Club PA 2.0 has arrived! If you'd like to access some extra PA content and help support the forums, check it out at patreon.com/ClubPA
The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

[Espionage] US Government Hacked: 4 million federal employees' data breached

joshofalltradesjoshofalltrades 地獄のようにかわいいあなたは嫉妬深いかRegistered User regular
edited June 2015 in Debate and/or Discourse
This seems like kind of a huge deal.
WASHINGTON — A giant hack of millions of government personnel files is being treated as the work of foreign spies who could use the information to fake their way into more-secure computers and plunder U.S. secrets.

Federal employees were told in a video Friday to change all their passwords, put fraud alerts on their credit reports and watch for attempts by foreign intelligence services to exploit them. That message came from Dan Payne, a senior counterintelligence official for the Director of National Intelligence.

“Some of you may think that you are not of interest because you don’t have access to classified information,” he said. “You are mistaken.”

Federal officials said Friday the cyberattack appeared to have originated in China, but they didn’t point fingers directly at the Chinese government. The Chinese said any such accusation would be “irresponsible and unscientific.”

“We know that the attack occurred from somewhere in China, but we don’t know whether it was an individual or a group or a nation-state attack,” said Rep. Jim Langevin, a Rhode Island Democrat and leading voice in Congress on cybersecurity. He added, though that it had “all the hallmarks of a nation-state attack.”

White House spokesman Josh Earnest said he couldn’t divulge much while the case was under investigation. Still, he noted that investigators “are aware of the threat that is emanating from China.”

One U.S. official said the breach of data involving more than 4 million past and present federal workers was being investigated as a national security matter. That suggests authorities believe a nation was behind it rather than a more loosely organized gang of cybercriminals. The official was not authorized to discuss an ongoing investigation and spoke only on condition of anonymity.

The breach was an embarrassing showing for the U.S. government’s vaunted computer-defense system for civilian agencies — dubbed “Einstein” — which is costing $376 million this year alone. It’s supposed to detect unusual Internet traffic that might reflect hacking attempts or stolen data being transmitted outside the government.

A wide range of information is prized by spies — classified military secrets but also economic strategy and internal foreign policy debates.

This latest breach occurred in December but wasn’t discovered until April, officials say. It was made public Thursday.


“The scale of it is just staggering,” said Rep. Adam Schiff, D-Calif., top Democrat on the House Intelligence Committee. There’s no telling how many more attacks could be spawned by the information stolen in this case, he said.

Although most Americans think of identity thieves stealing from credit card or bank accounts, the information about civilian federal workers has other value for spies.

“They’re able to identify people who are in positions with access to significant national security information and can use personal data to target those individuals,” said Payne, the counterintelligence official.

He said details from personnel files could be used to craft personalized phony messages to trick workers. Federal employees who think they’re opening an email from co-workers or family members might infect their computers with a program that would steal more information or install spy software.

Spies also could use details about an employee’s interests or background to befriend them and try to manipulate them into revealing secrets.

Kevin Mitnick, a former hacker who now runs Mitnick Security Consulting of Las Vegas, called confidential details about federal employees “a gold mine.”

“What’s the weakest link in security?” Mitnick said. “The human. Now you know all about your target.”

The hackers may have made off with even more information about workers who undergo security clearance background checks. That information includes the names of family, neighbors, even old bosses and teachers, as well as reports on vices, arrests and foreign contacts.

However, OPM spokesman Samuel Schumach said there was no evidence to suggest that security clearance information collected by OPM was compromised. It’s stored separately from routine personnel files, he said.

“The kind of data that may have been compromised in this incident could include name, Social Security Number, date and place of birth, job assignments, training files, performance ratings and current and former addresses,” Schumach said in an email.

The breach occurred at a network maintained by the Department of Interior, which also houses the personnel agency’s files. Schumach said agencies share computer systems partly to save money — and it’s also supposed to strengthen security.

Security experts said the hackers may have gone after the personnel agency because it’s an easier target than the Pentagon or National Security Agency.

Private cybersecurity researchers said they believe the personnel agency was targeted by the same hackers who got into the Anthem and Primera health insurance groups last year.

John Hultquist, head of cyberespionage intelligence at iSight, said the Dallas-based security firm had found evidence linking the insurance and government attacks, but declined to say whom they suspect. “We think they are creating a database they can leverage for follow-on espionage,” Hultquist said.

A spokesman for the Director of National Intelligence declined to discuss whether there was evidence against China or whether intelligence agency employees were among those whose information was compromised.

U.S. investigators have improved their ability to attribute cyberattacks in recent years, officials said, and Chinese attacks often have identifiable signatures.

The Homeland Security Department noted that the Einstein defenses were just one part of the government’s cybersecurity, and said it was used to confirm the breach. But that’s like a smoke alarm sounding after the house burned down.

Einstein also helped understand how the break-in happened and protect against a repeat of a similar attempt.

“It didn’t fare so well,” said James Lewis, a leading cybersecurity expert at the Center for Strategic and International Studies, a Washington think-tank. “It’s only a victory if you defeat the opponent, and we didn’t.”

Now I'm no expert on electronic security or espionage, but this seems bad. If it was the Chinese government perpetrating the hack, that would be even worse.

