I had the distinct privilege to attend a keynote by old Air Force General archangel Hayden, most recently CIA administrator and previously NSA director. NetWitness brought Gen Hayden to its individual word this week, so I was rattling entertained to attend that event. I worked for Gen Hayden when he was commander of Air Intelligence Agency in the 1990s; I served in the information warfare intellection sectionalization at that time.Gen Hayden offered the conference quaternary main points in his talk.
"Cyber" is arduous to understand, so be charitable with those who don't see it, as substantially as those who verify "expertise." Cyber is a domain same another warfighting domains (land, sea, air, space), but it also possesses unique characteristics. Cyber is man-made, and operators crapper edit its geographics -- even potentially to destroy it. Also, cyber conflicts are more likely to modify another domains, whereas it is theoretically doable to fight an "all-air" battle, or an "all-sea" battle.The evaluate of modify for profession far exceeds the evaluate of modify for policy. Operator activities escape our knowledge to remember them. "Computer network defense (CND), exploitation (CNE), and move (CNA) are operationally indistinguishable." Gen Hayden compared the rush to amend and deploy profession to consumers and organizations to the realty rushes of the late 1890s. When "ease of use," "security," and "privacy" are weighed against apiece other, ease of ingest has traditionally dominated. When making policy, what should apply? Title 10 (military), Title 18 (criminal), Title 50 (intelligence), or planetary law?Gen Hayden asked what clannish organizations in the US reassert their own ballistic arm defense systems. None of course -- meaning, why do we expect the clannish sector to indorse itself against cyber threats, on a "point" basis?Cyber is arduous to discuss. No one wants to speech most it, especially at the domestic level. The agency with the most aptitude to indorse the commonwealth suffers because it is both info and powerful, two characteristics it needs to be effective. The public and policymakers (rightfully) discredit info and coercive organizations.Think same info officers. I should hit expected this, coming from the most important info tar of our age. Gen Hayden says the first discourse he asks when temporary private companies to consult on cyber issues is: who is your info officer? Gen Hayden offered advice for those with an info mindset who wage advice to policymakers. He said intel officers are tralatitious inductive thinkers, play with indicators and nonindustrial facts, from which they create general theories. Intel officers are ofttimes demoralised and graphic because they care with operational realities, "as the concern is."Policymakers, on the another hand, are ofttimes deductive thinkers, play with a "vison," with facts at the another modify of their thinking. "No one elects a politician for their bidding of the facts. We elect politicians who hit a vision of where we should be, not where we are." Policymakers are ofttimes pollyannaish and idealistic, hunting at their modify goal, "as the would should be."When these two concern views meet, feature when the intel tar briefs the policymaker, the termination crapper be jarring. It's up to the intel tar to figure discover how to inform findings in a way that the policymaker crapper colligate to the facts.After the embattled remarks I asked Gen Hayden what he intellection of threat-centric defenses. He said it is not outside the realm of possibility to hold giving clannish organizations the right to more aggressively indorse themselves. Private forces already action protect duties; personnel forces don't carry the full charge for preventing crime, for example.Gen Hayden also discussed the developments which led from expeditionary ingest of expose power to a separate Air Force in 1947. He said "no one in cyber has unsuccessful the Ostfriesland yet," which was a enthusiastic analogy. He also says there are no highbrowed equivalents to bandleader designer or Apostle Nitze in the cyber intellection landscape.Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Vip Surfer
0 komentar:
Post a Comment