By Neil Munro
October 29, 2007
SAN ANTONIO -- Deep in the heart of cyberspace, something new called a
Network Warfare and Ops Squadron fights battles 24/7 from a building in
a nondescript office park here at Lackland Air Force Base.
At one end of the room, a crew monitors the cyberspace highways for the
first signs of a hacker infiltration, spreading virus, or
network-jamming wave of spam. A second crew rapidly investigates every
problem and scrambles other crews to counter each incursion with an
armory of specialized software. And all of it is under the watchful eyes
of a pyramid of officers and officials that ascends through the
departments of Defense, Homeland Security, and Justice and eventually
into the Oval Office.
Every day, every hour, the squadron reacts to myriad trivial or
significant attacks on some of the 650,000 computers that allow the Air
Force to pay its personnel, manage day care centers, buy fuel, direct
fighter-bombers in Iraq and Afghanistan, and launch nuclear-tipped
missiles should the order ever come.
But this squadron is very different from the traditional units of
leather-jacketed, death-defying pilots soaring through the wild blue
yonder. These warriors are mostly office-dwelling private contractors
whose skills and actions are bound by a complicated tangle of software
and U.S. law rather than the laws of aerodynamics and the limits of
physical courage. Yet, these "airmen" play an increasingly important
role in the Air Force and the Defense Department, because warfare has
spread into cyberspace, just as it long ago spread into air and space.
That's why the Air Force has tapped Maj. Gen. William Lord to assemble
the Air Force Cyberspace Command by next October, whose job will be to
recruit, equip, and train a new corps of cyber-warriors perpetually
ready to protect military networks from whatever threats emerge.
The new command, Lord said, must also prepare for an offensive role --
to infiltrate or wreck enemy networks and to manipulate enemy leaders,
should that action ever be ordered by the president. One goal, he said,
is to give future presidents the ability to deter cyber-attacks. The
ability to say, "We're not going to blow up your cities, we're going to
melt your cities," or at least their electronic infrastructures, can
help counter cyber-attacks, Lord said. "It doesn't have to be a weapon
that ever gets used," he added.
The Air Force already has individual air and space commands, and "this
makes sense for them in a lot of ways," said James Lewis, director of
the technology and public policy program at the Center for Strategic and
International Studies. "Instead of blowing up power plants, they could
get them to stop working" using cyber-warfare, he said.
The command will also help the Air Force compete with the other armed
services for funding and leadership slots in future cyber-warfare
commands, said Mark Rasch, a managing director at FTI, a D.C.-based
cyber-security firm. These days, the Air Force isn't playing a prominent
combat role in Afghanistan or Iraq, partly because few bombers are
needed but also because the Army and Marines have developed their own
smart missiles and unmanned surveillance aircraft. And the Navy has
established the Naval Network Warfare Command in Norfolk, Va., which
focuses on naval "information warfare."
The Air Force's cyber-command, Rasch said, "is an attempt to establish a
pre-eminent, if not dominant, role in a new arena for war." The command
will be a natural development for the Air Force, he said, much like the
service's earlier electronic-warfare capabilities and space satellites.
In recent months, U.S. officials said they have seen a sharp increase in
efforts by hackers, backed by foreign governments, to infiltrate or
damage U.S. and other allied information networks. A particular concern
is that a government might plant damaging software -- "malware" --
inside a network, or even in new mass-produced computer components. The
malware would then surreptitiously send data back to its creators, or
even damage the host network during a war or other crisis.
In 2006, hackers -- likely backed by the Russian government -- launched
a wave of Internet-jamming attacks that crippled the government of
Estonia. Also, Beijing is believed to have helped Chinese hackers
infiltrate computer networks at the Pentagon and in government offices
in Berlin, London, and Paris, according to computer-security experts.
