The TV commercial opens with an aerial view of the Pentagon. “This building will be attacked 3 million times today,” says a concerned voice over a gloomy guitar riff. “Who’s going to protect it?”
The ad – part of the Air Force’s new “Above All” publicity campaign – is partly a not-so-subtle message to Congress: Cyberwarfare is real and the Air Force is the military branch to defend against it. It is also a recruiting tool to overcome one of the biggest challenges facing the year-old Air Force Cyber Command (AFCYBER): finding cyberwarriors to fight its 21st-century battles.
By recruiting in new places and relying heavily on the Air National Guard to find part-time, rather than full-time, employees, the Air Force is meeting with some success by seeking recruits from some of America’s most iconic tech companies.
For example, the 262nd Information Warfare Aggressor Squadron, an Air National Guard unit in Washington State, has tapped into guardsmen employed at Microsoft, Adobe, and Cisco, wrote Air Force Secretary Michael Wynne in a recent article. Based at Lackland Air Force Base in central Texas, the 688th Information Operation Wing recruits from tech-heavy Austin. The Air National Guard is also drawing from Sprint and Boeing for the Kansas-based 177th Information Aggressor Squadron, he added.
“We ... must capitalize on the talent and expertise of our Guard and Reserve members who may have direct ties and long experience in high-tech industry,” Secretary Wynne wrote.
So far, AFCYBER has recruited 400 part-time personnel with no added incentives such as pay or benefits, he adds.
Air Force seeks full-time geeks, too
The Air Force is also seeking full-timers for AFCYBER. Future cyberwarriors may be more couch geek than fit flyboy – not “the same kind of folks that perhaps you want to march to breakfast in the morning,” Air Force Col. Jeff Kendall told the Council on Foreign Relations in March. The colonel also suggested the Air Force may have to make exceptions to its entry standards and recruit ex-hackers, who may have committed computer-related crimes or have a felony conviction for unlawfully cracking a network.
Whether the Air Force has already recruited such hackers remains a mystery. “Due to privacy concerns, we do not discuss the background of our employees,” wrote Major Todd White, a public affairs officer for AFCYBER, in an e-mail responding to a reporter’s questions.
The command is still searching for a permanent home but should be fully operational by October, according to Maj. Gen. William Lord, AFCYBER’s provisional commander.
The Air Force’s new emphasis on cyberwarfare is raising questions abroad. What happens if the US moves from defensive measures – protecting the Pentagon’s website from hackers, for example – to offensive operations aimed at foreign websites?
The Air Force is already hinting that it may engage in offensive actions.
“The pervasive nature of pro-jihad Web sites represents a tangible and highly visible example of how our adversaries use elements of cyberspace against us,” wrote Wynne in his recent article. “We cannot allow our adversaries to operate freely there.”
Such computer attacks can be extremely damaging. A series of cyberattacks against Estonia a year ago flooded scores of critical government and commercial websites, making them inaccessible for several days at a time.
US may have cyberwarfare advantage
The military’s new focus on recruiting America’s information-technology professionals, who build some of the world’s most popular hardware and software, is also troubling to foreign nations.
They worry that cyberwarriors from, say, Cisco could use their inside knowledge of the company’s widely used routers and switches to help bring them down in a foreign country. Military recruits from Microsoft with insider knowledge of serious vulnerabilities in the software could give the United States a decided advantage and prove devastating to the target country, says Robert Masse, a self-described reformed hacker who founded Montreal-based computer-security firm GoSecure.
Some countries – notably China – have voiced concerns that Microsoft might pack “back doors” or hidden openings into its software that a US-based insider could exploit. In an effort to curb distrust, in 2003 Microsoft signed a pact with NATO as well as China, Russia, the United Kingdom, and other nations to let them see the source code of its Windows operating system.
But the company is mum on whether it sees ethical problems in its engineers working part time for a military unit dedicated to hacking its products.
“Microsoft does not hold specifics about employees that are supporting the 262nd” Information Warfare Aggressor Squadron, says a Microsoft spokeswoman. “So to this end, there really is no comment on the types of work they are doing.” Cisco and Adobe declined to comment.
Some information-warfare experts praise the Air Force efforts.
“The whole idea of an offensive information-warfare unit, particularly a computer network attack unit, is to build capabilities for possible exploitation down the road,” says Richard Forno, a cybersecurity consultant based in Washington and author of “The Art of Information Warfare.” “It just so happens the US is lucky that the companies building the world’s most popular and widely used IT products are based in the United States.”