The new Chief of the Defence Staff, Sir David Richards, has said, in an interview, that he thinks we should establish a new Cyber Command which can attack as well as defend against enemy geek forces. He also believes cyber wars will come to dominate the military field in years to come. Personally I doubt it. But anyway, he apparently took the three service chiefs on a packed lunch day out to Cheltenham to see what goes on!:uhoh:

FB:)

Is that a Command in a new British Armed Forces or one within an existing Service?

I see a wedge with a very thin edge being carved. I hope our brown clad boss wallah has thought it through.

The way he's talking, sounds like he believes it could well become the principal defence concern. But personally, I think he's too much one of these characters who spots a new development and gets the idea in his head that we're all witnessing a major turning point in history. Having said that, the German's are working on a cyber defence network which will concentrate on combating Chinese Hackers.:ok:

FB:)

Sounds like a job for the security services. They already have a half decent infrastructure, or are we seriously suggesting we launch SAC Bloggs from C4I and a couple of RLC guys at the problem?

As someone who works in defence with tons of data and the comms to move that data I can see where he is coming from. In 1944 our Typhoons where firing rockets at German road and rail choke points in northern France; the Panzer boys didn't like it. Nowadays we could be firing digi-rockets at a server and router choke point. Or someone could be having a go at our choke points and given the nature of todays world (hey, here we all are from all over the world on this very bulletin board!) and we wouldn't like it either. The world changes. Faster and faster and it makes me brain hurt, but the world changes.

are we seriously suggesting we launch SAC Bloggs from C4I and a couple of RLC guys at the problem?

If I wanted to understand the implications of a cyber attack upon the Supply Chain and the mitigation to put in place, I'd certainly ask loggies. Too many people assume 'specialists' or geeks should do this sort of thing - we always need the expert user who understands the application of technology in their AOR.

I'm with Mr C; if you want to mess up someones logistics network just ask one of our own loggies for his worst case scenario! Breakfast in Brize, tea in Bastion and guns in Benbecula; not a good start.

I guess what they're looking at is a better way for us to liaise with "Q". I would expect this "Cyber Command" to do this liaison function both ways - that would make perfect sense. As already stated "Q" have this sewn up already.

While we're at it we could stop the idiot 'Coppers' doing our computer security and either hand it to this "Command" or to our A6/J6 IT professionals where it should have been in the first place. That way the 'Coppers' can do their real job of CI, checking passes and stroking their Alsatians (plus apprehending those of us that transgress the rules and regs).

I believe CDS is spot on with this requirement. I wonder if he'll follow the US example where the USAF have the lead on all things Cyber for their Forces?

iRaven

I mention the RLC not because they are involved in logistics [in fact, if I wanted to disable our supply chain, I'd employ more loggies] but because they seem to have an involvement in most things.

Thanks for your feedback.

There's something about this which I find utterly depressing. Is this what the future holds for the Human Race? Automaton machines, in the air and on the ground, where do people fit in? Where is the esprise de corps? While I certainly don't wish conflict upon anyone, I kind of like the idea of proper air forces, armies and navies! None of this "Which Computer" cobblers.:(

All a load of tosh anyway.:}

FB:)

Attacking (or defending) logistic assets is merely one iron the fire.

The command and control systems of the enemy are the real prize. Disrupt those, and it doesn't matter how much ammo and fuel you have, if it can't be controlled.

A role 14 Signal Regiment (EW) has been carrying out for years. I'd simply say expand the EW component of the Royal Corps of Signals. Job jobbed, no need to reinvent the wheel.

computer security and either hand it to this "Command" or to our A6/J6 IT professionals where it should have been in the first place.

Wrong - we went about IT in totally the wrong way from the start in the Forces. We NEED people from each specialisation involved in IT rather than give it to a single Trade. It is easier to find people from each Branch and Trade with an IT ability than train IT geeks to understand the nuances of each individual role. Then you get to understand the importance of the IT rather than a J6 perspective, which is usually not the correct one. It isn't the IT that is important, but how it is applied and the effect it generates in each area. A Techie won't understand the Mission Planning IT the way a Pilot will etc.

Our use of IT reflects the over-simplistic 'create a Trade from the Sigs world - that'll do' approach. We have hampered ourselves by not getting the users properly involved in every aspect from the start.

I'd be a bit pissed off if we weren't already doing it...

