Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

US Cyber Command Reveals Plans To Hit Back At Cyber Threats

Posted by ScuttleMonkey on Fri Apr 04, 2008 01:34 PM
from the shoot-first-ask-questions-later dept.
Security The Military
CNet News.com is reporting that the Air Force's Cyber Command has just as much interest in offense as defense. "Air Force Cyber Command (AFCYBER), a US military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the US Eighth Air Force. Lieutenant general Robert J. Elder Jr., who commands the Eighth Air Force's Barksdale base, told ZDNet.co.uk at the Cyber Warfare Conference 2008 that Air Force is interested in developing its capabilities to attack enemy forces as well as defend critical national infrastructure. "
+ -
story

Related Stories

[+] Air Force Seeking Geeks For 'Cyber Command' 524 comments
An anonymous reader writes "Wired reports that the two-star general in charge of the US Air Force's new Cyber Command is looking for hacker-types to beef up its cadre of cyber warriors — no heavy lifting required. 'We have to change the way we think about warriors of the future,' General William Lord says. 'So if they can't run three miles with a pack on their backs but they can shut down SCADA system, we need to have a culture where they fit in.' The Cyber Command is the Air Force's first new Major Command since the early 1990s. Its purpose is to be able to win an electronic war with China and other potential adversaries."
[+] Interviews: Ask the Air Force Cyber Command General About War in Cyberspace 315 comments
We ran an article about the new Air Force Cyber Command and its recruiting efforts on February 13, 2008. Now Major General William Lord, who is in charge of this effort, has agreed to answer Slashdot users' questions. If you're thinking about joining up -- or just curious -- this is a golden opportunity to learn how our military is changing its command structure and recruiting efforts to deal with "cyberspace as a warfighting domain." Usual Slashdot interview rules apply.
[+] Interviews: Air Force Cyber Command General Answers Slashdot Questions 543 comments
Here are the answers to your questions for Major General William T. Lord, who runs the just-getting-off-the ground Air Force Cyber Command. Before you ask: yes, his answers were checked by both PR and security people. Also, please note that this interview is a "first," in that Generals don't typically take questions from random people on forums like Slashdot, and that it is being watched all the way up the chain of command into the Pentagon. Many big-wigs will read what you post here -- and a lot of them are interested in what you say and may even use your suggestions to help set future recruiting and operational policies. A special "thank you" goes to Maj. Gen. Lord for participating in this experiment, along with kudos to the (necessarily anonymous) people who helped us arrange this interview.
[+] Technology: US Cyber Command Wants Greater Attack Mentality 257 comments
superglaze writes "Lieutenant General Robert J Elder, Jr, a senior figure in US Air Force Cyber Command (AFCYBER), has told ZDNet UK that communication issues are hampering the division's co-ordination. 'IT people set up traditional IT networks with the idea of making them secure to operate and defend,' said Elder. 'The traditional security approach is to put up barriers, like firewalls — it's a defense thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage.'"
Feed: U.S. reveals plans to hit back at cyberthreats by cnetfeed (1081895)
[+] Technology: Air Force Suspends Cyber Command Program 166 comments
AFCyber writes "The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. Top Air Force officials put a halt to all activities related to the establishment of the Cyber Command, a provisional unit that is currently part of the 8th Air Force at Barksdale Air Force Base in Louisiana, sources told Nextgov. An internal Air Force e-mail obtained by Nextgov said, 'Transfers of manpower and resources, including activation and re-assignment of units, shall be halted.' Establishment of the Cyber Command will be delayed until new senior Air Force leaders, including Chief of Staff Norton Schwartz, sworn in today, have time to make a final decision on the scope and mission of the command."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

US Cyber Command Reveals Plans To Hit Back At Cyber Threats 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • dupe first, ask questions later dept (Score:5, Insightful)

    by zappepcs (820751) on Friday April 04 2008, @01:35PM (#22966286) Journal
    It still means bad things are about to happen when the defense team is studying offense tactics

    • Re:dupe first, ask questions later dept (Score:4, Insightful)

      by TubeSteak (669689) on Friday April 04 2008, @01:40PM (#22966344) Journal

      It still means bad things are about to happen when the defense team is studying offense tactics
      If your defensive plan doesn't include any offensive measures, you're doing it wrong.

      To put it in simple terms, if someone is abusing your network bandwidth, you don't just throttle them down, you go tell them to knock it off (or something equivalent). That's an "offensive measure" and it's common sense, isn't it?
      • Actually, that's also a defensive measure. An offensive measure would be more like block traffic to certain sites ahead of time.

        • Re: (Score:3, Insightful)

          by gnick (1211984)

          An offensive measure would be more like block traffic to certain sites ahead of time.
          Blocking traffic is still a defensive strategy. There's a difference between proactive defense and offense.
        • No, an offensive measure would be more like destroying the person's computer, thus taking away his ability to attack you.

          • No, an offensive measure would be more like destroying the person's computer, thus taking away his ability to attack you.
            Well ... the Air Force should be quite good at doing that sort of thing.

