Jump to content

That Cyber Thread


17D_guy

Recommended Posts

You think this is any different in the AF?  Negative.  

There have been Commander's relieved for point out the emperor has no clothes when it comes to what the AF calls Vulnerability reporting.  Once again, it's just metrics that the local commander is on the hook for.. but has no actual power over the majority of the time.

http://www.theregister.co.uk/2015/10/27/army_bug_bounties/

The US Army men say internal staff who find vulnerabilities have no incentive to report bugs they find and face no repercussions for keeping silent, which amounts to a "do nothing" culture.

Moreover Defence vulnerability researchers work in an atmosphere "fraught with danger and much trepidation" where disclosure is weighed against risk of "reprisal".

Those risks could include revocation of security clearances, loss of access to IT systems, and "punitive action" under the Uniform Code of Military Justice which they describe as "viable outcomes" for those who "casually stumble" on bugs.

Link to comment
Share on other sites

  • 2 months later...

Gen. Hyten proposes contracting our base network support to free up money of offense/defensive cyber. How exactly is paying a contractor going to free up money? Although if they can fix a lot of the problems (not hopeful due to previous mentioned issues with DISA/regs) maybe it will be worth it.

http://www.stripes.com/news/air-force/air-force-to-develop-cyber-squadrons-general-says-1.391974

Link to comment
Share on other sites

Gen. Hyten proposes contracting our base network support to free up money of offense/defensive cyber. How exactly is paying a contractor going to free up money? Although if they can fix a lot of the problems (not hopeful due to previous mentioned issues with DISA/regs) maybe it will be worth it.

http://www.stripes.com/news/air-force/air-force-to-develop-cyber-squadrons-general-says-1.391974

Didn't the Navy contract out their network to NMCI and end up with terrible service?

Link to comment
Share on other sites

  • 5 months later...

So,

  I need to get on here and eat crow.  I bitched at length, and repeatedly, about not having Cyber people leading Cyber in my beloved AF.  Well, I've had the please of interacting with the new 24 AF CC.  He's a zipper suited sun god Viper driver.

  He's fucking awesome, link to bio - http://www.24af.af.mil/About-Us/Biographies/Display/Article/804882/major-general-christopher-weggeman

  He's applying his experience as an Viper driver to our cyber stuff and it's just...a breath of fresh air.  It's fantastic in every way imaginable.  No micro-managing, no "meet the deadline or else" BS, he cares what our cyber-operators are executing and will call BS, to 4-stars, if something/one attempts to impede that to turn a checkmark green.

  He also actually comes off as really liking this stuff beyond a "help make another star" attitude, or a time sink to retirement.  The attitude on staff is... I don't even know how to describe it, beyond pretty darn good.

  I hope that AF doesn't screw this one up and move him out in a year or less.  We really need some stability at the top, and I think he's the guy to right us.  Shit, if he could run it until we move to Vigilance Command, it might work out very well.  News flash: Space Operations ain't.

  Also someone makes jalapeno popcorn in the "heritage room"... how has this not moved out to the AF as a whole.  That stuff is fantastic.

 

P.S. - the vice is a good dude too - http://www.24af.af.mil/About-Us/Biographies/Display/Article/809210/brigadier-general-mitchel-h-butikofer

  • Upvote 4
Link to comment
Share on other sites

53 minutes ago, 17D_guy said:

So,

  I need to get on here and eat crow.  I bitched at length, and repeatedly, about not having Cyber people leading Cyber in my beloved AF.  Well, I've had the please of interacting with the new 24 AF CC.  He's a zipper suited sun god Viper driver.

  He's ing awesome, link to bio - http://www.24af.af.mil/About-Us/Biographies/Display/Article/804882/major-general-christopher-weggeman

 

He was my OG during Nav Skool. Huge fan. Always wondered what happened to him.

Link to comment
Share on other sites

  • 3 months later...

Well.. something big for us.

https://www.reddit.com/r/AirForce/comments/5d9grn/17x_critical_skills_retention_bonus/

the gist of which is:

"Effective the date of this memorandum(10 Nov), I designate the 17X (17D and 17S) Network Operations and Cyber Warfare Operations Officer specialty as critical to establish CSRB authority (Title 37, Section 355 USC, DoDI 1304.34). Upon approval, the Air Force will target qualified 17X Cyberspace Operations Officers with 4-12 years of commissioned service (TAFMCS) with payment of $15,000 per year for 4 years. These officers will incur an Active Duty Service Commitment (ADSC) of 4 years, and payments will be made on the anniversary of the contract.

This designation of Cyberspace Operations as a critical skill and targeted CSRB is to incentivize highly skilled and experienced 17X personnel to continue leading and managing this critically manned specialty."

So, I'm not too surprised it took the AF this long to figure out having our Cyber Operators continue to follow the support career path was forcing out the dudes who love the tech side of the job.  They've also started to put a ADSC on the folks who receive the 3-ltr-org training as well.  However, just like you fliers with the ACP, this isn't going to retain the numbers that are needed.