How did we get so thoroughly outfoxed here?

This situation is ongoing, but I looked for an espionage/counterespionage thread and couldn't find one. This seems as good an excuse as any to make one.

If you're one of the 4 million people at risk of having your data stolen, please take precautions. This whole thing just really sucks.

ジェイムズ・ブラウンの好きな色は何ですか?
青!
joshofalltrades on
«13

Posts

  • Dark Raven XDark Raven X Laugh hard, run fast, be kindRegistered User regular
    That no one noticed for 4 months seems like a big problem.

    Oh brilliant
    Phoenix-DLinespider5PolaritieHeffling
  • joshofalltradesjoshofalltrades 地獄のようにかわいい あなたは嫉妬深いかRegistered User regular
    That no one noticed for 4 months seems like a big problem.

    Yeah that's sort of eyebrow-raising...

    It makes me wonder how likely it is that the culprits will actually be discovered.

    ジェイムズ・ブラウンの好きな色は何ですか?
    青!
  • NSDFRandNSDFRand FloridaRegistered User regular
    edited June 2015
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    NSDFRand on
    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
  • CoinageCoinage The Naming of Cats is a difficult matter Registered User regular
    The real question is when, if ever, will people stop doing the insecure things that let this happen? Of course we don't know yet, but I would be willing to bet that this happened because someone's password was Password1, not because of some technology flaw.

    l5pfwe2qivac.jpg
    Panda4YouCaptain MarcusPolaritieMan in the Mists
  • GaddezGaddez Registered User regular
    At this juncture I would be fine with my cyber defense team to be stoned if they were still capable of keeping forign spies from engaging in massive hacks.

    Richy wrote: »
    But I think the resistance I’m getting more has to do with “rawr! Loklar said it! Rage!” than anything else.

    No, it has to do with the fact that you're done nothing but throw lies, blatant flasehoods, and downright dumb statements at us so far.
    Kaputa
  • NSDFRandNSDFRand FloridaRegistered User regular
    Coinage wrote: »
    The real question is when, if ever, will people stop doing the insecure things that let this happen?

    Never. As long as humans exist there will always be vulnerabilities.

    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
    Polaritie
  • NSDFRandNSDFRand FloridaRegistered User regular
    Gaddez wrote: »
    At this juncture I would be fine with my cyber defense team to be stoned if they were still capable of keeping forign spies from engaging in massive hacks.

    It's institutional inertia.

    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
  • joshofalltradesjoshofalltrades 地獄のようにかわいい あなたは嫉妬深いかRegistered User regular
    Coinage wrote: »
    The real question is when, if ever, will people stop doing the insecure things that let this happen? Of course we don't know yet, but I would be willing to bet that this happened because someone's password was Password1, not because of some technology flaw.

    So what you're saying is that Mallory Archer is in charge of security for the federal employee database.

    I can understand how one could make the assumption that it's not some Chinese super hacker, it's just that we really are this bad at network security. It's not really a more comforting thought, though. My girlfriend is a state employee; the thought of her information in the hands of ne'er-do-wells who could really do some serious harm just because the government she trusted her information with is pretty shitty at actually securing it sucks.

    ジェイムズ・ブラウンの好きな色は何ですか?
    青!
  • Captain MarcusCaptain Marcus now arrives the hour of actionRegistered User regular
    Coinage wrote: »
    The real question is when, if ever, will people stop doing the insecure things that let this happen? Of course we don't know yet, but I would be willing to bet that this happened because someone's password was Password1, not because of some technology flaw.
    And I wouldn't take that bet, because you'd win- hacking doesn't require powerful supercomputers; all it takes is a handful of infected flash drives scattered around the employee parking lot and someone dumb enough to plug one in.

    ISIS delenda est
  • WarcryWarcry Registered User regular
    ***guest***

  • ScooterScooter Registered User regular
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    Yea, if you have a base you want to guard and you need more guards, you can go recruit some guys and send them to bootcamp for a couple months and boom, you have guards.

    But if you want someone to be able to guard against specialized hacking attempts from foreign powers, like, I would imagine you'd need the equivalent of a 4 year degree to even qualify for starting in the field, and the people in charge would be ideally more like PhD level with years of experience. Unlike war where you can win just by having more guys than the other side, in computer security your guys need to be better than the best guy the other side can throw at you. And the best the government can do is contract it out.

  • PowerpuppiesPowerpuppies Registered User regular
    Defense is way harder than attacking, too, right? There was a story like six months ago about evidence for a U.S. Government hacking team doing some pretty amazing stuff. I'd be surprised if we didn't have ten or twenty world-class guys, but they weren't protecting the personnel agency systems at the department of the interior

    sig.gif
  • ScooterScooter Registered User regular
    Yea, if I'm trying to hack into something (and I don't care about being caught and arrested because I'm a government agent on the other side of the world) I can make a 100 attempts and I win if 1 gets through. The defense is a failure if they block 99 out of 100.

  • jungleroomxjungleroomx And I said, hol up Registered User regular
    So basically, the US Cyber defense system is F Troop.

    Great.

