It Begins: Military’s Cyberwar Command

[sunny]

Fully Operational

November 4, 2010

Fifteen thousand military computer networks became protected on November 3, 2010. Those ensconced within of the informational phalanx called the event Cyber Command Day. They lived only to face a new challenge — the war against the Machines.

In truth, yesterday wasn’t quite so dramatic. The Department of Defense announced that the military’s new command for protecting its networks against cyberassault had achieved “full operational capability,” meaning the new U.S. Cyber Command, which opened for business in May, is 100 percent ready for duty, just a month behind schedule. Not that “full operational capability” fills in many of the blanks about when it’s acceptable for Cyber Command to attack a foreign network or how deeply it’ll be involved in the civilian internet.

Since Defense Secretary Robert Gates ordered its creation in 2009, there’s been a lot of confusion about just what Cyber Command will do. Its first leader, Army General Keith Alexander — who also commands the network-infiltration and surveillance experts at the National Security Agency — has portrayed it as a reactive organization, helping protect warfighting commands’ networks against cyberattacks and teaching the military good cyber-hygiene. And he’s repeatedly said the command will only get involved in the dot-gov and dot-com side of the internet during emergencies, when civilian government agencies come calling.

Only the boundaries of those emergencies remain undefined. And in practice, Cyber Command will routinely work with the Department of Homeland Security’s protectors of the civilian side of the internet. Last month, the Departments of Defense and Homeland Security inked an agreement to send Cyber Command officers to DHS to receive “requests for cybersecurity support” for “operational planning and mission coordination.”

The new “full operational capability” of the command doesn’t clarify any of that. Largely, it’s a bureaucratic shift: a new Joint Operations Center is now in existence, absorbing officers from two predecessor components of the command. An official statement promised vaguely that the command will “continue to grow the capacity and capability essential to operate and defend our networks effectively.”

Congress may choose to clarify what that means. A possible new leader of the House intelligence committee, Republican Mac Thornberry of Texas, has been a cybersecurity buff for years. In the Senate, Joe Lieberman and Susan Collins introduced a bill this spring that would give the president broad powers to declare a cyber-crisis and take charge of private firms’ networks. For now, the most conspicuous aspect of Cyber Command’s full functionality may be that it hasn’t yet become self-aware and waged a war of termination against humanity.

[sunny]

Terms of Digital Warfare

April 15, 2010

For years, the military has worried about the vulnerability of the United States to cyberattack — and how and when to return fire in digital warfare. Now, the issue is taking center stage, as the Senate considers the nomination of an Army general to head the military’s first four-star Cyber Command.

In a hearing this morning, the Senate Armed Services Committee will review the nomination of Army Lt. Gen. Keith Alexander to be the head of the Pentagon’s new Cyber Command. It’s a chance to get a closer look at the kind of capabilities for waging network warfare the Pentagon thinks it needs. But it’s also likely to raise questions about just how far the military is willing to go in attacking foreign networks.

Last year, Secretary of Defense Robert Gates ordered the creation of U.S. Cyber Command to coordinate all of the military’s online activities. Alexander is in many ways a logical pick. He comes from the world of electronic intelligence: He is director of the National Security Agency (NSA), the super-secretive military and intelligence outfit at Fort Meade, Maryland, that is charged with code-cracking and foreign communications interception. And he will head an organization that, in large part, will be an important line of defense against cyberspying. (He’s a classmate of Gen. David Petraeus, West Point class of ‘74.)

But Alexander will also have to answer questions about how the United States might retaliate if it comes under online attack. Military planners are mindful of incidents like the massive cyberassaults against Georgia in 2008 and Estonia in 2007. In both cases, fingers pointed to Russia, but experts questioned whether the Russian government had a direct hand in events, and pointed instead to the role played by patriotic volunteers (or “cybermilitias”) who orchestrated the online assaults.

In both of those cases, cyberattacks threatened civilian networks and the financial system. It’s unclear if the military could retaliate in kind. In a series of written answers to questions from senators (.pdf), Alexander said, “It is difficult for me to conceive of an instance where it would be appropriate to attack a bank or a financial institution, unless perhaps it was being used solely to support enemy military operations.”