We would obviously need many more star officers plus Group Captains and Wing Commanders to man the HQ! After all, we don't have enough already.

:ugh:

I think those flying their CYBER COMMAND mega-death desktop PC's should have to wear flying suits (gloves optional) to show some sort of unity with the remote control boys.

Wrong - we went about IT in totally the wrong way from the start in the Forces. We NEED people from each specialisation involved in IT rather than give it to a single Trade. It is easier to find people from each Branch and Trade with an IT ability than train IT geeks to understand the nuances of each individual role. Then you get to understand the importance of the IT rather than a J6 perspective, which is usually not the correct one. It isn't the IT that is important, but how it is applied and the effect it generates in each area. A Techie won't understand the Mission Planning IT the way a Pilot will etc.

Our use of IT reflects the over-simplistic 'create a Trade from the Sigs world - that'll do' approach. We have hampered ourselves by not getting the users properly involved in every aspect from the start.

Spot on! Nail head hammer hit, and very precisely at that.

One only has to look at successful intelligence services around the world with an all-arms recruitment policy to see how a well-managed team can draw on the various and differing strengths of its component parts and people, and be all the more effective for it.

The critical point is of course the 'well-managed' bit, which is where many fall down, but I think that CDS has seen which way the wind is blowing and understands the benefit of such an agency being a military-run one, rather than a civvy / intelligence services lash up, which is why he's 'offering' to run it.

To be honest I can't see it happening but good luck to him for trying

CS

Mr Chinecap

Whilst I agree with your idea to use persons from trade/branches to improve and instigate IT software/hardware, if you had read my post properly you would have seen I said "computer security and either hand it to this "Command" or to our A6/J6 IT professionals where it should have been in the first place".

Computer security is for professionals; that means A6/J6 personnel - not coppers, stackers, blunties, growbags, rock-apes, mirror-technicians, ginger-beers (of the spanner wielding variety), etc...

So I contest that I am "wrong".

iRaven

OK then - computer security should involve RAF Police at least as much as any technical person. One of those words is 'security' so it needs those trained in security to ensure those trained in 'computer' know what they are looking at, what is wrong with it, what is the legal and appropriate course of action to take.
Where do you draw the line for 'computer security' then? Finding a personal laptop with unsuitable images of minors - is that a job for an A6 techie to follow up? No - RAFP should do that - computer security issue. Everything we do is now IT-based, so everyone has to adapt. You can't expect the techie to understand the nuances of security requirements enough to police cyber space. Computers are the least important part of this equation - the information processed is what is important.

If you want to interrogate a nuclear physicist, you wouldn't waste months genning up an interrogator on physics; you'd spend a few days cramming a physicist with insight into questioning. We can assume he'd get the hang of things pretty quickly. Having said that, I watched The Men who Stare at Goats last night, so I now have visions of gone native, curiously dressed Techies who were encouraged just a bit too hard to get inside the enemy's mind.

But isn't it worrying and sad, that an area that IS going to be vital to our commercial future is driven first and foremost by hand rubbing, myopic.. partisan 'Ok, who's going to get the job then?' thinking. On past performance, do any of the three Services deserve it? Does the MoD??

I imagine a Joint Command of some description would be the best way forward. However, I'd be concerned at any idea of removing resources from the hardware peter side to pay the nerd paul?!:uhoh:

FB:)

Re Computer Security, by all means the plods to take a strategic/lead/policy overview role, but there is no reason whatsoever why - if you are going to have trained IT people within trades (as happened in my case, outside the regular boundaries of your trade employment) - that it cannot be rolled down as low as necessary, as Mr C Hinecap points out.

Setting of computer security policy is indeed for IT Security professionals. The enforcement and observance of agreed standards need not necessarily be so.

I'm not sure some folk here have got the right idea about this. This is a Cyber (Warfare) Command isn't it? Whoever oversees it, those on the front line will need to be spotty teenage oiks who can launch Trojan bombs at whim towards those nasty evil foreigners, or shore up our firewall defences. This isn't about not losing another laptop, or child porn downloads.

During 2009 a significant number of laptops were stolen from Head Office; this was as much a physical security as it was an IT security problem. Although MB has postive access control, the MDGS personnel are not the sharpest tools in the box; indeed I'm not sure I'd let my children near them either. There were political cavaerts on searching people exiting the building whilst Ministers were present, and added to the use of casual unvetted cleaning staff, the building was a veritable swiss cheese. Sharper policing of what goes in and out of Main Building - and of course all other MOD and contractor sites - has to be part of an overall IT security plan.