    Make. Time.
    EvigilantPanda4You
  • PowerpuppiesPowerpuppies Registered User regular
    So basically, the US Cyber defense system is F Troop.

    Great.

    It's just fantastically hard to scale up any sort of technology work to the level required without lots of bad decisions being made. You can see it in the corporate world, too. On the other hand, maybe the other team's even worse.

    sig.gif
  • QuidQuid I don't... what... hnnng Registered User regular
    Scooter wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    Yea, if you have a base you want to guard and you need more guards, you can go recruit some guys and send them to bootcamp for a couple months and boom, you have guards.

    But if you want someone to be able to guard against specialized hacking attempts from foreign powers, like, I would imagine you'd need the equivalent of a 4 year degree to even qualify for starting in the field, and the people in charge would be ideally more like PhD level with years of experience. Unlike war where you can win just by having more guys than the other side, in computer security your guys need to be better than the best guy the other side can throw at you. And the best the government can do is contract it out.

    The Navy and Air Force are having better success with this but both have a long history of being more concerned with the technical aspects of warfare so it wasn't much of a change. The Navy right now is actually nearly over manned last I checked. I'm told the training is pretty good though can't speak for it first hand.

  • joshofalltradesjoshofalltrades 地獄のようにかわいい あなたは嫉妬深いかRegistered User regular
    Obviously we don't have all the details about this intrusion but just from the description of what happened, I don't think this particular breach was from a flash drive or somebody getting a sysadmin drunk and talkative. To a certain extent all security flaws involve some degree of human error but the articles I'm reading say the perpetrator was in China when the data was stolen. So, it seems like the system was flawed in some way, to me.

    ジェイムズ・ブラウンの好きな色は何ですか?
    青!
  • DaedalusDaedalus Registered User regular
    Obviously we don't have all the details about this intrusion but just from the description of what happened, I don't think this particular breach was from a flash drive or somebody getting a sysadmin drunk and talkative. To a certain extent all security flaws involve some degree of human error but the articles I'm reading say the perpetrator was in China when the data was stolen. So, it seems like the system was flawed in some way, to me.

    They all are. The most widely used crypto library had a tiny, careless buffer overrun bug in it for years before anyone noticed, and this was sufficient to leak pretty much everything from any system using the software. That code was used all over the place and had thousands of people looking at it.

    The system here that got hacked was a bespoke system used in one place and written by some incompetent federal contractor; it was certainly far worse.

    There's a zillion lines of code propping up every damn thing around you and it's all pretty much garbage.

  • AngelHedgieAngelHedgie Registered User regular
    Daedalus wrote: »
    Obviously we don't have all the details about this intrusion but just from the description of what happened, I don't think this particular breach was from a flash drive or somebody getting a sysadmin drunk and talkative. To a certain extent all security flaws involve some degree of human error but the articles I'm reading say the perpetrator was in China when the data was stolen. So, it seems like the system was flawed in some way, to me.

    They all are. The most widely used crypto library had a tiny, careless buffer overrun bug in it for years before anyone noticed, and this was sufficient to leak pretty much everything from any system using the software. That code was used all over the place and had thousands of people looking at it.

    The system here that got hacked was a bespoke system used in one place and written by some incompetent federal contractor; it was certainly far worse.

    There's a zillion lines of code propping up every damn thing around you and it's all pretty much garbage.

    In short, security's really fucking hard, and a lot of devs either don't understand it or don't fucking care.

    And people wonder why I say that paranoia isn't a mental disorder for a developer - it's a job requirement.

    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    DaedalusPolaritie
  • NSDFRandNSDFRand FloridaRegistered User regular
    Scooter wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    Yea, if you have a base you want to guard and you need more guards, you can go recruit some guys and send them to bootcamp for a couple months and boom, you have guards.

    But if you want someone to be able to guard against specialized hacking attempts from foreign powers, like, I would imagine you'd need the equivalent of a 4 year degree to even qualify for starting in the field, and the people in charge would be ideally more like PhD level with years of experience. Unlike war where you can win just by having more guys than the other side, in computer security your guys need to be better than the best guy the other side can throw at you. And the best the government can do is contract it out.

    There are a few problems with allowing commissioned officers only into this field (when talking about needing the equivalent of a 4 year degree and talking about only the military side):

    1. An officer, for example in the Army, does not need to have a degree and education in the field that they may commission in. I know more than a few officers that were commissioned through college ROTC programs and unless you are the top handful of your graduating class (relative to other ROTC cadets) you aren't likely to get your choice of branch (career field). Instead you will become needs of the Army. Now USCC was taking volunteer officers, but while volunteers might have had some interest in the topic, it's very possible that the majority saw it as a career bump and have no experience or education specific to the field.

    2. The job of a commissioned officer isn't necessarily to do the mission, but the facilitate the enlisted (and warrant officers) to perform the mission, and to know just enough about each aspect of the mission to do this successfully. On top of this, officers are responsible for a lot of admin stuff that isn't mission specific.

    Now having a Bachelor's doesn't necessarily mean you will get or have to take a commission. I went to intel school with a surprising amount of soldiers who enlisted with Bachelor's degrees. But they certainly weren't the norm, even in the intelligence field. The majority were 18 year old kids who were told that the field was in need of bodies and that a clearance would make them employable for the rest of their lives.

