Cyber Magazine First Issue

Feature Article
from John Davis,

the recently retired
Major General
behind the
Defense Departments
Cyber Policies
and Strategies
ALSO IN THIS FALL 2015 INAUGURAL ISSUE:

articles about tactical and homeland cyber defense, the emergence
of the MCPA CTF team (Hammer of Thor), the importance of
mentoring and the IoT, hackers, hackathons, and more!
****************************************************************************
CYBER STAFF
****************************************************************************
EDITOR: MANAGER:
VANESSA REDMAN SHAWNA BAYLISS
CONTACT:
contact.magazine@milcyber.org
****************************************************************************
ABOUT CYBER
****************************************************************************
CYBER IS THE OFFICIAL MAGAZINE OF THE MILITARY CYBER PROFESSIONALS ASSOCIA-

TION (MCPA) AND IS NOT A PART OF THE US GOVERNMENT. IN SUPPORT OF THE 501(C)
(3) EDUCATIONAL NON-PROFIT MISSION OF THE MCPA, CYBER PROVIDES THE PUBLIC
WITH FREE NEWS, ORIGINAL CONTENT, AND OTHER NON-FICTION MEDIA RELEVANT TO
MILITARY CYBER AFFAIRS IN SUPPORT OF BETTER UNDERSTANDING THIS COMPLEX DO-
MAIN. CYBER CONTENT CAN BE SHARED WITHOUT PRIOR PERMISSION FOR EDUCATIONAL
AND NON-PROFIT PURPOSES ONLY. IT MAY NOT BE USED FOR COMMERICAL USE. ISSN
PENDING. ALL OPINIONS EXPRESSED ARE THOSE OF THE AUTHOR AND ARE NOT AN EN-
DORSEMENT BY CYBER MANAGEMENT OR THE MCPA.
****************************************************************************
FOR AUTHORS
****************************************************************************
CYBER IS ALWAYS ACCEPTING DIVERSE ORIGINAL CONTENT FOR PUBLICATION! SUBMIS-

SIONS MAY BE SENT IN A WORD OR GOOGLE DOCUMENT. ALL CONTENT MUST BE COM-
PLETELY UNCLASSIFIED. FIND SPECIFIC INSTRUCTIONS ON OUR SITE, HTTPS://
MILCYBER.ORG.
****************************************************************************
THANKS
****************************************************************************
CYBER IS PRODUCED BY ITS VOLUNTEER STAFF WITH THE GENEROUS SUPPORT OF THE
ARMY TEAM AT ADOBE (TMCLAIN@ADOBE.COM), THE UPS STORE ON FT. BELVOIR
(STORE6274@THEUPSSTORE.COM), AND OTHERS. COVER IMAGE BY ARTIST, DAN NIX
(SENPHION@GMAIL.COM). THANK YOU TO THE MANY AUTHORS THAT HAVE SHARED THEIR
WORK WITH US, THE MCPA ADVISORS, AND THE THOUSAND STRONG MCPA TEAM! IF IN-
TERESTED IN JOINING THE CYBER STAFF, MAKING A SUBMISSION, OR PROVIDING OTHER
SUPPORT, PLEASE CONTACT US AT THE ADDRESS LISTED ABOVE.
****************************************************************************
2
Table of Contents
Note from the Founder.....1
A Year of Developing Military Cyber Professionals in Our Nations Heartland......2
Protecting the (Cyber) Homeland: The New Age of Cyber Terrorism and Why Force
Protection Needs to Embrace Cyberspace......4
Military Cyber Professionals Compete in Joint Cyber Competition.......8
FEATURE ARTICLE:
Personal Lessons about Effective Cyber Policies and Strategies....10
What You Should Understand about the Internet of Things (IoT).......18
The National Military Strategy from a Cyber Perspective.........20
Routers, Switches, Russians & Ditches: Cold War Hacker to Patriotic Silicon Valley
Executive......27
The Military Cyber Professionals Association Mentoring Program.....36
Challenges to Tactical Cyber Defense....39
Cyber Talks Call For Presentations.....45
From the Founder

-Joe Billingsley-
Welcome to the first issue of Cyber, the Magazine of the Military Cyber Professionals Association
(MCPA). Since its inception, the MCPA has been dedicated to sharing understanding and aware-
ness. This magazine serves as a forum to ignite the minds of those who defend cyberspace from
those who would do us harm. Thank you for your time, thoughtfulness, support, and contributions.
Especially for the fellow service members and veterans, thank you for your service to our nation.
CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

3
A Year of Developing
Military Cyber Professionals
in Our Nations Heartland
by Paul Jordan
of the CPC and MCPA became apparent. After coor-
dinating with MCPA National leadership, we re-
branded ourselves the MCPA St. Louis Chapter and I
began serving as Chapter President.
Given this new umbrella of nation-wide support and
structure, the former CPC developed bylaws for the
new Chapter and set realistic short-term goals. We
focused on volunteering for local science, technolo-
gy, engineering, and mathematics (STEM) related
events, hosting local professional development
events, and continuing our social gatherings at the
club.
In February, a few of our members participated in a
The winning team from Hack the Arch being
regional FIRST Tech Challenge competition (http://
awarded the golden keyboard award
www.usfirst.org/) as judges. They began developing
what has quickly become a strong presence in the
T he St. Louis Chapter of the Military Cyber Profes- regions STEM community. During this event, mid-
sionals Association (MCPA) hosted its first annual dle to high school aged students tested their robots
Cyber Capture the Flag (CTF) event in July 2015, against each others to solve challenges, demon-
MCPA STL CTF 2015 (http://mcpa-stl.org/). This strating the incredible technical ability of the young
event is the culmination of over a years worth of students. FIRST was a natural organization to part-
work in standing up the Chapter. ner with since its STEM mission is shared by the
MCPA. After this event, we began expanding our
The seeds of the Chapter were planted in June 2014 presence into St. Louis.
by a small group of junior Air Force Officers on Scott
Air Force Base (AFB) in Illinois. With the standup of The first event in St. Louis we supported was the
US Cyber Command (USCYBERCOM) Cyber Mission Military Open Source Softwares (Mil-OSS) first Stu-
Teams on the base, the group recognized the need dent Hackathon in April 2015. Four of our members
for a professional organization with a cyber-focus. provided mentoring to two teams of college and
We initially self-organized as a social group called high school aged students as they worked on solv-
the Cyber Professionals Club (CPC) where members ing a real-world software problem. Following the
could share information and collaborate over drinks event, the Chapter formalized a partnership with
every other week at the base club. We discussed the Mil-OSS group and began planning the next Stu-
long-term goals of providing cyber-focused training dent Hackathon scheduled for late October 2015.
and education for the local community. During the Student Hackathon, a few of our mem-
In November 2014, I was referred to the MCPA by a bers decided to put together a team to compete in
mentor thats now serving as faculty at the Air a local hackathon put on by Globalhack
Force Academy. Soon after joining, the shared goals (www.globalhack.org). On June 7th, this team
2

4
developed an app for the social networking site lockerdome.com and placed second out of thirty teams in
the competition winning $15,000. These types of event are increasing in frequency and present our Chap-
ter, as well as other, with excellent opportunities to learn while having fun, gain exposure for the MCPA,
and promote community partnership.
During Globalhack competition, we formed a part-
nership with the local Launch Code office
(www.launchcode.org). This fall, they will begin a
developer mentorship program that our Chapter
plans to actively support. Launch Code is another
natural partner for us as they are a nonprofit that
creates pathways to economic opportunity and
upward mobility through apprenticeships and job
placement in tech. The partnerships we have
forged and plan to develop with local offices of na-
tion-wide tech-related non-profit organizations is a
great example of the potential opportunities that MCPA St. Louis Chapter team winning
exist everywhere across the nation. $15,000 for local STEM scholarships.
During Globalhack competition, we formed a part-
nership with the local Launch Code office (www.launchcode.org). This fall, they will begin a developer
mentorship program that our Chapter plans to actively support. Launch Code is another natural partner
for us as they are a nonprofit that creates pathways to economic opportunity and upward mobility
through apprenticeships and job placement in tech. The partnerships we have forged and plan to devel-
op with local offices of nation-wide tech-related non-profit organizations is a great example of the poten-
tial opportunities that exist everywhere across the nation.
In one short year, the St. Louis Chapter has gone from inception to being a prominent organization in the
rapidly expanding St. Louis tech scene. With the proceeds from the CTF, the Chapter is planning to en-
dow a scholarship fund to support local STEM education. The sky's the limit, and who better to take us
there than the Air Force?
About the Author

Paul Jordan is a US Air Force officer
that recently served in the Cyberspace
Support Squadron of Air Force Space
Command and as the MCPA St. Louis
Chapter President.

5
Protecting the (Cyber) Homeland:
The New Age of Cyber Terrorism and
Why Force Protection Needs to
by Matt Lembright
Embrace Cyberspace
US servicemem-
While ISILs cyber exploits have slipped from re- ber to date as a
cent headlines, ISIL has already made significant result of ISILs
headway in cyberspace in 2015. The group gained exposed kill
access to and defaced US government social net- list, all mem-
working sites about a half year ago. In April, ISIL bers of the DoD,
was able to gain control of a French television sta- simply by virtue
tion, only three short months after the horrific of having a rec-
shooting assault at media outlet Charlie Hebdo. ord of their exist-
Most concerning for the US, the group doxed or ence, are now at
exposed personal identification information (PII), risk of a terror
including addresses, of approximately one hundred attack. Self-
US military personnel. The doxing was not unac- affiliated jihadists Photo credit: www.usnews.com
companied: messages included with the list said to have already tak-
kill them wherever you find them and to attack en it upon themselves to attack members Of the
doxed individuals in their homes. NYPD and, more recently, a group holding a contest
for depictions of Muhammad. The DoD has made
While these cyber attacks were significant in their numerous statements indicating its resolve to pro-
fallout, through these attacks we have learned of at tect its members, but this action cannot stop at des-
least three solid lines of effort for ISILs Cyber Cali- ignated cyber network defenders.
phate:
Every modern network operations center and infor-
1. Gain control of (French) media systems to dis- mation assurance directorate uses firewalls and con-
rupt broadcasts (in a joint effort to disrupt adver- trols for its network, yet also understands the im-
sarial media through violence) portance of securing end points through Host-Based
2. Acquire access to US Government/adversary Security Systems (HBSS) - in other words, ensuring
owned social media or websites in order to de- not only that a base is secure, but ensuring the ser-
face as public humiliation and as a recruiting tool. vicemembers within are capable of defending them-
3. Dox US Military personnel as targets for selves as well.
ISIL sympathizers in the US or abroad.
Despite ISILs doxing and kill list publishing, the
While the responsibility for countering lines of effort DoD has yet to implement a comprehensive, corpo-
one and two reside within the managerial IT infra- rate, user-empowering training program to provide
structure of targeted organizations, line of effort servicemembers and their families with step-by-step
three falls upon users and their training. Protecting training and tools to prevent a personalized terror
against ISILs third line of effort in cyberspace seems attack as a result of the exposure of their personal
to have received a relatively minimal amount of at- information. While the DoD has issued various tips
tention from the US Department of Defenses force to educate its members in cyber security, it has yet
protection efforts. to underline the gravity of tying cyber security to
While there has not been any reported attack of a protection against a terrorist attack.
4