      • Re:dupe first, ask questions later dept (Score:4, Informative)

        by zappepcs (820751) on Friday April 04 2008, @01:43PM (#22966386) Journal
        for some good responses to this article the first time around, try http://it.slashdot.org/comments.pl?sid=508970&cid=22942214 [slashdot.org]
      • If your defensive plan doesn't include any offensive measures, you're doing it wrong.

        Let's put that idea into a different context. As the state and local police forces around our country take continue to take a more offensive stance do you feel safer [stopthedrugwar.org]? How about the way music labels protect their interests, is that better when it is offensive? I don't think so. I think that the only time an offensive posture look like a good defense is when you are on the side being more aggressive. To everyone not being d
        • The problem you're describing is one of the fundamental reasons to keep law enforcement and military operations separate. In law enforcement (whether criminal or civil) defense is the only reasonable option -- cops can't go around arresting people for the hell of it, and private individuals can't sue people for the hell of it, or the whole system becomes hopelessly overloaded and corrupt. In military operations, on the other hand, attack must be as much a part of the plan as defense; neither works by itse

  • I can see the press release now. (Score:5, Funny)

    by baudilus (665036) on Friday April 04 2008, @01:38PM (#22966324)
    Robert M. Gates, Secretary of Defense.

    "...and they tried to hit us with a DDoS, so we totally pwned those script kiddies. It wasn't hard, they were teh suk..."

  • Defense. (Score:5, Insightful)

    by headkase (533448) <pickett.bill@gmail.com> on Friday April 04 2008, @01:43PM (#22966392)
    Having hackers for offence is all and good but when it comes to defense they need to train the programmers of the "critical infrastructure" in security techniques. And also perform regular penetration testing on the infrastructure correcting any problems they find as they go. So basically the hackers would not only be hacking other nations but they would continually have to try to hack their own as well to defend it.

    • Re: (Score:2, Informative)

      by sgt.greywar (1039430) *
      They do this. They're called CERTS and one of the many functions that the CERTs perform for the military is pen testing.
  • From TFA:

    "IT people set up traditional IT networks with the idea of making them secure to operate and defend," Elder said. "The traditional security approach is to put up barriers, like firewalls--it's a defense thing--but everyone in an operations network is also part of the (attack) force. We're trying to move away from clandestine operations. We're looking for real physics--a bigger bang resulting in collateral damage."
    Does this make anyone else nervous?
    • We're talking about an organization that has nuclear weapons. Now they'll also be able to shut off a city's electrical and water supply electronically. I don't see why that should make me more afraid.
      • It should make you more afraid because each nuclear warhead is tracked, guarded, and needs special permissions prior to firing. It's really hard to do all of that to knowledge (what software really is).

        To recap: it's really hard to fire a nuclear weapon by accident; it's not that hard to shut off a city's electrical and water supply electronically by accident (in comparison).
      • Ever heard of a Joe Job?

        They already make leaps of logic like "Bin Laden hit us, so let's invade Iraq," so just you wait for the upcoming "DDoS from a Chinese IP, tunneled through a Canadian ISP, so let's invade Venezuela" reasoning...
      • Because it's easier to hide, and people don't know jack about it.

        Are you afraid of sudden police raids? Usually, not very. And you shouldn't have to if you live in a halfway working democracy. Raids are VERY intrusive, you and your neighbors will notice them and you'll be infuriated when something like this happens trivially. Could you see people get a tad bit upset if a raid became something that happens routinely in your neighborhood, with 99% of them being false alarms? They're loud, they're quite notica

    • When asked if the initiation a program of information warfare against the invaders was wise, given their existing foothold in orbit and on the Plains Of Qtx, K'breel, Speaker for the Council, stressed that there was no cause for alarm:

      "While it is true that the sinister blue planet continues to attack our information systems using the spy satellites and military drones that it has sent thus far, we are confident that we can deal with the situation. We have always been able to alter the telemetry data retur

  • Oh, great. How much did Hollywood pay them to do this?

    Announcement for terrible cyber-war movie in 5... 4... 3...

    "Sergeant! I've been pinged!"

    "Dammit, Johnson! Get out of there!"

    • Oh c'mon, we all know how this has to look Hollywood-style:

      (Setting: A dark, gloomy room, packed with varying rattering machinery and the machine that goes 'ping'. Various people with good hygene, perfect haircut and decent uniforms (with ties!) sitting in front of screens that paint their faces in neon green. No nachos or pizza anywhere. Suddenly, Private Johnson reports)

      Pvt Johnson: "Sir, I think I picked up a signal."
      Officer: "Can you pinpoint it?"
      Pvt Johnson: "Yeah, the computer is on it."

      (We look at a
  • US Cyber Command. Does this sound as cheesedick to them as it does to the rest of us?
    • Reminds me of a group of executives within our company back in the 90's that called themeselves the 'cybersuits'. It was a lame name even for back then! I suggest "Ether Force" as a better name.