Until there is a clear career path that allows folks to maintain tech roles for longer (or at the very least quals) we're going to continue to have a problem.  If we continue to use the same career path as we did for support, while calling ourselves Ops, and meeting/not-meeting POTUS directed cyber force constitution--people are going to step.  If I can't build a team to run missions because Lt So-and-so has to box check exec, PCS, etc., then people are going to leave.  You can't tell educated and dedicated nerds that they're important and necessary, then file them into crap jobs when they don't have a ADSC required to put up with your crap.  You can't tell some Lt/Jr Capt how important Cyber is, and how much they're needed, while PCSing them to inspect SCIF's or be a contract monitor over a "cyber integrator."

We look for holes in logic and exploit it...it's literally what you pay us for.

And we aren't beholden to a small group of employers with byzantine hiring requirements.  Even basically accomplished individuals can trip and fall into $1XX+ year jobs.  The market is in our favor.  It's so strongly in our favor I can't think of a word for it.

All that being said, this aligns with my plans and timelines.  So... I'm a strong candidate, but I was anyway.  This isn't going to turn anyone's head that wasn't already walking in that direction.  Again, much like your ACP.

  • Upvote 1
Link to comment
Share on other sites

Holy shit - he's actually wearing his nerd wings above his pilot wings. (Yes, I know this is what the reg says to do in his case.)

That's an auto $69 shack and a keg of beer in any fighter bar worldwide. YGBSM.

That said, glad he's legit. Given his pedigree (FWIC IP, Viper driver, Purdue grad) I'm not surprised at all.


Sent from my iPhone using Baseops Network Forums

  • Upvote 1
Link to comment
Share on other sites

$15K a year for 4 years is quite tempting for the non-rated folks.  It's a well-compensated prison term is what it is.

Just like the flyers, it's not really about the money.  17D Guy is spot on with the career field being incompatible w/ the current promotion system.  You are going to pay a bunch of skilled folks to continue to do the same CBTs/green dots/resiliency/dog and pony show queeps.  Any self-respecting talented person would say fuck that and get out. 

Also, DoD cyber as whole is progressing very slowly and it's still a giant clusterfuck (even for the sexiest missions).  If you have any kind of skills, you are better off starting your own company and filing for IPO like snapchat.

Link to comment
Share on other sites

On 11/16/2016 at 11:27 PM, 17D_guy said:

Until there is a clear career path that allows folks to maintain tech roles for longer (or at the very least quals) we're going to continue to have a problem.  If we continue to use the same career path as we did for support, while calling ourselves Ops, and meeting/not-meeting POTUS directed cyber force constitution--people are going to step.  If I can't build a team to run missions because Lt So-and-so has to box check exec, PCS, etc., then people are going to leave.  You can't tell educated and dedicated nerds that they're important and necessary, then file them into crap jobs when they don't have a ADSC required to put up with your crap.  You can't tell some Lt/Jr Capt how important Cyber is, and how much they're needed, while PCSing them to inspect SCIF's or be a contract monitor over a "cyber integrator."

Do you think it would help your community if this bonus was accompanied by a construct similar to our (rated) gate month concept?  Some way to ensure that your guys taking the bonus have an institutional mechanism to spend a minimum amount of time doing the primary job they joined to do?  

Link to comment
Share on other sites

3 hours ago, jcollins said:

17D_Guy come join the Guard.  It's the best of both worlds.  Six figure income, no PCS and you get to do cool stuff on the weekends.  Google "Cyber Shield exercise" for examples.

Or the reserves (Go IMA!). Made the jump from AD a few years ago, don't regret it for the quoted reasons and I still get to contribute to the mission.

 

Every time I miss being AD my unit is more than happy to offer me days so I can remind myself why I punched... 

Link to comment
Share on other sites

On 11/18/2016 at 3:21 PM, tac airlifter said:

Do you think it would help your community if this bonus was accompanied by a construct similar to our (rated) gate month concept?  Some way to ensure that your guys taking the bonus have an institutional mechanism to spend a minimum amount of time doing the primary job they joined to do?  

It might.  Watching the mid-tier leadership struggle with crew management issues when I think back to how you fliers do it is very frustrating.  Can't figure out how to get a mission assigned and a crew tasked?  Well.. fliers use PEX to track all those requirements...but we can't use that because "we're cyber" and "it's different."

Brought up the idea of a scheduling office and was told that won't work because this cyber stuff requires de-conflicting clearances and access issues.  Good to know you fliers don't have to deal with that sort of thing...  Then they suggested contracting something like that out.  Thankfully the Bro in charge was a flier and killed that idea painfully.

11 hours ago, jcollins said:

17D_Guy come join the Guard.  It's the best of both worlds.  Six figure income, no PCS and you get to do cool stuff on the weekends.  Google "Cyber Shield exercise" for examples.

