational expertise regardless of our officer community designation.
For far too long, many people in the Restricted Line Communities have looked at the Unrestricted Line Communities as the cool kids in school. Some consider them the “in-crowd” and want to sit at their lunch table. Some think wearing another community’s warfare device validates us as naval officers and is the path to acceptance, opportunity, and truly fitting in. We feel an obligation to speak their language, understand the inner workings of their culture, and act more and more like them. Some have grown so weary of being different or considered weird that many would say we’ve lost our identity. Though establishment of the Information Dominance Corps has revitalized our identity, created a unity of effort amongst us in the information mission areas, and further established information as a legitimate warfare area, many continue to advocate that we are lesser because of our Restricted Line status. We seem to think we want and need to be Unrestricted Line Officers ourselves. Why? Sure, we would like to have direct accessions so that we can deliberately grow and select the specialized expertise necessary to deliver cyber effects to the Fleet. Yes, we would like a seat at the power table monopolized by Unrestricted Line Officers. And yes, we would appreciate the opportunity to have more of our own enjoy the levels of influence VADM Mike Rogers currently does as Commander, Fleet Cyber Command and Commander, U.S. TENTH Fleet.
But there is another path; a path that celebrates, strengthens, and capitalizes on our uniqueness.
In the private sector, companies are continually racing to the middle so they can appeal to the masses. It’s a race to the bottom that comes from a focus on cutting costs as a means of gaining market share. There are, however, some obvious exceptions, my favorite of which is Apple. Steve Jobs was not overly interested in addressing customers’ perceived desires. Instead, he anticipated the needs of the marketplace, showed the world what was possible before anyone else even dreamt it, and grew a demand signal that did not previously exist. He was not interested in appealing to the masses and he surely wasn’t focused on the acceptance of others in his industry. He was focused on creating unique value (i.e. meaningful entrepreneurship over hollow innovation), putting “a dent in the universe,” and delivering a product about which he was personally proud. We know how this approach evolved. The market moved toward Apple; the music, movie, phone, and computing industries were forever changed; and the technological bar was raised with each product delivered under his leadership. Rather than lobby for a seat at the table where other leaders were sitting, he sat alone and watched others pick up their trays to sit with him. Even those who chose not to sit with him were looking over at his table with envy, doing their best to incrementally build on the revolutionary advances only he was able to realize.
Rather than seek legitimacy by advocating to be part of Team Unrestricted Line, we ought to focus on delivering so much value that we are considered a vital part of each and every team because of our uniqueness. I am reminded of a book by Seth Godin titled “We Are All Weird.” In it he refers to “masses” as the undifferentiated, “normal” as the defining characteristics of the masses, and “weird” as those who have chosen not to blindly conform to the way things have always been done. For the sake of argument, let’s consider the Unrestricted Line Officers as the masses, those considering themselves “warfighters” as the normal, and the Information Dominance Corps as the weird. I say the last with a sense of hope. I hope that we care enough to maintain our weirdness and that we don’t give in to the peer pressure that could drive us to lobby for a seat at what others perceive to be “The Cool Table.” By choosing to be weird and committing more than ever to embrace our geekiness, the table perceived to be cool will be the one at which the four Information Dominance Communities currently sit. It won’t happen by accident, but it will happen, provided we want it to happen. Not because we want to be perceived as “cool,” but because we are so good at what we do, and we deliver so much unique value to the Navy and Nation, that no warfighting team is considered complete without its own personal “Cyber Geek.”
I sincerely respect the opinions voiced in the article to which I referred earlier in this post. However, I think we are better than we give ourselves credit for. Let’s not conform, let’s create. Let’s not generalize, let’s specialize. Let’s not be normal, let’s be weird. Let’s choose to be Geeks.
CDR Sean Heritage is an Information Warfare Officer who is currently transitioning from Command of NIOC Pensacola to Staff Officer at U.S. Cyber Command. He regularly posts to his leadership-focused blog, Connecting the Dots.
In his opening remarks at West2011, VADM Richard W. Hunt brought a topic that’s needs a lot more attention. His comments aren’t directly related to Stuxnet, but when you back away a bit, the connection is clear.
When he was outlining the challenges we are facing – one warning stuck out the most for me, let me paraphrase.
… How will we operate if we lose access to GPS and our satellite systems? If we lose use of our computer systems, we lose our ability to operate today. Space & comm systems include very vulnerable nodes including systems ashore. We should revisit how we are protecting all our C4I beyond cyber…
Let’s take that thought and expand it a bit.
A lot of the discussion about Stuxnet worm and its impact on the Iranian nuclear program has been about the cloak & dagger whodunit and how much, how far, and how long lasting of a delay it caused. Frankly, none of these things interest me as much as what this exceptionally impressive cyber attack is trying to tell us.
No one can see the future, but often times the future gives you little hints of the direction it is going if you are willing to listen. Like Mark Twain said;
History doesn’t repeat itself, but it does rhyme.
Some times people hear what history is saying, sometimes they don’t.
- CSS Hunley, more than earlier prototypes, showed the promise of the submarine to threaten a superior surface force.
- The Second Anglo-Boer War showed the importance of new technology towards the lethality of long-range rifle fire.
- The sinking of the Turkish steamer Intibah during the Russo-Turkish War of 1877-78 showed the coming of the self-propelled torpedo.
- The WWI Tondern Raid gave us the carrier strike template.
- Apartheid South Africa’s experience in roadside bombs and ours in Mogidishu told us all we needed to know about IED, but we didn’t listen.
What is Stuxnet telling us? Step back and ask yourself – what is the most fragile requirement that we need to conduct war at sea? What are we designing our weapon systems, tactics and operational plans around?
It is easy to figure it out, we advertise it – “net.” When we say “net” we are talking about satellite based voice and data communications. Not only is the hardware delicate in the extreme except for very specific, very few systems with little bandwidth – much of it non-mil with the software commercial and accessilble. It relies on a dispersed and unsecured ground infrastructure. It also rides on the electromagnetic spectrum – one that no one owns.
This important foundation stone that we are putting so much on – is it robust? Have we designed the structure properly for anything north of a permissive environment? Are we mitigating risk – or are we taking the savings now and just going on hope? Do we have sufficient back-ups in place? Have we properly managed risk, or have we become complacent towards our own mastery of technology and potential adversaries’ ability?
VADM Hunts comments should given us pause. Listen to him, listen to Stuxnet. Ask the Iranian nuclear scientists what they think, if you can.