Michael Kaiser's weblog

Last week, I found a PowerPoint presentation given by Dr. Lani Kass, director of the AF Cyber Task Force in the Pentagon in September 2006, just after the creation of AFCYBER was announced. Unfortunately, I lost the location of the file and inexplicably was unable to find it again after some searching through my history.

Before delving into the details of the presentation itself, the focus of this blog entry, let me say a few words about Dr. Kass and my experiences with her while I was working for the Assistant Chief of Staff of the AF, General Art Lichte. Dr. Kass is a former Israeli military officer with a thick German-Israeli accent, flaming red hair (dyed) and a personality to compliment it. She is a font of typical Air Force clichés, which permeate the presentation enough that I believe that she herself had a large part in writing it. That being said, in my time working with her, even tangentially, I found her to be extremely intelligent and capable, which further indicates to me that this presentation, to whomever it was delivered, is meant as much as a political statement as a policy one.

Back to the presentation itself. It is a great example of how the US’ cyber forces should NOT be organized. It defines cyberspace significantly vaguely as to assign responsibility to AFCYBER such missions as 1) strategic cyber warfare (like what I will focus on in my paper) 2) tactical jamming 3) tactical jamming including jamming the signals used for IEDs in Iraq and Afghanistan.

I agree with number 1. The US needs a main POC in charge of offensive and active defensive – Cyberspace command, being the only organization “authorized to conduct offensive cyberwar”, seems to be a good fit. I disagree with the application of “fly fight win” to cyberspace – I would like Dr. Kass to tell me exactly how one is to “fly” in cyberspace, as it is not a physical environment, nor does it have air through which to fly. At the same time, other Air Force mantra seem to apply, for example “global strike” and having an understanding of cyberspace “dominance”, which is applicable to air and space dominance. Cyberspace dominance does certainly have an effect on the battlefield, and without achieving it before land or even air operations puts US servicemen at risk.

Numbers 2 and 3 though, are, simply put, ridiculous. First off, tactical jamming should not be relegated to a command that can probably not even have members in theater, much in an area that is close enough to the battlefield itself that they themselves would not be susceptible to jamming. Mobile communications units at the company or lower level is the only way to accomplish this, other than from an air or sea borne platform. Yes, there should be some kind of organization responsible for determining plans, policies and doctrine for these kinds of activities, but such an organization cannot be an Air Force one if you expect there to be any benefits outside the Air Force. Such is the nature of inter-service rivalry.

Point #3 though, gosh. This is simply a political statement designed to get the Air Force involved in Iraq. Since major combat operations, the AF has had a pretty small role in Iraq and Afghanistan. But AF cyber command is not going to solve that problem. This is what my paper is all about – only by correctly prioritizing cyberpower and avoiding overlap between strategic cyber and tactical silliness can this problem really be solved.

Posted by Michael at 03:19 PM | Permalink | Comments (0) | TrackBacks (0)

Wanted: Independently wealthy, top tier computer science graduate with hacking experience. Must be able to receive a high-level security clearance (no bitTorrent, folks), be comfortable interacting with military personnel, sign a long-term commitment and work long hours for little pay.

For the last few weeks, I have been discussing institutions and strategies of cyberpower, while largely ignoring the personnel involved. In doing more research for my paper, I have found a few articles that mention this other, very very serious issue. In order to have any kind of serious cyberpower capabilities, you need some top level hackers working for the government. Top level, highly trained, highly motivated computer guys. Unfortunately, these same guys are going to want to work for the private sector, where they will be able to make multiples more money, work less hours (most likely) and not have their lives (which might include some nefarious activities on the Internet) monitored by the clearance process. This is a problem.

After reading an article in Foreign Affairs called “Virtual Defense”, I did a little more research on this problem and came up with some interesting results.

First I took a look at Monster and Yahoo! Hotjobs. I searched for jobs in the defense/intelligence sector (much as I had been doing prior to working at my current job). Now though, rather than hundreds of Pashto/Dari speakers wanted, 30-40% of the jobs seemed to be for systems integrators and computer programmers, many of them for aerospace companies.

