As The Battleground For Warfare Moves To Cyberspace, DOD Contemplates Altering Recruitment Requirements

from the getting-basic dept

While we've viewed much of the hyped up discussions about cyberwarfare with some trepidation here, we now live in a reality where it would be clearly silly to suggest that the internet and internet-connected devices are not an emerging battleground for rival nations. While much was made these past few years about what mostly amounted to the penetration of private business networks, the discussion about several democratic elections throughout the country and the clear interference in them, potentially by state actors, has pushed the overdrive button on all of this. As you can imagine, groups in charge of defense for the nations of the world have been paying attention, including the US Department of Defense.

But it seems the DoD has a problem: it isn't meeting its recruitment goals for its Cyber Command division.

The US military is having a hard time getting people with essential information technology and information security skill sets as the services struggle to build a force of "cyber-warriors." During a Senate Armed Services Committee hearing today, senators focused in part on how the work force problem is affecting the US Cyber Command's (US CYBERCOM's) ability to deal with the demands of information warfare and threats both to the Defense Department's networks and those of other agencies and industry.

The goal put in place for the DoD was to have CYBERCOM fully operational by 2018. Michael Rogers stated at the hearing that he believed that goal could still be met, but the larger problem of keeping CYBERCOM operational was driven by a lack of bulk in qualified personnel. Senator John McCain noted part of the problem is that CYBERCOM officers slated for duty have routinely been rotated out of that role when deployed on tour. It seems there isn't a full commitment by some branches of the military that are likewise generally hurting for bodies. The partnerships the DoD has forged with organizations like the National Science Foundation, the Office of Personnel Management, and DHS to promote its CyberCorps scholarship program haven't managed to fill the ranks, either.

Mostly, this comes down to recruiting requirements.

But as Rogers noted in his testimony, "We need a broad range of skills, and many of the best candidates won't necessarily have advanced educations but have deep experience in the field." And the problem won't be fixed with the military's current approach to workforce development, Rogers acknowledged. "We can't keep relying on five- to ten-year development cycles in terms of manpower," he said.

That will require a radical departure from the military's usual approach to recruiting—particularly since few people who already have the skills the DOD wants would be drawn to the typical military recruitment cycle. People who are usually drawn to the military would require years of training to meet the services' needs. But Rogers was insistent that, whatever the solution, it wouldn't be a separate "cyber force," because the military needs personnel who had the context of the overall mission. Only people embedded in the military would have that.

Except that this sentiment is belied by some of the proposed changes to recruitment currently be considered by the DoD. The headline-grabber of these proposals is the one that would allow new recruits for CYBERCOM to skip basic training altogether.

One of the possible solutions that the DOD has looked at is bringing people with experience and skills essential to offensive and defensive cyber operations into the service "laterally." That means giving them ranks (and pay grades) commensurate to their skills and entirely bypassing the normal recruitment and advancement process.

Even the Marine Corps, which has long required all marines to go through the same basic rifleman training, is considering changes. The potential changes include allowing people with sought-after skills to enter the Corps directly as noncommissioned officers and skip boot camp.

There is some precedent for this, though that precedent doesn't translate particularly well. The Ars post refers to how the Marines have allowed recruits for the Marine Corps Band to join with this kind of lateral entry, where recruits simply audition for the band as opposed to going through basic training. But that sort of lateral entry is worlds away from having active soldiers in the ranks that are actively engaged in what the DoD claims is a pivotal battlefield as opposed to playing Hail to the Chief in the Rose Garden. The dropping of basic training would need to be coupled with a relaxed education requirement, as many of the most talented individuals in technology can often boast an almost clean slate of educational achievement, while still being the best at what they do.

Regardless, we talk all the time about how technology drives change and innovation. It seems even the military branches are not immune from this.

Filed Under: cybercommand, cybersecurity, defense department, recruitment

Obama Pulls Cybercommand Control From NSA; Changes To Take Effect Whenever

from the in-the-meantime,-leverage-those-synergies! dept

The NSA will have to satisfy itself with being the most powerful intelligence agency in the world. President Obama, rushing through some last-minute presidential business before handing over the title to an aspiring plutocrat, has split up the nation's cyberware command. This siloing prevents Cybercom from being run by the same military officer who oversees the NSA.

“While the dual-hat arrangement was once appropriate in order to enable a fledgling Cybercom to leverage NSA’s advanced capabilities and expertise, Cybercom has since matured” to the point where it needs its own leader, Obama said in a statement accompanying his signing of the 2017 defense authorization bill.