6
The DoD also implements a Force Protection Condi- some Google searching and a bit of cross verifica-
tion (FPCON) that ranges from Alpha (least securi- tion through these sites. There arent many options
ty) to Delta (highest security). It recently elevated for safeguarding your privacy here, but simply doing
its FPCON level to Bravo in early May of this year. a Google search for your name will reveal the sites
The DoDs FPCON standards include anti-terrorism on which your information is most readily found.
measures to be taken on post, but makes no men- After that, you can find FAQs or contact information
tion of what measures DoD individuals should take on these websites in order to request removal,
to protect themselves when not on a military instal- which is mandatory according to revisions of the
lation. Similarly, the DoD maintains Information Op- Freedom of Information Act. You can also opt to
erations Condition (INFOCON) levels to address pay about $130 to use services that will automatical-
cyber attacks, but these guidelines address corpo- ly find such websites and take care of the deletion
rate networks, not individual servicemember pro- for you, as outlined in this article from CNET.
tection. There has not been any discussion to bridge
the gap between these two alert methods to ad- While cyber mythology tells tales of halt and catch
dress the inherent dangers that now span the cyber fire commands that can launch code which send a
and physical worlds our servicemembers now face. computer into a frenzied state and induce actual
fire, there has been little evidence of cyberspace
The most important principles of protecting ones directly affecting the physical world - but ISIL is try-
self on social media (e.g. using a long and complex ing. Through doxing efforts, ISIL is providing high
password, removing cell phone numbers and ad- -value target lists to members and sympathizers and
dresses, refraining from providing layouts of ones lowering the barrier of entry to terrorism. It is im-
house, avoiding posting information as to wherea- perative our current servicemembers and veterans
bouts for time periods, and tailoring security set- become equipped to make themselves less accessi-
tings to allow things like restricted viewing of ble through cyberspace so that they may protect
posts) are well known practices. Diligent members their livelihoods, their families, and themselves.
within the DoD community have developed and
About the Author
published smart cards that instruct members on
how to best protect themselves. But in the same Matt Lembright is an analyst in the
way the DoD trains its servicemembers to protect cyber defense industry. He recently
themselves in combat, so too must it train its ser- supported Army Cyber Command with
vicemembers in cyber awareness. Providing mock
Cyber Mission Forces (CMF) integra-
social media sites servicemembers and their families
to provide hands-on training on how to secure their tion. Before that, he commanded a
social media accounts and more routine, command company in the 780th Military Intelli-
messaging on the dangers presented by gence Brigade, helping create the CMF,
oversharing, would help provide this security. and served as a Cyber OPFOR (opposing
force) Team Leader. He also serves as the J2
Beyond the control of individuals are personal infor-
Intelligence Officer for the MCPA.
mation aggregators. Sites such as Arivify, Spokeo,
or PeopleFinder employ automatic crawlers that
aggregate personal information based on publicly
available records. While what they do is legal, the
risks of such conduct are readily apparent. These
sites take information that once would have re-
quired a malicious actor to go through the effort of
acquiring a phone book of a certain locale and put it
in Google-searchable format. Now all it takes for an
aspiring jihadi to find out where someone lives is
5

7
8
9
Military Cyber Professionals
Compete in Joint Cyber Competition
by Leander Metcalf
From 12 to 13 May, nineteen teams from across the enlisted, warrant, and commissioned officer.
globe came together to compete in the 2015 Armed
Using email, Google Apps, and Google Hangouts,
Forces Joint Cyber Competition (JCC). This 48-hour
Team MCPA was able to pull ahead during the first
event consisted of numerous challenges including:
day of competition with 287 points the nearest
digital forensics, cryptology, network exploitation,
competitor had 169 points. However, as other
reverse engineering, packet analysis, and trivia. As
teams continued to work through the night Team
each team solved a challenge they were awarded
MCPA lost its advantage and finished the competi-
points that would adjust over time as other compet-
tion 2nd in its category and 6th overall.
itors solved the same challenge.
While Team MCPA may not have won, they did have
For the first time ever the Military Cyber Profession-
an excellent showing and their efforts paid off
als Association (MCPA) created a team to compete
well. Team MCPA solved 15 challenges totaling 239
in an online competition. Fifteen individuals joined
points at the finish of the competition, beating the
together across the globe from California to the
previous years champion by 65 points. There were
Middle East to compete in the JCC. Team MCPA
several occasions where Team MCPA received acco-
was truly joint, including members of academia, the
lades from both fellow competitors and the organ-
Army, Navy, Air Force, government civilian employ-
izers.
ees, and from all major rank categories including

10
Team MCPA looks forward to the future and is currently in the process of formalizing, organizing, and cre-
ating the framework for which Team MCPA competes on a regular basis. The team looks forward to be-
ing compared to elite public teams such as the Plaid Parliament of Pwning, run by Carnegie Melon, and
More Smoked Leet Chicken, a powerful alliance of two Russian CTF (Capture the Flag) teams, both of
which have won numerous Cyber Competitions.
About the first competition team:

Pay grades E-6 to O-6, and GS-15
Guardsmen, Academics, Active Duty Soldiers, Sailors, Airmen, and Government Civilians. Located in Colo-
rado Springs, West Point, Saudi Arabia, Ft. Drum, Monterey, the National Capital Region (NoVA, DC, MD),
Ft. Lewis, Scott AFB, and Ft. Hood.
See right image. Hammer of Thor (HoT) was

selected as the name for the team in honor of
the MCPA recognition medal, The Order of
Thor. Thor was selected by the MCPA since
the mythological warrior battled through the
clouds as the god of thunder. The cloud is a
widely recognized symbol of cyberspace.
About the Author

Leander Metcalf is an
Army Cyber Officer
(17A) currently as-
signed to Army Cyber
Command.
See left image.

The author is presented
The Order of Thor medal
by COL Conti, Director of the
Army Cyber Institute,
in Washington, DC.

11
Personal Lessons about Effective
Cyber Policies and Strategies
by Major General John A. Davis, U.S. Army (Retired)1
written 11 September 2015
FEATURE ARTICLE
I recently retired from active duty after a 35 year career in the U.S. military, the past decade of
which has been devoted to the sometimes mysterious cyber world. Id like to offer some insight into the
personal lessons that Ive learned during my experience in helping to stand up U.S. Cyber Command and
while working cyber policies and strategies at the Pentagon. Although Ive learned many more lessons,
the three that Ive chosen to share in this article are, in my view, especially important for leaders in both
the public and private sectors because we are all becoming increasingly connected through modern
information technology. This means we all share in the exploding opportunities as well as the escalating
risks. Below are my top three lessons and I will attempt to add more context in subsequent paragraphs to
help both government and industry leaders understand why all sectors of society should care about these
key points:
1. Strong teamwork and effective partnerships are essential to cybersecurity success.
2. The world is changing dramatically and so too must the balance between opportunity and risk in
the information technology decision-making environment.
3. As more nation-state militaries become involved in cyber operations, we must shine more light
on what they are doing and why, in order to set accurate expectations and prevent mistakes.
Lesson number one is about a real need for teamwork and effective partnerships. If I had to come
up with a motto for this lesson it would be, Make friends lots of friendsyoure gonna need them! If
you think you can go it alone in the cybersecurity business, think again. Many different organizations,
both public and private, have critical roles and responsibilities in the cybersecurity environment, but no
single organization has all the skills, talent, resources, capabilities, capacity or authority to act effectively
in isolation. It truly does take a team approach and strong partnerships to operate effectively. However,
creating trusted, credible partnerships requires significant dedication of time and energy from the leader-
ship of an organization. It doesnt happen overnight and must be continuously cultivated. I spent the big-
gest portion of my personal time as a cyber leader building teams and strengthening professional rela-
tionships with the leaders of other organizations who played an important role in our shared objectives. I
also invested a considerable amount of time trying to reduce the inevitable bureaucratic friction that peri-
odically pops up in the form of turf battles by using that trust that comes from strong personal leader-
ship bonds developed carefully over time. These turf battles usually arose because the relatively new
term cyber crosses so many legacy boundaries. In fact, its hard to find an organization these days that
doesnt think it has a key role to play when it comes to cyber. Sometimes this causes a clash of roles, re-
sponsibilities and equities. Good leaders figure out ways to navigate these rough waters.
1
I acknowledge the assistance of Clif Triplett, Managing Partner at SteelPointe Partners, in the development of this article. Clif is a dear old
friend, a 1980 West Point classmate, and a highly successful and well respected leader in the information technology field within industry. I
asked Clif to help me articulate my personal lessons in ways that would be most meaningful to leaders in the private sector, and Im ever
grateful for his insight and edits.
10

12
So how does a leader develop and cultivate credibility and trusted relationships? In my experience
there is no single answer, but one of the most important aspects of building trust and credibility involves
the development of shared goals and objectives and making progress toward them. Every leader of every
organization involved has to see not only whats in it for themselves and their own organizational inter-
ests (often a competitive, win/lose view), but how the achievement of the larger outcome will contribute
to whats best for the collective effort while not significantly eroding internal interests (often a coopera-
tive, win/win view). This is not easy to achieve, it takes long-term commitment, and the development of
personal leader-to-leader bonds based on honesty and compassion can help significantly. I use the term
compassion very deliberately. In my experience, an effective leader in a partnership must be able to see
and feel things from the other leaders views and interests. However, that doesnt mean you always have
to agree. This is where honesty plays an important role, and as long as it is accompanied by genuine re-
spect, I have found that respectful disagreements can sometimes even strengthen the partnership.
Within the Defense Department, one might characterize the types of partnerships we strove to
build using four categories, that I sometimes referred to as the four Is:
The first category was internal to the Department. If you want to be an effective member of any
team and not sit out the game on the bench you have to first build credible capabilities internal to
your own organization. In an organization as large and diverse as DoD, that meant creating a joint
culture that provided the Army, Navy, Air Force, Marine Corps and dozens of other DoD agencies
and unified commands with enough flexibility to address their individual, unique operational re-
quirements while at the same time recognizing a climate of shared operational opportunities and
risks. Establishing common joint operational objectives was key to keeping the teamwork strong
across traditionally competitive barriers. In an environment of diminishing resources it also just
plain made sense to reduce redundancy, eliminate waste and allow for everyone to share in a best
of breed dynamic. The considerable effort required to build our internal team was best memorial-
ized in DoDs initial strategy for operating in cyberspace in 2011. This original strategy was recently
updated in a new DoD Cyber Strategy which was unveiled publicly by Secretary of Defense Ash
Carter at Stanford University last April, 2015. Beyond these strategies, an implementation process
was put in place to routinely bring the broader team together, review progress, and identify issues
to be resolved. This process produced recommendations for senior DoD leaders to make decisions
and move forward in tangible ways to achieve the strategy goals and objectives.
2011 and 2015 DoD Cyber Strategies

11

13
The second category was the cross governmen- these international partnership forums to-
tal partnership known as the interagency. gether, we encourage not only our counter-
The U.S. policy and approach is about a part Ministry of Defense players to partici-
whole of government effort that is required pate, but also recommend a whole of gov-
to be effective. The U.S. policy includes sev- ernment approach from our partner nations.
eral different types of oversight, including We do so in order to share our lessons in
policy, operational, legal, and even congres- dealing with challenges not only within DoD,
sional oversight in most cases. Within the but also across our own various U.S. govern-
Defense Department these types of over- ment and industry partners.
sight shape the way we organize, train and
equip forces to perform DoDs role, but with- The fourth and last category has to do with
in the context of a much broader team ap- industry teamwork and partnerships. In
proach. These types of oversight also shape my view, this is the most important of all
the way we impose policy limitations on our partnerships because industry owns and op-
military cyber forces and capabilities. Howev- erates the vast majority of the worldwide
er, in contrast to the restrictions imposed on information technology environment. This
the military role, this kind of approach actu- partnership is also sometimes the most com-
ally provides a much broader range of op- plex. In the Defense Department, as in just
tions across all elements of national power about every other U.S. government agency
for national leadership decision making. Mili- that I know, we rely on many aspects of the
tary options are simply one part of a much information technology environment that
larger and more comprehensive whole. we do not directly control in order to per-
form our vital national security mission. This
The third category deals with international requires effective partnerships with industry
partnerships. Doing cybersecurity effectively involving critical infrastructure cybersecurity
requires international partnerships and standards for protection and defense, and
working together toward common goals and information sharing about threat indications,
objectives. It also requires a great deal of re- warning, events and incidents, as well as our
al respect for the cultural differences that own vulnerabilities and effective response
may exist, and finding credible ways of ac- actions. We have taken a voluntary approach
commodating them in the development of to these aspects of our partnership with in-
common goals and objectives. We have had dustry. Further collaboration and develop-
a concerted effort in the Defense Depart- ments are necessary to accomplish fully
ment to begin building those partnerships effective and comprehensive information
with a growing array of nations in addition to sharing and adherence to a higher security
our longstanding, closest allies in NATO, and posture. We have not yet solved that prob-
with the United Kingdom, Australia, Canada lem in the U.S., but we are making progress
and New Zealand particularly in the Mid- to develop information sharing mechanisms
dle East and Asia Pacific regions. The reason and cyber security standards, and promoting
is that in order to fulfill our defense alliance them through strong, expanding voluntary
obligations to each international partner we partnerships as well as the sharing of best
must rely on critical information technology practices.
infrastructure that we do not directly con-
trol. In order to understand what is happen- As one can see, we have been casting an ever
ing in that environment so that it can be se- widening net to build and strengthen partnerships
cure and support DoDs mission, we have to across not only the various organizations within
establish these kinds of relationships. It is DoD, but weve reached out to key members of the
also worth noting that when DoD brings interagency, international and industry teams as
12

