Thoughts On a U.S. Cyber Militia

Thursday, August 23, 2012

Joel Harding


I received a call recently about cyber militias associated with the US government.  

The person who called had served with me on one of those exploratory efforts regarding cyber militias previously and it was almost humorous to hear my words come out of his mouth. Apparently my fear of the perception by the media struck a loud tone, not easily ignored.

Recently, on a LinkedIn forum,  I referred to the Swiss model for a cyber militia.  As many of you are aware the Swiss have a ‘home guard’, where all citizens are trained, armed and sent home packing their own individual weapon. 

Each has the responsibility to secure their weapon, practice periodically and are subject to recall to defend their country.  Basically they go home, stay in shape and wait. 

The Swiss trust their people and according to propaganda from the US gun lobby, the crime rate in Switzerland is extremely low.  Now the Swiss are standing up a cyber command and they say their cyber warriors will be armed in a similar fashion.

Why wouldn’t this work in the US and other countries?

First, we don’t trust our people as much as the Swiss.  That is the nature of our culture, especially in the US. We are more paranoid, cynical and negative.  We tend to micromanage; unless we can physically check to see someone’s weapon is in a safe or in a holster, we tend to disbelieve they have adequate security on a weapon.

Second, our military culture works in a hierarchical fashion.  The idea of sending someone home with a weapon supplied by the government just reeks of a lack of control. 

It is centralized planning and decentralized execution, which we teach in special forces training, but the vast majority of people are weaned on conventional military tactics – keep your weapon in an armsroom, complete with guards, alarms and checklists.  God forgive us if we carry a weapon like a police officer at all times.

Third, playing towards our feelings of paranoia, we believe if someone takes a weapon home they will experiment with it, play with it and probably do something illegal.  At least that is what the media will probably say. 

The media tends to have a liberal bias in the US, basically anti-gun, so the idea will be politically unpalatable (distasteful).  Given the opportunity the media will most likely blame hacking incidents on a cyber militia member.

So what’s a guy or gal gotta do to get past these obstacles?  First, we need a leader who has the backbone to declare “We need to do this, we trust our people, we trust their training and it’s good for our nation”. 

State this up front, put on a media blitz, don’t hide, advertise the truth. Advertise to other nations that what you seek to attack is no longer centralized but widely distributed.  We, the US, can’t be easily beaten down. 

If any of us are not wiped out in the initial cyber attacks, we can continue to attack and defend.  It will be almost impossible to launch a deadly cyber attack against the US and cause significant damage.

I think we can do it. Count me in as one of the first volunteers.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Security Strategies Military Cyberwar Cyber Security Network Security National Security Cyber Militia Media Offensive Security
Post Rating I Like this!
Joel Harding One correction I need to make to this article: not everybody will be armed, only those with a desire, the proper aptitude, capable of passing the training and those who are trustworthy should be eligible for this program. I personally don't believe they all need a clearance, not only because many couldn't get one, but a clearance really does not always catch the bad guys.
aleph I'm of the belief that starting a "Cyber-Militia" could set a dangerous precedent for Cyberwarfare and Warfare in general.

As soon as you authorize civilian individuals with no prior military service to conduct operations that can affect military and civilian entities of other countries you're telling the world that your civilian population is fair game for a first strike, and history shows that civilian populations - innocents, are the most vulnerable in times of war.

In history, militias have been latent until a foreign aggressor attacks. Cyberspace operates differently, as we all know. Setting up Cyber Militias means they would essentially be a civilian version of a standing Army rather than something that is called upon during dire times.

If you want to go and defend networks, join Cybercom - the rest of us just want to keep the skiddies and China out of our businesses. Don't turn us into combatants in a war we don't have the time and/or money to engage in.
Joel Harding aleph, that is a fair concern.

If and when a foreign nation state unleashes their militia against another, the initial blow will most likely be crushing to anything or anyone in cyberspace. Large chunks of our communications will be cut off, most likely to everyone. Our economy will grind to an immediate halt, without communications most of what we know will cease to exist. It is very likely our electrical infrastructure will be shut down and without communications it will be extraordinarily difficult to repair. Most likely our transportation network will slow down, mass transit and large carriers depend on communications. Just go on down the list of critical infrastructure, as established by DHS. Most would be severely obstructed with the loss of communications.

Now... in any and every war civilians are the unfortunate victims of warring nations. Do not think for one second that your umbrage will stave off a single attack. Today, however, we no longer do carpet bombing, we don't burn the land or salt the earth. We have munitions that can enter through one window and explode at a precise depth. The problem is our world is so interwoven that everybody will be severely impacted. You will not be a combatant, you will be a victim.

Now... as I have been saying for 10 years now. It's not going to be that bad. At the first opportunity we'll reboot our computers, reload the latest tape backups and fix what is broken. You will suddenly be involved in fixing broken infrastructure, starting with your personal work space, then your office, then those around you and finally, you will fix what you can as you can. Life may suck for a little while, but then... life will go on.
Jayson Wylie @ Joel I know of a way to get that done in short time. Things might be that bad someday. Hope and prey for the best.

I just want a free pass and money making opportunities like some programs countries have going. I might be able to sell an 0-day but I would rather have a 'never-go-to-jail' card for matters of National interest.

Maybe Plan X in operational mode?
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.