Cyber security: The new arms race for a new front line
The Pentagon – and a growing cyber industrial complex – gears up for the new front line: cyberspace. Cyber defense is necessary. But it could cost us.
(Page 4 of 6)
CyberCity, one of a number of Air Force cybertraining ranges, grew out of a request from senior defense officials who wanted to hone the offensive cyberskills of US troops.Skip to next paragraph
In Pictures Keeping watch: security or privacy invasion?
Subscribe Today to the Monitor
"They came to us and said, 'We need you to figure out some way to teach cyberwarriors that cyberattacks have a kinetic effect – that they make stuff move, blow up – and that people can get killed," says Ed Skoudis, founder of Counter Hack, the company that designed CyberCity, and a trainer at the SANS Institute.
US military officials asked that the city include a reservoir, as well as a lighted landing strip.
Mr. Skoudis estimates CyberCity missions break down equally into defensive and offensive training.
To illustrate the effect of cyberattack skills, for example, Skoudis has installed a miniature Nerf rocket launcher on the outskirts of CyberCity. When the US military begins to use the cyber-range regularly later this year, the mission for trainees will be to reverse-engineer the controls to the rocket launcher to make sure it fires away from the hospital rather than – as terrorists would have it – toward innocent patients.
"If you can hack a computer and use it to launch a Nerf rocket launcher, you have some interesting skills, no?" Skoudis says. "The skills that we're building can be used for offense or defense."
Cyberwarriors of the future, he points out, will often need to make use of offensive skills to defend US interests – a branch of cyber that the US military has only more recently begun to discuss, and even then in highly general terms, in the hope that mention of it might serve as some deterrent to would-be attackers.
"All the offensive stuff we describe is to take control of things to keep bad things from happening," Skoudis notes. "Of course, you can always use those skills to make bad things happen."
These are complex talents, and the plan to expand the cyber cadre has quickly raised concerns about how the services will find enough cyberwarriors to do the job – and keep them from decamping for the high-paying private sector firms eager to recruit well-trained specialists with top-secret security clearances.
Maj. Gen. Suzanne "Zan" Vautrinot, commander of Air Forces Cyber and of Air Force Network Operations at Lackland Air Force Base, Texas, offers a glimpse of the wide scope of Pentagon designs for cybersecurity. She cites congressional figures that indicate the military has 1,000 cyberwarriors who can operate at the highest level. But, she adds, "what we need is on the order of 20,000 or 30,000.... Cyber is foundational to everything we do, because everything you do in your mission is dependent on it."
For this reason, the US military's cyber effort is heavily reliant on civilian contractors like Mr. Snowden, along with the National Guard.
"There is a talent search within the existing military forces," says Mr. Paller. This involves reaching out to increasingly young prospective cyber prodigies, including high school students, and giving them secret security clearances in order to test the extent of their skills.
At the military's largest cyberwarfare school, the Air Force's 39th Information Operations Squadron at Hurlburt Field, Fla., students conduct real-time operations against cyberattacks on simulators like CyberCity.
The training is increasingly sophisticated, notes Col. John "Kiley" Weigle, commander of the squadron, who adds that he would like to see the number of trainers grow: "I could easily see this all doubling, given the correct instructors, to be much more close to what the nation needs."
Phishing for generals
As the US military's top flag officers sit down at their office computers each morning to sift through e-mail, their in-boxes routinely hold lures from hackers across the globe in search of an easy mark.
If these would-be infiltrators succeed in getting a general to click on a link embedded in an otherwise innocuous-looking e-mail, it may offer them entry to the DOD's top-secret networks and allow them to troll undetected, potentially exporting valuable data about US defense systems.