Jump to content

That Cyber Thread


17D_guy

Recommended Posts

https://www.military.com/daily-news/2021/10/12/pentagon-official-says-he-resigned-because-us-cybersecurity-no-match-china.html

 

 

I think what I find most interesting in his post is calling out Google. Why did we let Google seize the narrative on that? At the end of the day, google caved to 12 employees that through a hissy fit that Google wanted to work with the USAF to reduce civilian casualties in Drone Strikes. 

Edited by FLEA
  • Upvote 1
Link to comment
Share on other sites

3 hours ago, FLEA said:

https://www.military.com/daily-news/2021/10/12/pentagon-official-says-he-resigned-because-us-cybersecurity-no-match-china.html

 

 

I think what I find most interesting in his post is calling out Google. Why did we let Google seize the narrative on that? At the end of the day, google caved to 12 employees that through a hissy fit that Google wanted to work with the USAF to reduce civilian casualties in Drone Strikes. 

Some very damning statements and interesting to hear he thinks we have already lost.  Part of me hopes his is falling on his sword to get the attention the issues deserves (he is testifying before Congress next week), part of me is terrified he is right.  When...not if...China goes for Taiwan the American public likely won't know, we will be too bust trying to figure out why the lights are out, the water is out, the internet is out, the traffic lights are out.  It will be ugly.

  • Upvote 2
Link to comment
Share on other sites

1 hour ago, ClearedHot said:

Some very damning statements and interesting to hear he thinks we have already lost.  Part of me hopes his is falling on his sword to get the attention the issues deserves (he is testifying before Congress next week), part of me is terrified he is right.  When...not if...China goes for Taiwan the American public likely won't know, we will be too bust trying to figure out why the lights are out, the water is out, the internet is out, the traffic lights are out.  It will be ugly.

He’s right. The DoD has not figured out cybersecurity, because to do so requires them to spend a lot money. Those go towards boats, jets, and weapons, not cybersecurity architecture or training. Sorry, an A1C or Lt with a Sec+ cert isn’t going to be a SME in cybersecurity architecture. No one will care until it directly impacts their life, then they’ll really start to care. Unfortunately, it may be too late by then.

Edited by Sua Sponte
  • Upvote 1
Link to comment
Share on other sites



Some very damning statements and interesting to hear he thinks we have already lost.  Part of me hopes his is falling on his sword to get the attention the issues deserves (he is testifying before Congress next week), part of me is terrified he is right.  When...not if...China goes for Taiwan the American public likely won't know, we will be too bust trying to figure out why the lights are out, the water is out, the internet is out, the traffic lights are out.  It will be ugly.

Could we fight a war without PowerPoint and email? Only half joking...
Link to comment
Share on other sites

47 minutes ago, jazzdude said:


 


Could we fight a war without PowerPoint and email? Only half joking...

Thankfully, because of the determination of the weapons school to continue to teach white board briefing I believe we are ok without PowerPoint. No email though? I think we are fucked....

Link to comment
Share on other sites

Nicolas Challian was appointed as the first ever "Chief Software Officer" of the Air Force in August 2018, and it sounds like he put in a good fight over the past three years.

The Military.com article highlights Chaillan's concerns over Cybersecurity, but his letter posted to Linkedin is much more wide-ranging.  He spends some time highlighting his team's accomplishments during his tenure (which seems like they had many).  However, he has scathing criticism of how the DoD defines, develops, and fields software of all kinds.  It's a lengthy letter, but his criticisms seem to revolve around the following items (none of which are unexpected to anyone who's spent any time at all around the DoD):

  • DoD not funding his group properly, to the point that his billet and office had no dedicated funding, and he was forced to spend an inordinate amount of time chasing funding to do his job.  The figures he quotes seem reasonable - sounds like he was asking for $10's of millions, not $100's of millions.
  • DoD policies not being in line with modern software development.  Putting uniformed officers in charge of software development programs when they don't have the background/knowledge.  As he stated: "The Department of Defense, overall, needs to stop staffing Enterprise I.T. teams as if I.T. is not a highly technical skill and expertise.  We would not put a pilot in the cockpit without extensive flight training; why would we expect someone with no IT experience to be close to successful?"
  • Overall bureaucratic inertia, silos, and resistance to change.

The story of Kessel Run seems to be a bright spot in DoD software acquisition and development.  The Air Force had spent years and hundreds of millions funding the normal primes (Lockheed, Northrop, etc) to develop upgraded AOC software, with not much to show for it.  The Kessel Run group was able to succeed in a matter of months after spending tens of millions.  Kessel Run referring to the smuggling route in Star Wars, since the group figured they'd run into so much opposition within DoD that they'd almost have to "smuggle" their software in.

