With all the attention pointed towards PRISM, another interesting publication was virtually overlooked. Earlier last month, a taskforce belonging to the US DoD’s Defense Science Board (DSB) released a final report titled “Resilient Military Systems and the Advanced Cyber Threat” [PDF], that reports on the findings of an 18-month research project. The DSB is a committee of civilian experts that is to advise the US DoD on scientific and technical matters. I just threw that line in here to point out that this committee is staffed by individual civilians and not representatives of the industrial military complex. This is worth mentioning, because a good portion of the report is absolutely riveting in its description of how bad they think the situation is, and this is automatically bound to become a target for those people who still don’t believe in Cyber Warfare. The report starts off with a sentiment many of us will find reasonable, and applying to cyber security as a whole (as opposed to cyber warfare specifically):
“Cyber is a complicated domain. There is no silver bullet that will eliminate the threats inherent to leveraging cyber as a force multiplier, and it is impossible to completely defend against the most sophisticated cyber attacks. However, solving this problem is analogous to complex national security and military strategy challenges of the past, such as the counter U-boat strategy in WWII and nuclear deterrence in the Cold War. The risks involved with these challenges were never driven to zero, but through broad systems engineering of a spectrum of techniques, the challenges were successfully contained and managed.” – Mr. James R. Gosler & Mr. Lewis Von Thaer – Resilient Military Systems and the Advanced Cyber Threat.
In this same opening letter, some fairly damning statements are made.
Phi Beta Iota: The US Government was told, in writing and in testimony to Congress, in the early 1990’s [a quarter century ago] that this tsunami was coming. As with everything else that could be ignored for profit and corrupt kick-backs to Congress, the warnings were ignored. The US Government’s C4ISR system cannot be protected and it cannot be repaired. The most affordable, inter-operable, scalable, and sane approach would be to immediately focus on Open Source Everything (OSE–the technical solution) and Multinational, Multiagency, Multidismensional, Multidomain Information-Sharing and Sense-Making (M4IS2–the human solution). Ideally this could be done in direct collaboration with the EU and NATO, with SOCOM, AFRICOM, and the African Union, and with CELAC as well as the BRICS plus Indonesia. Such an approach demands intelligence with integrity. If a senior leader can be found — and empowered — in this specific area of interest, gains can be made immediately, visibly, and for the greater good of all. Absent that spark, USG C4ISR will remain hosed for the next decade and beyond.