Sunday, 8 September 2013

The New Russian Cyber War Force

Russia recently revealed that it is organizing a Cyber War organization within the Defense Ministry. This would be a separate branch of the army, joining more traditional branches like infantry, armor, artillery and signal (where Cyber War operations already exist in most countries). Noting what’s going on in China and the United States, the Russians have decided to catch up.
The Chinese military already has a growing number of formal Cyber War units, as well as military sponsored college level Cyber War departments and extensive course offerings. These Cyber War units, plus the volunteer organizations and Golden Shield (Internet censors and monitors) bureaucrats apparently work closely with each other and have provided China with a formidable Cyber War capability. NET Force, with only a few thousand personnel, appears to be the controlling organization for all this. With the help of RHU and Golden Shield, they can mobilize formidable attacks, as well as great defensive potential. No other nation has anything like it.
In early 2013 the U.S. Cyber Command (USCYBERCOM) announced that it was forming more offensive cyber-teams and would have at least 40 of them by 2015. By 2016 over a sixty defensive cyber teams will be formed, to provide defensive skills and expertise where needed most. Each team will have a mix of experienced software engineers (including civilian contractors) and personnel with skills but not much experience. The teams of a dozen or so people will benefit from Cyber Command intelligence and monitoring operations as well as a big budget for keeping the software library stocked with effectivetools (including zero day exploits, which are not cheap at all). Cyber Command also has contacts throughout the American, and international, software engineer community. This can provide crucial expertise when needed. The effectiveness of these teams will vary a great deal because one highly skilled Internet software whiz on a team can make a huge difference.
The majority of these teams will be assigned to the nine major commands (like Centcom or Socom), but 13 will be used to strike back at attacks on the United States. Exactly what weapons would be used was not discussed, nor was the exact size and organization of offensive cyber-teams. What is known that there is work for such teams of Internet specialists if they work in conjunction with lawyers and the State Department. This kind of organization has already destroyed several Internet criminal organizations. NSA (National Security Agency) has been even more active in carrying out offensive attacks, with over 200 of them revealed recently in stolen (by a disgruntled employee, not enemy hacking) NSA documents.
The Department of Defense offensive operations work like this. The Internet specialists can usually determine how the attackers are operating and where from. This evidence can be used by the lawyers and American diplomats to get warrants to seize of shut down web sites or servers in foreign countries and even arrest (eventually) those identified as being behind the attack. But what do you do if the hacker attack comes out of countries that will not cooperate, like Iran, North Korea, China or Cuba. The NSA procedure is similar, but more shrouded in secrecy.
Cyber Command became operational in late 2010 and is still working on an official (approved by the government) policy stipulating how Internet based attacks can be responded to. Meanwhile there have been a lot of unofficial attacks. The 2013 cyber-teams announcement implied that attacks are now allowed, but not what kind of attack. The NSA leaks confirmed that attacks are going on. While Cyber Command has long been asking for permission to fight back, technical, legal, and political problems have delayed agreement on how that can be done. It's not for want of trying. A year ago the U.S. Congress approved a new law that allows the Department of Defense to conduct offensive Cyber War operations in response to Cyber War attacks on the United States. That is, the U.S. military is now authorized to make war via the Internet. The new law stipulates that all the rules that apply to conventional war also apply to Cyber War. This includes the international law of armed conflict (meant to prevent war crimes and horrid behavior in general) and the U.S. War Powers Resolution (which requires a U.S. president to get permission from Congress within 90 days of entering into a war). Meeting with all the fine print has so far delayed actually allowing a legal counterstrike to a Cyber War attack. The NSA doesn’t have all those restrictions because it comes out of the intelligence world, where there have always been fewer rules. While this approach to Cyber War makes sense to the NSA, the Department of Defense is frustrated at being held to conventional war standards.
Meanwhile, there are some related serious problems with finding qualified people to carry out such counterattacks. Headquartered in Fort Meade (outside Washington, DC), most of the manpower and capabilities for Cyber Command come from the Cyber War operations the services have already established. U.S. Cyber Command has some smaller organizations of its own that coordinate Cyber War activities among the services, as well as with other branches of the government and commercial organizations that are involved in network security. But most of Cyber Command manpower actually works for the Cyber War organizations of the four services.
Of the four services the U.S. Air Force is the most experienced in Cyber War matters. Back in 2008 the air force officially scrapped its own planned Cyber Command, which was supposed to operate more like USCYBERCOM. That new air force organization was supposed to officially begin operating by the end of 2008. Instead, many of the personnel that were sent to staff the new command were sent to the new Nuclear Command. This change was made in response to growing (at the time) problems with the management of air force nuclear weapons. Despite that, the air force continued trying to establish some kind of new Cyber War operation and use it to gain overall control for all Department of Defense Cyber War activities. The other services were not keen on this. That resistance, plus the nuclear weapons problems, led to the Cyber Command operation being scaled back to being the 24th Air Force. This organization handles electronic and Internet based warfare.
The U.S. Army, following the example of the air force, also established a Cyber War operation. Some 21,000 soldiers were pulled from a large variety of signal and intelligence outfits to form ARFORCYBER (Army Forces Cyber Command). It became fully operational in 2012 with its headquarters at Ft. Belvoir, Virginia.
In 2009 the U.S. Navy created an "Information Domination Corps", in the form of a new headquarters (the 10th Fleet), with over 40,000 people reassigned to staff it. While the new Cyber War command dealt mainly with intelligence and network security, it also included meteorology and oceanography. These last two items are very important for deep water navies, especially since a lot of the information about oceans, and the weather, is kept secret. The fleet calls upon the talents of 45,000 sailors and civilians. Most (44,000) of these personnel are reorganized into 10th Fleet jobs or will contribute from within other organizations. A thousand new positions were created, mainly for 10th Fleet. All this gave the navy a more powerful and secure position in cyberspace. The navy does not want to repeat the mistakes of the air force in this area.
The U.S. Marine Corps established a Forces Cyberspace Command in 2010, with about 800 personnel, to help provide network security for marine units. The marines are accustomed to doing more with less.
All those Cyber War operations are dependent on contract workers (civilians) for their top technical talent. The new Russian Cyber War organization is expected to use more civilians, because they have less Cyber War talent in the ranks than the U.S. does. There is always a shortage of skilled Internet experts, partly because they have to be capable of getting a security clearance. This rules out a lot of the best hacking talent, who had misbehaved in the past and were identified or even prosecuted for it. This is not a problem in Russia, which has a more freewheeling tradition in this area. A lot of otherwise qualified technical personnel won't even apply for these U.S. Department of Defense jobs because a background check might reveal earlier hacking misadventures they would rather keep quiet about (at least to the government). In Russia, those misadventures make candidates more attractive. Meanwhile, the Department of Defense has assembled a growing group of civilian Cyber War volunteers. Not all have security clearances but in the event of a national Cyber War crisis, that would be less of an issue.

No comments:

Post a Comment