Military Appoints General To Direct Cyber Warfare 132
An anonymous reader writes news from The Guardian, excerpting: "The US military has appointed its first senior general to direct cyber warfare – despite fears that the move marks another stage in the militarisation of cyberspace. The newly promoted four-star general, Keith Alexander, takes charge of the Pentagon's ambitious and controversial new Cyber Command, designed to conduct virtual combat across the world's computer networks. He was appointed on Friday afternoon in a low-key ceremony at Fort Meade, in Maryland."
Qualifications (Score:3, Interesting)
Here's hoping the guy actually knows something about cyber security, and isn't simply the management figure for actual security experts, or he could easily f*ck this up hard.
Re:Qualifications (Score:5, Informative)
The guy's got a Wikipedia article [wikipedia.org] if you want to know more. Short version is, he's director of the NSA and it looks like he's spent most of his career in intelligence. He does have Master's degrees in physics and electronic warfare, and well, from his picture he looks like a slightly older version of the typical Slashdotter. ;) So he's probably about the best choice available in the senior ranks; hopefully he's smart enough to listen to the junior personnel under his command who are more likely to know what's actually going on in the hacking world.
Re:Qualifications (Score:5, Interesting)
You said,
He does have Master's degrees in physics and electronic warfare, and well, from his picture he looks like a slightly older version of the typical Slashdotter. ;)
I sure hope this "Cyber Warfare" General knows something about computers, because consultants, and especially computer consultants are very high priced (around half a million dollars a year over-priced [slashdot.org]).
Richard Feynman seems to portray the definitive experience such a consultant can have with the military:
Re:Qualifications (Score:4, Insightful)
I sure hope this "Cyber Warfare" General knows something about computers, because consultants, and especially computer consultants are very high priced.
I don't imagine, even if the good General "knows something about computers" that he's going to be spending time running around and making sure everyone's printer working fine.
I sure how he knows how to organize an outfit.
Re: (Score:1, Informative)
I don't imagine, even if the good General "knows something about computers" that he's going to be spending time running around and making sure everyone's printer working fine.
I sure how he knows how to organize an outfit.
It's obvious that I'm going to have to explain something. I NEVER said ANYTHING about a general doing front line tech support. That is such an ignorant and Trollish statement that I never bothered to comment on it until you got modded plus 5!
Re: (Score:2)
Re: (Score:2)
I do think that organizing skills are important too - and probably the most important. But if you don't know anything about your business, you're not fit to make business decisions. I can't imagine how you could prioritize anything if you don't know anything about the subject. I'm very glad our CEO came from within company (after spending some time leading another smaller business in the same market.
Re: (Score:2)
Let's see if Santa Claus has any advice. He says "ho ho ho". I like the stories where he gives me presents for being a good boy.
Re:Qualifications (Score:4, Insightful)
Yes, he's qualified! Now - typical government (not just military) "US air force disclosed that some 30,000 of its troops had been re-assigned from technical support "to the frontlines of cyber warfare"" and ".. Pentagon has been more explicit, stating on Friday that Cyber Command will "direct the operations and defence of specified Department of Defense information networks [involving some 90,000 military personnel] and .."". Wow - maybe double the manpower, then the baby will be born in half the time!
Anyhow, assuming that General Alexander get's enough authority, doubtful!, network security, etc could / might get better. The question is not just "Cyber Warfare", that's a nice sounding term but doesn't really mean much. Often military research has benefitted everyone - we can only hope that it's same in this case!
Re: (Score:2)
""US air force disclosed that some 30,000 of its troops had been re-assigned from technical support "to the frontlines of cyber warfare"
Many USAF "computer" weenies are essentially paper-pushers who also do very basic tech support. Career field consolidation and all that.,,
Waving a magic wand (the same thing as referring to every troop as a "warrior", as if doing your fucking job was somehow unworthy!) and changing a job description is mostly a gesture.
No insult intended to the folks who do tech support. Th
Re: (Score:1)
Re: (Score:3, Interesting)
Just curious... ...where does one obtain a Masters degree in Electronic Warfare? Can it be obtained with, say, a BS in Computer Science as a foundation?
Re:Qualifications (Score:5, Informative)
Re:Qualifications (Score:5, Funny)
You get one when you beat the high score on Global Thermonuclear War. Would you like to play a nice game of chess?
