Re: Defense Area
2 views
Skip to first unread message
Michael Hennick
Mar 12, 2013, 12:24:35 AM3/12/13
to Ronald Nemes, status-qu...@googlegroups.com
To piggyback on what Ron started:
7. Information Sharing among critical infrastructure
a. Based on DIBNet pilot with DoD contractors and ISPs
b. Later referenced in Presidential Executive Order
(http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity)
c. Will information sharing of "cyber" events be effective to protect
contractors and critical infrastructure in the future?
d. Will there be a standard settled upon for sharing data? (MITRE
currently has a standard proposed)
e. Legal/privacy concerns for businesses sharing data and their customers?
8. Repercussions for DoD Contractors suffering breaches
a. Will a breach cause fines or loss of contracts?
b. Potential blacklisting for future contracts?
c. How does stolen intellectual property affect military operations?
(loss of life, loss of secrecy of "stealth" projects, etc)
d. Should there be government mandates on how DoD contractors should
conduct business/secure their networks?
9. Growth of National Guard opportunities for "weekend cyber warriors"
a. Would a voluntary army of information security professionals help meet
the government needs for skilled experts to work in areas such as
CYBERCOM?
b. How would tasks be split that could make use of this volunteer force?
c. In times of cyberwar, how would a voluntary force of information
security professionals be pulled from their day job, especially if their
day job is also under attack? (DoD contractors, ISPs, critical
infrastructure, etc)
10. Wargames for DoD contractors/critical infrastructure
a. Would this increase security postures of private industry?
b. Would private industry take advantage of such events to train their
staff?
c. What information would be able to be shared on how the government
would handle a "cyber war" with private industry in order to make it
effective?
> Just a little bit of Spitballing here not sure if the document shared
>
> *Ron Nemes
> Cyber 622 Project Defense Ideas/ Scenarios for 2025
>
> 1. All Defense computers are taken off of the NIPR (unclassified)
> network
>
> a. Communication is all secret
>
> b. How would this work with allies (CENTRIX)
>
> c. Good – more secure ?
>
> d. Bad – difficult to establish, heightened security, is everyone
> clearable ?
>
> e. How to validate new people entering the network (this could also
> expand broadly to the internet and attribution, i.e. if you what to join
> our network, show yourself)
> 2. Defense continues and expands use of commercial software and
> hardware
>
> a. Supply Chain management – false parts
>
> b. Possibly less secure
>
> c. Giving up security for cost
>
> d. More available
> 3. UAV / Comms security
>
> a. Can our UAVs be compromised or taken over
>
> b. How would attribution be figured out
>
> c. Mixes cyber with kinetic attack
> 4. Attribution
>
> a. Will there be better ways ?
> i. If so what does that mean
> for our cyber capabilities
> ii. Can we attack nation
> states with cyber / kinect in retaliation
> iii. What about non-state
> actors
> iv. Can we respond quick
> enough.
>
> b. No better ways
> i. Policies may tie our
> hands
> ii. Difficult to retaliate
> 5. Rules of Engagement (Could tie into Attribution)
>
> a. DoD has implemented rules of engagement for the operation and
> defense of its networks. In current operations that occur in designated
> Areas of Hostilities, specific rules of engagement have been approved to
> govern and guide DoD operations in all domains. DoD’s cyber capabilities
> are integrated into planning and operations under existing policy and
> legal
> regimes. (
> http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/NDAA%20Section%20934%20Report_For%20webpage.pdf)
> 6. Allies (Could be Foreign Governments and US Commercial sector
> companies also)
>
> a. Launching attacks from multiple nations
>
> b. Coming to their defense
>
> c. What capabilities do we share ?
> 7. Definition / Look of War
>
> a. No more Tanks and large armies
>
> b. Smaller brigade style groups
> c. Mobile cyber cells ?*
>
7. Information Sharing among critical infrastructure
a. Based on DIBNet pilot with DoD contractors and ISPs
b. Later referenced in Presidential Executive Order
(http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity)
c. Will information sharing of "cyber" events be effective to protect
contractors and critical infrastructure in the future?
d. Will there be a standard settled upon for sharing data? (MITRE
currently has a standard proposed)
e. Legal/privacy concerns for businesses sharing data and their customers?
8. Repercussions for DoD Contractors suffering breaches
a. Will a breach cause fines or loss of contracts?
b. Potential blacklisting for future contracts?
c. How does stolen intellectual property affect military operations?
(loss of life, loss of secrecy of "stealth" projects, etc)
d. Should there be government mandates on how DoD contractors should
conduct business/secure their networks?
9. Growth of National Guard opportunities for "weekend cyber warriors"
a. Would a voluntary army of information security professionals help meet
the government needs for skilled experts to work in areas such as
CYBERCOM?
b. How would tasks be split that could make use of this volunteer force?
c. In times of cyberwar, how would a voluntary force of information
security professionals be pulled from their day job, especially if their
day job is also under attack? (DoD contractors, ISPs, critical
infrastructure, etc)
10. Wargames for DoD contractors/critical infrastructure
a. Would this increase security postures of private industry?
b. Would private industry take advantage of such events to train their
staff?
c. What information would be able to be shared on how the government
would handle a "cyber war" with private industry in order to make it
effective?
> Just a little bit of Spitballing here not sure if the document shared
>
> *Ron Nemes
> Cyber 622 Project Defense Ideas/ Scenarios for 2025
>
> 1. All Defense computers are taken off of the NIPR (unclassified)
> network
>
> a. Communication is all secret
>
> b. How would this work with allies (CENTRIX)
>
> c. Good – more secure ?
>
> d. Bad – difficult to establish, heightened security, is everyone
> clearable ?
>
> e. How to validate new people entering the network (this could also
> expand broadly to the internet and attribution, i.e. if you what to join
> our network, show yourself)
> 2. Defense continues and expands use of commercial software and
> hardware
>
> a. Supply Chain management – false parts
>
> b. Possibly less secure
>
> c. Giving up security for cost
>
> d. More available
> 3. UAV / Comms security
>
> a. Can our UAVs be compromised or taken over
>
> b. How would attribution be figured out
>
> c. Mixes cyber with kinetic attack
> 4. Attribution
>
> a. Will there be better ways ?
> i. If so what does that mean
> for our cyber capabilities
> ii. Can we attack nation
> states with cyber / kinect in retaliation
> iii. What about non-state
> actors
> iv. Can we respond quick
> enough.
>
> b. No better ways
> i. Policies may tie our
> hands
> ii. Difficult to retaliate
> 5. Rules of Engagement (Could tie into Attribution)
>
> a. DoD has implemented rules of engagement for the operation and
> defense of its networks. In current operations that occur in designated
> Areas of Hostilities, specific rules of engagement have been approved to
> govern and guide DoD operations in all domains. DoD’s cyber capabilities
> are integrated into planning and operations under existing policy and
> legal
> regimes. (
> http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/NDAA%20Section%20934%20Report_For%20webpage.pdf)
> 6. Allies (Could be Foreign Governments and US Commercial sector
> companies also)
>
> a. Launching attacks from multiple nations
>
> b. Coming to their defense
>
> c. What capabilities do we share ?
> 7. Definition / Look of War
>
> a. No more Tanks and large armies
>
> b. Smaller brigade style groups
> c. Mobile cyber cells ?*
>
Reply all
Reply to author
Forward
0 new messages