Dailydave mailing list archives
Re: The Pentagon Staffs up
From: Irby Thompson <irby () sliphead com>
Date: Mon, 28 Jan 2013 15:24:01 -0500
It seems to me the Pentagon should consider following a USSOCOM/JSOC model towards Cyber. For example, instead of
trying to 'be more effective' by just growing the number of Cyber Command billets, focus instead on creating and
deploying small teams of cyber operators who work together on specific offensive or defensive missions. In my opinion
nation-state level cyber is (and will remain) a specialty domain due to it’s extreme technical nature across a breadth
of disciplines. To be truly effective (in either offense or defense) you need small, cohesive teams who offensively and
defensively simultaneously, and up and down the stack. Once the mission is achieved, these tiger teams move on to the
next mission, and the Command backfills with (easier-to-hire) technical staff to hold down the fort.
-irby
On Jan 28, 2013, at 11:20 AM, Dave Aitel wrote:
http://www.nytimes.com/2013/01/28/us/pentagon-to-beef-up-cybersecurity-force-to-counter-attacks.html?_r=0 Notably, they don't do all this staffing actually AT the Pentagon, where they'd get to fight every contractor already trying to staff up, and where people would get to enjoy the traffic. :> As part of the expansion, officials said the Pentagon was planning three different forces under Cyber Command: “national mission forces” to protect computer systems that support the nation’s power grid and critical infrastructure; “combat mission forces” to plan and execute attacks on adversaries; and “cyber protection forces” to secure the Pentagon’s computer systems. It's interesting they're building a team to secure critical infrastructure before the groundwork has been laid legislatively to use that team. Also - everyone focuses on "how to recruit X number of people", but forgets that the Government doesn't really need huge farms of rock star hackers and in fact, they prefer not to have them. Good technologists who can work in a team are eminently findable and much more valuable. Realistically, their problem is more managerial than technical. This is a young field, and it's hard to find people who have the security experience and management know-how (and actually want to do management). Your basic Java program manager can't hack it (pun intended). But without that, you're going to be building the tools you need today, rather than the tools you'll need tomorrow. It's a fatal flaw in most cases. Literally, in this case. -dave -- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The Pentagon Staffs up Dave Aitel (Jan 28)
- Re: The Pentagon Staffs up Irby Thompson (Jan 28)
- Re: The Pentagon Staffs up dan (Jan 29)
- Re: The Pentagon Staffs up Dave Aitel (Jan 29)
- Re: The Pentagon Staffs up dan (Jan 29)
- Re: The Pentagon Staffs up Irby Thompson (Jan 28)