IT security is part of a wider Computer Network Operations plan, which includes defensive and offensive components. Speak to Enterprise Risk people who work for any large company in London and they will regale you with stories of daily attacks agaisnt their servers 'from the East', and sucessful attemps at defeating these attacks (they will, of course, rarely talk of sucessful penetrations). There are, however, major legal limitation of launching computer network attacks; is it a 'hostile act'? Can you apply the Special Care Baby Unit test? (ie if you attack a network to isolate/disable the power supply of, say, a C2 post, will this also disconnect the local hospital and thus potentially commiting a war crime?). Can the secondary, tertiary and quarternary effects of a CNA be adequately mapped beforehand? Given the interconenctiveness of the globalised society of which we are apart, does an CNA against, say, an A-Q hub in South Asia, impact the offshore software development for British Companies, for example?

CNO (cyberwar, if you like) is a logical extension of measure/counter measure iteration of the EMS that has taken place for about 100 years. We cannot deny that it happens and we cannot isolate ourselves from it. I agree with Chinecaps comments that this should be driven as much by those who have familiarity with the output of systems as it is with system 'geeks'. Computer Systems Analysts realsied this over 30 years ago!

Chinecaps only half right.

The people who are placed in this command need to be those best suited or qualified to combat threats emerging from cyberspace.

Service, rank and trade are completely irrespective. I'd rather have an RAF Fireman looking after logistics security online, if he was better at it than the available loggies. The same for mission planning etc.

Pigeon-holing tasks by trade from the outset limits logical thought and reduces flexibility. I'd have thought we'd have learnt that by now.

Wrong - we went about IT in totally the wrong way from the start in the Forces. We NEED people from each specialisation involved in IT rather than give it to a single Trade. It is easier to find people from each Branch and Trade with an IT ability than train IT geeks to understand the nuances of each individual role.

Think you might have the wrong end of the stick here. This isn't about applied IT usage - if it were I would agree with you entirely. It is about offensive and defensive use of IT in persuance of national security objectives, both defending our own military capabilities and critical infrastructure as well as generating the capability to use information and IT offensively against the other guys.

The sort of person you really want for this is likely to be your young IT savvy, geeky hacker types. The sort of people that know how to get back into your computer when you lock yourself out, the sort of people that know how to get into Bill Gates' computer from your computer when they have unlocked it for you. The sort of people that fill up your inbox with crap, spam and viruses, and can quite easily hack your online bank account having used the internet to find out your wife's mother's maiden name and your inside leg measurements. We aren't talking about the applied use of IT to manage admin, supply or flt planning systems.

In an ideal world, a Cyber Command would be populated by your tech savvy senior leadership, supported by geeks, spooks and tefal-heads. Now where you get your geeks and tefal-heads from is another matter, and indeed, it maybe that Bloggs in C4I or Arm Eng has a natural aptitude for this sort of thing, in which case he should be re-roled. But that's about as far as I would go.

Cyber warfare is, I would have thought, the gaining of an ability to hack into an enemy system to steal information, inject misinformation (imagine a stores database where every item held at Leuchars is listed as being at Valley, and so on), damage the system, or take it right down... whilst ensuring that nobody can do the same to any of our systems.

Traditionally this is the area populated by young geeks, although young mathematicians can do well here too... as there's a bit of a shelf life for this sort of thing and a guy who is on top of the game one day is starting to look a bit second 11 ish 5 years later. Like PhD students and brilliant maths/physics professors, the early years tend to be a blaze of productivity, by 35 you are hoping to be on the cocktail circuit or fronting a popular science TV show for megabucks....in fact a bit burned out.

If you want people to do this you should think very carefully about the skillset needed to run it, find someone to fit that bill, then ask them to determine who to recruit - and the chances that the ideal member of the new outfit will be a currently serving airman or officer is probably about zero on any realistic scale.

Probably better to have a hierarchical structure where the bottom layer is a bunch of 22 year olds recruited for proven hacking ability, who are then supervised to see if they turn anything sensible out - most of whom do a few years and then get discarded.

By the way, don't sign up Jeff Goldblum, and Apple computers are not the way to go. (2 free bits of advice, to get CDS started).
Dave