How the U.S. military's idiotic tribal mentality leaves us vulnerable to cyber catastrophe
The future of cyber warfare is limited only by the imaginations of enterprising hackers. In this arena, there is a dangerously level geopolitical playing field and an ill-defined domestic "turf." In the void of the unfulfilled promise of Cybercom, we're left waiting for some U.S. agency to take the lead on cyber warfare. The U.S. military in particular has a chance to "own" cyber. But if reports this week are any indication, America's armed services are going to blow it, and badly.
Here's where we are today: If you want to find the smartest minds in technology, look anywhere but the government and military. This isn't to say that there aren't clever people doing interesting things at dot-gov. But if you're a hot, second-year computer science student at Stanford, are you going to choose the huge paychecks, free gourmet food, wine-and-beer Fridays, and lavish ancillary financial benefits that come with, say, Google? Or will you choose a job in Washington D.C., a city so "with it" that — brace yourself — you might not have to wear a tie to the office?
Imagine you're a health junkie with hacking skills. Would you rather assemble at 5 a.m. to do a two-mile formation run limited by the speed of the slowest member of your Air Force flight or Army platoon and led by a first sergeant whose sole qualification for his position is time-in-service? Or would you prefer to work in a place where there are climbing walls and lap pools in the main office, company kayaks available for check-out, a free, state-of-the-art gym right there on campus, and mountain biking and hiking trails right at company headquarters?
This is why the government is full of "technologists" so forward-thinking that they didn't think to solder closed the USB ports of computers containing the crown jewels of the intelligence community — which is basically IT 101 — and Silicon Valley is full of technologists who have developed driverless cars, contact lenses that track glucose levels, a fleet of tiny drones that can deliver packages to your front door, and, oh yeah, they have a plan to cure death.
But the government should have some advantages. Say you want to be a spy — like, the best spy in the world. There's only one place to be: the Central Intelligence Agency. That's a real coup for American security. Why can Langley attract the kinds of minds we want running American espionage while Ft. Meade and its branch offices attract only the cyber second-stringers? The reason goes back to the CIA's founding, when guys like Frank Wizner and "Wild Bill" Donovan and Allen Dulles not only tolerated guys able to think "outside the box," but insisted on it. (Consider that one of Frank Wizner's proposed CIA psychological operations involved airdropping behind the Iron Curtain gargantuan American condoms labeled "medium.") To this day, that kind of ballsiness suffuses the DNA of the National Clandestine Service.
Compare that to the U.S. military. Look, if you want to build a group of men capable of securing a hill or clearing a building or calling for air support, you want the U.S. military to train them. But the same military by temperament can be inhospitable to young men and women thinking very deeply about the most complicated technological issues of the day, especially if the resultant ideas challenge directly members of the senior leadership and the status quo (as such ideas are almost certain to do.) If you're that hot, second-year computer science student at Stanford, that is not the life you want. The U.S. military will never, ever, ever be able to field straight from college the kinds of thinkers, engineers, and hackers necessary to wage an effective cyber war or provide bulletproof cyber security for the United States of America. It will never happen because the kinds of people who can actually do that aren't willing to play the Army's or Air Force's games — and why would they? Especially when they can cross swords with China's cyber army at Google, and enjoy the satisfaction of defending America while still enjoying the free gourmet meals.
But there is a third way. The military reservist commitment (during peacetime, at least) begins with basic training and maybe officer candidate school, and then a job specialty school (in this case, cyber), and on the other side of that initial training is a standard commitment of two-days-a-month and two-weeks-a-year. It's mostly sustainment training to keep service members up to speed on any changes that have occurred over the span of a month and to ensure they have maintained their physical training standards and military bearing. The two weeks provide leadership training, practice working as a unit, and refreshers on how to interact in a rigid military environment.
The reserve component allows would-be cyberwarriors to still work at the Googles of the world and enjoy the continually sharpened skillsets, office luxuries, and interactions with the best minds in in the world (literally) — and yet still serve their country. That one weekend every month, the Googler can put on, say, the Air Force uniform and apply to national security the lessons they've learned as engineers for one of the most exciting technology companies in American history. Meanwhile, the country wins by adding to the military cyber roster a number of first-rate thinkers.
This is as no-brainer a choice for Defense leadership as it gets. But because Defense leadership has no brain, it's not in the cards. The active duty component of the military does not want the reserve component to play a significant role in cyber operations, according to the Air Force Times. So rather than build a more logical, efficient, effective, enthusiastic, and ambitious cyber mission, the U.S. military has decided to defend to the utmost the self-evidently failed status quo, led by middle-aged men whose computer training ended when punch cards went out of vogue.
By driving its boot into the faces of the reserve component, the U.S. military is crippling American cyber security. This is beyond a shame, and trends very closely to intentionally sabotaging homeland security. The only winners here? The old military men who fell by default into "leadership" positions and whose decrepit, outdated, and addle-minded ideas will never have to face any real scrutiny.
As I've discussed previously at Cybersecurity Insider, when America does sustain a crippling cyber attack, these same men will testify before Congress and say that nobody could have foreseen whatever horror befalls the United States, and nobody will be disciplined, let alone go to Leavenworth. But I assert today that when the nightmare of cyber war finally strikes the U.S., these men will be directly responsible, and they know it, and they will deserve no less punishment than they'd like to see inflicted on Edward Snowden. Let's just hope that Russia doesn't take these guys, too, even though Siberia is a deserving end to their small, shortsighted, and petty lives.