Re: (Score:2)
Re: (Score:1)
Re: (Score:3, Informative)
Just curious... ...where does one obtain a Masters degree in Electronic Warfare?
He obtained his from the Naval Postgraduate School [nps.edu]
Re: (Score:3, Funny)
Just curious... ...where does one obtain a Masters degree in Electronic Warfare?
I think if you convince the army you have a masters in electronic warfare, that's a masters in electronic warfare.
Re: (Score:2)
I do not think that Electronic Warfare [wikipedia.org] means what you think it means:
Electronic warfare (EW) refers to any action involving the use of the electromagnetic spectrum or directed energy to control the spectrum, attack an enemy, or impede enemy assaults via the spectrum. The purpose of electronic warfare is to deny the opponent the advantage of, and ensure friendly unimpeded access to, the EM spectrum.
In other words, radar jamming, at its simplest. It's the analog version of the digital Cyber Warfare that he's now heading up.
Why appoint him? Probably because nobody has specifically trained for cyber war, at least not in the military. Think of the early days of computer programming: you went for the people with math and physics degrees (Alan Turing, anyone?), because there were few people with Computer Science degrees, since it was b
Re: (Score:1)
Re:Qualifications (Score:5, Funny)
Am I the only one who read **** general as a regular expression?
Re: (Score:3, Funny)
What from his picture makes him look like a slashdotter? His hair is trimmed, his face is shaven and his smile seems to suggest he's been laid within 25 years.
Re:Qualifications (Score:4, Interesting)
Why should he? It's not like we expect generals to fight in the trenches and shoot the enemy, why should a gerneral be expected to work exploits and hack code? Isn't a general's job by definition managing others who are experts in the field?
A serious question, can someone provide examples in industry of good leaders who were so because they knew the details, or who were bad because they didn't?
Re: (Score:2)
This might be an odd or even newb question: What gaggle of troops will this general lead? How much personnel do you actually need assuming you have USA's defense budget backing you up?
Re:Qualifications (Score:5, Insightful)
At that level you are assigned high level goals (like making sure Google doesn' t get hacked by the Chinese.)
Your job is to put good level middle level managers in place to hit a chunk of those individual goals.
The job of those managers is to put good low level managers in place to manage the implementation of the details of one of those goals singly.
The job of the low level managers is to hire you and I to actually do the work, to keep us motivated to deliver that single goal.
The job of you and I : actually care about the details and get it done.
Actual domain knowledge about the minutiae doesn't hurt, but it doesn't really help either.
That said, I think they'd be a lot better off with Thresh - he has a proven record of just pwning on the cyberwarrior field.
Re:Qualifications (Score:5, Interesting)
I don't know that this could get f*cked up. It's operating out of Fort Meade, so it's basically operating in NSA territory. It's mandate is already being filled by the NSA, assuming that the CyberCommand cannot operate on US territory. (That should be assured, as the fellow is a general. But it no longer is; probably never was.)
What I don't get is - how is this not the NSA?
Re: (Score:2)
The guy has been the Director of the NSA for half a decade and now he is running this new program - and you are asking how this is not the NSA? ... ummm ... yea.
It's too early for me to be snarky, but
How is this not NSA (Score:5, Interesting)
The NSA is an intelligence agency, I assume this means their primary purpose is to collect information. They might hack into a computer, but that would be to the purpose of obtaining information. The military is supposed to conduct offensive operations. Things like breaking into computers running dams or the electric grid to disable them. Psychological warfare by breaking into Web sites and changing what they show. Spreading disinformation into enemy communication channels.
Basically, this is probably about doing low level nasty things when the situation doesn't call for an all out shooting war, and making sure an enemy can't trust his networked computer systems in case of an all out war. I'm pretty sure the US isn't the only one doing this.
Re: (Score:2)
Basically, this is probably about doing low level nasty things when the situation doesn't call for an all out shooting war, and making sure an enemy can't trust his networked computer systems in case of an all out war. I'm pretty sure the US isn't the only one doing this.
And, equally or more importantly, defending the US from attack. How exactly they might do so is another matter, but the defense and disruption is equally important as the offensive capabilities.
As such, I can almost guarantee that they will be operating on US soil, similarly to how infantry divisions would be expected to should there be a physical invasion of US soil.
