US reveals plans to hit back at cyber threats

US reveals plans to hit back at cyber threats

Summary: The US Air Force Cyber Command is just as interested in attack as defence, according to a senior general

SHARE:
TOPICS: Security
1

"We have 10,000 people to do this, but the problem is they are stovepiped," said Elder.

"Stovepiping" has two complementary meanings. In IT terms it describes information held in separate databases which is difficult to access due to its multiple locations — the UK equivalent term would be "siloed". In intelligence-gathering terms — the Eighth also serves as the US Air Force information operations headquarters — "stovepiping" refers to information which has been passed up the chain of command without undergoing due diligence.

Elder said that, while he was satisfied with AFCYBER's covert operations capabilities and its demonstrable ability to remotely destroy missile defence systems, he wished to further develop its attack capabilities.

"IT people set up traditional IT networks with the idea of making them secure to operate and defend," said Elder. "The traditional security approach is to put up barriers, like firewalls — it's a defence thing — but everyone in an operations network is also part of the [attack] force. We're trying to move away from clandestine operations. We're looking for real physics — a bigger bang resulting in collateral damage."

US Cyber Command also needs to develop the means to quickly pinpoint exactly where an attack is coming from, to be able to retaliate, and also to deter potential attackers.

For deterrence we have to clearly identify the attacker. We're working on rapid forensics to determine who the adversary is

Lieutenant general Robert J Elder, Jr

"We haven't done a good job in the cyber-domain just yet," said Elder. "We have to demonstrate the capability to do [rapid forensics] then message that to our adversaries. For deterrence we have to clearly identify the attacker. We're working on rapid forensics to determine who the adversary is."

While cyber-espionage was inevitable, said Elder, knowledge of the US military being able to pinpoint the source of cyberattacks could deter assaults on critical national infrastructure that use Supervisory Control And Data Acquisition (Scada) systems.

"We're not going to deter cyber-espionage, but we might be able to deter attacks on Scada networks," said Elder.

As well as developing forensics tools, Cyber Command is also coding tools to check for incursions, including a "Cyber Sidearm", which will monitor activity on the Combat Information Transport System — the US Air Force cyber-network.

"We've been working to get the functionality built — we're supposed to have it in the next couple of months," said Elder.

US Eighth Air Force said it was seeking partnerships with both public- and private-sector organisations to "secure cyberspace". The Department for Homeland Security's Strategy to Secure Cyberspace includes establishing a public-private architecture to gauge and respond to cyberthreats, and increase information-sharing between public- and private-sector organisations and the military.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • From what i'm reading it seems the Air Force needs some formal training

    It seems the AFCYBER needs formal training on how to structure their network for setting up these kind of attacks.
    sakamura@...