    Now you can restrict this CMF to only those with Bachelor's (the only real way "qualifier" that the military could handle to differentiate between those with education/experience and those without), but you're going to cut down significantly on the pool of available bodies to enlist. This is a problem if you are trying to build up a relatively new capability as quickly as possible.

    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
  • NSDFRandNSDFRand FloridaRegistered User regular
    Quid wrote: »
    Scooter wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    Yea, if you have a base you want to guard and you need more guards, you can go recruit some guys and send them to bootcamp for a couple months and boom, you have guards.

    But if you want someone to be able to guard against specialized hacking attempts from foreign powers, like, I would imagine you'd need the equivalent of a 4 year degree to even qualify for starting in the field, and the people in charge would be ideally more like PhD level with years of experience. Unlike war where you can win just by having more guys than the other side, in computer security your guys need to be better than the best guy the other side can throw at you. And the best the government can do is contract it out.

    The Navy and Air Force are having better success with this but both have a long history of being more concerned with the technical aspects of warfare so it wasn't much of a change. The Navy right now is actually nearly over manned last I checked. I'm told the training is pretty good though can't speak for it first hand.

    The USN and USAF also have an easier time attracting the more potentially talented enlisted personnel. No one that knows better (I didn't know better) enlists in the Army or Muhhhrrreeens.

    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
  • NSDFRandNSDFRand FloridaRegistered User regular
    So basically, the US Cyber defense system is F Troop.

    Great.

    It's just fantastically hard to scale up any sort of technology work to the level required without lots of bad decisions being made. You can see it in the corporate world, too. On the other hand, maybe the other team's even worse.

    That's the advantage of utilizing guard and reserve personnel. They likely already have the education and experience to contribute. The problem is that most active duty don't see this as an asset because reserve and guard personnel aren't doing police calls and work details five days a week every week so they aren't "real" soldiers.

    I'm sure this is the same attitude for the USMC, maybe less so for the USN and USAF.

    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    Scooter wrote: »
    Yea, if I'm trying to hack into something (and I don't care about being caught and arrested because I'm a government agent on the other side of the world) I can make a 100 attempts and I win if 1 gets through. The defense is a failure if they block 99 out of 100.

    And there are functional limits on how much you can do in defense, because the goal isn't "keep everybody out" it's "keep unauthorized people out" and people need access for their day to day jobs

    Magic Box
    Academician Prokhor "Phyphor" Zakharov, Chief Scientist of China, Provost of the University of Planet - SE++ Megagame
  • ShivahnShivahn Unaware of her barrel shifter privilege Eastern coastal temptressRegistered User regular
    Daedalus wrote: »
    Obviously we don't have all the details about this intrusion but just from the description of what happened, I don't think this particular breach was from a flash drive or somebody getting a sysadmin drunk and talkative. To a certain extent all security flaws involve some degree of human error but the articles I'm reading say the perpetrator was in China when the data was stolen. So, it seems like the system was flawed in some way, to me.

    They all are. The most widely used crypto library had a tiny, careless buffer overrun bug in it for years before anyone noticed, and this was sufficient to leak pretty much everything from any system using the software. That code was used all over the place and had thousands of people looking at it.

    The system here that got hacked was a bespoke system used in one place and written by some incompetent federal contractor; it was certainly far worse.

    There's a zillion lines of code propping up every damn thing around you and it's all pretty much garbage.

    Yeah, to some degree network security is an almost unsolveable problem. There will always be vulnerabilities, you just need to try your hardest to hack your own systems to find them, so the other guy takes longer to find what is surely present.

  • KrieghundKrieghund Registered User regular
    I would hope that someplace like Area 51 is totally off the grid. For real security, basically all that's left is to not be connected to the network. Not really feasible anymore for most stuff though.

  • shrykeshryke Member of the Beast Registered User regular
    edited June 2015
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    On point 2, more then that I feel like the US and alot of western countries have issues in that the culture of our developer communities is more suspicious of the government then supportive of it. Can make it a hard pool of talent to draw from.

    shryke on
  • ScooterScooter Registered User regular
    NSDFRand wrote: »
    Scooter wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    Yea, if you have a base you want to guard and you need more guards, you can go recruit some guys and send them to bootcamp for a couple months and boom, you have guards.

    But if you want someone to be able to guard against specialized hacking attempts from foreign powers, like, I would imagine you'd need the equivalent of a 4 year degree to even qualify for starting in the field, and the people in charge would be ideally more like PhD level with years of experience. Unlike war where you can win just by having more guys than the other side, in computer security your guys need to be better than the best guy the other side can throw at you. And the best the government can do is contract it out.

    There are a few problems with allowing commissioned officers only into this field (when talking about needing the equivalent of a 4 year degree and talking about only the military side):

    1. An officer, for example in the Army, does not need to have a degree and education in the field that they may commission in. I know more than a few officers that were commissioned through college ROTC programs and unless you are the top handful of your graduating class (relative to other ROTC cadets) you aren't likely to get your choice of branch (career field). Instead you will become needs of the Army. Now USCC was taking volunteer officers, but while volunteers might have had some interest in the topic, it's very possible that the majority saw it as a career bump and have no experience or education specific to the field.