I also found an article in Career World Magazine that explicitly mentioned the problem and how the government is now offering a variety of scholarships for computer guys to get their M.A.s in return for a 3-5 commitment ot government service. In a few years, I’ll be interested to see if those requirements drop, as they have been for language training-government internship-type jobs.

I’m not sure how this fits into my overall paper topic, but it is definitely worth mentioning.

Posted by Michael at 03:49 PM | Permalink | Comments (0) | TrackBacks (0)

In late 2006, Secretary of the Air Force Michael Wynne announced the creation of Air force Cyberspace Command (AFCYBER) to be stood up in the summer of 2007. There were a number of articles on the announcement. Here’s a quote from one on Federal Computer Week’s website:

The Air Force announced plans this month to create a Cyber Command to bring full-scale military operations to cyberspace, although no one knows if the tactics and policies that the Defense Department uses to wage war will be effective on the cyber battlefield. Air Force officials said the new command will coordinate offensive and defensive network and electronic warfare and raise the importance of cyberspace as a warfighting terrain. Its military objective would be to dominate the electromagnetic spectrum and defend the country’s critical infrastructure and assets.
The director of the Air Force’s Cyber Task Force said the United States can work to defeat terrorists by disrupting their radio-controlled improvised explosive devices, the satellite communications they use for planning attacks and the Web sites they create for training and recruiting.

There are a few important points in this quote. The first is that the Air Force views cyberspace as a strategic medium on par with Air and Space. In claiming this, the AF is implying that the strategies and operational thought that apply to one, apply to both. This, of course, is a political statement designed by Mike Wynne and General Moseley (CSAF) to claim more military space for the Air Force, part of the long term tradition of doing so. The treatment of cyberspace is similar to that of outer space, which, for a long while, the Air Force claimed was part of a continuous “aerospace” medium between the surface of the earth and the farthest reaches of the cosmos. Since cyberspace exists in this area, it must be an Air Force AOR as well.
In doing more research on AFCYBER, I have found that my earlier suspicions about its offensive nature have been confirmed. At the tactical level, AFCYBER theoretically has some responsibilities for defending against “battlefield” cyber operations like jamming. But this is largely chimerical, as most Army units above the company level have signals officers designated to do this, Navy ships certainly do and the Air Force handles this on each plane individually . So what does that leave? Offensive cyberspace operations.
In an article in Government Executive from June 2007, the author explains some of these capabilities:

The Army acknowledged in the announcement that it already has waged cyberattacks on enemy networks and communications platforms, but provided no details. But it wants to “leverage innovative technologies” to improve its cyberattacks “and prevent enemy forces from detecting and countering efforts directed against them,” according to the announcement. “Technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use.”

and, later in the article

The offensive cyberattack capabilities that the Army and Air Force want to develop match what Marine Gen. James Cartwright, commander of the Strategic Command, called for during a hearing of the House Armed Services Committee in March. He told the panel that if “we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests.”

More to come next week, as I just today found a PowerPoint presentation by Dr. Lani Kass on Air Force Cyber Command and the limits of cyberspace.

Posted by Michael at 01:23 PM | Permalink | Comments (0) | TrackBacks (0)

I was watching Live Free or Die Hard, the newest Die Hard movie, the other night. In it, an unnamed, unexplained group of French speaking Americans (apparently) engage in a cyberattack on Washington DC and the infrastructure of the North East. The details aren’t important, but there are a few items that are. First, cyberpower and cybersecurity like what I have been talking about over the course of this semester’s blog posts has made its way into popular culture. Second, it made me think of Estonia.

In the days following April 27, 2007 hackers loosely tied to Russian nationalists waged a wide scale attack on Estonian web services and financial networks, overwhelming almost the entire bandwidth of the country. There are a number of articles that describe exactly what happened, but what I am more interested in, aside from the most basic details, is the issues that were raised as a result of the attacks.
From an article on BBC, which had the most complete coverage of the attacks (far more than any American news source that I could find):

“A couple weeks ago when the whole thing started we had some problems in our online services and then our mail server was absolutely inundated with spam e-mails as well,” Estonian journalist Aet Suvari told the BBC. “In the past few weeks it has been quite difficult for some government officials to read their e-mails on the web, to get access to the banks.”
The defense ministry says that the cyber attacks come from all over the world, but some have been hosted by Russian state servers.