14
well. This has been a very deliberate part of DoDs growing threat has now moved into the realm of
policy and strategy, because without effective disruptive activities, sabotage, intimidation, threat
teamwork and trusted partnerships, we know it is of violence, and even destruction of both infor-
impossible to achieve success. You simply cannot mation and the associated systems and networks
go it alone in the cybersecurity business unless you that can support critical infrastructure. This end of
want to lose spectacularly. the balance needs everyones attention, because in
my view lives can be at stake, and our national and
Lesson number two is about the changing bal- economic security posture can be put at risk if we
ance between opportunity and risk. If I had to come dont achieve a better balance than the one we
up with a motto for this lesson it would be, Its not choose to live with today.
if, but when! The cybersecurity problem is going to
get worse before it gets better, and our decision Lets face it: We make it too easy for a wide
making process must adapt. Our exploding reliance range of threats in the cyber landscape to compro-
on information technology for all that we do in to- mise our computing environments. We inadequate-
days modern environment stands in stark contrast ly protect and defend our intellectual property and
to the inadequacy of the security of that environ- much of our critical infrastructure as a nation. We
ment. Traditionally, technology has been driven by do even worse in protecting our personal infor-
opportunity, while security and risk management mation as individuals. We are simply not as careful
have always chased from behind, trying to catch up. about scrutinizing whos knocking on our electronic
Some have said that for the longest time opportuni- front door in the same way we are very careful
ty is baked in our information technology envi- about whos knocking on the actual front door to
ronment, while security is bolted on afterwards. our house or business. I remember a time as a kid
In my experience, I believe this large imbalance be- when we left our front door unlocked at night and
tween opportunity and risk is changing. It is chang- left the keys in the car. Time and culture have
ing slowly and unevenly, but I believe it is changing changed all that, and perhaps we should consider a
in no small measure due to the alarm bell that similar change to the way we implement some basic
the national security community has been ringing standards and discipline for our online behavior
about the growing cyberthreat for the past several based on todays changing cyberthreat landscape.
years. Getting a better balance so that security is
woven into the fabric at the core of every IT project This points to what I consider a very important
is important because of whats at stake. aspect of the shifting balance between opportunity
and risk, and thats the human dynamic. While
On one end of the balance is the need for an theres no doubt that cybersecurity, and cyber oper-
open, secure, and reliable internet. This end of the ations in general, are very technically oriented activ-
balance also includes the need for establishing re- ities, we should never forget the human dimension
sponsible norms of internet behavior. It includes the to the cyber environment. Theres a human brain
need to protect freedom of expression, personal behind the development of every malicious soft-
privacy and civil liberties as well. Finally, one of the ware code or technique used to deliver it, just as
most important factors underpinning the oppor- theres a human hand on every keyboard executing
tunity end of the balance is the need to drive eco- decisions about what to do. In my personal experi-
nomic innovation. These have been and always will ence, the bulk of our cybersecurity problems are
be fundamental to our values and way of life as not on the technical side, though there is a very im-
Americans, and it is very much the same with many portant place for technical solutions that I will ad-
of our international partners. dress in a moment. The bulk of our cyber problems
can be traced to human issues basic standards of
On the other side of the balance is a threat that conduct, discipline and accountability. As an organi-
is growing in scope and sophistication, and it is not zational issue, this is also a leadership problem
just hacktivism, criminal activity and espionage. This
13

15
(or as we like to say in the mili- clude the most serious incidents tic, extremist regime that can un-
tary, this is Commanders busi- of all the Wikileaks breach and dermine morale, effect productivi-
ness). As a result of recent events the Snowden disclosures, which ty and result in a counterproduc-
in the private sector, like Target, we classify as insider threats tive environment.
Niemen Marcus, Anthem, Home another human dimension prob-
Depot, etc., this is becoming a lem. Once a leader gets the human
Boardroom issue rather than As I mentioned earlier, there dimension right, an organizational
something left to the sole pur- is definitely a place for technology culture of strong standards and
view of the IT staff or the Infor- on the risk side of the balance discipline and enforced accounta-
mation Security Officer. just as it certainly drives the op- bility follows. In my experience,
portunity end. Technology must the result is that any organization
In fact, I cannot think of a sin- be part of a comprehensive ap- can use improved standards and
gle cyber incident or event in proach that includes indications discipline to wipe 80% of the
which I have personally been in- and warning about the threats, noise from the radar screen
volved over the past decade as cyber threat prevention--minded and focus the rest of the compre-
part of the Defense Department and layered defenses, resilience hensive approach on the 20% of
that was not primarily the result (and you MUST plan for breach - it the challenge that counts. This
of a human deficiency in stand- is inevitable, but can be accepta- includes prioritizing application of
ards, discipline and accountability. bly mitigated with solid planning the most sophisticated technolo-
Several key examples come to and routine rehearsals), and re- gy solutions for threat indications
mind. First there was the 2008 sponse options (but most re- and warning, prevention and pro-
malicious software infection of sponses must come from govern- tection, and resilience and recov-
DoDs classified networks, caused ment because of laws and author- ery to support what is most im-
by the insertion of infected ities). However, technology is just portant to the organizations suc-
thumb drives by elements of our one component, as are policies, cess (in military terminology that
own forces because of the need people and processes. In my view, means the mission). A prioritized
to move information quickly the most important part of the approach is much more effective
against the terrorist and insur- comprehensive approach is get- than trying to protect and defend
gent threats in Iraq and Afghani- ting the human dimension right everything against all threats
stan. Then a little over three years with better standards of conduct, (which means that youre strong
ago there was a damaging pene- discipline and accountability. This nowhere). This kind of compre-
tration of the unclassified Navy is the leaders task. hensive approach should speak to
Marine Corps Intranet (NMCI) by business leaders just as much as it
a cyberthreat because a simple How does a leader get people does those in government. It al-
patch had not been administered, in the organization to care about lows leaders to balance oppor-
allowing a relatively unsophisti- this? Again, there are no magic tunity and risks using all the tools
cated structured query language solutions in my experience. It available to make wise decisions
injection technique to successfully takes a combination of education, about the allocation of resources
penetrate a hole and spread, making the issues more personal and assets while managing risk in
putting the entire system at risk. and closer to home, and getting ways that protect only whats
Finally, we had the Joint Chiefs the people in the organization to most important while not break-
unclassified email system breach see the risks and how to assess ing the bank.
over this past summer, caused by them against other competing
a clever spearphishing technique interests. It also takes a willing- Whats at stake in getting the
and one of our own users not ness to establish and enforce real opportunity/risk balance right?
carefully checking to see who was consequences to unacceptable From my perspective, U.S. and
at the electronic front door. behavior. This takes creativity and global critical infrastructure and
These examples dont even in- ingenuity, instead of an unrealis- key resources are at stake. Nat-
14

16
ional security, international stabil-
tal efforts (both legitimate and Clarity and transparency from
ity and economic viability are at corrupt) to counter them. Howev- the U.S. military is also important
stake. Public health and welfare er, in recent years weve wit- to interagency, international and
interests are also at stake. Public nessed a growing number of na- industry partners alike, for practi-
and private sector leaders have to tion state militaries, including our cal reasons. This is because we
think hard about the balance and own, that are building military need to be clear about creating
make it a priority to get it right forces and capabilities. When you accurate expectations of what
and keep it right as things change talk about the use of uniformed the U.S. military cyber missions
in a very dynamic information military forces and capabilities in are, and just as importantly, are
driven world. the cyber world, in my view we not. As a result of the U.S. cyber
should shine a bit more light on policy deliberations over the past
Lesson number three is about what they are doing and why they several years, and keeping in mind
the need for greater clarity and are doing it including our own the notion of teamwork, partner-
transparency. If I had to come up U.S. military cyber forces. ships and a whole of government
with a motto for this lesson it approach that the U.S. cyber poli-
would be, Dont expect the caval- Why is that important? It is cy embodies, the Defense Depart-
ry for every problem, so be ready absolutely critical to reduce un- ment cyber mission has been clari-
to do your own part! I believe we certainty and the chances of mak- fied in the recently published DoD
need to shine more light on what ing a mistake. It is also important Cyber Strategy. While two of the
the worlds militaries are doing in to increase stability and control three DoD cyber missions have
cyber so that we set accurate ex- escalation. In the past several always existed and remain con-
pectations and avoid a range of years those of us working cyber in stant (defending DoDs own infor-
dangerous miscalculations. Cyber national security have witnessed mation networks and combat sys-
can be a scary term, evoking a an alarming growth of activities tems, and providing cyber opera-
mysterious virtual world that has within our nations systems and tional capabilities alongside tradi-
its own terminology, culture, val- networks, including some of our tional land, maritime, air and
ues and norms. I agree with what most sensitive critical infrastruc- space capabilities to support the
the Chairman of the Joint Chiefs, ture such as transportation, elec- contingency plans and operations
General Dempsey, once said tricity and power, oil and natural of our Combatant Commanders),
about the need to demystify gas, telecommunications, and a new mission for DoD has
cyber and speak with much more even in our most sensitive military emerged within the context of
clarity and transparency as a mili- networks. When we see activity the broader U.S. government ap-
tary and as a nation. There are that is attributed to sophisticated proach. This new mission de-
both principled as well as practi- capabilities, with no explanation scribes how DoD is responsible
cal reasons for doing this, so let of intentions well, thats some- for being prepared to defend the
me explain my personal perspec- thing that keeps national security nation and its vital interests in all
tive on why this is so important. professionals up at night. This is domains, including cyberspace.
especially true when the ob-
Historically, many of the served activity and capability ap- What should be clear to our
worlds most sophisticated organ- pear to have nothing at all to do various partners? This new role is
izations and capabilities in the with criminal or espionage inten- not about DoD riding to the res-
cyber arena grew up in the under- tions, and may be viewed as an cue of any private sector entity
ground. They matured in darkness act of preparation for something that has a routine, criminal cyber
and anonymity. Political activism, much more serious. It is extreme- incident, or even one that doesnt
crime and espionage are charac- ly destabilizing because of the lev- involve serious national security
teristic of activities which seek el of uncertainty, and the chances interests. Just as important, this
the darkness so that they can of misperception and a resulting new role is about DoD gaining an
flourish in the face of governmen- mistake are unacceptably high.
15

17
exquisite understanding of the significant foreign cyber threat intentions, operational posture, research
and developmental activities, cyber capabilities, supporting infrastructure, operational activities and their
potential impact. It is also about being in a position to take action - when authorized by the highest level
of national authorities - to counter that cyber threat if it is assessed as going to cause, or already causing,
significant consequence. The term significant consequence has specific meaning in the form of loss of
life, significant disruption or destruction of critical infrastructure, or other significant national or economic
security consequences such as adversely impacting a military response or risking economic collapse. It is
extremely important for our industry and international partners to understand DoDs roles and responsi-
bilities, as well as those of other U.S. government agencies, so that they can plan their own roles and re-
sponsibilities more effectively as part of a collective effort.
During my time working cyber at the Pentagon we made a deliberate decision to begin to more clearly
explain what we are doing as a U.S. military, why we are doing it, and how we are exercising very careful
control over what we are doing as a responsible nation. In fact, it may surprise some to know that we in-
cluded nations such as China and Russia in this discussion, and I had the opportunity to participate directly
with my military counterparts. While more clarity and transparency
are needed, especially from the growing array of nations that are
building cyber forces in their militaries, there is also a need for some
balance in the decision about how much transparency is required.
After all, when you are in the business of the military you do not
want to give away an operational advantage. However, I believe
that we do need to talk more openly about what we do and you are
seeing a more open and transparent posture from DoD continuing
today. We are setting an example of how a responsible nations mili-
tary acts, and we expect others to follow this example. One very
practical benefit in being more clear and transparent is that you can
use military cyber capabilities more effectively in a deterrent role by
doing so, and I think we are just beginning to tackle that issue within
DoD and the U.S. government.
As I mentioned at the start, there are many more lessons that Ive learned over my tenure at the De-
fense Department. The three lessons that I share in this article are meant to help leaders in both the pub-
lic and private sectors focus their attention on those things that Ive seen make the biggest difference in
effective cyber policies and strategies:
1. Build trust and respect across your organization and with critical external partnerships, and con-
stantly cultivate them with great care and attention.
2. Prioritize efforts based upon an accurate assessment of todays risk, but dont ignore the opportuni-
ties that you may encounterthen apply a comprehensive approach (people, processes and technology)
with the human dimension as your top priority and technology prioritized and surgically applied toward
the organizations most vital functions.
3. Understand the limited (but vital) role that the military and other government agencies have as
part of a collective cyber security effort, and the resulting impact on your organizational responsibilities as
an effective member of the broader public/private partnership required for us to be successful together.
16

