President Reagan and General Alexander on National Cyber Security

General Alexander

"In this present crisis," said President Ronald Reagan in his first inaugural address, "government is not the answer to our problem; government is the problem." Perhaps the former president's trenchant observation about the nation's economy is just as applicable to the present crisis in national cyber security.[1]

In a recent interview, General Keith Alexander, Commander, U.S. Cyber Command and Director, National Security Agency made an interesting observation. Speaking of the cyber threat to the nation, General Alexander noted that America’s adversaries “are aggressively stealing U.S. intellectual property [putting] the competitive edge of U.S. businesses at risk.” Putting it even more strongly, the general stressed that “the United States is on the losing side of the greatest transfer of wealth and treasure in history.”[2] That's the giant sucking sound you hear, unless you're completely deaf to these kinds of things.  It's happening right now as we speak.

Officers like General Alexander, and the rest of the Department of Defense in general, tend to take computer network security very seriously, apparently a lot more so than many other parts of the federal government.  The department’s emphasis on protecting our networks is keenly felt all the way down the chain of command. At Fort Gordon, for example, just this week, I and my teammates lost about 36 hours of productivity while information area security officers performed upgrades to our systems. Every year, everyone with computer access takes several hours of network security training. All of us maintain an up-to-date computer access cards, without which no access to the network is possible. Inspectors and security officers ensure that security regulations and policies are in place and closely followed. The list of security regulations, commanders' policies, training memoranda, agency updates, and "friendly reminders" are longer than a man's arm.

An awful lot of time and money are invested across the department to ensure that department employees, members of the uniformed services, and contractors know and follow all the rules. We do a pretty good job, I think, of protecting the data on our networks from ourselves—the good guys. When in the Sam Hill will the government start paying attention to people like General Alexander and get serious about protecting the nation’s data—it’s wealth and treasure—from the bad guys?

__________________________________
[1] Ronald Wilson Reagan, 1st Inaugural Address, Washington, D.C., The American Presidency Project, http://www.presidency.ucsb.edu/ws/index.php?pid=43130 (accessed 14 December 2012).
[2] Interview, General Keith B. Alexander, Military Information Technology, Vol. 16, #20, 16-19.

FORTITUDE

FUSAG was fake, but
Patton was very real.

Allied Operation FORTITUDE was a program of deception—and a supplemental operation—to Operation OVERLORD, the Normandy Campaign. At the center of the FORTITUDE deception was the entirely fictitious First United States Army Group (FUSAG) ostensibly commanded by the very well-known American officer, Lt. Gen. George S. Patton. In what today would be termed a military information support operation, FUSAG was given a network of installations, had its own imaginary organizational structures, fabricated radio message traffic, conjured up plans, missions, and briefings, even false insignia. The ghost command had its own— 

“training grounds, a communications network, plans, orders of battle, and a specific target, the French coast between Calais and Boulogne, or even, so the Germans were encouraged to believe, farther northeast [and thus further away from Normandy] on the Belgian and Dutch coasts.”[1]

German intelligence agents in England repeatedly confirmed much of this “evidence” which completely fooled the German high command, including Hitler, as to both the magnitude of the Allied forces available and the intended target for their imminent cross-channel attack So convinced were the Germans of the reality of FUSAG, that even after the Normandy landings had begun, the German high command kept the powerful 15th Infantry Division positioned, and most of their Panzer units held in reserve, to defend against what they were sure would be soon coming, the main cross-channel attack by Patton’s forces striking the Calais area, 100-150 miles northeast of Sword Beach. 

As evidenced by the German high command’s decisions regarding its Panzer reserves and its heavily armed 15th Infantry Division, not only is the Third Reich’s strategy for its defense of its western approaches discovered, but the fundamental purpose of Operation FORTITUDE is revealed. Its purpose was to fool the Germans into thinking the invasion would come at a place far away from the area of the actual landings. German uncertainty as to where the landings would occur left them with no choice but to defend well over a thousand miles of coastline from Denmark in the north to the Bay of Biscay in the west, forcing them to violate Frederick the Great’s dictum that he who defends everything defends nothing. Once the invasion came, the deception wrought by FORTITUDE remained so strong that senior commanders up to and including Hitler remained steadfast in their conviction that it was just a feint and that the real invasion would come further up the coastline. 

__________________________
[1] Martin Gilbert, D-Day (Hoboken, New Jersey: John Wiley and Sons, 2004), 61.

A General Stares Down a Monster

LTG Susan Lawrence
Army CIO/G-6

Interesting article in the Army Times about Army network modernization.  I say interesting because it reports that Lieutenant General Susan Lawrence, the Army's CIO/G-6, has "grand plans" and wants to make "wholesale changes in the service's network."   Army Times staff writer Michael Hoffman describes Lawrence as "tired of her service languishing in old technology and handcuffed by an acquisitions system that leaves the Army way behind the commercial sector."

In the "money" paragraph, Hoffman quotes Lawrence giving a heads-up to industry.  Speaking of the current network, she challenges--

“Get us something else fast. It is cumbersome. It is hard to use. We have to protect our identity and make sure our information is secure but we have to do it a little bit better than we have today. Those were designed in 2002. It’s time we move on to new technology and I think you guys got it so you’re gonna see something from me very shortly,” Lawrence said at the Association of the U.S. Army breakfast July 14 in Arlington, Va."

Once more speaking of the still loosely federated network "enterprise," she said--

“We can’t have an enterprise with 50 quarterbacks and 50 playbooks on the battlefield." 

Well, great.  A lot of us are in favor of what she's talking about.  We really want to see this happen.  But here's why I thought the article was really interesting.  In order for Lt. Gen. Lawrence to get what she wants, she's going to have to tame this monster--

The Department of Defense's Integrated Acquisition,
Technology, and Logistics Life Cycle Management System

Good luck, General!

335th Signal Command (Theater)

"Ready Lightning,"
335th Signal Command Logo 

Earlier in the week I was part of a team of doctrine writers that visited the 335th Signal Command (Theater) at its East Point, Georgia headquarters.