And the scope of responsibility for the new commander is also quite sweeping (Alexander will also be “dual-hatted,” staying on as head of the NSA). In written answers, Alexander said the organization’s new missions would include “integrating cyberspace operations and synchronizing warfighting effects across the global-security environment; providing support to civil authorities and international partners; directing global-information grid operations and defense; executing full-spectrum military cyberspace operations; serving as the focal point for deconfliction of DOD offensive cyberspace operations; providing improved shared situational awareness of cyberspace operations, including indications and warning.”

In other words, everything but the kitchen sink. We’ll be watching the hearing, and will hope to get more answers on Alexander’s vision for the new command.

Photo: U.S. Department of Defense

[sunny]

We Don’t Wanna Defend the Internet
(We Just Might Have To)

May 28, 2010

OMAHA, Nebraska – Members of the military’s new Cyber Command insist that they’ve got no interest in taking over civilian Internet security – or even in becoming the Pentagon’s primary information protectors. But the push to intertwine military and civilian network defenses is gaining momentum, nevertheless. At a gathering this week of top cybersecurity officials and defense contractors, the Pentagon’s number two floated the idea that the Defense Department might start a protective program for civilian networks, based on a deeply controversial effort to keep hackers out of the government’s pipes.

U.S. Cyber Command (“CYBERCOM“) officially became operational this week, after years of preparation. But observers inside the military and out still aren’t quite sure what the command is supposed to do: protect the Pentagon’s networks, strike enemies with logic bombs, seal up civilian vulnerabilities, or some combination of all three.

To one senior CYBERCOM official, the answer is pretty simple: nothing new. Smaller military units within U.S. Strategic Command coordinated and set policies for the armed forces’ far-flung teams of network operators and defenders. Those coordinators and policy-makers have now been subsumed into CYBERCOM. They’ll still do the same thing as before, only more efficiently. “Doesn’t expand any authorities. It doesn’t have any new missions,” the official told Danger Room. “It really doesn’t add any significant funding… And really, it’s not a significant increase in personnel; we just reorganized the personnel have we had in a smarter and more effective way.”

That may soon change, however. A 356-page classified plan outlining CYBERCOM’s rise is being put into action. A team of about 560 troops, headquartered at Ft. Meade, Maryland, will eventually grow to 1093. Each of the four armed services are assembling their own cyber units out of former communications specialists, system administrators, network defenders, and military hackers. Those units – Marine Forces Cyber Command, the 24th Air Force, the 10th Fleet, and Army Forces Cyber Command – are then supposed to supply some of their troops to CYBERCOM as needed. It’s similar to how the Army and Marines provide Central Command with combat forces to fight the wars in Afghanistan and Iraq. Inside the military, there’s a sense that CYBERCOM may take on a momentum of its own, its missions growing more and more diverse.

Most importantly, perhaps, procedures are now being worked out for CYBERCOM to help the Department of Homeland Security defend government and civilian networks, much like the military contributed to disaster recovery efforts after Hurricane Katrina and the Gulf of Mexico oil spill.

In those incidents, it took days, even weeks for the military to fully swing into action. In the event of an information attack, those timelines could be drastically collapsed. “There’s probably gonna be a very temporal element to it. It’s gonna need to be pretty quick,” the CYBERCOM official said.

Exactly what kind of event might trigger CYBERCOM’s involvement isn’t clear. “From our perspective the threshold is really easy: it’s when we get a request from DHS,” the official noted. “What’s their threshold? I couldn’t tell you what their threshold is.”

The Pentagon might not even wait for an information disaster to move in. The National Security Agency is developing threat-monitoring systems for government networks dubbed Einstein 2 and Einstein 3. Deputy Secretary of Defense William Lynn believes those programs ought to extended to cover key private networks, as well.

“We are already using our technical capabilities… to protect government networks,” Lynn announced at the Strategic Command Cyber Symposium here. “We need to think imaginatively about how this technology can also help secure a space on the Internet for critical government and commercial applications.”