To the GP, Fort Meade is more than just the NSA headquarters. It's a significant portion, but not the entirity of operations. Parent is r
Re: (Score:2)
And, equally or more importantly, defending the US from attack. How exactly they might do so is another matter, but the defense and disruption is equally important as the offensive capabilities.
True, but I doubt they'll be able to add anything to the defensive capabilities. The targets aren't owned by the federal government for the most part. Because attacks can happen very quickly, it is necessary to protect the targets before they happen. Hacking is more like a terrorist attack than an invasion by a large
Re: (Score:2)
True, but I doubt they'll be able to add anything to the defensive capabilities.
Perhaps not, or maybe just not yet. In any case, it's certainly one of the primary goals, even if it ends up impossible.
That said, I expect this will end up more of a system-wide defence (similar to a beach head or AA-batteries), rather than trying to reinforce individual corporations.
Re: (Score:1)
Re: (Score:3, Funny)
TFA doesn't seem to have any information on how General Alexander might be qualified for this position
He's very experienced and diligent in issuing "A/S/L?" queries.
Re: (Score:1)
Re: (Score:1)
Interesting jump there. To date, the military hasn't instituted anything regarding what the citizens can and can't do unless they were in the military or going in their bases. But that's nothing new, it's been going on in America since before the country was even a country.
Hmm, (Score:1, Troll)
Whoa, boy. You'd better be skeered. Most of the comm squad monkeys I knew never even touched computers before tech school.
Re: (Score:2)
Damn. I'm out of mod points.
Quite right:
"Finally, if your AFSC doesn't begin with "2A", you are a weenie. Bonus points for 2A0XX, 2A3XX, and 2A5XX."
Re:meep (Score:5, Funny)
But, the real question is, could you tell it was a hack or if it just rolled over?
"militarisation of cyberspace"? (Score:5, Insightful)
I guess someone has never heard of DARPA.
http://www.darpa.mil/ [darpa.mil]
Re: (Score:3, Funny)
Re:"militarisation of cyberspace"? (Score:5, Insightful)
Re: (Score:2)
To be fair, publicly appointing a general in charge of it IS a milestone, even though other nations have almost certainly made similar appointments. Similarly, the Trinity explosion was still a large milestone in the nuclear age, even though we had been researching and developing such a weapon (in secret) for years.
Remember you are .mil and to .mil you shall return (Score:5, Insightful)
Re: (Score:3, Insightful)
The Internet is a network of networks of computers. It's not a military playground, and just because DARPA were involved in the creation of it doesn't make it American property.
Anything of critical importance such as military kit, medical kit, power, gas, and water infrastructure should not be on the Internet at all.
Re: (Score:1)
I agree wit
Re: (Score:2)
Anything of critical importance such as military kit, medical kit, power, gas, and water infrastructure should not be on the Internet at all.
You're right. It shouldn't. It should use its own infrastructure, not connected to the Internet or the telephony network. Except for two problems:
1. Any custom network is going to be smaller and have less redundancies. There might be a failsafe to revert to a VPN, in case the dedicated network is down. Which it might be, in the case of war, due to either electronic war
Re: (Score:1)
Re: (Score:2)
Dear Slashdot question: (Score:2)
Internet 2 is not the full answer (Score:4, Interesting)
Yes, the military can (and probably does already) have their own network. However, damage will be done to our country via the regular internet. Imagine if, one day, all the bank accounts in the country went to millions of dollars or to zero? The military is, hopefully, going to take care of those kinds of scenarios. We need a central command to handle such attacks.
Re: (Score:1)
Yes, the military can (and probably does already) have their own network. However, damage will be done to our country via the regular internet. Imagine if, one day, all the bank accounts in the country went to millions of dollars or to zero? The military is, hopefully, going to take care of those kinds of scenarios. We need a central command to handle such attacks.
Take care of that how? By random napalm attacks against anyone who looks a bit shifty? What country will you attack when an independent group screws with a bank?
A security guy at the bank should take care of their security, if he fails the guy that wrote and tested the backup tapes should take care of it. There is no need for warmongering.
Re: (Score:3, Insightful)
Take care of that how? By random napalm attacks against anyone who looks a bit shifty? ... There is no need for warmongering.
You have a very limited understanding of what the US military does if you think it exists soley for wars.
