I don’t know how I hadn’t seen this before, but I have to admit that I thought General Hayden gave a really thought provoking speech that touched a lot of important areas. I strongly encourage you to watch the video.
Here are some thoughts I had while I was watching it:
- Cyber is a DOMAIN (eg: Land, Sea, Air, Space – now Cyber)
- Shaping military thinking (Global, Strategic, etc)
- My thought is – how feasible/scalable is this? It’s not kinetic/measurable!
He makes an analogy of how we (IT people) make the IT world like the north German plain (flat). Then we bitch about getting invaded.
- In terms of military strategy how would you deal with this.
- There is no high ground to seek.
- There is no real front or rear.
- From a military standpoint I think your advantage would be visibility, and you would focus on ensuring that you are not flanked or overrun.
- Immediate tasks to execute are:
- Set up extended observation posts to know when the enemy is approaching
- Dig in (trenches, foxholes, etc), focus on communication and the ability to move
- Set up strategic firing positions
- I guess the question is how do you replicate this in the Cyber world – which seems to be his point as well.
The General made a statement that was very powerful (MARTIN C. LIBICKI: CounterDeterrance & CyberWar)
- I think this is the reference from RAND (I could be wrong): Cyberdeterrence and Cyberwar
- I think this is his book: http://www.amazon.com/Cyberdeterrence-Cyberwar-Martin-C-Libicki/dp/0833047345
I would sum all of this up with what I hear from a lot of the military people I work with.
- The problem with selling CyberWar is that it is NOT kinetic.
- Attribution is nearly impossible
In the “Cyber” world I see a lot of the functional equivalent of Explosive Ordinance Disposal (EOD) – analyzing malware and trying to collect Intel on it like an EOD guy examines bombs to learn about the enemy. I think there are just too many rules placed on those guys doing that kind of work. The General references it (in my opinion) by talking about the relationship between CND/CNE/CNA.
- Interesting paradigm:
- CND = DHS money and rules
- CNE = Intel community – title 50 (secret squirrel stuff – people stuck in a SCIF)
- CNA = DoD – title 10 laws of armed conflict
- Chinese Espionage Effort (23 minute point)
- Build/Buy/Steal whatever it is they need to make things equal
- Cyber Domain Difference:
- Intel precedes OPs in the physical world
- OPs preceeds intel in the Cyber world
- This is profoundly important – way to go on articulating this sir.
I don’t know if it is just because the military is so near and dear to my heart, or if I’m just a freak for CyberWar stuff, or what. I thought this was a really good presendation.
To wrap up the subject of CyberWar for this blog post I want to add one other tidbit of info. It’s part of a blog post that I started writing a few weeks ago and of course didn’t finish, but I think it will wrap up this post here fairly well.
It all started a few weeks ago. I was talking to a good friend of mine Marco about CyberWar, and APT. We were talking specifically about ney sayers – people that don’t believe in APT and CyberWar.
I did some Googling and found a pretty interesting debate about whether the CyberWar threat is grossly exagerated or not.
It’s not deeply technical, but it does have some good speakers or debators if you will.
Arguing for the Cyber War Threat being grossly exagerated are Bruce Schneier, and Marc Rotenberg.
Arguing against the Cyber War Threat not being exagerated Mike McConnell, and Jonathan Zitrain.
Bruce Schneier is..well…umm..he’s Bruce. There are no words to describe Bruce.
Marc Rotenberg is an Internet Privacy rights type.
Mike McConnel was a Vice Admiral in the Navy, former Director of the NSA, and Director of National Intelligence (2007 – 2009), and now Executive Vice President at Booz Allen Hamilton.
Jonathon Zitrain is an Internet Law professor at Harvard
I thought the debate was good (for the most part) – there were a few times that I thought Marc Rotenberg was pushing the Internet privacy agenda a bit too much, but overall I thought it was a good debate.
Take a look for yourself and let me know what you think.
Intelligence Squared US: Cyber War Debate