Einstein 2 is supposed to inspect data for threat signatures as it enters federal networks. Einstein 3 goes even further — alerting DHS and the NSA before the attacks hit. “You’re starting to anticipate intrusions, anticipate threat signatures, and try and preventing things from getting to the firewalls rather than just stopping at the firewalls,” Lynn told Danger Room after his Cyber Symposium speech. (Full disclosure: I ran a panel at the event, and the military paid my travel costs.)

Given the NSA’s history of domestic surveillance, civil liberties groups fear that the Einstein programs could become a new way to snoop on average Americans’ communications. Lynn said not to worry: “Individual users who do not want to enroll could stay in the ‘wild, wild west’ of the unprotected internet.”

“I think it’s gonna have to be voluntary,” he added. “People could opt into protection – or choose to stay out. Individual users may well choose to stay out. But in terms of protecting the nation’s security, it’s not the individual users [that matter most]. I mean, they have to worry about their individual [data], their credit rating, and all that. But it’s the vulnerability of certain critical infrastructure – power, transportation, finance. This starts to give you an angle at doing that.”

Privacy rights organizations and military insiders also wonder whether CYBERCOM is just another way to extend the NSA’s reach. After all, both organizations are headquartered at Ft. Meade. And both are headed by Gen. Keith Alexander.

The CYBERCOM official swears that won’t happen. “It’s not NSA taking over military cyber,” he said. “And it’s not military cyber taking over NSA.”

[Photo: USAF]

[sunny]

“No Role” in Civilian Networks

September 23, 2010

If your business gets hacked, don’t bother calling the U.S. military’s new Cyber Command. Sure, the unit has some of the government’s top geeks — and is oh-so-conveniently co-located with the network infiltration experts at the National Security Agency. But Cyber Command is too busy trying to shore up the Pentagon’s digital defenses. Plus, they’re not even sure helping your company out would be legal, yet.

“Right now, we do not have a role,” new Cyber Command chief Gen. Keith Alexander tells reporters in a rare on-the-record interview. “Within the United States, I do not believe that’s where Cyber Command should or will operate.”

Changing that, Alexander adds, “is a decision the White House needs to make.”

Of course, it’s often hard to define where one national border begins and another ends on-line. The White House and Congress are both working on legal and policy re-writes which could alter where and how Cyber Command’s forces could wage information combat. Besides, Alexander already has forces that are operating domestically. He’s also the head of the NSA, which today works with American companies to secure their networks.

Debates have raged for years in military and policymaking circles about what a Cyber Command might do: drop logic bombs on adversaries, protect the Pentagon’s networks, seal up civilian vulnerabilities, or some combination of all three. As recently as this spring, Cyber Command officials were floating the idea of helping rescue pwned government and civilian networks, much like the military contributes to disaster recovery efforts like the Gulf of Mexico oil spill.

There’s also been a parallel discussion about how much the military should do to defend utilities, banks, and other so-called “critical infrastructure” that’s in private hands. Deputy Defense Secretary William Lynn recently proposed that the Pentagon establish some sort of hacker-free on-line space for these industries. The companies could opt to join, or they could face the “wild wild west of the unprotected internet.”

Alexander likes the general outlines of Lynn’s proposal. “So you’re going to have what I’ll call a secure zone, a protected zone to have your government and critical infrastructure to work in this part. And then we have the zone over here where my kids and I talk,” he says.

But Alexander notes that his new military unit couldn’t be a part of that operation. “Cyber Command only works inside the DOD [Department of Defense] networks today, and that’s all our authorities allow us to do — defend and operate within our networks,” he says. “We cannot go out.”

Well, except when they can.

Alexander adds that his command “stand[s] ready to execute the full spectrum of cyber operations on command. And stay prepared to defend our nation’s freedom of action in cyberspace.”

“In an area of hostilities, under an execute order, we could be given additional authority,” he continues. And if directed, Cyber Command could “help DHS defend their networks,” as well.

Then there’s the funny paradox that comes from Alexander running two organizations at once. His 1,000-person, $150 million-a-year military unit may be not currently be allowed into civilian U.S. networks, but his hush-hush (and much, much larger) intelligence agency has been operating inside the American telecommunications infrastructure for decades.