    • In a word: Yes.

      What does a "Cyber" command do? It "cybers"? Yeah, count me out.

  • Maybe they can find a way to have a router overvolt a packet to knock out an individual computer! (j/k but it'd make good stupid movie explanation)

    I have allways wondered why people don't automatically Re-DOS the DOSer. Is that even possible, just start picking targets that are attacking, and flood them back till their network card pops or something.

    • Because YOU are in the wrong, then. No kidding.

      The average DDoS is not conducted by some machines in the possession of those that attack. It's a network of machines infected with backdoors that allow the attacker to use those machines. The current fad is sending out spam, but they can be used for a DDoS as well.

      So. Now you, the attacked, go ahead and snipe those machines off the net. Which is usually no big deal, we're talking consumer PCs running on consumer DSL lines here, if you have a halfway powerful r
      • I in my heart, agree with that sentiment. But, we all have fits of rage and want revenge from time to time. The ability to control that is what makes us human!
      • I have been around a bit, I do know that about bot nets. But if you burn kill a box, one at a time, via a magic packet exploit of some sort, or some kind of dos attack, how long would it take you to blow out multiple small boxes if you had 1 central mega setup? It would be like an "bizzaro" DoS attack.

        It'd be like playing starcraft. If you put a solder agianst a tank, your going to lose the soldier right? But if all you have is soldiers and you focus fire down on the largest units first they all will ev

  • I guess this explains a few things... (Score:3, Interesting)

    by IonOtter (629215) on Friday April 04 2008, @02:43PM (#22967058) Homepage
    Other causes for military concern include possible supply-chain vulnerabilities, where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.

    I guess that explains what happened to me?

    I got an email from a supply company requesting payment of nearly $15,000 for, I kid you not, 2200 telephones. Apparently, they'd been ordered, purchased and delivered to my former duty station at NCTAMS PAC in Hawaii.

    Mind you, they were all delivered to a mailbox that was probably all of 8x3x5 inches. I did the math, and 2200 desk telephones wouldn't have fit inside the whole mail BUILDING, let alone the post box.

    Nobody at the base ever saw the order-they would have, since that many phones would have come on 5 pallets-and nobody knew what they heck was going on. Finally, after working with the business owner, it was determined that the owner had been hacked.

    The phones went one way, the bill went the other, I got a nervous laugh, the poor business owner got screwed and the military was twirling around going "Wha?! Wha?!? HUH!??!"

    Didn't have to pay a cent, though. Wonder how it turned out?
  • Sweet, someday our home PC's will have to do mandatory military service for X years.
    Join the national DDoS army now. Its your patriotic duty!

  • Air forces (Score:4, Funny)

    by ozbird (127571) on Friday April 04 2008, @06:18PM (#22969036)
    Air Force Cyber Command (AFCYBER), a US military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the US Eighth Air Force.

    One air force should be enough for any country.
    • I'm just imagining the drills...
      Tear down and reassemble the PC box.. timed of course.

      Why did you put that PC together so quickly, Gump?
      You told me to, Drill Sergeant

  • Technology may help ward off attacks, or (if it's really good) help to identify the responsible parties, but it takes a more personal, hands-on encounter to deter future attacks, and dissuade technologists from contributing to cyberattacks. Computers are just computers - people are where it's at, and the personal involvement component is the interesting part of the job. It's also the ticklish part because it needs to happen in a foreign country. Organizations with a developed cyber-terrorist workforce wo
    • IP address are not latitude and longitude. I'm so glad they don't think like that.
      • except that for static IP's(especially under IPv6) the RIAA has shown us that you can target an individual. Once you have an address, the only thing left would be to get a Predator Drone to follow them and launch a low yield hellfire missile. You could blow them up in rush hour traffic with minimum collateral damage.

        • And RIAA has also shown us how this method of targeting individuals does not have a great record of being accurate. I suppose that could fall into the category of "collateral damage" too...
    • Unless they are jamming.

    • Anyone else think "Cyber Command" staff suffer a higher incidence of wedgies and swirlies than other members of our armed forces?

      Actually, I'd think it'd be more like "give us your lunch money or we'll fsck up your mortgage, Visa cards, driver's license, and put your wife up on Craig's List."

      • Actually, I'd think it'd be more like "give us your lunch money or we'll fsck up your mortgage, Visa cards, driver's license, and put your wife up on Craig's List."

        So...America's cyber A-Team has the 1337 skills of an entry-level con man? Can we outsource our electronic defense to the Israeli cyber team or something instead?

        Given that many live happily in the armed forces without any of these threatened items, I'm sticking with my theory of an unusually high wedgie-per-day rate.

    • I assume whoever configured The Pirate Bay's Web site realized people will try to hack into that system. Besides,

      Unless I miss my guess, the US Cyber Command would be more interested in things like the power supply in Tehran or the water supply in Damascus. You know, systems used by nation states that could become enemies.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.