Ultimately, the DoD spends a big chunk of money on software development with a lot of companies (Lockheed, Boeing, Northrop, etc).  And the entire enterprise is biased against faster/better/cheaper.  I'm personally out of my realm on a lot of this stuff, but it seems to be the same age-old struggle.  We'll drag our feet on changing our ways until we get our ass kicked by someone.  Then, after we're done licking our wounds, change will come fast and furious.

Interested to hear from @17D_guy ,@Chuck17 or anyone else who's been closer to the software enterprise.

Edited by Blue
Link to comment
Share on other sites





Could we fight a war without PowerPoint and email? Only half joking...

That’s the fundamental misunderstanding people have with the whole Cyber war will be part of a multi domain conflict…

No Cyber warfare will be the new Nuclear 1st Strike, only it won’t allow you a follow up with any form of response.

All the idiots practicing war without computers using wet erase markers, plastic sheet overlays, and paper maps… None of those capabilities are actually going to be allowed, because you won’t even be able to issue the OP Order that brings forces to theatre. We will have things like the “7.2 miles of Combat Power” Fort Hood likes to brag about sitting in those same motor pools, because you can’t even get an email to coordinate the train to take them to port, much less put them in theatre and support them.

We need to realize Cyber isn’t going to be some arrow in your quiver to shoot, as much as it going to be your ability to protect your ability to actually do anything in whatever part of the world somebody chooses to then take advantage of our paralysis and conduct follow on actions.


Sent from my iPad using Tapatalk
  • Like 2
Link to comment
Share on other sites

How the hell did we ever plan the Normandy invasion with slide rules, butcher block paper, and teletypes?  Granted it was years in planning but still.  So many books on generals/admirals but what I am really curious about is how their staffs operated.  Despite all of our technology we seemed to be less competent at planning at the operational and strategic levels than we were in WW2 (with most of the officer corps being non-career types even).  

Link to comment
Share on other sites

I'd imagine it was a lot more manpower/personnel intensive. And the ability to compile and synthesize information was probably more limited, which affects the quality of decisions made by commanders.

Even desert storm was acetate and dot matrix printers…

Talk to the old guys running your Sims that lived it. The Navy guy I know was talking about having a dedicated flight every day whose sole job was to fly down and pick up the print version of the ATO/ACO. So here you are in a campaign where we are running sorties with everything available.. and you have available combat power acting as a taxi for what can know be accomplished with an email.

Yes they did it, but it’s not because we were just so good at War…it’s because the Iraqis were terrible at it.


Sent from my iPad using Tapatalk
Link to comment
Share on other sites

  • 6 months later...

Hey gents, thanks for keeping this one alive. I retired, got a contract job, got blackballed, filed a FWA complaint and am now 100% doing they cybers on the outside. Somehow lost the password to here and didn't really have time to get it going again (writing a book, starting a business, beekeeping, etc.).

Nice to be back and I do have some thoughts on what was posted. I'll write those out and give an update on the commercial side and what the bros are still saying in.

PS - edibles are great.

  • Like 4
  • Upvote 4
Link to comment
Share on other sites

Glad to hear all is well on the outside. The AF is finally deciding they can’t outsource all their IT and just do Cyber Ops. Also figured out MDTs were too expensive to have at every base. Bottom line is they still don’t know where we are going, but no one likes where we are right now.

https://www.afimsc.af.mil/News/Video/videoid/838126/

That video gives me hope that AF leadership has identified some of the problems. Now it’s just a matter of prioritizing the solutions.

  • Like 1
  • Upvote 1
Link to comment
Share on other sites

  • 3 weeks later...
On 5/3/2022 at 8:12 PM, SuperWSO said:

Glad to hear all is well on the outside. The AF is finally deciding they can’t outsource all their IT and just do Cyber Ops. Also figured out MDTs were too expensive to have at every base. Bottom line is they still don’t know where we are going, but no one likes where we are right now.

https://www.afimsc.af.mil/News/Video/videoid/838126/

That video gives me hope that AF leadership has identified some of the problems. Now it’s just a matter of prioritizing the solutions.

Was just arguing on the only remaining AF Facebook page I'm on about some new TASKORD that dropped and how "it's the real one guys" is just nails on a board to me. I hope they can figure it out. "Nerd magic" ain't cheap, easy or fast...just like aircraft. I'll be dropping off that page soon I think, can't do the rah-rah shit anymore.

Was offered a GS12 position when I dropped papers. Not bragging, but everyone here is smart so if you're interested (and not wanting to fly) there's starting positions in cyber for $100K. I started a mil-contract (puke) at $135K in 2020, now clearing $170K in a private sector small business, work from home in clothes...usually. 