Alexander responds by pointing out that the NSA really is a pair of organizations under one roof. “Remember, NSA has two functions,” he says. There are the eavesdroppers in the signals-intelligence directorate. And there’s the information-assurance directorate, the guys who make sure government (and sometimes corporate) networks systems are hacker- and eavesdropper-free. (That’s why a small handful of observers have called for the NSA to be split in two.)

But the lines between the two halves of the NSA — and between Cyber Command and the NSA — aren’t always so bright. Alexander says that his two organizations will draw on one other’s expertise. “We couldn’t afford to replicate an NSA to do what we’re doing. It’d be fiscally irresponsible,” he says. “So, from my perspective, it’s a good deal. Plus, I didn’t have to move out of my office.”

Photo: DOD

[sunny]

NSA, DHS Trade Players for Net Defense

October 13, 2010

The military keeps saying that it only wants to defend its own networks — not yours, civilian. Only if the Department of Homeland Security, which safeguards the civilian internet, comes calling will they help out, the generals insist. Today, the Departments of Homeland Security and Defense started to lay the ground work for how to come calling. And to make the whole thing easier, DHS and the National Security Agency, the super-secret military-intelligence hybrid, will station officials at each other’s headquarters.

Defense Secretary Robert Gates and Homeland Security Secretary Janet Napolitano today released a recently-inked joint accord trying to clarify each department’s roles in the event of a cyber attack. Neither department changed the rules for who protects the dot-com and dot-gov networks (Homeland Security) and who protects the dot-mil domain (Defense). But the document — our Doc of the Day, which you can read below — does establish that the military chocolate is in the civilian peanut butter when it comes to cybersecurity.

Basically, the memo orders a big bureaucratic exchange of personnel. The Department of Homeland Security is going to embed some of its people at the National Security Agency, which already runs telecom surveillance dragnets and works to keep hackers and spies out of government networks. It’ll send over a new Director for Cybersecurity Coordination and a bunch of privacy lawyers and civil-rights officials to ensure that neither NSA nor its military twin, the U.S. Cyber Command, cross any legal boundaries.

But other boundaries are more porous. The new director will send and receive requests for NSA and Cyber Command to collaborate on “joint planning” and “information sharing between the public and private sectors to aid in preventing, detecting, mitigating, and/or recovering from the effects of an attack.” For its part, the NSA will create a “Cryptologic Services Group” inside Homeland Security’s National Cybersecurity and Communications Integration Center.

Then there’s Cyber Command, the new unit responsible for protecting military networks from cyberattack. Its chief, General Keith Alexander, who’s also the NSA’s leader, has said “that’s all our authorities allow us to do — defend and operate within our networks” and that he sees “no role” for Cyber Command in the civilian internet. But Gates and Napolitano see some role. Cyber Command will send personnel to the DHS cyber integration center, where they’ll receive “requests for cybersecurity support” for “operational planning and mission coordination.”

The agreement doesn’t actually specify what each agency will actually do in the event of a cyberattack on civilian networks. But it’s understandable that DHS and the Pentagon would want to get closer. When a hole is found in Windows or Apache or Internet Explorer, both civilian and military machines are compromised. Besides, the Pentagon’s operations rely today on unclassified networks to coordinate supplies, schedule transportation, and share information. In other words, the seemingly bright line between dot-com and dot-mil gets fuzzier and fuzzier the longer you look.

But some privacy advocates aren’t comfortable with the new Gates-Napolitano agreement. Although it says that existing legal authorities won’t change, “the NSA can exert great influence in technical standard-setting that will lead to greater surveillance of network communications,” says Marc Rotenberg, the president of the Electronic Privacy Information Center. EPIC has filed Freedom of Information Act requests for an array of classified cybersecurity documents, including President Bush’s secret directive, known as NSPD-54, clarifying NSA’s cyber-surveillance authority. “We would be a little more confident about the NSA’s role in cybersecurity if they were a little more transparent,” he says.

http://www.scribd.com/doc/39284773/DOD-DHS-Cybersecurity-Memorandum-of-Agreement