Re: (Score:2)
Re: (Score:1)
U.S. Constitution - Article 1 Section 8
The Congress shall have Power...
To raise and support Armies, but no Appropriation of Money to that Use shall be for a longer Term than two Years;
To provide and maintain a Navy;
Does not specify 'only in times of war.'
Retaliation in international law (Score:2)
What country will you attack when an independent group screws with a bank?
Under international law, the country which allowed the independent group to operate out of its territory. If the country isn't capable of policing its own territory, we have the right to defend ourselves by policing it ourselves. Otherwise, it would be too easy for governments to shrug and say "we didn't do it, it's not our fault that those terrorists happen to have stolen military supplies from our base, and recruited people who used
Re: (Score:2)
Take care of that how? By random napalm attacks against anyone who looks a bit shifty?
Yep, that's what they did to help Haiti after the earthquake, napalmed any ground that "looked a bit shifty". Hasn't been a major Earthquake in Haiti since. Mission Accomplished.
If you pay attention to the world around every now and then you'll notice the military can be and is used for a variety of purposes beyond killing people
Re: (Score:2)
Take care of it through their own security efforts including going to rogue servers and unplugging the damn things.
And is that bank in charge of security when another nation's troops invade? No, of course not. The same should be said for cyber-security. Frankly, the cyber-security levels of our nation are pretty low. Laws need to catch up, and the government needs to help make it happen. I look forward to the day when all LAN connections are automatically encrypted end to end, not relying on some crapp
Re: (Score:1)
Re: (Score:1)
It is far more complicated than a simple who is allowed and who isn't.
Looking simply at network structure, there is much data that cannot be accessed out of what we call a "closed network" system. Furthermore the Military, correct me anyone if I am wrong, uses a security clearance levels for access to both hardware and internal network resources. "Cyberattacks", as they may be referred to, come in the form of systems that may have been compromised from the inside, or perhaps a denial of service attacks
Re: (Score:1)
We had to use the STU-III [wikipedia.org] secure modem to receive the sekrit stuff over the wire.
Re: (Score:2)
And that's all because a very small subset of information was actually classified SECRET. CAMS shouldn't have anything classified on it (and in fact, in SandLand we did CAMS via satalite Intranet). But certain parts and passages of your T.O. did. Along those lines, your DCS had removable drives that were marked SECRET because, via the STU-III, it contained (roughly) the same secrets in your T.O.s. And your DCS never touched a network that didn't come in via that STU-III (although I was able to get ours
They have that (Score:5, Informative)
It's called SIPRNet. There are others too, JWICS, NSANet, and so on. They are internets (small i) in every way. However, they don't interact with the public Internet (big I). It is how they keep classified data separate. It seems to work quite well. At the very least there's never been a break in to them that has been revealed.
However, that doesn't mean there's nothing of importance on the Internet. It's not all just geeks chattering and LOLcat pictures. For example ATMs operate on the Internet these days. Heavily encrypted to be sure, but still. Companies make use of it for important business reasons. There are probably control systems for infrastructure on the net, and so on.
So, the government has an interest in making sure it work well. That would include being able to deal with a cyber attack. After all, protecting classified data does little good if the the infrastructure of the US is taken out. The government itself is only useful in so much as it can govern and protect the country.
Reasons like this are why things like AES exist. When the NSA was started, it was just a signals intelligence agency. Intercept communications, break codes, etc. While that's still a massive part of what they do, they were also instructed to work on securing the nation's computers. That was what lead to things like DES and AES. The government wanted businesses to have good crypto. Seems like they are serious too, AES has been analyzed for years, and remains extremely strong.
Same kind of shit here. They want to figure out how to protect important things on the regular Internet from attack. They are also probalby interested in counter attack capability. After all, other countries rely on the Internet too. Could be very useful in warfare.
Good defense starts with having lots and lots of contingency plans.
Re: (Score:2)
It's called SIPRNet. There are others too, JWICS, NSANet, and so on. They are internets (small i) in every way. However, they don't interact with the public Internet (big I). It is how they keep classified data separate. It seems to work quite well. At the very least there's never been a break in to them that has been revealed.
Yup [wikipedia.org].
However, that doesn't mean there's nothing of importance on the Internet. It's not all just geeks chattering and LOLcat pictures. For example ATMs operate on the Internet these days. Heavily encrypted to be sure, but still. Companies make use of it for important business reasons. There are probably control systems for infrastructure on the net, and so on.