18
About the Author
John A. Davis
Vice President, Federal Chief Security Officer
Palo Alto Networks
Retired U.S. Army Major General John A. Davis is the Vice President and Federal Chief Security Officer for
Palo Alto Networks, where he is responsible for expanding cybersecurity initiatives and global policy for
the international public sector and assisting governments around the world to successfully prevent cyber-
security attacks.
Prior to joining Palo Alto Networks, John served as the Senior Military Advisor for Cyber to the Under Sec-
retary of Defense for Policy and served as the Acting Deputy Assistant Secretary of Defense for Cyber Pol-
icy. Prior to this assignment, he served in multiple leadership positions in special operations, cyber, and
information operations. His military decorations include the Defense Superior Service Medal, Legion of
Merit, and the Bronze Star Medal.
John earned a Master of Strategic Studies from the U.S. Army War College, Master of Military Art and Sci-
ence from U.S. Army Command and General Staff College, and Bachelor of Science from U.S. Military
Academy at West Point. He also serves as an advisor of the MCPA.
17

19
What You Should Understand about
the Internet of Things (IoT)
by Kemal Piskin
The International Telecommunica-

tions Union defines the Internet of
Things (IoT)[1] as "A global infra-
structure for the information socie-
ty, enabling advanced services by
interconnecting (physical and virtu-
al) things based on existing and
evolving interoperable information
and communication technologies."
If you're wondering what the heck
that means, then simply understand
that all the little doo-dads and thing-
a-ma-bobs that want to connect to
your wireless network at home to
provide a lot of cool features or ser-
vices may also impact your privacy.
of your health.[2,3] While on the surface
some of this data sharing may seem trivial,
once you provide your information, you
immediately lose control over what hap-
pens to it. Those lengthy user agreements
that vendors make you sign off on most
likely provides language to protect them,
not the user.
Additionally, IoT accelerates the obsoles-

cence of durable goods such as washers,
microwave ovens and televisions. The rea-
son for this is simply because businesses
cannot turn a profit if they have to provide
software support for the life of these items
Your computer and smart phone are becoming al- and computer technology is cost prohibitive to up-
most trivial portions of your connected life. As more grade after a certain point. So while the mechanical
and more appliances, tools, vehicles and other eve- portion of your washing machine may work just fine
ryday use items become internet connected, more for the next 12 years, the IoT portion has lost its se-
and more of your private life is revealed. A few ex- curity edge after 24 months because the manufac-
amples can be the ability to track your driving hab- turer stopped issuing updates.[4]
its, what you watch on TV, know how much energy
you consume, know when you're home (or not), Although there is a foundation for an IoT standard
what you stock in your refrigerator, and the status that includes security elements, not all IoT enabled
18

20
devices provide even the most basic security features. And since many IoT devices include memory and
processing capabilities, can you be sure that the TV you bought is only performing the functions you allow
it to? How do you know they are secure? Recently Chrysler announced that millions of their cars could be
affected by wireless access hacking. They only went public after the Government forced them to and then
issue a patch for all their cars. A similar situation exists for some Chevrolet Corvettes.[5] Many "smart"
televisions are easily hackable since security was an afterthought to collection of all your personal view-
ing habits. Earlier this year, I discussed APT threats with my company staff, and IoT is no exception to be-
ing one of their targets. Just a few months ago, The security company, BlueCoat, reported that they dis-
covered an APT exploited IoT BotNet.[6]
So how do you protect yourself? You have options. Some may even save you money:
First, when purchasing an appliance, consider the features you need. Typically "smart" or "connected"
devices cost more than their non IoT version. If the smart features aren't overly compelling, skip them
and keep some extra money in your pocket.
Does the device still work without internet services enabled? If so, you may want to consider not con-
necting it to your network.
If the device doesn't require a strong password, use one anyway.
Does the device you're considering buying provide services you already have? There is a lot of overlap
in home IoT items. For instance, your smart TV may provide access to NetFlix, but so does your Roku
or ChromeCast. Do you need them both to provide that connectivity?
Before you buy, visit the vendor's website and read their user/privacy agreement so you understand
how they interpret their responsibilities to you as a consumer. What do they do with your data? Do
they re-sell it? If you are not comfortable with their privacy statement, you may want to reconsider
buying an IoT capable device from them.
[1] ITU, Internet of Things Draft Standard, August 9, 2015

[2] HP, Internet of Things Research Study, December 2014
[3] OWASP, OWASP Internet of Things Top Ten Project, December 2014
[4] ZDNet, IoT Device Security Degrades Over Time, August 11, 2015
[5] Wired.com, Hackers Cut Corvette Brakes Via Common Car Gadget, August 11, 2015
[6] BlueCoat, BotNet of Internet Things, January 9, 2015
About the Author

Kemal Piskin, (kpiskin@lgsinnovations.com) is a retired Naval
Officer who spent his career within the cryptologic and infor-
mation warfare fields. Since military retirement, he has con-
tinued supporting his country as a defense contractor, primari-
ly focused on cyber security, and currently serves as LGS Inno-
vations Corporate IT Security Manager. Mr. Piskin holds a Mas-
ters Degree from Bowie State University and is CISSP certified.
19

21
The National Military Strategy
from a Cyber Perspective
by Michael Lenart
used by these empowered entities are mostly the
The National Military Strategy of the United States same as those used by Joint Forces. Further, these
of America 2015 (NMS) illustrates that cyber-related technologies have security weaknesses (protocols
issues, capabilities, and threats have become com- developed without security in mind, poorly written
monplace in how the U.S. military perceives the code, etc.) that adversaries can exploit, leaving
global security environment. Though cyber issues Joint Forces vulnerable unless they expend the
are not a dominant theme in the NMS, they receive effort and resources necessary to mitigate risk. Con-
relatively significant attention in various portions of versely, these same weaknesses provide Joint Forc-
the document. This attention highlights how cyber es with opportunities to gather intelligence and
continues its evolution from a new trend that gets conduct cyber attacks against adversaries. As a re-
discussed around the margins, to being a major part sult, whether theyre targeting or benefiting friend-
of how the defense establishment does business. ly forces, information technologies and cyberspace
operations are now a prominent component of the
This article will illustrate that evolution by surveying
strategic environment.
and briefly elaborating upon the attention paid by
the NMS to cyber issues, as these issues appear in Another particularly important part of this opening
each of the NMS's four major sections: I. The Strate- section discusses how state actors are using infor-
gic Environment, II. The Military Environment, III. An mation sharing technologies to their advantage.
Integrated Military Strategy, and IV. Joint Force Ini- These technologies facilitate states' development
tiatives. of capabilities previously dominated by the U.S.,
such as early warning and precision strike. With this
Moreover, recognition of cyber issues increasingly in mind, U.S. offensive cyber capabilities must form
everyday role in defense not only illustrates how part of the portfolio designed to counter adversary
times have changed, but also gives hints as to how states' newfound suite of high-tech systems. In-
times will change as cybers evolution continues. deed, the distance from which cyber attacks can
I. The Strategic Environment occur may sometimes make offensive cyberspace
operations a preferred method of targeting state
The NMS's opening section on the strategic envi- adversaries high-end systems.
ronment highlights the global spread of information
Getting more specific, the NMS's opening section
technologies that empower individuals, groups, and
also highlights North Korea's increased propensity
governments. Such technologies provide more in-
to conduct cyber attacks, to include one that
formation than these entities have ever had, and
caused "major damage to a U.S. corporation."
allow them to share that information quickly. Thus,
When considered in conjunction with Iran's attacks
people and governments can mobilize more quickly
on Saudi Aramco and other targets, North Korea's
and effectively than ever before, presenting Joint
growing offensive cyber capabilities signal that the
Forces with a more volatile environment.
U.S. must concern itself with cyber state actors oth-
This phenomenon of readily available, easily shared er than traditional advanced threats like Russia
information relates to information operations more and China.
broadly than to cyberspace operations specifically,
II. The Military Environment
but one can infer the cyber implications fairly easily.
For one, the basic information technologies now The second section of the NMS specifically calls out
20

22
cyber capabilities among those that state actors may targeted.
use to "curtail access to the global commons" and
"contest regional freedom of movement." This III. An Integrated Military Strategy
brings to mind China's well-documented develop- The heart of the NMS, Section III outlines the U.S.
ment of anti-access/area denial (A2/AD) concepts and Military's three National Military Objectives (NMOs).
capabilities. Attacks on U.S. logistical networks- of- The section then discusses the Joint Force's employ-
ten unclassified- can greatly disrupt the flow of Amer- ment of Globally Integrated Operations as detailed in
ican forces and materiel into theater, and attacks on "The Capstone Concept for Joint Operations: Joint
command and control (C2) networks can frustrate Force 2020." This discussion of globally integrated
U.S. forces' employment and maneuver within thea- operations is then applied to the twelve Joint Force
ter. Thus, defensive cyberspace operations and the Prioritized Missions.
resilience of networks under attack are vital from
home station all the way to the final objective. In discussion of the first NMO, "Deter, Deny, and De-
feat State Adversaries," the strategy states that
This section of the NMS also states that violent ex-
homeland defense efforts include growing invest-
tremist organizations (VEOs) are exploiting infor-
ments in the cyber realm designed to protect vital
mation technologies as well, to "propagate destruc-
networks and infrastructure. These vital networks
tive ideologies, recruit and incite violence, and ampli-
and infrastructure include both those of the military
fy the perceived power of their movements." In addi-
and key civilian assets. Protecting military assets re-
tion, VEOs use "tailored cyber tools" among other
quires defensive cyberspace operations and the as-
capabilities to "spread terror," as Matt Lembright
pects of Department of Defense Information Net-
described in ISIL's recent doxing of U.S. military per-
work Operations (building, configuring, operating
sonnel and attacks on French media sites. Conse-
networks) that involve security. The Joint Forces
quently, though state actors present the much great-
role in protecting key civilian networks and infra-
er cyber threat, VEOs cannot be overlooked, especial-
structure falls on the National Mission Teams of U.S.
ly as the years pass and more coming-of-age VEO
Cyber Command.
members have had lifelong exposure to information
technologies. The NMSs discussion of the first NMO also places a
premium on resilient logistics and transportation in-
Between state and non-state violence lie hybrid con-
frastructures, networked intelligence, and strong
flicts. As explained by the NMS, hybrid conflicts may
communications links. These all require properly de-
consist of military forces assuming a non-state iden-
veloped and defended networks. Furthermore, this
tity or involve a VEO employing rudimentary com-
section states that should an adversary attack the
bined arms capabilities. Alternatively, hybrid con-
U.S. or its interests, we are prepared to project
flicts may involve state and non-state actors work-
power across all domains. This inherently includes
ing together toward shared objectives, employing a
cyber, given its recognition in Joint doctrine as a do-
wide range of weapons such as we have witnessed in
main.
eastern Ukraine. Among the "weapons" used in
Eastern Ukraine (and other hybrid conflicts such as Going a step further, projecting power across all do-
Georgia in 2008) were cyber tools. In instances such mains requires doing so in an integrated fashion. A
as these, it is often unclear whether the attackers foreign example of this may be found in Israels 2007
were military forces or patriotic or state-sponsored attack on a Syrian nuclear reactor, when Israeli jets
hackers. As Jason Healey writes in A Fierce Domain: reportedly electronically fired malicious code into
Conflict in Cyberspace 1986 to 2012, however, the stra- Syrian air defense radars. The code then compro-
tegic circumstances at the time of the attack general- mised the air defense network, leaving Syrian air de-
ly make clear which country the attack originated fense personnel manning their systems unaware that
from. Thus the usual challenge of cyber attribution Israeli attack aircraft were approaching. If this opera-
can be narrowed a bit. Furthermore, as attribution tion occurred as reported, it represents a compelling
capabilities improve, hybrid actors may perhaps be real-world example of the integration of the air and
21