    2. The job of a commissioned officer isn't necessarily to do the mission, but the facilitate the enlisted (and warrant officers) to perform the mission, and to know just enough about each aspect of the mission to do this successfully. On top of this, officers are responsible for a lot of admin stuff that isn't mission specific.

    Now having a Bachelor's doesn't necessarily mean you will get or have to take a commission. I went to intel school with a surprising amount of soldiers who enlisted with Bachelor's degrees. But they certainly weren't the norm, even in the intelligence field. The majority were 18 year old kids who were told that the field was in need of bodies and that a clearance would make them employable for the rest of their lives.

    Now you can restrict this CMF to only those with Bachelor's (the only real way "qualifier" that the military could handle to differentiate between those with education/experience and those without), but you're going to cut down significantly on the pool of available bodies to enlist. This is a problem if you are trying to build up a relatively new capability as quickly as possible.

    Yea, that was sort of my point, in that the military isn't really set up to staff really technical fields. You don't have soldiers designing rifles and aircraft, you contract that out to civilians. But putting civilians into positions of 'conflict' (sort of) with opposition governments is sort of unusual. I work for a military software contractor, and it's hard to imagine we'd ever even see a contract saying "go counter-hack the Chinese". The intelligence agencies surely do have some good guys on staff but I'm sure they're busy enough without the military and every other government department getting use of them as well.

  • PhyphorPhyphor Building Planet Busters Tasting FruitRegistered User regular
    shryke wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    On point 2, more then that I feel like the US and alot of western countries have issues in that the culture of our developer communities is more suspicious of the government then supportive of it. Can make it a hard pool of talent to draw from.

    Government work is also generally seen as less prestigious (the NSA has enough to scoop up quite a few of the best crypto people though) and there are other potential culture clashes, eg office wear. If I can't come in a t-shirt and shorts then I'm going to find another job

    Magic Box
    Academician Prokhor "Phyphor" Zakharov, Chief Scientist of China, Provost of the University of Planet - SE++ Megagame
    shrykeIncenjucarjoshofalltradesMvrckzagdrobMan in the MistsRiemannLives
  • EnigmedicEnigmedic Registered User regular
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    There is a cyber MOS in the army its a 35Q. They are pretty new and while I was in they were only accepting people for MOS transfers that were E5 and up.

    Also, the problem isn't that there aren't people to recruit to do the job, it's just that there are almost zero incentives to do so. The pay and lifestyle basically sucks when you could do the same jobs outside of the military and get paid two or three times as much. That actually is true for most of the MI jobs in the military. Where I worked people often would get out, only to get hired as a contractor making more than double what they made in the military to WORK AT THE SAME DESK AS WHEN THEY WERE IN THE MILITARY. However if the contractor isn't working with the government those same people could just go work for a private company.

    Having these databanks open to the internet instead of some sort of intranet seems short sighted as well.

    I guess the last point about hackers smoking pot is another reason to legalize it?

    3ds FC: 0645 - 7166 - 9801
    programjunkie
  • NSDFRandNSDFRand FloridaRegistered User regular
    edited June 2015
    Enigmedic wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    There is a cyber MOS in the army its a 35Q. They are pretty new and while I was in they were only accepting people for MOS transfers that were E5 and up.

    Also, the problem isn't that there aren't people to recruit to do the job, it's just that there are almost zero incentives to do so. The pay and lifestyle basically sucks when you could do the same jobs outside of the military and get paid two or three times as much. That actually is true for most of the MI jobs in the military. Where I worked people often would get out, only to get hired as a contractor making more than double what they made in the military to WORK AT THE SAME DESK AS WHEN THEY WERE IN THE MILITARY. However if the contractor isn't working with the government those same people could just go work for a private company.

    Having these databanks open to the internet instead of some sort of intranet seems short sighted as well.

    I guess the last point about hackers smoking pot is another reason to legalize it?

    1. 35Q is crypto. There is a specific 17 CMF that is being stood up.

    2. I don't see how this contradicts what I stated.

    3. I am also aware of this. Many of my colleagues also decided against reenlistment.

    NSDFRand on
    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
  • NSDFRandNSDFRand FloridaRegistered User regular
    edited June 2015
    Scooter wrote: »
    NSDFRand wrote: »
    Scooter wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    Yea, if you have a base you want to guard and you need more guards, you can go recruit some guys and send them to bootcamp for a couple months and boom, you have guards.

    But if you want someone to be able to guard against specialized hacking attempts from foreign powers, like, I would imagine you'd need the equivalent of a 4 year degree to even qualify for starting in the field, and the people in charge would be ideally more like PhD level with years of experience. Unlike war where you can win just by having more guys than the other side, in computer security your guys need to be better than the best guy the other side can throw at you. And the best the government can do is contract it out.

    There are a few problems with allowing commissioned officers only into this field (when talking about needing the equivalent of a 4 year degree and talking about only the military side):

    1. An officer, for example in the Army, does not need to have a degree and education in the field that they may commission in. I know more than a few officers that were commissioned through college ROTC programs and unless you are the top handful of your graduating class (relative to other ROTC cadets) you aren't likely to get your choice of branch (career field). Instead you will become needs of the Army. Now USCC was taking volunteer officers, but while volunteers might have had some interest in the topic, it's very possible that the majority saw it as a career bump and have no experience or education specific to the field.

