[IP] Air Force Guards Cyberspace
-----Original Message-----
From: "Gene Spafford" <spaf@xxxxxxxxxxxxxxxxx>
To: dave@xxxxxxxxxx
Cc: ip@xxxxxxxxxxxxxx
Sent: 12/11/05 11:08
Subject: Re: [IP] Air Force Guards Cyberspace
[Although this topic is US-centric, it can be translated to other
countries' concerns.]
There is no indication in the press release that the US Air Force is
asserting any domestic mission that would violate the posse comitatus
law.
It is known, from public statements, that several other countries are
training their military to wage war on IT resources in
"cyberspace." There have been public press reports about use of
"cyberwar" techniques in Bosnia/Kosovo and Iraq, as well as
continuing low-level probes and attacks where other conflicts have
been going on, including the middle east and India-Pakistan. We
also have seen several news accounts of on-going probing and attacks
of US systems from hosts in other countries, some of which could be
state-sponsored.
It would be irresponsible of the leadership in this country, military
and civilian, to not have groups tasked to respond to military
threats. We have had such groups for some time, although they are
not widely known, and they have not necessarily been properly funded
or trained. The new Air Force mission statement is the first
explicit statement by an entire service branch that they recognize,
and will train for, a broader field of engagement. That is almost
certainly a good thing for national security. From my experience,
the Air Force has usually been ahead of the other services in
recognizing and embracing new computing technology appropriately,
especially when it comes to IT security (although they still have a
long ways to go).
So, with all that said, suppose that there were escalating tensions
with some foreign country. At some point in that escalation, with
no shots yet being fired, the US phone network goes down, or the
power grid goes out over 2/3 of the country (or pick a similar
scenario -- and don't tell me the systems are too independent for
this to happen....our defenses are weak, and extended probing and
preparation may be going on as you read this). What is our national
leadership going to do? Call out the FBI? The source is not
domestic, and the foreign country isn't going to honor a criminal
extradition warrant for their military commanders! Are we going to
retaliate by dropping bombs and escalating to a shooting war? Or
should we simply fold our cards and concede rather than suffer
another mass cyber outage?
Realistically, we need a national, military presence both to defend
against national-level cyber attacks, and with training and weapons
to engage in conducting such attacks against foreign adversaries.
The Air Force is a logical participant in such a force, especially
when you consider the role played by satellites and networked ATC/air
defense in national-level theaters, and with their existing expertise
in IT.
A few big questions that come out of thinking about this whole sphere
are:
1) If widespread probing of our infrastructure is occurring from off-
shore and traced to national entities, who should respond? Is it an
act of war or simply of significant espionage? Is civilian law
enforcement up to dealing with either? Should they be?
2) If the same probing, and perhaps even attacks, are being conducted
from off-shore by organized crime or terrorist organizations, who
should respond? For instance, should the FBI be in charge of
dealing with Al Qaida, not only within our borders but also in
Aghanistan, Pakistan, etc? If some of the narcotics cartels use
cyberattacks to disable and contaminate law enforcement databases
from off-shore bases, is it up to the DEA to deal with it?
3) If probing and attacks of critical systems (civilian, military,
government) are occurring from off-shore but we don't know who is
making them, then who is in charge of defense, investigation and
response? Is it only civilian law enforcement? Is it military?
4) With the political and military leadership continuing to underfund
and undervalue long-term research in cybersecurity, will we actually
be able to defend our infrastructure in the coming years, even if all
agencies and entities are involved (cf. <http://www.nitrd.gov/pitac/
reports/20050301_cybersecurity/cybersecurity.pdf>, the aptly titled
"The Cybersecurity Crisis")?
The posse comitatus law has served us well as a nation, and will
continue to do so. However, it was written long before we had the
Internet. Knee-jerk reactions against the military fail to take into
account the complexities of the world we live in. We should be glad
that the Air Force isn't focused on training for the last major
conflict, but is thinking of the future. Too bad our civilian
leadership isn't equally as foresighted.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/