Login

Cyberwarfare: Air Force to the rescue?

A View From the Edge

The 24th Air Force division is responsible for conducting U.S. defense cyber operations.

Lt. Gen. Michael Basla, vice commander of the Air Force Space Command, said, “We can’t defend the whole network just like we can’t defend all the air domain. Instead we defend the portion we need to operate in. We’ve done it already to assure [support for] Predator [in Afghanistan and Iraq] and space launch operations.”

But he’s worried about the multiple networks and systems employed by the military, even separate ones within the Air Force. He then went on to explain the need to integrate all U.S.-based cyberdefense.

“We must reduce complexity and improve processes by … homogenizing these networks.”

Now, if that doesn’t ring alarm bells, nothing should. During the crisis of 9/11, the police, FBI and firefighters could not even talk to each other, let alone the FBI, CIA, NSA, Mil. Intel, etc., etc. As Yogi Berra would say, “It’s déjà vu all over again.”

Meantime, American defense is not only military. There is a large company called Lockheed Martin that has a 24/7 manned cyberdefense operation staffed by some 400 employees tracking and monitoring Internet and cyber traffic. If you can, imagine the NASA mission control center, double it and add a couple of hundred monitors, workstations and dedicated nerds fighting off attacks every single day.

Lockheed Martin sells time on their system to corporations, banks, U.S. government agencies. They are, after all, a defense contractor. They monitor 145,000 computers daily and 700 million emails a month, of which only 300 million make it past filters and need to be analyzed before employees can open them.

Their system relies on intelligence analysis, according to Lt. Gen (Ret.) Charles Croom their VP for security solutions: “You see a pattern and begin to predict attacks.”

He says you have to understand both attackers and employees in order to predict what they will do next. And there are seven steps3 to the cyber kill chain: “reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives.”

If you catch them early on, you can neutralize them, everything from the kid who’s trying to make a name by breaking into a major business’ computer database to the professional cybergangs wanting to steal to the enemy intent on destroying you.

How sure are the experts at Lockheed Martin of their ability to thwart all attacks in the future? Not very, as they admit they are spending 20 percent of all revenue on research and development modeled after Silicon Valley think tank methods.

What they really need to do is build automation, not human eyes glued to a screen hoping to spot an attack before it is too late. And the people they need to rely on for development are all, shall we say, mavericks.

At the NextGen Center Lockheed shares such R&D with Cisco, Intel, Juniper Networks and Symantec. And the nerds thinking and planning are allowed iPads, iPhones and their precious Macs, definitely not mainframe access.

Meanwhile Congress is bogged down, thinking we’re still in the 20th century, refusing to allow such cyberdefense operations to counterattack in pre-emptive ways to prevent an attack before it is too late.

Think about Croom’s seven steps: If you can stop an intruder at reconnaissance before he advances to weaponization, you are more likely to stop an attack. If you see someone snooping around your house, inside your yard, call the cops.

With cyberwarfare, calling the cops (who cannot talk to each other anyway) would be too late. Perhaps it is better to shoot to kill (at least electronically).

Peter Riva, formerly of Amenia Union, lives in New Mexico.

Resource

www.military-information-technology.com/mit-home/288-mit-2010-volume-14-...