23
cyber domains (not to mention the integration of
cyberspace operations and electronic warfare).
Another example of integrating cyber with other
domains may be found in the Army-Army-Marine
Corps-USSOCOM Strategic Landpower White Paper,
which introduces the Strategic Landpower Task
Force and specifically charges it with studying the
convergence of the land and cyber domains. Ac-
cordingly, the Army has begun introducing cyber
support (and attack) to forces conducting exercises
at home stations and major training centers.
Dubbed Cyber Support to Corps and Be-
low (CSCB), this initiative made its debut in 3rd Bri-
gade Combat Team (BCT), 25th Infantry Divisions
recent Joint Readiness Training Center rotation. Ac-
cording to a July 16th Army STAND-TO! announce-
ment, Army Cyber Command support to 3rd BCT
included incorporating more robust cyber effects
into training scenarios; training and educating the
BCT on threats, tools, tactics and capabilities; and
integrating cyberspace operations into planning
and targeting. As in the early days of air power,
when U.S. forces had to learn to integrate air opera-
tions with maritime and land operations, so now The third NMO, "Strengthen Our Global Network of
must they integrate cyber operations with mari- Allies and Partners," emphasizes the importance of
placing our most advanced capabilities and greater
time, land, air, and space operations. Initiatives like
CSCB illustrate that U.S. forces have moved well be- capacity in the Asia-Pacific, in support of the De-
yond the concept phase in doing so. partment of Defenses rebalance to that region.
This section explicitly mentions cybersecurity as one
The NMSs discussion of the second NMO, "Disrupt, of the components of the rebalance, and adds that
Degrade, and Defeat VEOs," does not explicitly when partnering with advanced partners like
mention cyber. It does note, however, that defeat- NATO, Australia, Japan, and Korea, our exercises
ing VEOs requires an appreciation of the nexus be- emphasize sophisticated capabilities such assuring
tween such groups and transnational criminal or- access to contested environments. This again
ganizations [in order to] disrupt illicit funds, brings to mind Chinas A2/AD efforts, and U.S. and
weapons, and fighters that are flowing into conflict- partner efforts to overcome them.
ridden regions. Much of the intelligence and oper-
ations necessary to understand and target VEO- A potential example of this received public atten-
criminal relationships occur in the cyber domain. tion when in late May, the Department of Defense
Though the smarter among them limit how often and Japans Ministry of Defense issued a Joint
they do it, VEO members communicate via infor- Statement of the U.S. - Japan Cyber Defense Policy
mation technology networks like the vast majority Working Group outlining how extensive their securi-
of the rest of the world. Thus, building the intelli- ty relationship is becoming. In particular, this rela-
gence picture of a VEO or particular members of it tionship will include incident response, to include
often includes monitoring their e-mails, identifying attacks that occur in concert with physical attacks
steganography in VEO-affiliated web pages, etc. on Japanese territory. This relationship will also in-
22

24
-include cooperation on information assurance, and systems.
defensive cyberspace operations, and information
security. In addition, the two militaries will explore The same Task Force even goes so far as to recom-
ways to increase operational cooperation between mend incorporating strategic-level offensive cyber
cyber units, and address threats to electronic ser- attacks into the U.S.s overall deterrence strategy
vices used by the Japan Self-Defense Forces and along with nuclear and high-end conventional strike
U.S. Forces, Japan. Also, the two partners will en- capabilities. Though this is an undertaking not to be
hance their already healthy sharing of cyber threat entered into lightly, it vividly highlights how revolu-
and vulnerability information, as well as best prac- tionary cyber capabilities and capacities may one
tices on military training and exercises, education day become.
and workforce development. The statement adds
Provide for Military Defense of the Homeland. This
that this may even extend into site visits and com-
mission explicitly cites the Cyber Mission Force as a
bined training and exercises.
key capability. Specifically, this would include the
National Mission Teams, which are charged with de-
Following Section IIIs discussion of the three NMOs
fending key U.S. infrastructure from strategic-level
is a subsection called Advance Globally Integrated
cyber attacks. It would also include U.S. cyber forc-
Operations. Introduced in the Capstone Concept
es sharing information with law enforcement on
for Joint Operations: Joint Force 2020, globally in-
threats the military cannot legally or feasibly act up-
tegrated operations is the Chairman of the Joint
on.
Chiefs of Staffs vision for how future Joint Forces
will operate. Among other requirements, integrated Defeat an Adversary. Again the NMS calls for the abil-
operations rely upon a global logistics and trans- ity to project power across multiple domains to de-
portation network, secure communications, and cisively defeat the adversary. As cyber is a domain,
integrated joint and partner intelligence, surveil- cyberspace operations are inherently included in
lance, and reconnaissance (ISR) capabilities. As dis- this prioritized mission. On a more operational level,
cussed previously, logistics and C2 networks require cyberspace operations design, build, configure, se-
secure communications from ports of embarkation cure, operate, maintain, and sustain friendly net-
all the way to the objective, as do ISR networks. works; defend against attack; and attack adver-
This underscores the importance of defensive cy- saries networks and systems. These are fundamen-
berspace operations and network resilience in con- tal functions on the modern battlefield.
ducting globally integrated operations.
Combat Terrorism. As discussed in NMO 36, building
Additionally, the globally integrated operations con- the intelligence picture of a VEO or particular mem-
struct is applied across DoDs twelve prioritized mis- bers often includes monitoring e-mails, breaking
sions. Those with significant cyber implications are into their networks and web servers, etc.
discussed below. Deny an Adversary's Objectives. Along with Re-
spond to Crisis and Conduct Limited Contingency
Maintain a Secure and Effective Nuclear Deterrent. Operations, this mission is very similar to Defeat an
The Defense Science Board Task Force Report Adversary but is less ambitious, intended not to ren-
Resilient Military Systems and the Advanced Cyber der an enemy ineffective but to respond quickly and
Threat explains that while the term survivability powerfully enough to prevent him from accomplish-
in a nuclear context traditionally refers to physical ing his goals. Among other things, these missions
resilience in the face of a nuclear strike and its ac- require well trained and equipped surge forces at
companying effects (e.g., electromagnetic pulse), in home, robust transportation infrastructure and as-
todays environment cyber resilience must be add- sets, and reliable and resilient communications links
ed to ones conception of survivability. This high- with allies and partners. Well trained and
lights the importance of properly building, configur- equipped surge forces increasingly include cyber
ing, maintaining, and defending strategic networks forces. Robust and resilient transportation and co-
23

25
-mmunication assets must be defended in the cyber shift speaks more to culture and to information op-
domain as well as in the physical domains. erations in general than to cyberspace operations in
particular, but a younger generation more frequent-
Conduct Military Engagement and Security Coopera- ly using electronic devices is one that will produce
tion. As discussed with the U.S.-Japan security rela- more individuals interested in the protocols, net-
tionship above, multinational partnering occurs works, and software that connect them. Thus, at-
among cyber forces as well as among forces in the tracting future talent and shaping the future force
physical domains. Moreover, the relatively incon- must account for the shifting assumptions, culture,
spicuous and logistically modest nature of cyber ac- and aptitudes of a more electronic generation.
tivities may even sometimes make cyber partnering
a preferred method of military partnering. Addition- The Processes: Capturing Innovation and Efficien-
ally, the very fact that cyber-related interactions can cies subsection cites the importance of DoDs Bet-
occur in two geographically distant places further ter Buying Power (BBP) 3.0 initiative. The cyber con-
enhances the feasibility of frequent, meaningful en- nection here is that BBP 3.0 stipulates that new ma-
gagement. terial capabilities must be developed with cyberse-
curity integrated into their design from the earliest
IV. Joint Force Initiatives
stages of their life cycles. This recognizes that key
The final section of the NMS outlines enabling ac- characteristics cannot be tacked onto a system af-
tions DoD is undertaking in support of the strategy. ter its major design elements have been produced.
Like the remainder of the NMS, this section has sig- It further recognizes that cybersecurity does not
nificant cyber implications. begin once the final system is developed; the supply
chain and the component parts that produced the
For one, the People and the Profession of Arms system must be secure as well.
subsection notes how todays youth grow up in a
thoroughly connected environment. They are com- The final subsection, Programs: Sustaining Our
fortable using technology and interactive social Quality Edge, begins with a passage replete with
structures to solve problems. Again, this social cyber implications that is worth quoting at length:
24

26
ISR platforms and the Cyber Mission Force,
among others.
One can see from the above passages that DoD in-
vestment plans place great emphasis on cyber and
cyber-related capabilities.
Conclusion
Thus, DoD is in the middle of an evolution- perhaps
even a revolution- of cyber forces and capabilities.
In view of the anti-access/area denial (A2/AD) chal- In the contemporary environment, cyber assets are
lenges we increasingly face, our future force will essential to defeating state threats, an important
have to operate in contested environments. Key to part of defeating VEOs, and an increasingly feasible
assuring such access will be deploying secure, in- and attractive way to engage foreign partners.
teroperable systems between Services, allies, inter- Cyber forces and capabilities play key roles in sever-
agency, and commercial partners. Priority efforts in al of DoDs prioritized missions, and they comprise a
that regard are establishing a Joint Information En- hefty share of current and future investment priori-
vironment (JIE), advancing globally integrated logis- ties. As the worlds information technologies con-
tics, and building an integrated Joint ISR Enterprise. tinue to proliferate and become more sophisticat-
The results of these initiatives particularly the ened, one can only imagine cybers stock continuing
hanced connectivity and cybersecurity provided by to rise. Moreover, the emergence of cyber occupa-
the JIE - will provide the foundation for future in- tional specialties and even entire career fields cause
teroperability. some commentators to predict the eventual estab-
lishment of a Cyber branch of the Joint Force on par
Overcoming A2/AD threats, securing logistical net- with the other services. Whether or not this devel-
works and ISR capabilities, and taking advantage of opment and others like expanding deterrence to
the JIE require that future capabilities: include strategic-level cyber attacks occur, the cur-
rent global security environment now differs greatly
sustain our ability to defend the homeland and from that of only a short time ago, and one is left
project military power globally. Important invest- wondering how much the future environment will
ments to counter A2/AD, space, cyber, and hybrid differ from todays.
threats include: space and terrestrial-based indica- Images from acqnotes.com, arcyber.army.mil, and
tions and warning systems, integrated and resilient forwallpaper.com
About the Author

Major Michael Lenart is an Army Strategist.
His areas of interest include national securi-
ty strategy and policy, cyberspace operations
and cybersecurity, capabilities development,
and organizational change.
25

27
Board of Advisors
-Military Cyber Professionals Association-
We thank these senior leaders for volunteering
their time and wisdom to the cause.
LTG(R) Hernandez RADM(R) Leigher MG(R) Moulton MG(R) Davis

Former Commander of Former Dep Commander of Former EUCOM J3 Former Chief of
Army Cyber Command Fleet Cyber Command OSD-Cyber Policy
RADM(R) Singer MG(R) Testa MG Fogarty BG(R) Skoch

Former Intel Director, Former CIO of HQAF Commander of Army Cyber Commissioner of AFAs
PACOM Ctr of Excellence CyberPatriot
Dr. Peter Denning Paul de Souza Jason Healey Dr. Ed Rockower

Former President Founder of the Cyber Atlantic Council and Naval Postgraduate School
of the ACM Security Forum Initiative Columbia University and Silicon Valley
26

28
26

29
Routers, Switches, Russians & Ditches:
Cold War Hacker to Patriotic Silicon Valley Executive
by J. Harlow
that wall came down. When I hear the emergency

My path from hacking and social engineering, for horn every Tuesday at noon in San Francisco, I still
fun, to supporting the development of American pucker up.
military cyber professionals has been a long and, at
least to me, interesting ride. Below is a summary of The psychological effect on a young adult of an
this journey, complete with twists, turns, and the ever-present menace against whom I should re-
frequent detour. main vigilant, seems impossible to shake. In such an
environment, rules of thumb were drilled into my
In the Beginning head such as 2 is 1, and, 1 is none and never
trust, unless verifiedand verify the next time
My story begins in the heat of the Cuban Missile Cri- too. As an example of such lasting effects, I can
sis, born to a couple that got swept up into this sce- still bounce a quarter off the bed when I make it, to
nario that could have been the end of the world as my wifes giggling and enjoyment.
we know it. Mather Air Force Base in Sacramento, a
Strategic Air Command (SAC) base, was my first At the age of 13 years old, I spent a week inside the
home. I was told that my father was a navigator on Nuclear Medicine Diagnostics laboratory at Rocky
a long-range B-52 with a mission that was a one-way Flats as part of a career day where kids see
ticket. My mom was Secretary to the Base Com- firsthand what those professionals did every day.
mander. They both knew the world was coming to After that, I wanted to be a high-energy particle
an end. physicist, and Rocky Flats had a group of physicists
closely matching my interest.
Later, in my teenage years in Denver, we lived with-
in the total destruction radius of Rocky Flats Nu- As with most teenagers, I was curious and defiant,
clear Weapons Facility, where plutonium leaks but I came with a twist. Math and foreign languages
were infrequent but scary when they occurred. came easy to me. I could calculate square roots and
cube roots to five decimal places in my head. I also
In school, duck and cover drills always began with excelled in complex mischief. For example, as an
the teachers in unison screaming the Soviets have 8th grader, I wanted to play on school football team
launched and were all dead in 20 minutes get un- because I saw that all the hottest girls chased foot-
der your desks!!!! Even as an 8 year-old, I could not ball players. I was 63, 145 pounds, and did not
understand why we had to duck and cover if we know the rules of football. So I tried out for the 9th
were going to end up as a grease spot. grade football team as an 8th grader. At the time, I
Thats what it was like being a child growing up dur- did not know 8th graders could not play, I only
ing the Cold War. The specter of imminent death, knew I wanted a cheerleader as a girlfriend. I was
and a sardonic attitude towards it, was reinforced in selected to play on the team, but this created a
our young minds every week when we conducted problem. I had to wear the 9th grade jersey on
those drills. We were always reminded that the game days while attending 8th grade classes. So, I
communist menace was at our doorstep and we lied and told my 8th grade teachers that my 9th
had to remain ever vigilant. As far as I know, kids grade twin let me wear his jersey. This was my first
have not conducted those drills since the Berlin Wall experience with social engineering and heuristic
came down. For those of you too young to know it, solutions. I was able to keep up this faade and
life in these United States was very different before played 6 games as wide receiver until one of my
27