Many of these cyber-attacks are monitored, and some are countered, at
Lackland, where lunch-table conversations are "a lot of geekspeak" as
the contractors, many of them former military members, cooperate and
compete to identify new security threats, said Maj. Carl Grant, the
commander of Lackland's 33rd Network Warfare Squadron. In 2006, the
crews identified and dissected 29 "validated incidents" from among the
hundreds of thousands of suspicious events visible on the networks, he
said. "We're not arrogant enough to believe that we caught everything,"
The contractors don't live the regimented lives of military personnel,
and they don't wear uniforms. But they all have to pass security and
background checks. "We have to entrust them with the keys to all of the
information on the networks," said Col. Mark Kross, who commands the
26th Network Operations Group, which includes Grant's squadron.
Lord's emerging Cyberspace Command is expected to include the Lackland
operation and other classified programs as well as exotic aircraft, such
as the U2 spy plane, EC-135 electronic-eavesdropping aircraft, EC-130E
Commando Solo radio-broadcasting plane, and the EC-130H Compass Call
Its headquarters will likely consist of several hundred staff overseeing
perhaps 20,000 Air Force personnel. They will include software experts,
lawyers, electronic-warfare and satellite specialists, and behavioral
scientists, Lord said. "You have to reach out to a different kind of
recruit," he noted.
The command will not direct combat operations, Lord said, but will
supply capabilities to the Pentagon's combat commands, such as U.S.
Strategic Command and U.S. Central Command, which operate under the
direction of the White House. Technically, the armed services do not
initiate warfare; they assemble and train forces for use by the combat
commanders and the president. Over time, who does what in cyberspace
warfare will be decided after debate among government officials, the
services, private contractors, and advocates, Lord said. "It's a
dialogue we'll end up having."
But that debate is already quite advanced. In 2002, for example,
President Bush and Congress gave the new Homeland Security Department --
not the Pentagon -- the task of defending the government's civilian
Industry, meanwhile, greets these developments with a great deal of
caution and skepticism. Generally, industry officials are reluctant to
see government playing a role in the management of the Internet, which
is now so vital for their business operations. For more than a decade,
they have lobbied hard against online wiretaps, government-mandated
hacker defenses, and making companies legally liable for cyber-security
failures. The latest dispute emerged after a Chinese company announced
it wanted to buy a minority share in 3Com, a Marlborough, Mass.-based
company that supplies anti-hacker software to American companies, and
some Air Force contractors. The federal government's Committee on
Foreign Investments in the United States is now reviewing the proposed
Industry executives are winning most of these policy battles, in part
because much of the public, along with civil libertarians, don't want
government officials -- especially the military -- to regulate their use
of the Internet. That's why a future U.S. Internet Command is unlikely,
and why the White House has instead helped to establish cooperative
government-industry centers to counter security threats to banks,
electric power companies, railroads, and other vital industrial sectors.
"We're continuously reaching out to the private sector because the
private sector owns and operates [90 percent] of the critical
infrastructure," said Gregory Garcia, the assistant secretary for
cyber-security and telecommunications at the Homeland Security
Department. "DHS has the authority and credibility, and the trust of the
private sector and other [civilian] agencies to help coordinate a
national strategy for the protection of cyberspace."
The Defense Department, in contrast, and its subordinate services will
mainly be tasked with protecting military networks, even if they do
sometimes share resources with DHS, Garcia said. "We do recognize we are
certainly facing a lot of the same threats and vulnerabilities, so it
behooves us to work together," he added.
For example, the Estonian government, as a member of the North Atlantic
Treaty Organization, asked the Pentagon for aid when the hackers jammed
its networks in 2006. In turn, the Pentagon alerted its subordinate
units and also coordinated with DHS and U.S. industry to respond, Garcia
pointed out. "Together, we did a high-speed, real-time analysis of what
was going on in the Estonian networks.... We were all on our monitors,
on the phone, communicating through a variety of channels, in real time,
day after day, as the attacks were happening."
And Gen. Lord noted: "As the world has changed, we have changed."
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com