Tags:
Journalism of Courage
On the site of a former military golf course where President Dwight Eisenhower once played,the future of US warfare is rising in the shape of the new 358 million headquarters for the military8217;s Cyber Command.
The command,based at Fort Meade,Maryland,about 25 miles north of Washington,is rushing to add between 3,000 and 4,000 new cyber warriors under its wing by late 2015,more than quadrupling its size.
Most of Cyber Command8217;s new troops will focus on defense,detecting and stopping computer penetrations of military and other critical networks by America8217;s adversaries like China,Iran or North Korea.
But there is an increasing focus on offense as military commanders beef up plans to execute cyber strikes or switch to attack mode if the nation comes under electronic assault.
8220;We8217;re going to train them to the highest standard we can,8221; Army General Keith Alexander,head of Cyber Command,told the Reuters Cybersecurity Summit last month. 8220;And not just on defense,but on both sides. You8217;ve got to have that.8221;
Officials and experts have warned for years that US computer networks are falling prey to espionage,intellectual property theft and disruption from nations such as China and Russia,as well as hackers and criminal groups. President Barack Obama will bring up allegations of Chinese hacking when he meets President Xi Jinping at a summit in California beginning on Friday 8211; charges that Beijing has denied.
The Pentagon has accused China of using cyber espionage to modernize its military and a recent report said Chinese hackers had gained access to the designs of more than two dozen major US weapons systems in recent years. Earlier this year,US computer security company Mandiant said a secretive Chinese military unit was probably behind a series of hacking attacks that had stolen data from 100 US companies.
There is a growing fear that cyber threats will escalate from mainly espionage and disruptive activities to far more catastrophic attacks that destroy or severely degrade military systems,power grids,financial networks and air travel.
Now,the United States is redoubling its preparations to strike back if attacked,and is making cyber warfare an integral part of future military campaigns.
Experts and former officials say the United States is among the best 8211; if not the best 8211; in the world at penetrating adversaries8217; computer networks and,if necessary,inserting viruses or other digital weapons.
Washington might say it will only strike back if attacked,but other countries disagree,pointing to the 8220;Stuxnet8221; virus. Developed jointly by the US government and Israel,current and former US officials told Reuters last year,Stuxnet was highly sophisticated and damaged nuclear enrichment centrifuges at Iran8217;s Natanz facility.
NEW RULES OF ENGAGEMENT
US government officials frequently discuss America8217;s cyber vulnerabilities in public. By contrast,details about US offensive cyberwarfare capabilities and operations are almost all classified.
Possible US offensive cyber attacks could range from invading other nations8217; command and control networks to disrupting military communications or air defenses 8211; or even putting up decoy radar screens on an enemy8217;s computers to prevent US aircraft from being detected in its airspace.
The shift toward a greater reliance on offense is an important one for a nation which has mostly been cautious about wading into the uncertain arena of cyberwar 8211; in part because gaps in US cybersecurity make it vulnerable to retaliation.
But former Homeland Security Secretary Michael Chertoff said the United States must be ready and should articulate 8211; soon 8211; what level of cyber aggression would be seen as an act of war,bringing a US response.
8220;One of the things the military learned,going back to 9/11,is whether you have a doctrine or not,if something really bad happens you8217;re going to be ordered to do something,8221; he told the Reuters summit. 8220;So you better have the capability and the plan to execute.8221;
Reuters has learned that new Pentagon rules of engagement,detailing what actions military commanders can take to defend against cyber attacks,have been finalized after a year of 8220;hard core8221; debate. The classified rules await Defense Secretary Chuck Hagel8217;s signature,a senior defense official said.
The official would not give details of the rules but said,8221;they will cover who has the authority to do specific actions if the nation is attacked.8221;
8216;A FRAGILE CAPABILITY8217;
At Cyber Command,military officers in crisp uniforms mix with technical experts in T-shirts as the armed forces takes up the challenge of how to fend off cyber penetrations from individuals or rival countries.
Even as overall US defense spending gets chopped in President Barack Obama8217;s proposed 2014 budget,cyber spending would grow by 800 million,to 4.7 billion while overall Pentagon spending is cut by 3.9 billion.
Until its new headquarters is ready,Cyber Command shares a home with the US National Security Agency NSA,which for 60 years has used technological wizardry to crack foreign codes and eavesdrop on adversaries while blocking others from doing the same to the United States. Alexander heads both agencies.
