April 24, 2009:
The Department of Defense is battling with the politicians over who should control Cyber War operations, or at least defense against foreign hackers attacking American computer networks. The U.S. president is under pressure by Congress to do something. Years of squabbling in the Department of Defense over how to handle this are one reason why the Pentagon is in danger of losing control of this critical task.
Last Fall, the U.S. Air Force has officially scrapped its planed Cyber Command. This new organization was supposed to officially begin operating by the end of last year. Instead, many of the personnel that were going to staff the new command were sent to the new Nuclear Command. This change was made in response to a growing (over the last few years) problems with the management of air force nuclear weapons.
Despite that, for several years now, the air force has been planning to establish the new Cyber War operation and use it to gain overall control for all Department of Defense Cyber War activities. The other services were not keen on this. That resistance, plus the nuclear weapons problems, have led to the Cyber Command operation being scaled back to being the 24th Air Force. This organization will handle electronic and Internet based warfare.
While the Cyber Command will not become reality, work continues on building a Cyber Control System. This is a hardware and software system that would enable the 24th Air Force to monitor, in real time, the security state of all air force networks. If any of these networks were attacked, the Cyber Control System software would immediately alert 24th Air Force controllers, and recommend a course of action. Think of this as a war room for Cyber War. Many people, deluged with TV and movie representations of high tech military command centers, believe such a Cyber War center already exists. It doesn't, and the air force is building it. If the Cyber Control System can prove itself, the air force hopes to use it run the show for all Department of Defense networks.
What the air force wanted to do was be in charge of security for the 11 million Internet users, six million PCs and over 10,000 networks belonging to the Department of Defense (which is the largest Internet user on the planet). All the services are scrambling to get their Cyber War defenses strengthened, but the air force wants to be in charge. This effort is not appreciated by the other services. If nothing else, all this creates a spirit of competition which has made Department of Defense networks, in general, more difficult to hack into.
What the government is also concerned about is the defense of corporate and government networks. These have been under heavy attacks for over a decade, and much valuable data has been stolen. In addition, there are fears that terrorists, or hostile nations, could gain access to American power plants and other utilities, and do great damage.
The U.S. Air Force is also advocating more Cyber War attacks, as a way to cripple the attackers, and make it clear that, if you hack America, there will be consequences. Apparently there has already been some offensive operations, but no one is giving out any details about when, how, and who the target(s) were.
The new effort to take cyber defense away from the Department of Defense won't derail the need for something like the Cyber Control System. Ideally, having two, or more, of them (one run by the Department of Defense, the other by some other agency) would improve defenses. In effect, there are already several operations, similar to a Cyber Control System, out there. But Congress and the president are looking for some huge, expensive, all encompassing and, most importantly, politically reassuring, cyber defense bureaucracy so the politicians can say they have done something about the problem. Until something goes wrong. In which case you blame the ones running the defensive system, and move on. That works. It worked after Pearl Harbor, it worked after September 11, 2001, and it will work again.