I'm happy to share training resources and all that. 

  • Upvote 1
Link to comment
Share on other sites

53 minutes ago, BashiChuni said:

im a failed computer science major would i qualify?!

 

The bar in Cyber isn’t that high. I’ve seen multiple 24-25 year old Airmen with Air Force training and a small amount of OJT step into 6 figure contract jobs. Guys with real talent can command airline level pay.

The need across industries for IT Security exceeds the supply by a wide margin.

Edited by SuperWSO
Link to comment
Share on other sites

4 hours ago, SuperWSO said:

The bar in Cyber isn’t that high. I’ve seen multiple 24-25 year old Airmen with Air Force training and a small amount of OJT step into 6 figure contract jobs. Guys with real talent can command airline level pay.

The need across industries for IT Security exceeds the supply by a wide margin.

This exactly. Like almost everything it's about attitude and aptitude. Need a little ADHD to be able to look at lines of logs and find the "1" that's hiding as a "l"

Link to comment
Share on other sites

All right, so I'm obviously not on the inside anymore but I can tell you what's going on "in the real world."

Ransomware. It's a significant problem, and there is a strong and diversified ecosystem supporting this exploitation. No one gives a shit about the med/small businesses that are getting hit by it. I'm talking law firms, local docs offices, gen contractors, schools, town governments, etc. They'll sometimes have insurance that'll pay ($25K to start, and we're cheap) for my crew to come in and figure out what went wrong and fix it...and sometimes the owners won't.

The Trump administration did a lot to remove what I considered unnecessary hurdles for defense against these items, and it seems the Biden administration is moving those along as well but more forcefully in some instances (setting a line for 16 key critical infrastructure), though there has been some reporting (can't find it now) about rescinding a Trump EO that moved cyber ops from a NSC discussion to just a DoD discussion. I don't think that would be good.

Looks like the old CNMF/CC is getting the shot at CYBERCOM deputy (https://news.yahoo.com/biden-nominates-haugh-cybercom-deputy-140318162.html). I was in a meeting with Haugh where a Capt. said, to his face, "This is the stupidest idea I've ever heard." Thank God we were on VTC. I've never seen a general get shit on so much in my life. Seemed like a good dude, we were all in a shit sandwich with all services wanting cyber-money but not really giving a shit and the NSA actively hating "DoD cyberops."

Link to comment
Share on other sites

Some Russian companies fire Ukrainian IT experts: Russian news outlet RBC is reporting that Russian companies have begun to fire or demote IT experts of Ukrainian nationality or descent. In addition, sources from Russian cybersecurity firms have also told the publication that they have been instructed to closely monitor employees of Ukrainian descent or those who have relatives in Ukraine. Moves to fire or demote IT workers with access to critical systems have been observed in companies with government contracts, and sources have described it as an "unspoken requirement" for continuing to work with government agencies.

Sounds like a solid plan.

Link to comment
Share on other sites

2 hours ago, 17D_guy said:

Some Russian companies fire Ukrainian IT experts: Russian news outlet RBC is reporting that Russian companies have begun to fire or demote IT experts of Ukrainian nationality or descent. In addition, sources from Russian cybersecurity firms have also told the publication that they have been instructed to closely monitor employees of Ukrainian descent or those who have relatives in Ukraine. Moves to fire or demote IT workers with access to critical systems have been observed in companies with government contracts, and sources have described it as an "unspoken requirement" for continuing to work with government agencies.

Sounds like a solid plan.

Sounds like they are probably a month late.  

Link to comment
Share on other sites

  • 8 months later...
When we (DOD) don’t even try to secure information/data.
https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/

Look at how far we’ve advanced in communications.

We’ve come a long way from having hostile entities and criminals need to steal our PIA from a laptop left in a random rental car or the bathroom of a Panera bread.


Sent from my iPad using Tapatalk
Link to comment
Share on other sites

The part that bothers me most about this incident is that it was Microsoft that screwed up and left this information exposed.  The AF transitioned to Office365/CHES at considerable cost because it was going to put "the experts" in charge of the system.  Now we've centralized all our eggs into one cloud-hosted basket rather than spread out across the DoD network.  Although it is way more expensive, at least it is still grossly insecure. 🤡

Link to comment
Share on other sites

  • 4 months later...
5 hours ago, bfargin said:

https://www.theverge.com/2023/7/17/23797379/mali-ml-typo-us-military-emails-leak
 

Another cyber/intelligence issue the DoD hasn’t addressed in spite of warnings (for years). It would appear my dad was correct, attention to detail is important.

Can't wait for the mandatory cyber training refresher for the rest of us. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...