<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">It seems to me the Pentagon should consider following a USSOCOM/JSOC model towards Cyber. For example, instead of trying to 'be more effective' by just growing the number of Cyber Command billets, <span class="Apple-style-span" style="font-size: 12px; ">f</span><span class="Apple-style-span" style="font-size: 12px; ">ocus instead on creating and deploying small teams of cyber operators who work together on specific offensive or defensive missions. In my opinion nation-state level cyber</span> is (and will remain) a specialty domain due to it’s extreme technical nature across a breadth of disciplines. To be truly effective (in either offense or defense) you need small, cohesive teams who offensively and defensively simultaneously, and up and down the stack. Once the mission is achieved, these tiger teams move on to the next mission, and the Command backfills with (easier-to-hire) technical staff to hold down the fort.<div><br><div><div><div><span class="Apple-tab-span" style="white-space:pre">        </span>-irby<br><div><br><div><br><div><br><div><br></div><div><br><div><div>On Jan 28, 2013, at 11:20 AM, Dave Aitel wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<div bgcolor="#FFFFFF" text="#000000">
<a href="http://www.nytimes.com/2013/01/28/us/pentagon-to-beef-up-cybersecurity-force-to-counter-attacks.html?_r=0">http://www.nytimes.com/2013/01/28/us/pentagon-to-beef-up-cybersecurity-force-to-counter-attacks.html?_r=0</a><br>
<br>
Notably, they don't do all this staffing actually AT the Pentagon,
where they'd get to fight every contractor already trying to staff
up, and where people would get to enjoy the traffic. :><br>
<br>
<meta charset="utf-8">
<blockquote><i><span style="color: rgb(0, 0, 0); font-family:
georgia, 'times new roman', times, serif; font-size: 15px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: 22px; orphans: 2;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; background-color: rgb(255, 255, 255); display: inline
!important; float: none;">As part of the expansion, officials
said the Pentagon was planning three different forces under
Cyber Command: “national mission forces” to protect computer
systems that support the nation’s power grid and critical
infrastructure; “combat mission forces” to plan and execute
attacks on adversaries; and “cyber protection forces” to
secure the Pentagon’s computer systems.</span></i><i><br>
<br>
</i></blockquote>
It's interesting they're building a team to secure critical
infrastructure before the groundwork has been laid legislatively to
use that team. <br>
<br>
Also - everyone focuses on "how to recruit X number of people", but
forgets that the Government doesn't really need huge farms of rock
star hackers and in fact, they prefer not to have them. Good
technologists who can work in a team are eminently findable and much
more valuable. <br>
<br>
Realistically, their problem is more managerial than technical. This
is a young field, and it's hard to find people who have the security
experience and management know-how (and actually want to do
management). Your basic Java program manager can't hack it (pun
intended).<br>
<br>
But without that, you're going to be building the tools you need
today, rather than the tools you'll need tomorrow. It's a fatal flaw
in most cases. Literally, in this case.<br>
<br>
-dave<br>
<br>
<pre class="moz-signature" cols="72">--
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
<a class="moz-txt-link-abbreviated" href="http://www.infiltratecon.com/">www.infiltratecon.com</a>
</pre>
</div>
_______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>https://lists.immunityinc.com/mailman/listinfo/dailydave<br></blockquote></div><br></div></div></div></div></div></div></div></div></body></html>