So, the government has an interest in making sure it work well. That would include being able to deal with a cyber attack. After all, protecting classified data does little good if the the infrastructure of the US is taken out. The government itself is only useful in so much as it can govern and protect the country.
Agreed. Have people forgotten how important naval blockades on commerce (much of it in the private sector) have been in nearly every naval war? Or how important disruption of supply, information, and production lines is? How crippled would our economy (or that of any other industrialized nation) be if there were a disruption to their automated supply systems? Whether it's a man or machine, a business or an individual ordering parts, they're almost certainly doing so via the internet. To need to go
Re: (Score:2)
http://en.wikipedia.org/wiki/SIPRNET [wikipedia.org]
More Important Than Alexander's Qualifications (Score:5, Insightful)
Right now, it doesn't matter. He apparently knows how to use people who know more than he does. To me he proved that when he took out the honeytrap site (stupid move, but whatever).
From TFA:
This is the key point. Unfortunately the Federal government is SUPPOSED to move slow. The unfortunate part of that is something like cyberwarfare will always outstrip even the ability of a state government (with the assumption being that state government is meant to move quicker to respond directly to the needs of it's people) to make policy governing its use.
Soooooo....*shrugs*
I'm kind of torn on this. Let the government grind slowly away at policy like it should, or enable them to make snap, on-the-fly decisions with far-reaching ramifications. No matter what you choose, it's the wrong answer.
Actually not the problem. (Score:4, Insightful)
I've been reading "cyberwar" by Richard Clark. He didn't have anything bad to say about the guy in the story, except that he was the only person willing to take a (pretty much identical) position, that Clark had himself vacated. According to the book the US is actually very very good at cyber attack. But he also says that businesses, he specifically calls out Microsoft, have lobbied extensively, not just to have the government look the other way from their bugs, and keep using their software, but to not regulate security for private business. DHS protects .gov, this cyber thingy protects .mil. No one protects .com and .org. None of the companies want to have security regulations placed on them (including power grid, and financial systems), and neither the previous administration or this one wants to force them. I'm generally against regulation and consider it a bad thing (tm), (its like my department noting they are going to hire more managers, again), but he does make a compelling case. The guys (apparently a very small group) he spoke with at blackhat apparently were persuaded as well, though they (and he) are worried about what sort of oversight is needed, to prevent privacy and worse abuses. Its all well and good to force ISPs to disconnect people detected to be part of botnets until they get their machine cleaned, but false positives that correlate strangely with unpopular opinions on the websites is a truly frightening idea. On the other side, who can argue that FDIC insured banks don't have an obligation to keep the insured money safe per the guidelines of the insurer?
Re: (Score:2)
I consider myself fairly intelligent but I'm trying to figure out what you are trying to say.
At one point you are saying this guy is the one for the job.
But then you seem to be saying there shouldn't be that job.
And then you go off on some (seemingly, though not necessarily) unrelated tangent.
My concern is about government guidelines regarding cyber-warfare, not our ability to wage it effectively, to protect our privacy and liberties. Only your last three or four sentences really directly pertain to what I
Re: (Score:2)
Yeah, you can put that book down. Clark doesn't know what he's talking about. He has fanciful ideas such as a souped-up virus scanner can protect a network.
Re: (Score:2)
Too true (and it would be enacted, not inacted)
I hope he goes after the chinese (Score:3, Funny)
All that goldfarming has to stop.
Re: (Score:2)
All that goldfarming has to stop.
Without a currency realignment, [nytimes.com] Chinese-farmed gold will still be able to out-compete American-farmed gold.
Cyber General Mao (Score:1, Funny)
The Chinese are sending zerglings! Mass up some marines and counter-attack!
This can't be right. (Score:3, Funny)
Should his last name be Connor?
I am the very model of a modern Cyber General (Score:5, Funny)
I am the very model of a modern Cyber General
I've information secretive and knowledge technological
I know my way around the tubes and quote the cryptological
From Adi, Bruce and Len to Ron in order alphabetical!
Re: (Score:1, Offtopic)
Re: (Score:3, Informative)
You mean the Major-General's song [wikipedia.org] from pirates of penzance.
