Feeds

US military cyberwar force will work with NSA

Priority is net 'defense'. As in Department of Defense

Seven Steps to Software Security

The long wrangle among the US military about who gets to be in charge of cyber warfare and who gets all the resulting pork appears to have been settled. Questions remain, however, regarding the level of America's readiness to take offensive military cyber action against enemies presumably overseas.

Reuters reports that the main decisions on the US military cyber command were announced yesterday at the Pentagon. Defense Secretary Robert Gates signed an order to create the new organisation, intended to be based at Fort Meade outside Washington and subordinated to the head of the US National Security Agency (NSA), widely believed to be the most powerful crypto, intercept and eavesdropping agency in the world.

The news wire quotes Department of Defense (DoD) spokesman Bryan Whitman, responding to questions about "offensive" as opposed to "defensive" cyber warfare by the US forces, as remaining noncommital.

"This command is going to focus on the protection and operation of DoD's networks," he said. "This command is going to do what is necessary to be able to do that."

The Pentagon has previously stated on many occasions that its networks and those of the US government in general are nowadays constantly subject to cyber attacks, most of which appear to emanate from abroad. China is the foreign country most often mentioned in this context, but Deputy SecDef William Lynn has recently stated that "more than 100" foreign intelligence organisations have tried to penetrate the US military's cyber grid on various occasions.

"There is simply no exaggerating our military dependence on our information networks: the command and control of our forces, the intelligence and logistics on which they depend, the weapons technologies we develop and field – they all depend on our computer systems and networks,” said Lynn earlier this month. “Indeed, our 21st century military simply cannot function without them.”

The American Forces Press Service, indeed, characterised Lynn's assessment as amounting to a "clear and present danger" from cyberwarfare. This is a powerful phrase in US law: where a clear and present danger is deemed to exist, the authorities may be able to suspend the First Amendment right of free speech (or in this case, perhaps free net traffic). On the other hand, the term does get tossed around quite casually these days, having been popularised by Tom Clancy.

As for the matter of the US taking the cyber offensive (as opposed to defensive) this would seem to be a foregone conclusion. The very meaning of the word "Defence" in modern English has now changed to mean "activities formerly carried out by ministries or offices of War - including attack and offence as required". It's a universally acknowledged military truism that defence of one's own territory is often best conducted on someone else's.

If that wasn't enough, it should also be noted that the US military is at present engaged in building a cyber firing range - in effect a Matrix-esque virtual world - in which to test the effects of cyber weapons.

The new command's subordination to the NSA makes sense - the NSA is already hugely expert in crypto and other useful subjects. Not everyone remembers that it is a military organisation, but unlike the CIA it is indeed "a Combat Support Agency of the Department of Defense".

The cyber command is due to kick off in October, and reportedly will be fully up and running a year later. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.