Civilian hackers have a solid intuitive understanding and can use that to select, build, and modify whatever tools they please according to their intentions, and use them however they want to.
Do the military "cyberwarriors" even have local admin rights on their machines? Do they have the education necessary to think about systems and vulnerabilities and the requisite leeway to use that knowledge, or are they (as I would guess) "highly trained," where "trained" means "good at following a set of procedures"?
I'm not knocking that as part of military culture. I want the people in control of weapons and aircraft, etc. to be great at following orders and the procedures they were trained to follow, and do little else. The ICMB fleet is not a place for improvisation.
But computer security is. It's a creativity-driven field that moves quickly, evolves hourly, and requires intellectual agility. I would imagine that from a locked-down, out-of-date OS with a years-long procurement cycle to buy third-rate software from huge, blundering contractors and no leeway to try new things on a whim, it would be impossible to beat a team of educated, unencumbered civilians in a field like this.
Of course, that's just a caricature of military culture that I'm imagining, but can anyone speak to this?
Special Operations forces are given considerable leeway to customize weapons and adjust uniform standards to the situation. I think the "cyberwarriors" would/should argue that their machines are their weapons and so should have similar latitude.
> I think the "cyberwarriors" would/should argue that their machines are their weapons and so should have similar latitude.
They have argued and lost because the big picture military only cares about PT tests, marksmanship, and hair cuts. No one important enough to change policy understands how computers work.
Only the Marine Corps and maybe Army really care about PT performance - from what I understand, promotions in the Navy and Air Force are based off of exams.
USAF cares quite a bit about PT, as they're using it as a force-shaping tool (a way to get rid of people as they downsize).
For years there was debate between the weightlifters and the runners in Air Force leadership over the best way to ensure a fit force. The runners won, which is why a waist measurement is now included in the PT standards.
In the Air Force you get a yearly Enlisted Performance Report or Officer Performance Report. Your OPR/EPR counts towards your promotion, and one of the sections of the OPR/EPR is how well you meet PT standards. Fail a PT test and you get a referral OPR/EPR, then you can pretty much kiss your military career goodbye.
The B-2 bomber pilots are closer to computer hackers... Hacking is long hours spent quietly trolling for marks and acquiring programs and contacts for your "bag of tricks".. With a few hours of frantic planting the hooks and grabbing what you can before the connection is cut.
Ideally, you're like the bomber pilots.. The first time you get noticed is when the bombs are going off and you're already got the data.
>It's a creativity-driven field that moves quickly, evolves hourly, and requires intellectual agility.
That does describe what is expected of military members in combat operations, so it isn't like the military shouldn't be able to apply that philosophy to this area.
I would think the issue is that the "cyberwarfare" group is new and so is being run like an ordinary technical unit, which means procedures and process out the ears and limited flexibility. The military could easily free them of that and let the unit run itself like a special operations unit.
>That does describe what is expected of military members in combat operations
Isn't the tactical playbook set On High? Obviously you need to react to a changing situation in combat, but wouldn't the standard responses to various situations be planned/tested/approved and then turned into training material by some central authority? Or is that sort of thing more up to officers in the field?
No. There are tactical principles that are taught, and basic tactical approaches, but a "tactical playbook" would be completely unwieldy.
The Soviet military used that system, including algorithms to determine which tactical approach to apply. Western military's have long focused on small unit initiative and rewarding novel tactics. A wartime military is the ultimate meritocracy.
Even in WWI, which is often stereotyped as stupid generals sending men walking into machine gun fire, there was a huge amount of tactical innovation from the lower levels (by 1917 they had developed the small unit tactics we still use today).
Do the military "cyberwarriors" even have local admin rights on their machines? Do they have the education necessary to think about systems and vulnerabilities and the requisite leeway to use that knowledge, or are they (as I would guess) "highly trained," where "trained" means "good at following a set of procedures"?
I'm not knocking that as part of military culture. I want the people in control of weapons and aircraft, etc. to be great at following orders and the procedures they were trained to follow, and do little else. The ICMB fleet is not a place for improvisation.
But computer security is. It's a creativity-driven field that moves quickly, evolves hourly, and requires intellectual agility. I would imagine that from a locked-down, out-of-date OS with a years-long procurement cycle to buy third-rate software from huge, blundering contractors and no leeway to try new things on a whim, it would be impossible to beat a team of educated, unencumbered civilians in a field like this.
Of course, that's just a caricature of military culture that I'm imagining, but can anyone speak to this?