    2. The job of a commissioned officer isn't necessarily to do the mission, but the facilitate the enlisted (and warrant officers) to perform the mission, and to know just enough about each aspect of the mission to do this successfully. On top of this, officers are responsible for a lot of admin stuff that isn't mission specific.

    Now having a Bachelor's doesn't necessarily mean you will get or have to take a commission. I went to intel school with a surprising amount of soldiers who enlisted with Bachelor's degrees. But they certainly weren't the norm, even in the intelligence field. The majority were 18 year old kids who were told that the field was in need of bodies and that a clearance would make them employable for the rest of their lives.

    Now you can restrict this CMF to only those with Bachelor's (the only real way "qualifier" that the military could handle to differentiate between those with education/experience and those without), but you're going to cut down significantly on the pool of available bodies to enlist. This is a problem if you are trying to build up a relatively new capability as quickly as possible.

    Yea, that was sort of my point, in that the military isn't really set up to staff really technical fields. You don't have soldiers designing rifles and aircraft, you contract that out to civilians. But putting civilians into positions of 'conflict' (sort of) with opposition governments is sort of unusual. I work for a military software contractor, and it's hard to imagine we'd ever even see a contract saying "go counter-hack the Chinese". The intelligence agencies surely do have some good guys on staff but I'm sure they're busy enough without the military and every other government department getting use of them as well.

    It isn't so much that the military can't handle more technical non combat arms fields, it's that going into these fields in the military is like going to a quick and dirty vocational boot camp where you also shoot guns and get yelled at. And instead of four years of study and then an internship or entry level experience, you go from 16-50 weeks of training to a job you very likely may not actually perform for the majority of the time you aren't deployed. edit: by this I mean that the military could handle these types of jobs with some adjustment. My experience was with intel though, not cyber.


    I think one of the issues is with how the military does it . So long as you can PT and get a passing score on the range you can be terrible at and/or hate your MOS and still work in that field.

    NSDFRand on
    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
    programjunkie
  • programjunkieprogramjunkie Registered User regular
    I'll likely write a longer post, but honestly, without offense, we can't have cyber defense. China isn't even especially good at cyber warfare. They just walk up to an alarmed window in the middle of broad daylight, smash it, take whatever they can get, and when the cops show up, they scream, "Do you know who my dad is?!?" and just leave without consequence.

    The US has been a willing victim for years for cyber espionage.

    Wicked Demiurge in most games. Solacus is my main in GW2.
    Captain MarcusPanda4You
  • EnigmedicEnigmedic Registered User regular
    NSDFRand wrote: »
    Enigmedic wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    There is a cyber MOS in the army its a 35Q. They are pretty new and while I was in they were only accepting people for MOS transfers that were E5 and up.

    Also, the problem isn't that there aren't people to recruit to do the job, it's just that there are almost zero incentives to do so. The pay and lifestyle basically sucks when you could do the same jobs outside of the military and get paid two or three times as much. That actually is true for most of the MI jobs in the military. Where I worked people often would get out, only to get hired as a contractor making more than double what they made in the military to WORK AT THE SAME DESK AS WHEN THEY WERE IN THE MILITARY. However if the contractor isn't working with the government those same people could just go work for a private company.

    Having these databanks open to the internet instead of some sort of intranet seems short sighted as well.

    I guess the last point about hackers smoking pot is another reason to legalize it?

    1. 35Q is crypto. There is a specific 17 CMF that is being stood up.

    2. I don't see how this contradicts what I stated.

    3. I am also aware of this. Many of my colleagues also decided against reenlistment.

    As it stands now crypto is cyber. The crypto people work with the non military cyber people doing the same thing in the same place. It's all done through computers now anyway.

    I'm not really trying to contradict that the environment sucks or anything, just pointing out that there are capabilities being developed, which you expanded on.
    I'll likely write a longer post, but honestly, without offense, we can't have cyber defense. China isn't even especially good at cyber warfare. They just walk up to an alarmed window in the middle of broad daylight, smash it, take whatever they can get, and when the cops show up, they scream, "Do you know who my dad is?!?" and just leave without consequence.

    The US has been a willing victim for years for cyber espionage.

    It's not even just cyber. While I was at Fort Gordon on my night off (I worked mids), I went to do some laundry at like 2am and there was some Chinese dude dumpster diving. I went back to my room and told my roommate about it as he went out to smoke, and the dude drove up to the dumpster that was visible from our room and started going through it. We ended up callingthe cops and he had been driving all over base pulling out documents and electronics people had been throwing away. He said he was recycling (right...) and the MPs just let him go. Fast forward about a month and again me and my roommate are up on our night off and the same chinese dude is going through the dumpsters again, and we call the cops again, and they just escorted him off base.

    Being in the intel field both of us were like WTF!? You can't have some foreign national free to just try to dig around for personal documents of your intel workers. Obviously that kind of thing is the reason why you shred papers and destroy electronics but some people don't. Anyway the point of that was that the US is a willing victim espionage in general, and the smashing a window metaphor just reminded me of the dumpster diving chinese dude.

