Exploring the "Cyber Sea"

Regarding my previous posting about Invincible Defense Technology this article just published today by United Press International may also be of interest: Major General Kulwant Singh (Indian Army, Retired) and Dr. David Leffler (3 March 2010). Global power available for any military. United Press International - Asia. Available at: http://www.upiasia.com/Security/2010/03/03/global_power_available_for_any_military/2936

Sir, I was reading a story about how NASA has lost its way, over at MSNBC. In it, I think it was Burt Rutan who had the quote of saying Rockwell was given the contract to build the Apollo spacecraft in '62. Where as, we all know the first landing on the moon wasn't until '69. The point he made with that was we comitted ourselves to an objective before any of the unknown-unknowns, became known. Objective--policy--budget--R&D--aquisition. That is what I got out of his quote. It applies to our nacent efforts in cyberspace as well, it should just about apply to everything we do. V/r YNSN link: http://cosmiclog.msnbc.msn.com/archive/2010/02/26/2213866.aspx

Sir, I just read thru and enjoyed your speech. I have a three-year-old whose screen-busted, worn out first generation iPhone, "fon", is her favorite toy. Fon, helicopter, airplane, train, unicorn. Rescued from being sold on eBay "as-is" when I wondered, "are there kids' apps?", her fon is now loaded with age-appropriate learning apps with names like "Monkey Pre-school Lunchbox" and "Matches" -- a far cry from my prized and cherished Speak-and-Spell. I think she's angling to snatch my MacBook next. Sir, your thesis is borne out in a case in the Italian courts: http://googleblog.blogspot.com/2010/02/serious-threat-to-web-in-italy.html Excerpted from the article: "In late 2006, students at a school in Turin, Italy filmed and then uploaded a video to Google Video that showed them bullying an autistic schoolmate... [Google employees] took it down within hours of being notified by the Italian police. [However,] a public prosecutor in Milan indicted four Google employees for failure to comply with the Italian privacy code. A judge in Milan today convicted 3 of the 4 defendants. In essence this ruling means that employees of hosting platforms like Google Video are criminally responsible for content that users upload. "European Union law was drafted specifically to give hosting providers a safe harbor from liability so long as they remove illegal content once they are notified of its existence. If that principle is swept aside and sites like Blogger, YouTube and indeed every social network and any community bulletin board, are held responsible for vetting every single piece of content that is uploaded to them... then the Web as we know it will cease to exist, and many of the economic, social, political and technological benefits it brings could disappear." Sir, as those within your echelon of influence consider General Cartwright's remarks or Secretary Lind's insights, as you seek the right balance between openness and security, society and defense in the cyber

Admiral, I think your analogy is sound. The Electronic commons are very much like the blue one you and I have sailed. To continue with this analogy, I would say that the tools we have to patrol this common are little more than triremes and it will take a significant effort to get us even to the point of having a 'galley' let alone a Ship of the Line. One significant development I think needs to occur is development of proper ROEs in terms of cyberwarfare. A bad actor takes down the electrical grid in New England. What is our response? Is it a law enforcement issue, or a military issue? What if part of our NIPR system is compromised? Does that alone constitute a military issue due to the networking being military? Should a cyber campaign waged by a nation warrant a kinetic response? It is hard to answer those questions because the tools we have to operate with (at least the tools I am aware of) are weak. TENTH Fleet just put out their shopping list and what are they asking for? Algorithms, tools. Ironically, our ISR capabilities inside the medium we move information with is very poor. What does this bring me to? Redundancy. Back ups to back ups in terms of our infrastructure. Integrity. Code that does not crash. Code that is not COTS. Plan B. A way to communicate that is in parallel to the internet not piggybacking on it. Also there is an ancillary component to this. Our communications hardware. Our Satellites, are how old? And are targeted. I wish I had more answers Admiral. But, tacking into the wind in a trireme is difficult at best. We need First Rates and we need the policy to shape their design. V/r YNSN