I got <4 yrs left.  I'm taking the $ and running.  But I can't speak highly enough about our Reserve/Guard members.  They're going to be the real leaders in the fight going forward and I think it's going to cause massive changes in how we're organized in the future.  

Much like flying, this isn't a field where technical proficiency is to be mocked.  You've got 20 years hacking this particular device type?  Fantastic, here's a boatload of money.

  • Upvote 2
Link to comment
Share on other sites

4 hours ago, 17D_guy said:

Brought up the idea of a scheduling office and was told that won't work because this cyber stuff requires de-conflicting clearances and access issues.  Good to know you fliers don't have to deal with that sort of thing...  Then they suggested contracting something like that out.  Thankfully the Bro in charge was a flier and killed that idea  

Why not include getting all your required clearances and accounts on the inprocessing checklist? Kind of like having to be CMR or turn in your flight records before first flight.

Link to comment
Share on other sites

5 hours ago, 17D_guy said:

It might.  Watching the mid-tier leadership struggle with crew management issues when I think back to how you fliers do it is very frustrating.  Can't figure out how to get a mission assigned and a crew tasked?  Well.. fliers use PEX to track all those requirements...but we can't use that because "we're cyber" and "it's different."

Don't give PEX anymore power than it already does. As soon as it gets to Cyber it will become self-aware and schedule everybody for weekly Green-Dot training.

  • Upvote 3
Link to comment
Share on other sites

23 hours ago, magnetfreezer said:

Why not include getting all your required clearances and accounts on the inprocessing checklist? Kind of like having to be CMR or turn in your flight records before first flight.

Meant clearance/access to areas teams are going to visit.

Link to comment
Share on other sites

  • 4 weeks later...

"Due to unforeseen circumstances, the release of the 17D Officer Retention Bonus (ORB) information will be delayed until further notice. The details of the ORB are currently being worked, and once approved AFPC will release a PSDM with eligibility criteria and the application process. Thanks for your understanding and patience."

Color me surprised AFPC set a date for itself, failed to meet said date, didn't announce anything about it then finally dropped this 5 hrs ago and didn't set a further date.  

I'm sure this is giving those that remain a warm fuzzy about further investing their lives with this professional organization.  Of course, this is right in-line with the type of "Cyber Ops" leadership I've seen from most of the O5's and up.

Link to comment
Share on other sites

On December 24, 2016 at 7:41 AM, 17D_guy said:

"Due to unforeseen circumstances, the release of the 17D Officer Retention Bonus (ORB) information will be delayed until further notice. The details of the ORB are currently being worked, and once approved AFPC will release a PSDM with eligibility criteria and the application process. Thanks for your understanding and patience."

Color me surprised AFPC set a date for itself, failed to meet said date, didn't announce anything about it then finally dropped this 5 hrs ago and didn't set a further date.  

I'm sure this is giving those that remain a warm fuzzy about further investing their lives with this professional organization.  Of course, this is right in-line with the type of "Cyber Ops" leadership I've seen from most of the O5's and up.

Maaaaan I knew there wasn't gonna be a bonus.  Oh sure, eventually they'll drop something but forgive me if I was skeptical from the moment I saw this even as the rest of the career field is flipping out.  I got nothing else to do so I'll take it but I doubt I'll be eligible now as I'm edging within a couple months of what the initial stated eligibility was.  Hope you're able to enjoy it if you're sticking around though!

zb

  • Upvote 1
Link to comment
Share on other sites

Back in 2002 the CSRB for 33S (what 17Ds used to be) was $10K a year for 4 years.  I think that lasted all of 2 months or so.  If you actually get it, $15K a year is more buying power in today's dollars according to the Bureau of Labor Statistics CPI Inflation Calculator (it says $13.4K is the equivalent).

So, I took the money and put it all in TSP tax free.  In 2005, just 3 weeks after getting the 4th and final installment, VSB came out and offered me $114K to walk away from the USAF.  I stayed in, but couldn't help thinking that these programs aren't thought out very well.

Link to comment
Share on other sites

1 hour ago, nsplayr said:

Related to cyber security, see attached for the Joint Analysis Report on the Russian hacking of U.S. targets put out by DHS and the FBI.

Report-on-Russian-Hacking.pdf

Link if you prefer that.

That is a weak ass report.  No offense meant to you, and thanks for posting it.  80% generic advice of how to prevent obvious future attempted intrusions.  Zero evidence to incriminate Russia.  I would hope a parallel classified report with actual proof exists because there are enduring diplomatic consequences for this kind of accusation; we'd better be damn certain of the truth.  Wasn't the ODNI created exactly to provide certainty in these situations?

 

Link to comment
Share on other sites

The second sentence is "However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities." You want details in an unclassified report? Do you have any idea how this stuff works? The CIA, the FBI, the "U.S. Intelligence Community," and the Department of Homeland security is all in agreement on something, and you consider that "weak ass"? What is wrong with you?

Maybe you should spend some time on SIPR before you post here again.

  • Upvote 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...