I am the very model of a modern Major-General,
I've information vegetable, animal, and mineral,
I know the kings of England, and I quote the fights historical
From Marathon to Waterloo, in order categorical
Re: (Score:2)
Considering the "possibly recognizable tune" to which "The Elements" is sung, yes. Yes, I do mean The Major General's song from The Pirates of Penzance.
I also accept the failure of my joke.
Re: (Score:2, Insightful)
Owww. You have a four-digit Slashdot id, but you don't even know your Gilbert and Sullivan?
Please turn in your geek card.
Re: (Score:2)
I had to strip someone of their geek cred the other day (they had never seen the Original Trilogy nor knew what it was when I referenced it (and you lose points if you don't get that without more help)).
Re: (Score:2)
I had to strip someone of their geek cred the other day (they had never seen the Original Trilogy nor knew what it was when I referenced it (and you lose points if you don't get that without more help)).
What, you mean The Oresteia [wikipedia.org]?
Re: (Score:2)
Alright, I should have been more specific. I meant Star Wars (Ep. IV-VI)
Re: (Score:3, Informative)
http://www.youtube.com/watch?v=iSloW2coCDQ [youtube.com]
Re: (Score:3, Informative)
There is a wonderful device called the Google that helps people cover up embarrassing gaps in their knowledge of pop culture.
http://gooogle.com/search?q=i+am+the+very+model+of [gooogle.com]
U.S. Not Good At Cyber War, Would Lose (Score:1)
A story a couple of months back about US Cyber War said they were no good at it and would lose. I'm hoping my brain implant is from aliens instead of the States or that's probably not true. It's very sophisticated
Look for these things around 2015 or so if this is a field-test. If it's aliens, I think we're gonna have 2012
Re: (Score:1)
Re: (Score:2)
That's nothing when you consider who developed the technology in the first place, it has been militarized from the very start!
Re: (Score:2)
That's nothing when you consider who developed the technology in the first place, it has been militarized from the very start!
It's not a military project any more. There is no reason to go backwards.
I'm getting a picture... (Score:1)
Re: (Score:2)
Yes, your assessment is quite correct. It is well known that one can judge the measure of a man simply by looking him. Thank you for validating that cornerstone of human behavior.
Re: (Score:1)
I have to say its obvious the mil. hasn't a chance (Score:2)
...against spammers.
On the other hand, maybe the military's of the world will get busy enough with the battles in cyberspace that they do less damage in the real world.
I'm sure virtual PTSD is easier to deal with.
What could happen in cyberspace that can't be solved by turning off the machines?
In cyberspace... (Score:2)
PTSD suffers from you!
Wait, let me try again...
PTSD in cyberspace involves pasty skin and no social life beyond Facebook.
cyber warfare (Score:1)
Been there, done that... (Score:1)
The OP mentioned "the militarisation of cyberspace". Gee, didn't cyberspace BEGIN in the military?
Military, sheesh (Score:1)
Don't they understand there are industrial-strength nerds running all these Internet backbones? Just have a phone conference and start shutting stuff off. Ports, messages with certain content. Particular computers that are sending that content. They're probably way ahead of the military already.
For those about to HACK... (Score:1)
Matthew 7:5 (Score:3, Informative)
"Hypocrite! First get rid of the log in your own eye; then you will see well enough to deal with the speck in your friend's eye."
The good old US of A is the leading spam generating country by May 24, 2010: http://www.spamhaus.org/statistics/countries.lasso [spamhaus.org] . It's got on the first place spam-wise in the world.
As far as I know the US army cannot act on the territory of the United States. But the spam is destroying our businesses. Colleagues have to spend a lot of time to deal with spam. Even filters do not help anymore.
It it the police, not army, who has to deal with cyber criminals. And also there is a role for Interpol and ITU.
The construction of .... (Score:1)
controversial new Cyber Command
Skynet sound familiar to anyone?
One of his first jobs should be... (Score:1)
... to evaluate what threats there are to Amerca's infrastructure via the Internet, and what is involved to counteract that.
A lot of that may involve encouraging other parties to "pull finger", as some of the necessary policies and law changes would be outside his scope.
In World War II the RAF was responsible to defend Great Britain from German Bombers, but civilians had to play their part by complying with blackout regulations. Also many other facets of government had to be involved.
So to with Cyber Secur