8220;The greatest concentration of cyber power in this planet is at the intersection of the Baltimore-Washington Parkway and Maryland Route 32,8221; said retired General Michael Hayden,a former CIA and NSA director,referring to NSA8217;s Fort Meade location.
But NSA8217;s role in helping protect civilian,government and private networks has been controversial 8211; and is likely to come under greater scrutiny with this week8217;s revelation that it has been collecting telephone records of millions of Verizon Communications customers under a secret court order.
A January report by the Pentagon8217;s Defense Science Board gave a general picture of how the United States might exploit and then attack an adversary8217;s computer systems.
In some cases,US intelligence might already have gained access for spying,the report said. From there,Cyber Command 8220;may desire to develop an order of battle plan against that target8221; and would require deeper access,8221;down to the terminal or device level in order to support attack plans,8221; it said.
Because gaining access to an enemy8217;s computers for sustained periods without detection is not easy,8221;offensive cyber will always be a fragile capability,8221; it said.
In cyberspace,reconnaissance of foreign networks is 8220;almost always harder than the attack8221; itself because the challenging part is finding a way into a network and staying undetected,said Hayden,now with the Chertoff Group consulting firm.
PURPLE HAIR AND JEANS
Cyber Command8217;s new Joint Operations Center,due to be complete in 2018,will pull disparate units together and house 650 personnel,officials said. Air Force,Army,Navy and Marine Corps components will be nearby and,a former US intelligence official said,the complex will have power and cooling to handle its massive computing needs.
Those who have worked at Cyber Command say the atmosphere is a mixture of intensity and geek-style creativity. Military precision is present,but it is not unusual to see young civilian computer whiz kids with purple hair,a tie-dyed shirt and blue jeans.
8220;It8217;s made to be a fun environment for them. These are people who are invested and want to serve their nation. But there is some military rigor and structure around all that 8211; like a wrapper,8221; said Doug Steelman,who was director of Network Defense at Cyber Command until 2011 and is now Chief Information Security Officer at Dell SecureWorks.
Cyber Command8217;s growth and expanding mission come with serious challenges and questions.
For example,how to prevent US military action in cyberspace from also damaging civilian facilities in the target country,such as a hospital that shares an electric grid or computer network with a military base?
And some doubt that the military can train many cyber warriors quickly enough. Alexander has identified that as his biggest challenge.
The former intelligence official said Cyber Command8217;s new teams won8217;t be fully ready until at least 2016 due to military bureaucracy and because it takes time to pull together people with the special skills needed.
8220;To be a good cyber warrior,you have to be thinking,8217;How is the attacker discovering what I8217;m doing? How are they working around it?8217; 8230; Cyber security really is a cat and mouse game,8221; said Raphael Mudge,a private cybersecurity expert and Air Force reservist. 8220;That kind of thinking can8217;t be taught. It has to be nurtured. There are too few who can do that.8221;
Would-be cyber warriors go through extensive training,which can take years. A recruit with proven aptitude will be sent to courses such as the Navy-led Joint Cyber Analysis Course in Pensacola,Florida,a 6-month intensive training program.
The top 10 percent of JCAC8217;s students will be selected for advanced cyber operations training,said Greg Dixon,a vice president at private KEYW Corp,which conducts intensive training classes.
The company can train a JCAC graduate to become an analyst in five weeks,but it takes 20 weeks to become a cyber operator. Dixon would not divulge what an operator would be capable of doing after graduation,but said it would be 8220;a lot.8221;
8220;They8217;re going to pick the cream of the crop for the 8216;full spectrum cyber missions8217;,8221; the former US intelligence official said,using a euphemism for cyber offense.
Before a future cyber warrior can begin advanced training,he or she has to pass through the arduous security clearance process,which can take six to nine months for personnel who are not already cleared.
Troops earmarked for cyber warfare have found themselves washing floors,mowing lawns and painting at military installations as they bide time waiting for a clearance.
There is the concern about retaliation for a US cyber attack. Some analysts say Iran increased its cyber capabilities after being infected with Stuxnet,which was revealed in 2010.
8220;The old saying,he who lives in a glass house should be careful of throwing stones 8230; but if the stone that you threw at someone,when you live in a glass house,is a stone that in some way they could pick back up and throw back at you,that8217;s an even dumber idea,8221; the defense official said. 8220;We definitely think about that as one aspect of considering action.8221;