30
8th grade Physical Education coaches (who was ceive messages via a ) that connected to an AR-
also football coach) noticed that the stitches un- PANET node. It was in Boulder, CO via 300 baud
der my chin were in the same location as my 9th acoustic coupler. I peeked over his shoulder look-
grade twin. That ended my season, but taught me ing at the phone number on his handset as well as
a valuable life lesson: If you are going to break the the phone number he was dialing.
rules, you had better exceed expectations be-
cause people forgive success. No one cared so I would dial into the node via Rocky Flats, using
long as I could catch the ball, run in the correct my schools 300 baud coupler. This was my first
direction, take a hit and give it back. I ended up foray into electronically entering places to which
with a 9th grade cheerleader as a girlfriend for 6 I was not invited, which I would later know to be
games. called hacking. It was not illegal, at that time,
and I was at least smart enough to know that I
A Young Hacker should not tell anyone. So I kept quiet about it,
and never made a mistake. I only had access to
At that time, I was using my fathers Kaypro lugga- radiological research notes, teaching me that I
ble computer (a CP/M machine with dual floppies) would have to eat a lot of potassium-rich bananas
a prototype on loan from Andrew Kay Comput- in the event I survived a nuclear attack.
ers to learn to program in BASIC. I learned im-
portant principles about computers, firstly, ac- I was only interested in the latest research into
cess. When I got to the Rocky Flats lab, one of the the effects of exposure to ionizing radiation, and
physicists showed me a teletype exactly like I was the treatments of exposure to plutonium and radi-
using at school (Teletype Model 33 ASR, an elec- oactive iodine. That phone number remained ac-
tromechanical typewriter used to send and re- tive until I was 18and I read a lot of documents.
28

31
In 1984, shortly after AT&T split called Model 204 (M204). one there pushed back to him
into regional companies, I was except me.
employed by US West in their At that center, I was once eye-
Detail Engineering Center in ball to eyeball with a retired I would chat with the engineers.
Denver Tech Center. I was hired Colonel over a floor-buffing ma- From those discussions I learned
to manage this new thing called chine. He was manager of the about the guts of Western Elec-
a Local Area Network (LAN) entire Detail Engineering Cen- tric Processors, which were the
built from ARCnet, Ethernet and ter and insisted that the floors processor of choice for the ESS-3
Token Ring components manu- be so clean he could eat off and ESS-5 switches. I also
factured by start-ups called them. I insisted that the buffer learned, hands-on, how the
Novell, 3COM and old-timer was not going to be plugged in- Northern Telecom Equipment
IBM. There I was, inside the to the same electrical circuit as worked, as well as NEC Fiber and
building where people design my network because the buffer microwave transmission. Ven-
central office switching systems gave off an Electromagnetic dors who frequented the build-
for POTS (plain old telephone force (EMF) that distorted Cath- ing would carry processor manu-
service), buying state-of-the-art ode Ray Tube (CRT) screens als as leave-behinds, and from
fiber-optic equipment, running a from 25 feet away. His face was them, I learned about Zylog,
LAN and learning to code new inches from mine and I could Motorola, Intel, and NEC proces-
databases in 4th Generation Pro- feel the spittle hitting my face as sors. It was here that I learned
gramming Languages (4GLs) he spoke. I was not budging, how to access a central office
called ORACLE, FOCUS, ADABAS, though. I won the day and made switch, on my own terms, and
and a very different database a friend based on respect. No go wherever I wanted.
29

32
While working at US West, I was code to their operating system), (Dwights Energydata), so I took
mentored by some really smart I knew it was time to cool it. the meeting. It turns out that
guys who had worked at 3COM, Fun times had come to an end, this guy from Mexico was no
Novell, Rand, DEC, EDS, CIA, and and I forgot that Rocky Flats native of Mexico, but was a So-
IBM. Some of them knew the phone number. viet KGB engineer who wanted
notorious Captain help breaking into Tenneco
One of my mentors, Smitty, was
Crunch (John Draper, to whom Pipelines IBM mainframe. want-
an engineer who worked with
I was introduced) and others ed me to steal the precise coor-
Dr. John Bardeen in the War De-
who hacked the Sears dinates of the control valves for
partment during World War II. I
Prodigy Network. At that their entire pipeline network. He
owe Smitty a great debt, as he
point, I was hooked hacking was willing to pay me $15,000.
taught me how to think about
was thrilling. National Science Somehow he found about my
things in a way that threw all of
Foundation Network (NSFNet) prior work on the Tenneco Sys-
my formal education out the
was in full bloom, and we were plex.
window: what mattered was
dancing through NSFNet at
results, and it damned well bet- I wanted no part of what the
night when everyone had left
ter work! KGB was going to undertake
the office and gone home. I
and I notified Tenneco to brace
would scan thousands of pages In the last half of the 1980s, I
for an intrusion. In retrospect, I
of Operating System manuals was introduced to Sunni and
owe that KGB engineer no small
for VM/CMS (used on IBM Main- Shia groups who frequently
amount of gratitude. In that one
frames), MVS/TSO (also used on dined at Khyber Pass Restau-
afternoon, I was forced to evalu-
IBM Mainframe System/370), rant, in Denver, where I ate reg-
ate my own lines in the sand
DEC/VMS, PrimOS, AT&T Unix ularly. The Iran-Iraq War was un-
and resolved not to cross them
System V. derway - tensions were palpa-
or do anything that would bring
ble. I enjoyed the simpatico of
I heard of Kevin Mitnick, but I shame upon my family or ances-
folks who didnt drink alcohol,
am certain he never heard of tors. It was a sobering event.
didnt use drugs, and I spent
me. I was an irrelevant ghost. I How might you, the reader of
nearly every Saturday night
viewed Mitnick as an attention this true story, respond to such
drinking tea, learning Farsi and
hound where I was more inter- an offer?
Tajik Arabic, and learning to nat-
ested in what Captain Crunch
urally circulate in a very different That was not the last time I was
and Steve Wozniak did with ring
culture. I quickly became friends approached by the Soviets (or
-tone generators and reaching
with officers of the Afghan Russians). Another approach
around the world. Mitnick
Northern Alliance, former mem- occurred in 1990 when a prot-
bragged about his antics online
bers of the Iranian Savak, as well g of Robert Vesco, the notori-
all the time, while I preferred
as guys working with the CIA to ous hedge-fund thief, contacted
being quiet. I really preferred
boot the Soviets out of Afghani- me. Vescos protg asked if I
working in native assembler on
stan. These relationships would would help hack the phone sys-
the processors which gave me
be tested after Sept 11, 2001. tem in Riga, Latvia on behalf of
insight into vulnerabilities and
the Soviets/Russians who were
exploitable flaws. Stealing infor- Things Get More Serious
still operating their KGB infra-
mation over POTS lines was too
easy, while really hard-stuff was After spending time with Smitty structure inside the Baltic
found close to the hardware un- and deciding to cool it, I was States. As it turns out, I had ac-
derneath the upper layer au- contacted by a hacking friend tually traveled to Riga that year
who wanted me to travel to on my own account to perform
thentications. When I heard Mit-
Houston and meet a guy from work for an American consulting
nick was arrested by the FBI for
Mexico. I was in Houston any- company.
theft from DEC (stealing source
way, doing work for Bentek
30

33
In early 1990, I quietly started a his claim, but, he had unequaled Vladimir reeked of vodka and
venture that reached into the for- access to people, places, and body odor all the time. He reveled
mer Soviet Union (FSU). My ven- things. When the putsch occurred in being vulgar. When he ate food,
ture involved the brokering of gal- (August 19-21, 1990), I chewed my which was administered alongside
lium-arsenide (GaAs) avionics fingernails to bloody nubs as I large doses of vodka, enough
chips to aircraft manufacturers. anxiously awaited the whir of my food fell from his mouth that
Specifically, it was a FORTH virtualfax machine delivering news of small animals gathered around
machine built into a GaAs proces- events on the ground. My only him to feast on his overflow. I
sor from a Soviet fab. The true means of communication with my once asked his wife how she came
beauty of the chip was its speed team was via a fax machine in the to enjoy being his wife, to which
of execution and resilience under office of an apparatchik she replied, Once he was young
extreme stresses of radiation, (Communist paper-shuffler) in Ze- and beautiful, now he is only
heat, UV, cold, and Electromag- lenograd. In that week between beautiful. One night during this
netic Pulse (EMP). Exactly how 19 and 26 August, I came to un- time, I was awakened by the voice
the Soviets came to possess a derstand that my contacts and of the wife of another friend
GaAs FORTH processor, designed friends were disappeared, as trapped in the turmoil. She was
for the US Space Shuttle, has be- the Soviets said, and never to be pleading over the phone for mon-
wildered me for many years. seen again. Tears uncontrollably ey to help them buy food and
well-up when the emotions of medicine, as the children were
I had contractors in the Soviet Un- that period resurface. I still find it sick with whooping cough and
ion at that time, the leader of difficult to convey my sincere they were living in a makeshift
whom was named Vladimir. He sense of loss, on many levels, the home assembled inside an uninsu-
claimed to be a relative of a well- moment I found out about Vladi- lated barn with a coal stove.
known General. I could not verify mir and his family.
31

34
I vividly recall sitting on the edge of my bed, replay- a near-eidetic memory. However, in the worlds of
ing the phone conversation. The desperation in her math, computing, linguistics, engineering, and sci-
voice helped me recognize that they went to great ence, such an eye for detail can lead to success ra-
trouble to find a phone to make a call and alert me, ther than failure.
and that I was the only person on this planet they
thought could help them. I sent, via DHL, American Fast-forwarding to September 11, 2001, one of our
Express travelers checks plus a collection of over- investor co-leads in a round of Venture Capital fund-
the-counter remedies. I had an acquaintance in Pana- ing was killed in WTC2. Our company, NetFuel, went
ma ship over cough syrup. For the next few years, I from a frenetic start-up to being in need of a turn-
helped keep six families alive in a climate of grave around overnight. The funding round fell apart, and
political upheaval, random political killings, and gen- frankly, I wanted to exact some payback for the
eral anarchy. With 16 children among them, they are death of our investor and the widows of a couple of
all alive and well today in Baku, Tyumen, Sebastopol, my friends who died in Cantor-Fitzgerald, L.P. If that
Alma Atay, Kiev, and Dushanbe; its been 20+ years was not a harsh enough time, we also found that a
since our last contact so I hope they are well. couple of our engineers had conspired with other
companies to steal NetFuel code and designs. The
I, on the other hand, was in a difficult financial situa- Santa Clara District Attorney investigated the evi-
tion; my company was in the ditch. I had exercised dence we presented and then called upon the Sher-
poor judgment and purchased an inventory of devel- iffs department to raid their homes to retrieve what
opment platforms and chips, which were in a storage we itemized as stolen. The last half of 2001 was an
unit in Lakewood, Colorado. This was stranded capi- epic fail.
tal with no hope of recovery. So, I scrambled to put
together some consulting work to help me pay my My Point
own bills as well as help those families. I recall hang-
ing my head in my hands, in my Denver office, trying Now, let me present my take-away points from this
to conceive of a way to save my venture in 1991 and story. I am an American. My ancestors were on the
most of 1992. It was a lost cause, however. For the Island of St. Eustatius in the Caribbean West Indies,
next couple of years, I sent every spare penny I supplying the Continental Army during the Revolu-
earned to my former employees in a disintegrating tionary War in defiance of the British embargo. Other
FSU. ancestors were at the first battles of the Civil War. It
Off to Silicon Valley was a family divided with brother against brother at
1st Manassas, 1st Bull Run, Cold Harbor, and Antie-
I am not a gifted programmer or a fast typist, but I tam. Then, my family served in World War I, World
made up for it with a very good memory, putting in War II, Korea, Vietnam, Afghanistan, and Desert
long hours to master the topic, and spending even Storm. As you can see in the foregoing narrative,
more time to think about the problem set. I would much is to be accomplished by simply lacing up your
rather draw pictures of solutions first than simply boots and pressing forward when the chips are
sitting down and coding until I got it right. I viewed downno one respects quitters.
proficiency in many areas of computing paramount
to specificity or stealing. I learned how to write IBM My ancestors went all in with this nations found-
VM/CMS kernel extensions, how to boot an IBM ers more than two centuries ago. They found a safe
4381, how to build cables for 3380 tape drives, Vax/ haven here, and I want it to stay that way for my
VMS, TOPS-20, Banyan vines, etc. wife and children. We desperately need our military
When I was recruited from Denver, to Silicon Valley, I to keep our republic safe. We need, expect, and de-
was hired to a non-executive position to handle trou- serve safety, and our military must provide it.
bled accounts and mainframe coding in FOCUS,
CLIST, CICS, COBOL and ASM. In the social world, My experiences of a failed business, prospecting in
there is no great benefit to a precise eye for detail or the FSU, Central America, and Afghanistan afford me
32