    3ds FC: 0645 - 7166 - 9801
  • DarklyreDarklyre Registered User regular
    Krieghund wrote: »
    I would hope that someplace like Area 51 is totally off the grid. For real security, basically all that's left is to not be connected to the network. Not really feasible anymore for most stuff though.

    Even an air-gapped network can be penetrated and compromised, as the US showed with Stuxnet and the Equation Group's various creations.

    Hell, I'm pretty sure the Equation Group is why the DOD now recommends physical destruction of storage media, rather than just wiping and degaussing.

  • NSDFRandNSDFRand FloridaRegistered User regular
    Enigmedic wrote: »
    NSDFRand wrote: »
    Enigmedic wrote: »
    NSDFRand wrote: »
    How did we get so thoroughly outfoxed here?

    Unfortunately we're behind the Chinese when it comes to cyber warfare. We have been trying to catch up but there are two problems:

    1. US Cyber Command, while "established" in 2009 wasn't operational until May 2010. At this point the active duty capability is not there. But because of traditional AD versus Reserve/Guard rivalry, the active duty Cyber Command does not plan to include Reserve/Guard units or personnel (This isn't 100% concrete right now, but I wouldn't be surprised if it didn't change). Right now the concentration on this topic is on the officer side; the Army doesn't even have an enlisted MOS specifically for Cyber Warfare yet.

    2. Our talent pool isn't available to be employed by the government. There is no incentive for the most talented candidates with already existing knowledge and skills to enlist (especially) or apply for employment to civilian agencies.


    Now we can catch up by training our currently not drug using and not super talented personnel to do the job, but that isn't going to instantaneously catch us up capability wise.

    There is a cyber MOS in the army its a 35Q. They are pretty new and while I was in they were only accepting people for MOS transfers that were E5 and up.

    Also, the problem isn't that there aren't people to recruit to do the job, it's just that there are almost zero incentives to do so. The pay and lifestyle basically sucks when you could do the same jobs outside of the military and get paid two or three times as much. That actually is true for most of the MI jobs in the military. Where I worked people often would get out, only to get hired as a contractor making more than double what they made in the military to WORK AT THE SAME DESK AS WHEN THEY WERE IN THE MILITARY. However if the contractor isn't working with the government those same people could just go work for a private company.

    Having these databanks open to the internet instead of some sort of intranet seems short sighted as well.

    I guess the last point about hackers smoking pot is another reason to legalize it?

    1. 35Q is crypto. There is a specific 17 CMF that is being stood up.

    2. I don't see how this contradicts what I stated.

    3. I am also aware of this. Many of my colleagues also decided against reenlistment.

    As it stands now crypto is cyber. The crypto people work with the non military cyber people doing the same thing in the same place. It's all done through computers now anyway.

    I'm not really trying to contradict that the environment sucks or anything, just pointing out that there are capabilities being developed, which you expanded on.
    I'll likely write a longer post, but honestly, without offense, we can't have cyber defense. China isn't even especially good at cyber warfare. They just walk up to an alarmed window in the middle of broad daylight, smash it, take whatever they can get, and when the cops show up, they scream, "Do you know who my dad is?!?" and just leave without consequence.

    The US has been a willing victim for years for cyber espionage.

    It's not even just cyber. While I was at Fort Gordon on my night off (I worked mids), I went to do some laundry at like 2am and there was some Chinese dude dumpster diving. I went back to my room and told my roommate about it as he went out to smoke, and the dude drove up to the dumpster that was visible from our room and started going through it. We ended up callingthe cops and he had been driving all over base pulling out documents and electronics people had been throwing away. He said he was recycling (right...) and the MPs just let him go. Fast forward about a month and again me and my roommate are up on our night off and the same chinese dude is going through the dumpsters again, and we call the cops again, and they just escorted him off base.

    Being in the intel field both of us were like WTF!? You can't have some foreign national free to just try to dig around for personal documents of your intel workers. Obviously that kind of thing is the reason why you shred papers and destroy electronics but some people don't. Anyway the point of that was that the US is a willing victim espionage in general, and the smashing a window metaphor just reminded me of the dumpster diving chinese dude.

    Yep. Unfortunately non intel soldiers (like MPs) think intel is useless and intel soldiers are stupid. They don't see it as a CI threat, they see it as just an annoyance to deal with before they can get off their shift.

    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
  • EnigmedicEnigmedic Registered User regular
    NSDFRand wrote: »
    Yep. Unfortunately non intel soldiers (like MPs) think intel is useless and intel soldiers are stupid. They don't see it as a CI threat, they see it as just an annoyance to deal with before they can get off their shift.

    I think the part that bugged me the most was that there were some MPs also in my unit for whatever reason and they had to go to all of the extra counter terrorism, IA, etc. things that we had to do in addition to the normal army mandated stuff. It's not like the MPs on Fort Gordon(or probably any base for that matter) do much aside from give out speeding tickets. You would kind of think that something out of the ordinary would help bring them out of the monotony. I know when I was on shift when the same thing happened every night I was doing it kind of half assed, but if something out of the ordinary popped up I was all over it trying to figure out what was up.

