Last month, the Pell Center for International Relations and Public Policy at Salve Regina University, Newport, RI, released the results of a study that raised the eyebrows of senior individuals in the U.S. military and government. The study, entitled, “One Leader at a Time: The Failure to Educate Future Leaders for an Age of Persistent Cyber Threat,” says it all.
The national security implications of attacks in the cyber domain demand this be addressed immediately. You would think that since government officials have called cyber security “one of the most serious economic and national security challenges we face” that we would not be facing a leadership shortage. However, the problem does not stop there.
A respected individual from the U.S. intelligence community stated “there are about 1,000 security people in the U.S. who have the specialized security skills to operate effectively in cyber space. We need 10,000 to 30,000.”
In March 2013 the Wall Street Journal ran a blog headlined “demand-for-cyber-security-jobs-is-soaring” that reported the demand for cyber security professionals continues to grow at a rate 12 times that of the general job market.
The shortage in leaders and skilled cyber security practitioners is placing our nation at risk. Here is an idea, why don’t we launch a re-skilling program for all the veterans returning from Iraq and Afghanistan and give them the cyber skills necessary for these roles. They already have background skills and military/intelligence experience that would be very valuable. Some are already cleared, and they understand the military and the hardware that the military uses so they are not starting from scratch.
This is not a new idea; it has been talked about. But talk is cheap. It is time for action. With every passing day that this issue is not addressed the risks to our businesses, critical infrastructure and national security increases.
Posted on May 17, 2013 at 2:46 PM1 comments
Few people would dispute the complexities that are all so common in the cyber domain of conflict. Arguably, one of the most complex areas deals with the laws of conflict and international law.
A number of events, some as recent as two weeks ago, have once again demanded revisiting the comments made by U.S. government representatives as to how conflict in the cyber domain fits into the legal framework of war.
It is not uncommon to reference comments recently made by government officials surrounding the rule of law as it is being applied to cyber conflict. For some unknown reasons, these comments did not receive a significant amount of notice, far short from that which they call for.
In a recent cyber war game, the laws of cyber conflict once again came up. The question was, “Does international law apply to cyber space?” One document that I commonly reference (http://www.state.gov/s/l/releases/remarks/197924.htm) came out of the 2012 USCYBERCOM Inter-Agency Legal Conference, and it specifically answers that question, yes. The author, Harold Hongju Koh, legal advisor to the U.S. Department of State, went on to say at the conference that this view is not universally accepted in the international community.
The United Nations has a web page that is helpful in respect to international law (http://www.un.org/en/law/index.shtml), but after reviewing their site I was unable to find the UN’s view of cyber conflict in the context of international law. It is impractical to operate solo in this domain. It is dangerous to operate without universal acceptance of the application of international law to the cyber domain by the majority if not all of the 231 countries/territories connected to the Internet.
Posted on May 10, 2013 at 2:46 PM0 comments
The term power projection has been around for decades. U.S. Department of Defense has defined power projection as the ability of a nation to apply all or some of its elements of national power. Elements of national power include political, economic, informational, or military force.
You don’t have to go very far to see these elements in use right now. Current headlines are chocked full of examples of how nation’s leverage these elements as a mechanism of influence, and the current activity has intensified the research and development of cyber weapons.
Now try to apply power projection in cyber space. The definition doesn’t fit too well. I started out calling this cyber soft power projection, and that evolved as cyber weapon capabilities increased and the cyber threat domain changed. Consider this aspect of the problem: virtual-states have the same opportunity to use cyber to inform, influence or force decisions and demonstrate the virtual-state’s power.
The differences don’t stop there. Consider the fact that oftentimes cyber attacks are not really visible to the public. If anything, all they know is something didn’t work. When a cyber attack takes down an element of critical infrastructure (like online banking) it is much more public, but easily explained away as a “technical glitch.” If you think about it, explaining away a cyber attack as a technical glitch among all the real technical glitches that the online world experiences would not be that difficult.
Now consider all the technical glitches that we have experienced or heard about in the past year. How many of those were actually cyber attacks? We may never know. With all the recent talk of cyber war and all the cyber attacks that are said to have taken place, one has to wonder how much we don’t know? All indications are the answer is...a lot.
Follow Kevin Coleman on Twitter @KGColeman.
Posted on May 03, 2013 at 12:55 PM0 comments
Ever considered what special operations in the cyber domain might look like? This is boots on the ground cyber operations.
Special operations stories have been captured by Hollywood and usually result in big audience draws, though Hollywood might have a harder time with the limited actions commonly equated with cyber attacks.
The topic of special cyber operations came up in a recent military training lecture I recently gave. This is not the first time the concept for special cyber operations has come up. When many hear the term they envision a lone-wolf hacker in front of a computer coding away. In reality that could not be further from the truth.
Special cyber ops can have all the action, danger and intrigue of conventional operations we attribute to a Seal-team raid. All it takes is to understand the threat domain, a fundamental understanding of the exploitation of computer and communications technology.
This thinking has made it to the frontal lobes of military planners, and we even include two special cyber ops scenarios in the cyber war-gaming that we use in our training. The mental models of special cyber ops missions include “boots on the ground,” a term that was used in one discussion on this topic.
I hinted at this three years ago (http://defensesystems.com/articles/2010/04/06/digital-conflict-cross-functional-teams.aspx) when I blogged about cross-functional teams and the need for collaboration. A year later on my cyber intelligence blog (http://gov.aol.com/2011/11/07/cyber-intelligence-american-s-innovation-and-creativity-under-c/).
I talked about the need for innovation and creativity in the development of our strategies and tactics for offensive, defensive and intelligence activities in cyber space. This is what provides the element of surprise when targeting an adversary.
The concept of special cyber ops is rapidly evolving, as are most of the concepts, strategies and weapons used in the cyber domain. Perhaps in the not so distant future, details about one of the highly sensitive special cyber ops missions will leak out like most things are doing these days. You can be sure that Hollywood will quickly follow.
Posted on Apr 25, 2013 at 12:55 PM0 comments