In our review of Military Cyber doctrine we find they have a good grasp
of the scope and range of the Threats.
But are lacking in the development of paradigms to handle these
For instance they are aware the WWW is vulnerable and have
taken steps to secure the WWW nodes from major huge DOS
But the possibility of unknown threats still exists.
And the Military could find itself in combat without
access to the WWW.
We have seen the seminal solution to a attack on
the WWW nodes in Stuxnet and feel confident in the ability
of NSA to combat a DOS attack on the nodes, but unknown
A exercise involving shutting down the WWW for a
section of the active combat forces would seem mandated.
The hidden problems would come to light and possible
solutions could be spotted in advance of the event.
Com CB radios and shortwave.
Its not reasonable to assume the WWW will never go down.
Can US forces function without WWW access?
An exercise to see how fast they can set up a world
wide intranet separate from the WWW for the Military
and one for the critical infrastructure?
How fast can they get a shipping transportation
system up to feed the country, if the WWW goes
down, what food supplies would be available?
Another problematic situation is their adherence
to out moded methods of response.
In cyberspace, the time between execution and effect can be milliseconds.
Nonetheless, the observe-orient-decide-act (OODA) loop remains a valid construct for examining the decision cycle in cyberspace. Ongoing operations can be considered those operations that span past the phases of warfare.
While this does not preclude "Rules of Engagement",
the lack of mention raises concerns, they have to have
the legal and power to take the treat off line in milliseconds,
or the damage may be done before they can get approval
to act. A rule of engagement should be if successfully attacked,
take that IP, attacker off line. NOW.
No approval, no review, no waiting for approval,
Another problem is the Flash Crash paradigm,
there needs to be a liaison between the SEC and
NSA before a catastrophic event.
And the Intelligence community needs to
get up todate on the new threat door opened
by the Supreme court.
And the Stuxnet paradigm is very serious.
While it provides an excellent deterrent,
it also invites retaliation on the basis of
anonymity, we are quite sure Iran is
working on a counter strike.
But this threat is maybe 2 years off,
but its coming.
Todate their cyber exercises have been too
modest and minor.
But we are pleased to see the leaps and
bounds they have made confronting the
cyber threats, headon.
Tactical Internet Systems analyst.
Of the 24 recommendations in the President’s May 2009 cyber policy
review report, 2 have been fully implemented, and 22 have been partially implemented. The two fully implemented recommendations involve appointing within the NSC.
Agencies are moving slowly because they have not been assigned roles
and responsibilities with regard to recommendation implementation.
Specifically, although the policy review report calls for the
Cybersecurity Coordinator to assign roles and responsibilities, agency
officials stated they have yet to receive this tasking and attribute this to
the fact that the Cybersecurity Coordinator position was vacant for 7