Internet Anthropologist Think Tank: US cyber command big strides

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Wednesday, October 13, 2010

    US cyber command big strides

    In our review of Military Cyber doctrine we find they have a good grasp
    of the scope and range of the Threats.



    But are lacking in the development of paradigms to handle these 
    threats. 

    For instance they are aware the WWW is vulnerable and have
    taken steps to secure the WWW nodes from major huge DOS
    attacks.

    But the possibility of unknown threats still exists.
    And the Military could find itself in combat without
    access to the WWW. 
    We have seen the seminal solution to a attack on 
    the WWW nodes in Stuxnet and feel confident in the ability
    of NSA to combat a DOS attack on the nodes, but unknown
    threats lurk.

    A exercise involving  shutting down the WWW for a
    section of the active combat forces would seem mandated.
    The hidden problems would come to light and possible 
    solutions could be spotted in advance of the event.
    Com CB radios and shortwave.



    Its not reasonable to assume the WWW will never go down.
    Can US forces function without WWW access?
    An exercise to see how fast they can set up a world
    wide intranet separate from the WWW for the Military
    and one for the critical infrastructure?
    How fast can they get a shipping transportation
    system up to feed the country, if the WWW goes
    down, what food supplies would be available?

    Another problematic situation is their adherence
    to out moded methods of response.
    "observe-orient-decide-act"
    In cyberspace, the time between execution and effect can be milliseconds.
    Nonetheless, the observe-orient-decide-act (OODA) loop remains a valid construct for examining the decision cycle in cyberspace. Ongoing operations can be considered those operations that span past the phases of warfare.

    While this does not preclude "Rules of Engagement",
    the lack of mention raises concerns, they have to have 
    the legal and power to take the treat off line in milliseconds,
    or the damage may be done before they can get approval
    to act. A rule of engagement should be if successfully attacked, 
    take that IP, attacker off line. NOW.
    No approval, no review, no waiting for approval,

    Another problem is the Flash Crash paradigm,
    there needs to be a liaison between the SEC and 
    NSA before a catastrophic event. 

    And the Intelligence community needs to 
    get up todate on the new threat door opened
    by the Supreme court.
    And the Stuxnet paradigm is very serious.
    While it provides an excellent deterrent,
    it also invites retaliation on the basis of
    anonymity, we are quite sure Iran is
    working on a counter strike.
    But this threat is maybe 2 years off,
    but its coming.



    Todate their cyber exercises have been too
    modest and minor.
    But we are pleased to see the leaps and 
    bounds they have made confronting the 
    cyber threats, headon.









    Gerald
    Internet Anthropologist
    Tactical Internet Systems analyst.


    Update: GAO


    Of the 24 recommendations in the President’s May 2009 cyber policy
    review report, 2 have been fully implemented, and 22 have been partially implemented. The two fully implemented recommendations involve appointing within the NSC.



    Agencies are moving slowly because they have not been assigned roles
    and responsibilities with regard to recommendation implementation.
    Specifically, although the policy review report calls for the
    Cybersecurity Coordinator to assign roles and responsibilities, agency
    officials stated they have yet to receive this tasking and attribute this to
    the fact that the Cybersecurity Coordinator position was vacant for 7
    months.

    SOURCE:
    http://www.gao.gov/new.items/d1124.pdf

    .

    0 Comments:

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home