Monday, June 1, 2009

Cyber Force Cybercom

Over at TaoSecurity, a post was put up that talked about President Obama's "real" speech addressing cyber security. I started reading it and thought "Holy cow! This is awesome!" I got way excited and started writing up my thoughts on the creation of a Cyber Force branch of the military that was mentioned. After I had written down most of my thoughts, I saw a note at the bottom of the post that says
"Note: If you read this far I am sure you know this was not the President's "real speech." This is what I would have liked to have heard."
I decided to write up the rest of my thoughts on the matter. I kept my original excitement in as well :) Now on to my "real" post:

ps- I've run across an article that talks about a new "cyber command" that will be coming into play. Below are links to that article and other similar ones that seem to support this idea:
http://news.yahoo.com/s/afp/20090530/pl_afp/usitobamacomputercybersecuritymilitary
http://www.stripes.com/m/article.asp?section=104&article=63001
http://www.switched.com/2009/05/29/white-house-creating-new-cyber-command-office-for-military/

pps- Well, it's finally happened! I'm a little delayed putting this in here, but here it is. Defense Secretary Robert M. Gates has created a new command called Cybercom that will defend our networks at home and develop offensive weapons. An article at the Washington Post talks about it more.

President Obama gave a speech on cyber security last Friday. TaoSecurity had received a hard copy of the President's prepared remarks sometime before he actually gave his speech. At one point during his speech, he went off of what had been prepared (here's what he actually said). TaoSecurity made a post that talked about the things President Obama didn't say that were in his prepared speech. One of them is this:

"We will instruct the Secretary of Defense to examine the creation of a Cyber Force as an independent military branch. Just as we fight wars on land, at sea, and in the aerospace domains, we should promote warfighters thoroughly steeped in the intricacies of defense and attack in the cyberspace domain. We will also make it clear to our national adversaries that a cyber attack upon our national interests is equivalent to an attack in any other domain, and we will respond with the full range of diplomatic, information, military, and economic power at our disposal."

How cool is this?!?! This is actually something I've been thinking about and hoping for for quite some time. I've often wondered when the government would get around to thinking along the same lines. Creating another branch in the military whose area of expertise is cyber warfare will have a massive influence on our culture and perspective pertaining to computer security. Below is a list of several ways I think the US and the world will be influenced:
  1. Increased Awareness
    War hasn't changed too much over the years. Our troops muster up courage and travel to where the enemy is and show them who's boss. The front-lines of war seem to have remained away from our homes and daily routines. Until recently, that is. Our computer networks and digital infrastructure are increasingly becoming the targets of attacks from enemy nations. Speaking of this at such a high level doesn't quite carry across the potential impact that exists. Consider the following:

    Most people have a bank account. In the days before most banking was done online, it was necessary to physically go to the bank to withdraw/deposit money (who would've thought?) Imagine one day going to your bank, and the bank is gone, vanished. It was there the day before when you drove by, but now it is gone! All that exists where the bank was is a big black hole, or possibly a poster made with butcher paper and paint containing offensive reasons to fight against democracy. You try calling the bank, but you can't get through. You try purchasing a few items with your debit card, but the transaction fails. This is one thing that could happen if only our banks became the focus of attacks from enemy nations. Such an attack would affect each of our personal lives to an intense degree.

    The creation of a Cyber Force as a new military branch will pull cyber security into the lime light. The public should be made aware of why a new military branch is necessary and will come to realize how critical our digital infrastructure is. The public could be made aware through free programs and/or public demonstrations. The public demonstrations could demonstrate on a personal level how much we depend on our digital connections and how much an attack on them would affect us. I believe such demonstrations coupled with additional opportunities to learn would be most effective at informing the most people. This increased awareness will be the main impetus for the other points below.
  2. Digital Infrastructure == Mere Commodity National Asset
    The increased awareness described above will cause people to realize how vital our digital infrastructure is. It will begin to be viewed not only as a commodity and something nice to have around, but as something that is absolutely necessary for our nation to function in its current state. Hopefully, we will begin to not take it for granted and will view it as a national asset that we need to protect. We will become aware that it is one of our nations largest vital organs.
  3. Coding and Network Standards
    Contractors who create or offer products and services to the military usually must meet a much higher standard than the private sector's standards before their product/service will be considered or used. Their products/services will be on the "front-line" and will probably have to hold their own against enemy attacks of some kind. Other assets will depend on the functionality of this product to complete their missions. The failure of one product/service will drastically affect the outcome of the current mission and the integrity of the "team".

    As we become more aware, we will realize that our digital infrastructure is part of our front-line and is not being held to the same standards as our products/services on the traditional front-lines. Hopefully, we will realize that a lapse in security of one product/service will almost certainly affect the integrity of another. I believe that new forms of coding standards will be introduced, along with a way to enforce/regulate the type of code/network/service that is put on our "front-line".
  4. Increased Funding/Opportunities for Research
    With the creation of a new branch of the military, the government will be looking for companies to place bids on projects they need completed, and companies will be looking to meet the new demand for security solutions. More companies will enter this market and each of those companies will need their own security professionals and researchers. I believe this market will grow much larger than it currently is.

    The creation of the Cyber Force could also actually start a new "arms" race. This arms race would occur both inside the U.S. as competition between research groups and companies, and between the U.S and other countries. Research groups at Universities would also receive more funding to further our defensive and offensive technoligies in the field of cyber security. The new Cyber Force branch would need to have its own research teams and divisions as well.
  5. Additional Education/Development Programs
    Similar to how ROTC programs work with other branches of the military, I can easily foresee ROTC (or Cyber Force specific) programs being implemented. High-school and college students would jump into these programs headfirst and would enjoy it tremendously. These programs would have high enrollments, for everyone who likes computers at least secretly wishes they knew more about computer security and what is possible. The development programs would also have a very high retention rate, because of the nature of the subject matter itself. The courses would also have a high retention rate especially because those enrolled in them would most likely not be exposed to physical danger should they continue into the Cyber Force. I know if I were given such a chance to formally be taught about cyber security when I was in high-school with the possibility of being a professional in that field in the military, I would've jumped at the chance. I still would, actually.

    Few universities have majors that have an emphasis on Information Assurance/Computer Security, and even fewer have majors in this field. I believe higher education institutions would experience an increase in the number of students who are interested in computer security. This would spur the universities on to develop full programs centered on computer security, possibly with the creation of new majors and/or graduate degrees.

In my opinion, this is an EXCELLENT idea. I literally can't wait to see what comes out of this. I think it has the potential to be something amazing.

Thanks for reading!

No comments:

Post a Comment