Another one today!
This here piece, and the according official text (with interesting subheader, as downloaded from the official site…).
Because one should not expect either to be a fair representation of the Chief’s actual stance as what is in the speech text is so clearly wrong, or the Chief (his speechwriter) was badly misinformed by his own staff / speechwriter, probably down/up quite some chain of command before reaching either end. E.g.,
- “First, Admiral Bauer pointed out that cyber operations have significant drawbacks. In fact he called them a “too good to be true” scenario. Yes, they are fast, do not require boots on the ground, and have limited risk of repercussions. Yet they do require extensive preparations, and are tailored at a specific target, at a specific time, under specific circumstances. This makes them difficult to repeat. Conventional weapons can be used for years. Cyber weapons (e.g. malware) on the other hand have a limited shelf life as the vulnerabilities they depend on will be patched.”
Right … What about comparing a vulnerability of this sort (that can be patched so easily, i.e., a known bug that hadn’t been patched before! with a single bullet? That can be fired simultaneously at thousands, millions of foot soldiers that when hit, will turn on their Chief ..?
And the idea that once used in an attack (sic, because no-one is out looking for unknowns ..!), it will be patched before it will be used in an attack thus resulting in a contradictio, and
As if full patching of each and every exploitable vuln at once, has anything to de with reality whatsoever; if one thinks that: dream on and back to kindergarten. [As stated: No bearing on respect for the CHOD (why not CJCS?); one can for the above, and below, things not expect the speech text to be accurate – on second thoughts, is this a fake news detractor, to seed false info ..?]
Plus, this reads as if all patches are perfect all of a sudden. Now that would be news.
And, what about differences in sophistication? Weren’t all sorts of countries effectively kicked out of Afghanistan [to name one of a long list…’Nam anyone?] without succes (sic), by people with hand guns and IEDs only (no, the I stands for something)? As e.g., here. As if the many armies kicked out like that, those, not have had their ‘patching’ with armour all together…!?
- “Notice how this is different form ‘civilian’ cyber security. There an attacker has a distinct advantage over the defender because he does not need to attack a specific target (he can try many targets at once and settle for the weakest one), and typically has no deadline within which the attack must be successful. In a ‘civilian’ cyberattack periods of activity are separated by sometimes long periods of inactivity, because after a successful move the attacker stumbles upon a further line of defence that must be investigated.
Cyber operations do not have that flexibility, especially because they must form an integral part of existing military capabilities. The timing of a cyber operation thus depends critically on other, conventional, operations. (As someone later explained to me, if the commander of a military operation inquires whether the cyber team can hack say a bridge, the answer “probably yes, but we do not know how long it will take us” is not very useful.)”
Again, a gross mis-take on what ‘cyber’warfare [#ditchcyber] is about. As if, as if, ‘cyber’warfare, were any different than normal warfare, Clausewitz-like – not! as you can read for yourself; the civilian long-term ‘warfare’ is exactly the same as the 5th kind.
If the commander would ask a squad whether they can take (out, I guess) a bridge with physical means, and any ‘yes’ would be taken as certainty, the commander will not be in charge too long… The right answer is seldomly the most useful one, as, relevant, is e.g., the question why one is there: this (3rd bullet).
- “A second thing that stood out in the speech of Admiral Bauer was the acknowledgement that in cyberspace, the difference between cyber security and national security becomes fuzzy. Whereas defending the latter is clearly a task of the military, their role in protecting the former is less clear. As Admiral Bauer put it: “the Armed Forces are not the national firewall”. Yet it is clear that by developing cyber weapons and cyber defences, their impact (both positively and negatively) on cyber security increases. This requires closer cooperation with the government, law enforcement, the private sector and research institutes. Admiral Bauer would like to invite people from cyber industry to work directly with or for the Armed Forces.” [From 1st link above]
Another non-sequitur. As if the CHOD could not see that border defense (what are ‘we’ doing in all sorts of places around the world, then ..? Far, far overstretched, qua capacity and capabilities) is the same, either physical or abstract. If people had to defend for themselves … they should have the right to all bear arms in ‘cyber’space, to defend themselves, just as they would have the right to bear arms in physical space, right? With those arms necessarily being of at least equal combat value as the opponents’ ones. I can have my own F16 squadron! (And I would certainly want it to be as great as ‘my’ 322sqn … with Block 52+ Advanced / -V or what have we … Hey isn’t this a great and desperately cheap alternative to (jump) the money guzzling F35s ..!?)
And “no physical sand bags” (2nd link) ..!? What are patches, then?
- Et cetera. One could go on, ever more certain that this is not the official military stance on the issue but some sickly surrendermonkey civil servant (if only they did) kind of underling dweezil sort of misinterpretation of seriousness.
[All analog (literally, slides!) to digital scans; from the time we built (rather, had around still from years before) diarama’lets and there were shows for the public when Twente AFB still existed – like, 1983 or so, you know, from times when Defence was something Real]