58 minutes ago
Tuesday, November 08, 2011
Cyberwar Warnings ...
The best thing about Planning Assumptions is that you get to ask the question to the planners, "What is your Branch Plan when your Planning Assumption X is shown to be false? Have you war-gamed that?"
Depending on the nature of the Planning Assumption and the depth of the planning - responses can be interesting. One thing you don't want to hear is, "We find that highly unlikely." - and then you have to remind them, "... then why do you have it as a Planning Assumption?"
I'm pondering the above over at USNIBlog, come visit.
Subscribe to:
Post Comments (Atom)
7 comments:
That xian1sheng1 looks like one of the 'students' I help tutor in English in the "English for Adults" class at the Chinese Community School... -LOL
For a planner, there's also a point at which the consequence of a planning assumption being disproven results in mission failure...in which case it might be time to start from scratch.
As a onetime (and likely future) campaign planner, hearing "we find that highly unlikely" usually generated some much-needed azimuth corrections to the JPGs. On the good side, those corrections were usually internal to the JPG. We only made that mistake once with the COS...
Once again, PACE.
Primary
Alternate
Contingency
Emergency
It takes discipline and planning aforethought. And an examination of what systems and weapons are TOTALLY reliant upon such networks, and figuring out ways to either control them by alternative means, or doing without them.
Wargame it. Over and over. And not the oh-so-typical foregone conclusion type game. A true frei Kriegsspiel unconstrained RED two-sided, honestly adjudicated game.
Stuxnet was Taranto for the cyberwarfare. We can see Pearl Harbor within decade.
If a "digital Pearl Harbor" ever comes to be, the torpedo warheads were placed aside the battleships long before anyone typed these words here today.
Pondering this and what was posted over at USNI's blog. I ask these questions:
1. Can we potentially look at speeding up acqusitions programs for the IT world with regards to making sure that proven, secure and modern IT systems are on hand to help defend computer based networks?
2. Have we started to define our legal and continum of force ladders for response to Cyberwar events? Just like the current questions of terrorism, do we define a cyber attack on a government sytem as an act of war or a legal trespass? Does the same definition carry on over to a business that is located in the US? The cavate to that also would be how to handle multi-national corporations that have a location in US territory, if the home office is attacked by another country cyber unit do we have to defend or offend back?
3. With the number of spillage events that happens at nearly all levels of government as it relates to just Personal Id Information. Should we start a massive level of review and re-evulation as it comes to this spillage (whether that is a work laptop "borrow" from a government office that is then stolen when a car/home is broken into or a "misplaced" HDD with tax records on it) and in turn treat all of this the same way as if someone released FOUO/SECRET/TS-SCI information? Should the same sort of punishments be leveled against people who have this spillage of computer networks? Simple because some of this data gives the OpFor a chance to potentially see how the network is built and data to create spoof accounts to get in so they can gain further access into more sensitive places.
I would also note that cyber war isn't new it is as old as warfare itself. That is SigInt is the old name, capturing the messenger and reading the mail or even inserting bad messages in that. From there SigInt evolved to be named Electronic Warfare and from there we have just evolved it again to try and give it a newer/sexier name of Cyberwarfare in hopes of causing that revoultion in military affairs. The ultimate relatity is that EW/Cyber/SigInt is unsexy and uncool, it scare all but those who are die-hard math fiends and even the Reactor officers with thier D20's in one hand and an elven archer/mage in the other think EW guys are way too geeky.
Within a decade? The war is on going as we write and speak! The systems controlling the air drones in Afghanistan are currently infected with a virus (their virus protection software is Kaspersky a Russian product). Most of our nuclear secrets have been compromised as a result of lazy attitudes toward IT security.
Today, I saw an article on MyWay news that discusses the current IT vulnerabilities.
apnews.myway.com/article/20111108/D9QS9BD82.html
The problem could extend down to the chip level in these systems.
Post a Comment