A US Cyber Auxiliary?

Tuesday, September 27, 2011

Joel Harding


I was in a discussion recently with a gentleman from Switzerland

We got to talking about the cyber command the Swiss are standing up and it dawned on me that Switzerland has a ‘home guard‘, where there is compulsory service for all males (females are voluntary) to serve in their military (or alternative service).

Each serving member’s  weapon must be maintained and kept at home, ready to serve at any time.  I asked if that concept were to be integral to their cyber command, he indicated it would be. 

Swiss Armed Forces, as Switzerland is a neutral country, do not invade countries outside their borders but do participate in peacekeeping operations outside their country.  Switzerland might have a concept which the United States and other countries might examine for their use.

I know from experience that many, if not most, senior officials in the United States will have a problem with this concept – they seem to prefer these sensitive weapons be stored in one central location.  The European Cyber Crime Convention seems to be the standard when it comes to cyber negotiations and agreements, but Russia refuses to sign. 

As Dr. (General) Vladislav Sherstyuk said to me in November 2009, “Russia will not sign the European Cyber Crime Convention as long as it contains Article 32b”.  I brought that message home and the Russians have still not signed.  Article 32b equates to arms inspections, in this case the inspections would be virtual. 

The Russians indicate this would be an invasion of their sovereign space.  The Russians and the US have allowed physical inspections of each others nuclear weapons for decades but somehow a virtual inspection of these new weapons is somehow distasteful?

I got to thinking about how this might apply to the US.  Four years ago a few of us were pulled into a STRATCOM study group and I coughed up a furball when the idea of a cyber militia was surfaced.  I thought the press would have a field day with that concept and it would be a PR fiasco.  Now I’m not too sure…

The concept of a centralized weapon storage is good but makes a single point of failure for each ‘arms room’.   A distributed storage, such as that needed with a ‘home guard’, would create multiple points of failure but if everyone has a physical weapon at home, wouldn’t home invasions drop to near zero?  If the governments were to assist in making a secure storage area for each member of the ‘home guard’, weapons can be stored securely.

This Wikipedia page lists the different country’s approach to an individual’s right to keep and bear weapons at home.  It shows there is a wide disparity between nations.

How about a distributed cyber auxiliary for the United States?

The following paragraph is borrowed from a LinkedIn discussion with CT, my thanks. I’ve only lightly edited your words.

The best defense in a technological aspect is multiple layering (zones) of firewalls! Why not follow the same approach in our workforce, although the appropriate framework would need to be in place to facilitate on demand access (PMI framework and PEE) that can be clocked on/off for extensional access to facilities by means of bio and PKI access cards from home into a virtualized defense/offensive environment. Perhaps we shouldn’t let them take the toolkits home but they could be accessed securely from home.  Perhaps we could distribute those toolkits at home, we’d have to develop good security.

With the right protocols, procedures and command authority from the likes of DHS and Cyber Command one could facilitate such strong defensive and offensive (for some) capabilities.

Civilian units have always had a form of positive effect in wartime activities (underground movements) against foes.

This is a new evolution in warfighting, we need new approaches for future warfare.  The US infrastructure is static, the US military structure is large but static.  We already know our future adversaries do not play by the rules, their attacks are not limited to military targets only. 

A Continuity of Operations/Continuity of Government plan creates alternative centers for operations or governance but these are still static positions.  DDOS works on groups of targets because the attackers are not only hidden, they are widely distributed.

The same concept works in reverse, if the targets for such an attack are widely dispersed and hidden, the US stands a better chance of surviving a future first attack and continuing operations.

Related articles:

Cross-posted from To Inform is to Influence
Possibly Related Articles:
Military Cyberwar U.S. Cyber Command USSTRATCOM Cyber Militia European Cyber Crime Convention
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.