35
a unique perspective. This perspective is lacking in most of our country. The guile and cunning of our foes
cannot be overstated, nor can we diminish their zeal for our demise. They are smart, seductive, deliber-
ate, appear under many veils, and never quit.
While Joe Ritchie (a profoundly successful options trader) was calling in coordinates for air strikes on Tora
Bora in 2001, I was on the phone with guys in both Silicon Valley and Panjshir Valley (the people I met in
Denver years before) screaming at them to contact Mullah Omar and give up the qufar! (Bin Laden).
I have yet to meet an executive in Silicon Valley who could match the courage of Joe Ritchie, nor any who
would dare to get on the phone and take action that would put their lives in jeopardy in pursuit of truly
evil men. I have observed that too many leaders in Silicon Valley harbor a flawed pollyanna position,
viewing national boundaries and Cold War enmity as mostly things of the past. In my opinion, this is a
grave miscalculation. The leaders of the American technology industry can no longer sit on their hands
professing to be ambassadors of commerce to all nations and remain blind to the threat to our nations
treasure and safety.
It is this paradigm that motivates me to support efforts like the Military Cyber Professionals Association
(MCPA). Our young men and women of the military must remain relevant in protecting our constitutional
republic to the same level of seriousness that our Cold War generation was programmed to do. The bat-
tlespace is now multidimensional, and the enemy is no longer fully identifiable in uniforms. Asymmetric
warfare is underway within todays nexus of belligerent nation-states, terrorist organizations, drug car-
tels, street gangs, mercenary hackers, and lone wolves.
Given the forward progress and in-

creased complexity of cyberspace today
and tomorrow, the depth of knowledge
and skills needed to protect our national
(security) assets continues to expand.
Increased cooperation between private
sector and military cyber warfare ex-
perts must occur for the wealth and se-
curity of our nation to remain intact and
perpetuate. Half-hearted measures will
not suffice. Hence, I am proud to support
the MCPA towards their vision of provid-
ing the American people what we need,
expect, and deserve from our military
cyber professionals. Such support is a
marked demonstration that there are
leaders in Silicon Valley with a stake in
this nation, not simply people who adorn
themselves with attributes of leadership.
Join me in taking action by investing in
our nation, for the good of ourselves,
our neighbors, and especially our chil-
dren.
33

36
About the Author
J. Harlow is Chief Technology Officer
and Co-Founder of NetFuel, Inc.
NetFuel, Inc. is a founding sponsor of the MCPA.
Mr. Harlow (right) recognized with the MCPA Order of Thor medal by
retired Admiral Route (left), President of the Naval Postgraduate School,
in Monterey, California, alongside leaders from the US military and academia.
Images courtesy of the author.
34

37
Thank you, NetFuel!
NetFuel, Inc. came on board as the first MCPA corporate sponsor, enabling initial
costs to be covered. They recently decided to support the MCPA Recognition Pro-
gram, which plays an important role in fueling volunteerism into K-12 STEM (science,
technology, engineering, and mathematics) education nation-wide and providing pro-
fessional development opportunities for the American military community.
The Order of Thor
Thor was selected as the symbol to adorn the MCPA recognition medals since this
mythological hero fought through the clouds as the god of thunder. The cloud is a
widely recognized symbol of cyberspace. Also, like cyberspace, his hammer has the
power to build and to destroy.
35

38
The Military Cyber Professionals Association
Mentoring Program
by Edward B. Rockower, Ph.D.
This is dedicated to Sam Abraham, my Mentor at General Dynamics.
When I was asked to write something about Mentoring for our Magazine I immediately agreed because I
not only have experience as a Mentor to others, but also as a Mentee. From both of those roles I feel Ive
benefited greatly. In addition, I helped develop the Mentoring Program for Operations Analysts at Lockheed
Martin and thus had exposure to many of the resources for other Mentoring programs inside, and outside, of
that corporation. Before writing this article I began a review and synthesis of my materials on mentoring. I
immediately remembered how important this topic is for our Association, hence should NOT be a fire and
forget discussion of mentoring that might only provide the intellectual bones of the subject. Rather, it
should begin an ongoing venue for providing the flesh of our own Mentoring Program.
You manage things; you lead people.

Rear Admiral Grace Hopper
When Mr. Honda was asked by a reporter what is success made of?, he replied a lot of failure. Continu-
ing with that important life lesson, dont the resulting hard-won lessons cry out to be transmitted to other,
less experienced people? Mentors mine their experience and sift through the ore to find the nuggets
that give meaning to their failures and successes.
Certainly, one of the more important functions of a Professional Association such as ours is to form a
Community that not only supports its members in being successful in their careers, but also fosters finding,
expressing, and passing along the important technologies, career lessons, and values of people engaged in a
worthy activity to serve not just themselves and each other, but our larger community of fellow citizens.
The author (3d from the left) on team MCPA led by its founder
(2nd from the right) at Start-Up Weekend, Monterey Bay 2013.
36

39
The F-16A from General Dynamics at Ft. Worth. Image courtesy of f-16.net.
Theres a famous saying when the student is ready the teacher will appear. You also see that para-
phrased as when the teacher is ready, the student will appear. To me, this emphasizes the symbiotic re-
lationship of the mentor with the mentee.
My first Mentor, Sam Abraham: when I completed my Ph.D. in Physics I was hired into the Operations Re-
search Department of General Dynamics, Fort Worth to work on the F-16 Program. Sam Abraham was as-
signed as my Mentor. I cannot emphasize enough how many lessons he taught me. So many times over
the years Ive followed his advice, or echoed it to others. Most times Im subliminally aware that Im
channeling Sam, having taken to heart the many engineering and life lessons he imparted to me, such as:
There are 2 kinds of people, technique oriented and problem oriented. You need to be the problem
oriented type.
Youre like a little boy with a new hammer. Every problem looks like a nail.
Sam taught me how to make effective slide presentations. As a result, I was selected to make presenta-
tions to the F-16 Program Office.
37

40
Some very interesting data provided by the MCPA.
Ive sometimes felt a bit guilty about not adequately experience, Ive found that if there is at least one
expressing to him my gratitude for his taking the other person in the world showing some interest in
edge off of my ignorance and naivet. However, I my ideas and work, that that is a powerful motivat-
feel better when I pass along to others what I ing influence! In school, the student gives atten-
learned from Sam. In fact, by verbalizing those les- tion to the teacher; in mentoring, the mentor also
sons to others Im also helping to clarify and make gives attention to the mentee.
more coherent my own inner landscape of under-
standing, just as when I teach a course. Sometimes For forthcoming issues of this magazine Id like to
it truly does feel like I learn at least as much as my solicit your personal experiences as a Mentor or
students (and mentees). Mentee. What worked, what didnt, how you be-
came connected, and any of the most important
I read somewhere that the favorite readings of lessons learned and benefits resulting from that
Great People was the biographies of other Great connection. Please consider this your invitation to
People. How much more powerful to actually dis- an ongoing discussion! In the meantime, we'll be
cuss careers, life, and lessons-learned with other setting up a system to match Mentors and Mentees.
admirable people whove been there, done that Please email your interest to mentor-
and are willing to share that with us. I have often ing@milcyber.org, specifying your background and
said that one of the most powerful forces in the whether you want to be a mentor or mentee.
universe is positive, supportive attention.
Attention may be one of the most important ele-
ments of the mentoring relationship. In my own
About the Author

Edward B. Rockower, Ph.D., is a
Research Professor at the Naval
Postgraduate School and Advisor of
the Military Cyber Professionals
Association
38

41
Commentary:
Challenges to the Tactical Cyber Defense
by Adam Tyra
Introduction Army division headquarters tactical network. Alt-

hough it includes a full suite of enterprise network
Mounting an effective cyber defense challenges services, it does not include or integrate robust tools
any sizeable organization operating an enterprise that enable tactical cyber defenders to detect, iden-
network. However, defending an enterprise net- tify, or engage cyber attackers within the network.
work within a tactical unit headquarters has unique
problems that increase the challenge significantly. I Many tools that have become mainstays of private
discovered a number of these issues first hand while sector Security Operations Centers (SOCs) such as
serving as the Chief of Information Assurance for a endpoint and network intrusion detection systems,
division headquarters. In June of 2015, the division Security Incident and Event Management (SIEM)
underwent a Warfighter Exercise that included sup-
port from the U.S. Armys 1st Information Opera-
tions Commands World Class Cyber OPFOR (WCCO).
While notional land and air battles occupied the rest
of the division staff, the divisions cyber defenders
were confronted with a live, realistic, and interactive
threat of their own on the divisions network.
The following are my views on the challenges of de-
veloping and conducting an effective cyber defense
for the tactical network. These views are based on
my experiences before and during Warfighter Exer-
cise 15-5. Although my descriptions and terminology
are Army-centric, I suspect that several of the chal-
lenges that I discuss here will be familiar to readers
with other backgrounds.
Note that by tactical cyber defenders, I am refer-
ring to service members who are not part of a desig-
nated cyber unit, such as the National Cyber Mission suites, and automated malware analysis are simply
Force, or a Cyber Protection Team. Instead, they are not available for tactical networks. Interestingly, the
assigned to unit headquarters throughout the mili- Department of Defense already uses some of the
tary with the (potentially collateral) responsibility of most innovative and effective security tools availa-
conducting information security activities for their ble (Security Onion, Kali Linux, etc.). However, the
units tactical networks. Any other term such as Armys current concept of cyber defense requires
security practitioner or security professional division headquarters to explicitly request support
includes all service members with information secu- for these capabilities from designated cyber forces
rity responsibilities. when needed rather than having them available con-
The Empty Cyber Holster tinuously for local use.
The Army's Warfighter Integrated Network-Tactical Tactical network defenders are challenged to re-
(WIN-T) system of systems forms the heart of the ceive support from organizations such as the Army
39

42
Computer Emergency Response time, they are unlikely to discover ganization, and the U.S. military has
Team (ACERT), its Regional Com- that they need assistance from a the most mature security govern-
puter Emergency Response Teams CPT in the first place. Also, the ance structure that I have seen any-
(RCERT), or from Cyber Protection Armys projected development where. However, a checklist is not a
Teams (CPT). Doctrinally, tactical timeline for Cyber Protection defense. Adhering to a checklist
unit headquarters require mobility Teams makes their near term avail- may ensure that we meet a mini-
and may operate on their own for ability to the division headquarters mum baseline of secure configura-
extended periods of time. This a dubious prospect.[1] tion and operation, but it does little
means that integrating them into to defeat an imaginative and adap-
A better solution to this capability
RCERT defense systems is difficult tive attacker.
mismatch is to deploy to tactical
in general and nearly impossible on
units the same tools employed by Security is an effect rather than a
a consistent basis. Further, if the
designated cyber forces to gain real destination, and compliance does
unit does successfully integrate
-time host and network visibility not create this effect. Compliance
with an RCERT, the support that
and conduct analysis. This will allow regimes can only address known
can be provided from afar is severe-
tactical units to detect and eradi- vulnerabilities and weaknesses,
ly limited. Unit commanders, pri-
cate attackers as necessary without while attackers can exploit a limit-
marily concerned with mission com-
relying on external assistance. Ad- less number of known and un-
mand and situational awareness,
mittedly, this course of action has known attack vectors in a system-
likely wont allocate precious band-
issues. The availability of expertise including one that is fully compliant
width to upload scan data, log files,
to use the tools at the tactical unit with all government requirements
and other artifacts for analysis at
is probably the main issue, but ac- and directives. In addition, compli-
the RCERT.
cess could be controlled by a certifi- ance represents merely a snapshot
Even in cases where bandwidth is cation of some sort just as we con- in time, while operations are con-
not constrained and tactical de- trol the ability to drive military vehi- tinuous across time. For the cyber
fenders receive active support from cles with a drivers license. In any defender, yesterday's clean bill of
an RCERT, the distribution of re- case, the discriminator about who cyber health means nothing against
sources is still sub-optimal. RCERTs, gets what tools should be threat today's adaptive attacker. An effec-
whose set of available tools could and competency based rather than tive cyber defense cannot be based
grant them superior visibility on the unit based. Tactical headquarters on compliance and must feature a
tactical network, don't have the should not be barred from using significant active and real-time op-
direct access to affected systems specific tools that are available to erational component.
required for timely reaction to mali- cyber forces simply because they
To illustrate this point, consider
cious activity. Tactical defenders, are not a designated cyber unit.
compliance in the land domain of
on the other hand, can directly ac-
A Checklist is Not a Defense warfare. Soldiers comply with poli-
cess their systems in order to take
cies by wearing uniforms and body
action against attackers. However, The tactical cyber defender must
armor, carrying an ID card, main-
they are denied the superior real- devote a tremendous amount of
taining communications with high-
time network visibility available to time and energy to ensuring that
er headquarters, and carrying the
their remote counterparts. the unit remains in compliance with
prescribed amount of ammunition
the vast constellation of federal
This problem might be solved by and supplies. . While important,
rules and policies that govern infor-
the deployment of a CPT to the divi- none of these activities create secu-
mation security. This leaves little
sion headquarters in order to lever- rity. To create security, soldiers
time to develop or practice an
age the capabilities of cyber mis- must also maintain situational
effective cyber defense. I dont
sion forces with the access of the awareness, find cover and conceal-
mean to imply that policy compli-
tactical defender. However, if tacti- ment when necessary, and be
ance does not have its place in se-
cal defenders are not able to effec- ready and willing to use fo-
curing the network. Security gov-
tively monitor their network in real
ernance is important to every or-
40

