The Department of Defense has a natural and longstanding concern when it comes to all matters related to security, but despite having had a hand in the origins of the Internet, only recently has the Pentagon dedicated a separate command structure to cybsercurity.
United States Cyber Command was established as an operational unit on October 31, 2010 – Halloween; perhaps an auspicious date for those who plan to lurk in and strike from the online shadows.
Cyber Command has a different posture than most civilian cybsecurity agencies in that it may be called on to act offensively as well as defensively. The official Department of Defense Cyber Strategy is concerned with three ongoing missions:
- Defend DoD networks, systems, and information
- Defend the U.S. homeland and U.S. national interests against cyberattacks of significant consequence
- Provide cyber support to military operational and contingency plans
Cyber Command integrates information security experts from all four branches of the armed forces. In peacetime, their primary mission will be to harden defense system networks against outside attack and assist private sector organizations that find themselves under intense threat of cyberattack.
The Command is also responsible for training other units and preparing regular forces for the unique trials of a conflict in cyberspace. Recently, the Army created a Cyber Training Range to train cyberwarriors in a simulated environment, similar to the simulated environments used to train personnel in the use of any other type of conventional weapon.
But in time of war, those same operatives may be expected to do some hacking of their own, aimed at enemy combatant networks and systems. In one example of this, DoD cyberoperatives launched an attack against a Saudi Arabian website that jihadists were using to plan terrorist attacks, successfully taking the system offline.
Although their mission was successful, it also pointed to a need for better coordination within the U.S. counter-terrorist community: the site was being jointly operated by a CIA team looking to entrap terrorists and gain operational intelligence. And it wasn’t just the target server that was affected by the countermeasure. Some 300 other servers, in Saudi Arabia, Germany, and Texas were also inadvertently disrupted in what might have been the first “blue-on-blue” cyberattack.
One of the fundamental goals of Cyber Command is to prevent future mis-steps of that nature.
A Brief History of Cyberwarfare
Since the early days of the public Internet, the U.S. military has been a target for spies and hackers. In 1986, a German hacker working for the KGB used a research computer system at the Lawrence Berkeley National Laboratory (LBNL) to break into military and defense contractor systems, looking for information about the Strategic Defense Initiative– a program known as “Star Wars” in more popular vernacular.
The very concept of a cyberattack didn’t even exist in the minds of most authorities yet. In fact, it took a bored astronomer named Clifford Stoll at LBNL to track down the spy. In trying to isolate an accounting discrepancy of $.75 in the lab’s computer usage accounts, Stoll discovered it sourced back to 9 seconds of computer time associated with an unauthorized user who never paid– a hacker; and a cheap one at that.
Luckily, when Stoll contacted the Air Force Office of Special Investigations to tell them about his suspicions, they listened.
The Air Force was the first branch of military to formally establish a cyberwarfare unit in 1993. It would become known as the Air Force Information Operations Center. Originally, this and similar units in other branches were focused primarily on securing military systems against similar attacks. But as the scope and capabilities of networked systems expanded, so did the mission.
In 2011, the Pentagon announced that cyberattacks from foreign nations could be considered an act of war, and could lead to retaliation either in kind or with conventional weapons.
This gave cybersecurity a whole new level of gravity– for the first time, the government acknowledged that malicious computer code, executing only as electrical impulses fleeting through a processor, could end in bombings and loss of life.
Cyber Command Prepares for War
Although stateless, rouge terrorism remains the threat most Americans are focused on today, cybersecurity engineers, analysts, auditors and administrators have other serious battles to consider: those that take place between nation-states at war.
This is not new territory for military information security professionals. Penetrating enemy communication systems to cause confusion and spread disinformation is as old as warfare itself. During the Persian Gulf War in 1991, military and CIA assets attacked Republican Guard command and control systems with viruses and logic bombs, successfully disrupting Scud missile targeting capabilities.
As the modern world becomes more and more fused with information systems, those systems become a legitimate target for military operations, according to Cyber Command’s first commanding officer, Lieutenant General Keith Alexander.
Some government officials believe that the country is already in a state of shadow cyberwar with China. Five officers in China’s People’s Liberation Army are currently listed among the FBI’s Ten Most Wanted Cybercriminals for breaches of American information systems, although the FBI stops short of saying the actions were undertaken under the auspices of state authority. The New York Times reported that the NSA has breached a number of Chinese servers in retaliation.
But there is no such vagary when it comes to the ongoing conflict with ISIS. The fight to disrupt ISIS’s cyber-capabilities goes far beyond disabling social media accounts and websites used for recruitment and propaganda. In fact, cyberoperations designed to disrupt communications and critical infrustructure in the battlefield have been used to support Iraqi and Kurdish fighters attempting to retake Mosul.
Not All Cybersecurity Forces Wear Combat Boots: Jobs with the Defense Information Services Agency
Considering a career as part of the military’s cybersecurity force typically means taking the conventional route through bootcamp and the military training process before being assigned to a cyberwarfare specialist unit.
However, facing concerns that the military recruitment process might not select for the types of individual who would excel in the cybersecurity mission, The Defense Department also fields civilian cybersecurity teams, which now make up some 20 percent of the force.
These teams primarily come from the Defense Information Services Agency. DISA information security specialists are stationed around the world, at military installations and in postings with partner governments. In general, applicants must:
- Be a U.S. citizen
- Pass a stringent background check
- Possess specialized experience in the cybersecurity field
In the future, as information security degree programs begin producing a sufficient numbers of candidates, college degrees may become a stricter requirement for some positions.
When evaluating courses of study, candidates would do well to look carefully at institutions with a Center of Academic Excellence (CAE) designation in Cyber Defense. CAE designations are jointly proferred by the Department of Homeland Security and the National Security Agency for institutions offering different types of degree and research programs:
- Center of Academic Excellence in Cyber Defense Education (CAE-CDE) for schools offering four-year and graduate degrees
- Center of Academic Excellence in Cyber Defense Two-Year Education (CAE-2Y) for community colleges offering two-year degrees
- Center of Academic Excellence in Cyber Defense Research (CAE-R) for research institutes
Theses designations speak to the quality of the program and how well it covers cybersecurity principles most applicable to national security.