Air Force Guards Cyberspace

[David Farber <dave () farber net>]

-----Original Message-----
From: "Gene Spafford" <spaf () cerias purdue edu>
To: dave () farber net
Cc: ip () v2 listbox com
Sent: 12/11/05 11:08
Subject: Re: [IP] Air Force Guards Cyberspace

[Although this topic is US-centric, it can be translated to other  
countries' concerns.]

There is no indication in the press release that the US Air Force is  
asserting any domestic mission that would violate the posse comitatus  
law.

It is known, from public statements, that several other countries are  
training their military to wage war on IT resources in  
"cyberspace."   There have been public press reports about use of  
"cyberwar" techniques in Bosnia/Kosovo and Iraq, as well as  
continuing low-level probes and attacks where other conflicts have  
been going on, including the middle east and India-Pakistan.    We  
also have seen several news accounts of on-going probing and attacks  
of US systems from hosts in other countries, some of which could be  
state-sponsored.

It would be irresponsible of the leadership in this country, military  
and civilian, to not have groups tasked to respond to military  
threats.   We have had such groups for some time, although they are  
not widely known, and they have not necessarily been properly funded  
or trained.  The new Air Force mission statement is the first  
explicit statement by an entire service branch that they recognize,  
and will train for, a broader field of engagement.   That is almost  
certainly a good thing for national security.  From my experience,  
the Air Force has usually been ahead of the other services in  
recognizing and embracing new computing technology appropriately,  
especially when it comes to IT security (although they still have a  
long ways to go).

So, with all that said, suppose that there were escalating tensions  
with some foreign country.   At some point in that escalation, with  
no shots yet being fired, the US phone network goes down, or the  
power grid goes out over 2/3 of the country (or pick a similar  
scenario -- and don't tell me the systems are too independent for  
this to happen....our defenses are weak, and extended probing and  
preparation may be going on as you read this).   What is our national  
leadership going to do?   Call out the FBI?  The source is not  
domestic, and the foreign country isn't going to honor a criminal  
extradition warrant for their military commanders!  Are we going to  
retaliate by dropping bombs and escalating to a shooting war?  Or  
should we simply fold our cards and concede rather than suffer  
another mass cyber outage?

Realistically, we need a national, military presence both to defend  
against national-level cyber attacks, and with training and weapons  
to engage in conducting such attacks against foreign adversaries.    
The Air Force is a logical participant in such a force, especially  
when you consider the role played by satellites and networked ATC/air  
defense in national-level theaters, and with their existing expertise  
in IT.

A few big questions that come out of thinking about this whole sphere  
are:

1)  If widespread probing of our infrastructure is occurring from off- 
shore and traced to national entities, who should respond?  Is it an  
act of war or simply of significant espionage?  Is civilian law  
enforcement up to dealing with either?  Should they be?

2) If the same probing, and perhaps even attacks, are being conducted  
from off-shore by organized crime or terrorist organizations, who  
should respond?    For instance, should the FBI be in charge of  
dealing with Al Qaida, not only within our borders but also in  
Aghanistan, Pakistan, etc?  If some of the narcotics cartels use  
cyberattacks to disable and contaminate law enforcement databases  
from off-shore bases, is it up to the DEA to deal with it?

3) If probing and attacks of critical systems (civilian, military,  
government) are occurring from off-shore but we don't know who is  
making them, then who is in charge of defense, investigation and  
response?   Is it only civilian law enforcement?  Is it military?

4) With the political and military leadership continuing to underfund  
and undervalue long-term research in cybersecurity, will we actually  
be able to defend our infrastructure in the coming years, even if all  
agencies and entities are involved (cf. <http://www.nitrd.gov/pitac/ 
reports/20050301_cybersecurity/cybersecurity.pdf>, the aptly titled  
"The Cybersecurity Crisis")?

The posse comitatus law has served us well as a nation, and will  
continue to do so.   However, it was written long before we had the  
Internet.  Knee-jerk reactions against the military fail to take into  
account the complexities of the world we live in.   We should be glad  
that the Air Force isn't focused on training for the last major  
conflict, but is thinking of the future.   Too bad our civilian  
leadership isn't equally as foresighted.




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/