Basically, no one man should have all this power. This scales back the NSA's offensive involvement, leaving it to play defense for the US government -- a limitation it's never been happy with.

The offensive end of the nation's cyberwarfare will now have its own leader, which points towards an increase in offensive efforts, rather than tighter handling of the reins.

Sticking the NSA with defense doesn't make it happy, considering the wealth of offensive weapons it has at its disposal. But having a new singular focus may help it refine its pitch for a cut of some unfiltered domestic data. The NSA would rather be in on the ground floor of the information sharing forced on private companies by the recent passage of cybersecurity legislation. If it can defend the government's most sensitive networks, surely it can be trusted handling the civilian side as well?

Obama's approval of the defense spending bill may be putting different hats on different individuals, but his letter also notes that the more things change, the more things aren't really going to change for the foreseeable future.

“The two organizations should have separate leaders who are able to devote themselves to each organization’s respective mission and responsibilities, but should continue to leverage the shared capabilities and synergies developed under the dual-hat arrangement,” Obama wrote.

So, there will be two different figureheads leading two different Cybercommand wings… but working together in the same building… using the same NSA-developed tools… during a "phased transition" with no clear endpoint.

Filed Under: admiral mike rogers, cybercommand, defense, nsa, offense, president obama, surveillance

NSA's Keith Alexander Doubles Down On His Plan To Spy On Wall Street To 'Protect' Wall Street

from the this-again? dept

Keith Alexander still doesn't seem to realize that the public has seen through his bullshit, because he keeps doubling down. There were numerous reports this week on a speech Alexander gave, in which he talked up his plan to "protect" Wall Street by getting access to the financial industry's networks.

Drawing an analogy to how the military detects an incoming missile with radar and other sensors, Alexander imagined the NSA being able to spot "a cyberpacket that's about to destroy Wall Street." In an ideal world, he said, the agency would be getting real-time information from the banks themselves, as well as from the NSA's traditional channels of intelligence, and have the power to take action before a cyberattack caused major damage.

The thing is, this isn't new. Back in July, the Washington Post's excellent profile of Keith "collect it all" Alexander pointed out that he'd been pushing this exact solution for quite some time, though execs from Wall Street found the idea to be ridiculous, since they fully understood what it meant:

His proposed solution: Private companies should give the government access to their networks so it could screen out the harmful software. The NSA chief was offering to serve as an all-knowing virus-protection service, but at the cost, industry officials felt, of an unprecedented intrusion into the financial institutions’ databases.

The group of financial industry officials, sitting around a table at the Office of the Director of National Intelligence, were stunned, immediately grasping the privacy implications of what Alexander was politely but urgently suggesting. As a group, they demurred.

“He’s an impressive person,” the participant said, recalling the group’s collective reaction to Alexander. “You feel very comfortable with him. He instills a high degree of trust.”

But he was proposing something they thought was high-risk.

“Folks in the room looked at each other like, ‘Wow. That’s kind of wild.’ ”

In other words, even well before all the details of Alexander's overreach as NSA director came out, Wall Street execs had no interest in giving him such access to their networks.

But this is the same basic pitch that Alexander has been making for years. The biggest joke in the intelligence community is the fact that Alexander technically has two jobs: he's both the head of the NSA -- in charge of collecting information for surveillance -- and the head of US Cyber Command, which runs the military's "cyber" initiatives. Alexander loves to use the cover of his Cybercommand position to pretend that his focus is on protecting data and networks.

You may recall that, the NSA's talking points on the breaking ground for the massive Utah datacenter were entirely focused on how the center would be used to protect the internet -- leaving out how it would actually be used to spy on the network. Members of Congress have raised concerns for a while about the conflict of interest between Alexander's two roles. The fact that he uses the Cybercommand role to pretend his focus is on cybersecurity, while in actuality he's been destroying cybersecurity by undermining standards, creating backdoors and encouraging vulnerabilities is a huge problem.

But, perhaps even more stunning, is his inability to recognize that people aren't believing what he says any more, such that he'd start pushing this ridiculous desire to get access to Wall Street's networks yet again, years after it was rejected -- but also after the evidence of his efforts to trample the 4th Amendment have become clear.

Filed Under: cybercommand, cybersecurity, keith alexander, nsa, nsa surveillance, surveillance, wall street