    As far as things like USB drives, mostly the DoD doesn't even allow them, and where I worked the computers didn't even have usb ports or cd drives anyway. I would say in this case the "everyone is an idiot, and trust no one" mentality is actually pretty effective at keeping networks safe. It's often the computer illiterate old person that clicks on some sketchy email attachment and infects everything. I can't even comprehend computer illiterate people anymore, it blew my mind when there would be some meeting and people would ask who can use excel and powerpoint. Like anyone born after 1980?

    3ds FC: 0645 - 7166 - 9801
  • milskimilski UNTZ UNTZ UNTZ UNTZ Registered User regular
    Defense is way harder than attacking, too, right? There was a story like six months ago about evidence for a U.S. Government hacking team doing some pretty amazing stuff. I'd be surprised if we didn't have ten or twenty world-class guys, but they weren't protecting the personnel agency systems at the department of the interior

    This is actually true for pretty much everything, not just hacking.

    Like, Secret Service redteams pretty much always "win" in terms of exploiting a security flaw to "kill" the president unless the blue team is given an advantage.

    In more directly related news, CCDC (a college level cyber-defense contest) is basically scored by who gets fucked up by the redteam the least. It isn't possible to secure systems well enough to prevent hacking by dedicated people even before social engineering comes into play, and social engineering makes everything even harder.

    You can't write me off like that! You're just a voice, pal! You don't know a DAMN THING ABOUT RACING!!
  • KaputaKaputa Registered User regular
    I'll likely write a longer post, but honestly, without offense, we can't have cyber defense. China isn't even especially good at cyber warfare. They just walk up to an alarmed window in the middle of broad daylight, smash it, take whatever they can get, and when the cops show up, they scream, "Do you know who my dad is?!?" and just leave without consequence.

    The US has been a willing victim for years for cyber espionage.
    Are you advocating that the US escalate offensive cyber warfare on China?

  • KrieghundKrieghund Registered User regular
    Enigmedic wrote: »
    NSDFRand wrote: »
    Yep. Unfortunately non intel soldiers (like MPs) think intel is useless and intel soldiers are stupid. They don't see it as a CI threat, they see it as just an annoyance to deal with before they can get off their shift.

    I think the part that bugged me the most was that there were some MPs also in my unit for whatever reason and they had to go to all of the extra counter terrorism, IA, etc. things that we had to do in addition to the normal army mandated stuff. It's not like the MPs on Fort Gordon(or probably any base for that matter) do much aside from give out speeding tickets. You would kind of think that something out of the ordinary would help bring them out of the monotony. I know when I was on shift when the same thing happened every night I was doing it kind of half assed, but if something out of the ordinary popped up I was all over it trying to figure out what was up.

    As far as things like USB drives, mostly the DoD doesn't even allow them, and where I worked the computers didn't even have usb ports or cd drives anyway. I would say in this case the "everyone is an idiot, and trust no one" mentality is actually pretty effective at keeping networks safe. It's often the computer illiterate old person that clicks on some sketchy email attachment and infects everything. I can't even comprehend computer illiterate people anymore, it blew my mind when there would be some meeting and people would ask who can use excel and powerpoint. Like anyone born after 1980?

    I've never used a powerpoint anything, and I've been using a computer since 10th grade Apple IIc. I've only just started using excel at work in like the last year. The amount of my coworkers that can't even log onto the company education site that only requires the employee number and birthdate in DDMMYYYY is insane. I seriously have no expectation that anybody even knows the basics of computers anymore.

  • NSDFRandNSDFRand FloridaRegistered User regular
    Enigmedic wrote: »
    NSDFRand wrote: »
    Yep. Unfortunately non intel soldiers (like MPs) think intel is useless and intel soldiers are stupid. They don't see it as a CI threat, they see it as just an annoyance to deal with before they can get off their shift.

    I think the part that bugged me the most was that there were some MPs also in my unit for whatever reason and they had to go to all of the extra counter terrorism, IA, etc. things that we had to do in addition to the normal army mandated stuff. It's not like the MPs on Fort Gordon(or probably any base for that matter) do much aside from give out speeding tickets. You would kind of think that something out of the ordinary would help bring them out of the monotony. I know when I was on shift when the same thing happened every night I was doing it kind of half assed, but if something out of the ordinary popped up I was all over it trying to figure out what was up.

    As far as things like USB drives, mostly the DoD doesn't even allow them, and where I worked the computers didn't even have usb ports or cd drives anyway. I would say in this case the "everyone is an idiot, and trust no one" mentality is actually pretty effective at keeping networks safe. It's often the computer illiterate old person that clicks on some sketchy email attachment and infects everything. I can't even comprehend computer illiterate people anymore, it blew my mind when there would be some meeting and people would ask who can use excel and powerpoint. Like anyone born after 1980?

    Agreed. Never used a thumb drive for anything work related. The only time we ever used the cd drive was to listen to music while deployed, and the cds never left the SCIF.

    Other than that everything was transferred from computer to computer through the shared drive.

    The 2nd Amendment is unarguably one of the most liberal, liberating and radical statements ever made in human history.
Sign In or Register to comment.