There are a number of issues raised by the attacks, some of which I want to explore in my paper. In a article from August in Wired called “Hackers Take Down the Most Wired Country in Europe” , the author does a nice job pulling out some of them. For the sake of brevity, I will bullet them below.

Is a cyberattack an act of war? At the beginning of the Wired article , it briefly outlines the thought process of the Estonian Defense Minister in the early hours of the attacks. Considering the legal ramifications of the attack, the Defense Minister, Jaak Aaviksoo, almost invoked Article 5 of the NATO treaty, the collective security portion of the treaty. This would have declared Estonia in a state of war and obligated the other NATO countries to come to Estonia’s defense.

Tracing the source of an attack is critical both in stopping and/or countering the attack, and in determining its possible political ramifications. Related to the previous point, the authorities involved in the defense of Estonia’s networks had to determine where the attack was coming from (as it turns out, the botnets were largely in Egypt, Peru and Southeast Asia). In doing so, they linked some of the bots to computers in Russia. But since far many more were in other countries, including the US, there was no real way of determining the real source of the attack, only the avenues through which it was conducted. This is a serious problem for national authorities in a time of crisis, and is, to some extent, the equivalent of a cargo container nuke blowing up in port with no way of determining where it came from.

International and public/private sector cooperation is key to fending off a cyber attack and possibly countering it. The Estonian authorities ended up having to cooperate with dozens of foreign ISPs to shut down the IPs. They could only do so through some folks at NetNod, one of the 13 root DNS servers. The fact that some of the top cyber experts in that organization just so happened to be in or near Estonia at the time was extremely lucky for them. In the event of an attack on the US, there would need to be some kind of preparedness plan in place so that this kind of luck isn’t relied on.

Posted by Michael at 12:31 PM | Permalink | Comments (0) | TrackBacks (0)

Earlier this year, the Air Force made a move to take over responsibility for military operations in cyberspace, in a bold move in the typical game of inter-service rivalry. In a press release , General Mike Moseley, AFCC, announced the creation of Air Force Cyber Command.

He declared that the mission of this new organization was:

[to] provide combat ready forces trained and equipped to conduct sustained offensive and defensive operations through the electromagnetic spectrum and fully integrate these with air and space operations,” The organization will also “leverage, consolidate and integrate” Air Force-unique cyber capabilities.

There were a few other very interested quotes that are relevant to my paper near the end of this press release:

“Your primary mission is warfighting,” Moseley stated. “You will provide options and capabilities scalable from ‘cyber strike packages’ to full-scale global effects.” The command is also expected to identify “intelligence
requirements sufficient to direct and counter adversaries across the electromagnetic spectrum.”

Okay, but then…

Asked if the Cyber Command… will be authorized to shut down intruders that threaten U.S. government or business interests, the general replied, “Can’t do it. It’s illegal. We live in a democracy.” Keys described the conundrum as an urgent issue facing the civilian leadership, noting the military’s job is simply to provide the tools for detection and defense.

“If [hackers are] not in the United States, you can’t touch them,” he said. “And if they’re in the United States, the FBI’s going to have to get involved. It is a tremendous question of: Is this a clear and present danger?”

From a technical perspective, putting policy issues aside, the means do exist to temporarily shut down hackers, Keys said. “Could you do it?” he asked. “Well, yeah, you could do it. Would they spring back up? Yeah, almost assuredly.”

So, according to General Keys, the military’s role is to provide some tools for defense. Yet CC Moseley is calling for strike packages with global effects? Following the typical Air force mindset, there is no emphasis on the defense and all the emphasis on offensive “global strike”.

So, it would appear the that purpose, then, of AF Cyber Command is offensive cyberpower operations. Presumably, in wartime Air Force and other military cyberpower resources could be used in a defensive mode, say against the common “Chinese” attacks on the Pentagon networks, by and large it would appear that the purpose of this organization is an offensive one. Given what appears to be the roles and missions of DHS and the FBI (the latter to be explored in a later post) this seems to be a good idea from a national strategy perspective.

Posted by Michael at 03:05 PM | Permalink | Comments (0) | TrackBacks (0)