Admiral, WIRED.com has an interesting article regarding cyber war. The author states that there is no cyber war, and that the initiative to better secure the internet is one created only by hype on the part of the military-industrial complex. http://www.wired.com/threatlevel/2010/03/cyber-war-hype/ I do not agree with everything the author has to say, but in reading his article there is now a different spin to my thinking when it comes to cyber security. Michael McConnell states is quoted in the article as saying that the internet needs to be reengineered to provide for exactly what I stated we needed better tools for in my earlier post, cyber-ISR. Mr. Mconnell while I brilliant man, is wrong. To secure the internet we cannot fundamentally change the nature of the internet. To do so would be no different than changing the central tenants of the Constitution to better secure our Nation. The strongest defenses of a position always compliment the environment it's in. I am sure the same will hold true in cyber sea. I also think this article highlights the PR aspect of securing the internet. Many are not aware of how extra-state actors like Hammas, or Hezbollah utilized cyber attacks in their efforts. Nor are many aware of how Russia utilized cyber attacks in their war with Georgia. The most glaringly naive comment from the article is where the author states that in regards to the Chinese based attack on Google's servers "...that’s not warfare. That’s espionage.". In making sure we make the right moves it will be an uphill battle to prove to the public at large that we are not invading their privacy, that our efforts are not to eavesdrop on their internet browsing, or read their emails. Our efforts are to secure the critical infrastructure that now relies on connectivity provided by the internet, and the critical infrastructure of the internet itself. Lastly, the sense of individual freedom that one has on the internet. Where you just about

Admiral, I'll cast a vote for openness and light governance. That may seem counterintuitive, given my profession and current role. But I'm a citizen first and foremost and honestly believe that civil societies are going to figure out how to keep the mix of interleaved public and private sector cyber infrastructure agile, generally survivable, reconstitutable in the face of occasional hits. The up-side of an open and lightly governed model is just too compelling to consider anything else. One-world unified governance of the cyber world sounds as totalitarian, bureaucratic, capability-limiting and draconian as any other form of well-intentioned one-world governance. I'm not a Libertarian kook, but I'll support freedom, loose federation and the beauty of a thousand (or million) flowers blooming any day of the week. So I think we'll need to go careful here. On the U.S. .mil/.gov/.state and "5th Estate" side of the equation, including some of our closest allies and their respective IP domains, my talking points would be notably different. I think wholescale architecture reform, acquisition reform and governance reform will likely be required in those areas where the most fundamental enablers of national security rely upon modern IT. I think we should be working to further limit critical interdependence with private sector infrastructure, and we need to think through how we can isolate, manage and reconstitute quickly when needed within the .mil/.gov/.state domains. I could write a missive on this topic alone-- but I'm sure you have folks a lot smarter on your staff who would bend your ear on this topic for hours, if allowed. All the best and Aloha from the other side of the world... Very respectfully yours, Dave McDonald

I saw a lot of website but I believe this one has got something extra in it in it <a href="http://www.availhosting.com" rel="nofollow">cpanel web hosting</a> | <a href="http://www.availhosting.com" rel="nofollow">shared hosting</a> |

Admiral, I definitely appreciate the questions raised by both your post, and your speech. It's encouraging to see these sort of challenges being thought through in a public setting. I agree that the issue of cyber security is far more complex than simply building a better firewall. I also agree that the challenges you highlighted will require a lot of thought, as evidenced by the points made by fellow comment posters. The web is an enabler of behaviors for innumerable groups, each with their own set of goals and values. While direct attacks on physical systems remain a concern, we will also have to think about how to navigate the social spaces created by interactions on the web. Cultivating an understanding of how the web functions, and how to navigate that space will be more important. Understanding how interactions take place, and what groups exist in this space is just as important as protecting against intrusions. To carry the cyber sea analogy, creating skilled captains and pilots to navigate an unpredictable environment will be as important as the security of the ships on which they sail or the ports they call home. While this would suggest that finding some way to regulate behavior would simplify, the nature of the web makes this more complex. Norms on the web do exist, but they exist on almost a community by community basis. The diverse, and sometimes disparate values of these communities present a significant challenge to the idea of top down regulation, which makes me wonder how possible it really is. For the sake of brevity, I'll stop here. I've gone a lot more in depth on the blog for M.C. Dean's Global Engagement and Outreach Team at http://geo.mcdean.com/blog/responding-to-the-cyber-sea I'd welcome any additional commentary or questions. I want to thank you again for exploring such an important topic. Opening this kind of discussion is the first step to addressing these challenges and I look forward to hearing what you have to say

From these findings?

I didn't know that.

tell sorry, I am just so mad!