If you are like me your eyes cross and you feel a ringing in your ears when you are exposed to military-speak. The acronyms are fun and server to separate insiders from outsiders, kind of a tribal thing. But is sure makes it hard to figure out what is really going on. Take Ellen Messmer's article today in Networkworld orld Magazine. She interviews Air Force Lt. Gen. Robert Elder who is head of the Air Force "Cyber Command."
Now let me warn you, the military uses the word "cyber" as a noun. When a military guy says "cyber is important" he means something like "networks are important". So, while "Cyber Command" should mean using networks to provide command capabilities, the air force has abused our language once again because what they seem to mean is "network management". In other words there is now one group within the air force responsible for network management and it is headed up by Lt. General Robert Elder.
OK, so what does he say?
NWW: The Air Force has obviously made use of networking for a long time, so what's really different about the Cyber Command?
Elder: We differentiate between computer network security and computer network defense. Once you're through the gate, you're in, so we look at that as hostile territory. It's inside defense. Right now, most of what we do today is computer network security. But we know our adversaries will attack, and we need training and cyber tools.
See what I mean? Hard to de-cypher. "Once you're through the gate, you're in" I love that. NWW: What kind of attacks are of concern?
Elder: Phishing, for example, is a type of attack. We're arming airmen with the skills to recognize a phishing attack. We're installing tools to check URLs. We're integrating commercial products with our own host-based security systems.
Phishing? Phishing is a problem? Are you starting to get worried here?
NWW: How many people are in the Cyber Command today?
Elder: There are at least a few thousand people now and it will grow to between 5,000 and 10,000. Many people are re-assigned from all over the Air Force. The goal is to be fully established by October. We can't do anything without cyber — today, we talk about operations in the cyber domain.
At first reading I thought he was talking about 10,000 people doing cyber security. But this number must mean 10,000 people in IT, right? Those parts of IT that have not been outsourced to EDS that is.
But, good news. The new Cyber Command is going to make some radical changes:
NWW: What steps can you take?
Elder: We're putting a lot of things in place, like moving toward a policy on our firewalls to deny all except by exception.
Yikes, let me check the date on this article. Maybe it is from 1995? That was when the rest of the world figured out firewalls. Nope, 01/23/08. This just reinforces my image of most military operations when it comes to security: they are in the Twilight Zone, a world of their own, completely separated from reality, and most unfortunately, completely unprepared to face their enemies.
Update: Thanks to John Andrew Prime of Gannet for this helpful clarification: LTG Bob Elder is the commander of the 8th Air Force and the Cyber-Strike action component of Air Force Cyber Command (Provisional), but the actual commander of AFCYBER(P) as the U.S. Air Force calls it, is Maj. Gen. William "Bill" Lord. he answers directly to USAF Chief of Staff Gen. T. Michael Moseley. You can see all the top commanders of the new command at its Web page, http://www.afcyber.af.mil/