If you think the military is doing everything it can to secure the country, think again.
I was shocked when I saw the article that basically says the U.S. government is debating whether or not to use offensive cyber-attacks in time of war. Frankly, if they don't have such a strategy firmly in place by now, heads should roll from the top down. Having no offensive information warfare strategy in place is grossly negligent at all levels of the government.
In the first place, the U.S. government has had the Air Force Information Warfare Command (AFIWC) in place for more than a decade. Not only that, its staff people have gone on to start some of the most notable information security companies in the industry. Its mission, at least a decade ago, was not just defensive. They were -- and are -- some of the most effective penetration testers I have met. Now it appears that they were not using their skills to prepare the cyber-battlefield.
Preparing the cyber-battlefield is also preparing the physical battlefield. For example, if you hack into adversary power grids, you can take down the power of defensive and offensive military systems. You can manipulate targeting data, so you can reprogram the targeting coordinates for Washington with the coordinates for Moscow. If you can get into logistical systems, you can reallocate weapons and ammunition to places that hamper the adversary's ability to fight. You can modify railroad signals, since trains transport a very large amount of military personnel and supplies, and create havoc. That is on top of the ability to hack into drones, airplanes, and other weapons to kill or retarget them. The possibilities are endless.
However, these are only possibilities when there is an effort to take action. Given how critical computers are, and especially with talk about how al Qaeda and small countries are engaging in asymmetric warfare by using cyber-attacks, how can the U.S. military not think of those attacks for itself? It's outrageous that the U.S. government is not doing something that even countries most people have never heard of and terrorists in caves are doing.
While it is true that the U.S. government needs to figure out how to secure millions of military and civilian employees and their associated resources, it needs to develop both offensive and defensive information warfare capabilities. The physical equivalent would be that the U.S. government wouldn't maintain an offensive capability while they cannot protect the ports and other borders.
Likewise it should be acknowledged that The National Security Agency (NSA) and other intelligence commands are actively gathering data by breaking into adversary networks. That should be continued. However, it is bizarre that they wouldn't have installed the capability to destroy those systems at the same time.
Clearly there should be coordination between intelligence gathering activities and cyber-attacks. After all, you don't want to remove a critical source of information for a minor military gain -- that is, you don't want to eliminate being able to tap into a command and control system because you destroyed that system to assist in a minor military victory. These issues can be dealt with when there is a proactive plan.
However, all reports seem to indicate that the U.S. government has no offensive information warfare in place. That is unacceptable and needs to be rectified immediately.
— Ira Winkler, Former National Security Agency analyst and author of Spies Among Us
http://www.internetevolution.com/
Tidak ada komentar:
Posting Komentar