(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for August 12th, 2009


leave a comment »

Gen Chilton

Gen Chilton


General Kevin P Chilton: Commander of STRATCOM was on NPR the other day and I happen to catch only part of it. I went on down to the “Google” and came up with the audio at the site of course. Anyway, Chilton is rather frank in this interview about how we are lacking in many respects when it comes to the issue of “Cyberwar” In one particular question he answers the larger issues as they stand today;

BOWMAN: And increasingly so. This is from a speech you made back in February: In a cyberspace domain, here are some obvious things. We are under attack. We are behind. We are reactive. We are not proactive. How do you become proactive here?

Gen. CHILTON: Well, there’s three things that we’re trying to change in the military – under STRATCOM leadership writ large. In all our services and the way we think about cyberspace, we’re trying to change the culture, the conduct and our capabilities.

Culture, of course, is probably one of the more difficult ones. You can’t just fix that with investment, but we’ve grown up with a culture, and I think it’s probably true in our personal lives, that cyberspace and our computers are just a convenience. They make life easier.

What the switch we have to make in the military is the realization that we’re dependent on cyberspace for military operations on air, land and sea and in space, and we cannot effectively conduct out operations in those areas without the cyberspace domain and our military networks.

So they’re not just a convenience, they’re a necessity, and that means when you have a problem there, the commander in charge of forces ought to be, whether he’s in charge of air, land or sea forces, ought to be very worried about his networks and paying attention to their health, are they defended properly, etcetera.

In the conduct area, we need to do a better job of training people to point out that anybody in the military who’s using a computer plugged into a military network is the same as a gate guard standing in front of a base, protecting the gate. And if they don’t do their job correctly, they can allow someone to intrude on those networks and steal information or interrupt operations.

So training is part of the conduct change, and then we have to hold people accountable. We haven’t done a very good job of that, in my view, for people who don’t follow the rules, because we haven’t seen it as being that big a deal. It is a big deal, and we know it will be in the future.

And then in a capability area, that’s investment in the technologies to make sure our military men and women have the same kind of technologies available that you can invest in to defend and protect your home computer, to include automatic connections to your Internet service provider that can push antivirus software to you as soon as it’s made available electronically, so you don’t have to go, as we often do in the military, machine to machine with a disk and upgrade the defenses on the computer.

So we need those capability and technology investments, as well.

So, there you have it.. We are not prepared and we are really quite dependant on the infrastructure and have plugged it into just about everything. In essence, all our eggs are in one privately held basket that could be attacked and used against us. Never mind that, the intelligence gathering that goes on today as well as theft is staggering because the ideals of security have not been an important thing to us as a nation or economy.

Additionally, he said one thing that really kinda freaked me out. They are still using SNEAKER NET! I am assuming that he is referring to the SCI areas, but, geez..  I guess that this should be a real wake up to those of you who read me and perhaps take what I say with a grain of salt, that I am telling it as it is kids. We are behind in a big way and we need to catch up quickly. Imagine if indeed we as a nation focused on the problem with the same technological knowhow and mandate from the powers that be that the NSA had in placing the NARUS systems into the internet backbone eh? We might have a chance…

Meanwhile, Chilton also makes it more accessible to the masses (with a question from the phone listeners) just how fragmented and likely not too easily fixable the whole cyber security initiative is. Remember all the stove piping being a key finding as to why 9/11 happened unbeknownst to our intelligence agencies? Yes, that same problem is what any “Cyber Tsar” will face once they take the job. A scrabbling for all the marbles or pieces of the pie will ensue and we, the people, will be left holding the digital bag.

Working in the defense industry, I see this every day when it comes to intrusions and issues of reporting intel back and forth. It’s gotten a little bit better of late, but it’s still a real pain in the ass and often, the reports come to us in a mostly useless form… That is unless you have SCI clearance and a “need to know” So really, they are mostly useless to someone actually doing forensics or incident response on systems perhaps infected with a 0-day worm from China.

Finally, Chilton does some talking about nuclear options and EMP attacks. He says that he would not remove any option from the President’s purview. Of course I kinda agree with that assessment, but, nuking a country over a cyber attack for me is a little excessive. However, the real use for all out cyber warfare would be to have them in tandem with physical, conventional attacks on the targets too. So in reality, if we can “attribute” the attacks to a certain country and are attacked physically, sure, the nuke option is a possible one. However, as the general says, attribution is near impossible… So really, it’s not going to happen that way. Certainly though, a combined cyber attack followed by an EMP to finish the job would be one hell of a digital apocalypse.

Imagine one day being sent back to the 19th century style of living. No cell phones, no internet, no TV, no power, no water….

Can you say pandemonium?

Sure there’s shielding, but that is only for the C&C.. What about the rest of the country huh?

So, in the end, we have another report, another bubbling of the idea that a cyber war is possible and we are not up to the challenge…

If you’re not a little freaked… Well, enjoy the apathy. So when I write about all of the issues about securing networks and having policies, this is the sum of what could happen if the country does not take all those little bits of security to heart.


NPR Talk Of The Nation