43
-rce. Unfortunately, even a high level of security is can make informed decisions about cyber risk and
insufficient on its own to defeat an enemy. What we shape their deployment of security resources ap-
really need is a deliberately planned defense. Fur- propriately. Non-compliance with military rules and
ther, defense requires knowledge of an adversary in regulations is generally not acceptable. However,
order to make predictions about what he will do, so compliance activities should be put into their place
defenders can focus their plan on countering it. A as a building block of a larger concept of cyber de-
cyber defense, like a defense in the land domain, is fense rather than forming the entire concept of de-
therefore composed of a collection of activities defense by themselves. When we succeed in selling
liberately planned and executed to prevent an ene- the idea of defense in favor of compliance, we must
my from achieving his end-state. also be prepared with a creative, dynamic, and
effective course of action to offer in its place. This
Compare the concept of defense just described
will result in more effective tactical defensive cyber-
with compliance. Compliance activities are not ad-
space operations and will generate the added bene-
versary focused. The fact that they focus solely on
fit of clearly articulated resource requirements that
what you can't do and what you must do neglects a
commanders can use to remedy some of the re-
significant cyber "dead space" of things that you
source shortfalls discussed previously.
should do in any given situation based on the adver-
sary. Finally, unlike security, compliance is a destina- The Culture of No
tion. When security practitioners achieve compli-
Along with a mature security governance system,
ance, they usually stop until the next inspection cy-
the military also has a healthy regard for structured
cle starts. Adversaries don't stop. They continuously
risk management. Military leaders at every level are
vary and evolve their tactics to circumvent defenses
fully capable of assessing the risks associated with a
and manipulate users.
wide variety of objectively dangerous situations
from foot marches to high intensity combat opera-
tions. We are also capable of devising appropriate
safeguards and applying them to mitigate risks to
acceptable levels. However, in the context of infor-
mation systems, many leaders reflexively reject
risks whenever possible rather than objectively eval-
uating them. During the planning and initial execu-
tion phases of the Warfighter Exercise, I experi-
enced this problem first hand while attempting to
rectify the tool problem discussed previously.
This is not the fault of risk owners (leaders) them-
selves. As in the private sector, most leaders are not
technologists and therefore can't be expected to
immediately grasp the details of security risks. In-
stead, the fault is ours as IT and security practition-
ers. Security practitioners have a responsibility to
explain problems and offer solutions in terms that
can be understood by leaders- regardless of their
background. They must also interpret risks through
Continuing to focus the bulk of tactical cyber de-
the lens of the organization's mission and overall
fenders efforts on compliance is akin to planning to
risk profile rather than as purely technological is-
catch terrorists using strictly enforced speed limits.
sues and offer mission-tailored solutions.
We may get a few, but the bad guys we really care
about must be actively hunted and defeated. We When security practitioners fail to properly frame
must convey this message to commanders, so they the "so what" of cyber problems or resort to digital
41

44
fear mongering, they create a situation in which a ers feel about discussing combat risk. Until then, se-
commander is required to make decisions about is- curity practitioners will need to become much more
sues that he doesnt understand and which are ac- proactive and imaginative both at explaining risks
companied with a potentially unjustified sense of and devising solutions. We must guide discussions of
urgency and danger. The outcome in these cases is risk along the lines of operating safely rather than
predictable- rejection, denial, and the imposition of focusing solely on what we shouldn't do- the culture
no. When risk rejection is combined with the compli- of no should evolve into a culture of how?. Our
cated and overlapping authorities inherent to mili- net gain will include improved productivity, de-
tary information network operations, the result is an creased frustration, and the cultivation of an infor-
obstacle course of conflicting policies that limit our mation security culture that tries to understand and
ability to effectively use technology. This, unfortu- thoughtfully manage change rather than rejecting it.
nately, also ensures that security practitioners will
Technicians vs. Soldiers
never be authorized to expend the effort to examine
and quantify our actual cyber risk or develop suitable I started my career in the military as an infantryman.
controls. Although few of the infantry activities that I did pre-
viously resemble what I do now as a security profes-
To be fair, risk rejection isn't necessarily a short-
sional, most of the thought processes are the same.
sighted or unenlightened course of action, but it
I learned to plan and conduct small unit missions,
shouldn't be used as a long-term option in the face
survey terrain with a critical eye, and identify weak-
of continuously advancing technology. Consider our
nesses in both my own team and in the enemy. In
current severe limitation on the use of removable
short, I developed a tactical mindset. Since my tran-
media. This was originally a response to a malware
sition away from combat arms, I have not observed
outbreak on a classified network in the fall of 2008
a tactical mindset generally among military infor-
[2] (if you dont recall this, see publicly available in-
mation security practitioners. Even as cyberspace
formation about Operation Buckshot Yankee for de-
has been elevated to the status of a domain of war-
tails). Without immediately and completely halting
fare, we have continued to treat our systems like
the use of external hard drives and USB flash drives,
leaky pipes that just need patching and adjusting ra-
the malware outbreak could have become an epi-
ther than the complex contested battlespace that
demic and caused significant damage to many more
they are. The result of this is that we dont conduct
government information systems than it actually
operations. Instead, we put out fires. While the
affected. Thus, banning removable media was neces-
former results in defenders seizing and retaining the
sary- in 2008. In the years since, security technology
initiative, the latter cedes it to the adversary.
has continued to evolve, but our sophistication in
the area of cyber risk management largely has not. I observed this first hand while serving as a cyber
IT personnel could have devised a range of policies OPFOR team member in a previous exercise. Unlike
which would have allowed us to assimilate advanc- the OPFOR that we faced during our Warfighter Ex-
ing technologies while mitigating our risks. They ercise, the OPFOR that I served with had no re-
haven't done this, and many commands are still strictions on the contractor-managed network.
burning CDs and DVDs like its 1999. Short of causing physical destruction, our exercise
network was essentially a cyber free-fire zone. As
The introduction of new technologies into the oper-
such, we used a combination of commercial, open-
ational environment will accelerate into the foresee-
source, and home-brewed tools in conjunction with
able future. Tactical units, burdened with immediate
social engineering and deception to gain the upper
threats and imperatives for mission accomplish-
hand however we could. As a team, we designed our
ment, cant afford to simply reject the risks associat-
activities to accurately mimic a realistic set of attack-
ed with complex but effective technological courses
ers unconstrained by rules or policies. Unfortunately,
of action. Ultimately, the institutional knowledge of
the blue team also appeared to operate without any
the military will expand such that future leaders feel
rules, policies, or even a coherent strategy. Instead
as comfortable discussing cyber risk as current lead-
of hunting us, they appeared interested
42

45
only in cleaning up after us.
I have a specific anecdote to illus-
trate my point. One of the tactics
that we employed to compromise
the blue network was to deploy
multiple custom built software
implants that would provide back-
door access and execute malicious
commands remotely. Because
they were built especially for the
exercise, our implants could not
be detected by anti-virus soft-
ware. However, they did generate
malicious network traffic that
could be picked up by the blue
team. The intent was for defend-
ers to detect the unauthorized
activity using network monitoring,
trace it to the affected hosts, and
conduct a thorough incident re-
sponse in order to contain the ac-
tivity, investigate it, eradicate it,
and enact measures to prevent it
from occurring again.
Instead, defenders opted to simp-
ly block the outbound connec- hardened perimeter, demonstrat- Further, as in the physical domain,
tions from our implants to our ed none of the characteristics of cyber defenders must seize and
"malware mothership." When the defense according to Army retain the initiative in identifying
they did this, we initially believed doctrine.[3] I attribute this failure and eradicating intruders from the
that our implants had been elimi- to the absence of a tactical mind- network. Eventually, these con-
nated. However, we were able to set rather than an absence of cepts will surely be integrated into
quickly penetrate the blue net- cyber-centric doctrine. Although our cyber doctrine, but this wont
work again and discovered that we dont yet have specific cyber solve our problem. The best way
this wasn't the case. After regain- doctrine to guide cyber opera- for us to change the way we think
ing access, we saw that all of our tions, there is no reason why a about our operations is to first
malicious implants were still alive savvy technologist could not ap- change the way we think about
and well across the network. De- ply our existing operational doc- ourselves as tactical cyber defend-
fenders had made no attempt to trine to operations in cyberspace. ers.
locate them and shut them down
and had instead relied on a hard- Tactical cyber defenders must Conclusion
ened perimeter. Once we think like soldiers first and techni-
breached that perimeter, every cians second. To protect the tacti- The problems that my team and I
one of our implants became 100% cal network, we must plan a co- experienced in preparing for and
effective once more. herent and deliberate defense and conducting defensive cyberspace
develop battle drills to respond to operations during Warfighter Ex-
The implicit concept of the blue hostile activity just as we would ercise 15-5 were small compared
teams defense, reliance on a for a combat outpost.
43

46
to the difficulties in store for the tactical cyber de-
fender required to operate against a determined
enemy under real battlefield conditions. Whether
commanders and staffs in tactical units
acknowledge it or not, the cyber fight is already a
part of todays battlefield. Recent history is full of
examples of military usage of cyberspace in com-
bat. Russian operations against Ukraine are one
notable strategic theater-level example[4], but
adversaries have also used cyberspace capabilities
to target tactical units. In one recent incident, a
German Bundeswehr Patriot missile battery de-
ployed in Turkey near the Syrian border was pene-
trated by hackers who issued unexplained or-
ders to the missile systems[5]. American units
have likely experienced similar (detected or unde-
tected) intrusions into their tactical networks and
will probably see more in the future. 1Vergun, David. "Cyber Chief: Army Cyber Force Growing
'exponentially'" Army.mil, The Official Homepage of the
Given our reliance on information technology, a United States Army. March 5, 2015. Accessed July 4, 2015
future increase in the use of offensive cyberspace 2 Nakashima, Ellen. "Defense Official Discloses Cyberattack."
Washington Post. August 25, 2010. Accessed July 16, 2015.
operations against fielded forces is inevitable. We
3 ADP 3-90: Offense and Defense. Washington, D.C.: Head-
must begin to separate the issues faced by de- quarters, Department of the Army, 2012.
fenders of non-tactical networks from those faced 4 Shahani, Aarti. "Report: To Aid Combat, Russia Wages
by the tactical defender in order to understand Cyberwar Against Ukraine." NPR. April 28, 2015. Accessed
them in their proper context and devise solutions. June 19, 2015.
5 "'Hackers' Give Orders to German Missile Battery - The Lo-
Some of our problems can be solved by policy
cal." 'Hackers' Give Orders to German Missile Battery - The
changes or technology purchases, but others are Local. July 7, 2015. Accessed July 16, 2015.
embedded in our culture. By identifying and dis-
cussing our challenges now, we can begin the
complex task of devising workable solutions to
prepare for the conflicts to come.
About the Author

Adam Tyra is an officer in the Texas Army
National Guard and recently served as the
Chief of Information Assurance / Computer
Network Defense for the 36th Infantry
Division and first President of the
San Antonio, Texas Chapter of the MCPA.
44

47
Cyber Talks
Call For Presentations Released
by David Raymond
Cyber Talks is a semiannual, one-day conference hosted by the Army Cyber Institute (ACI). Each one-day
event highlights talks given by thought leaders and rising stars throughout the Cyber operations commu-
nity of interest, designed to foster creative solutions and build intellectual capital in cyber operations. In
June 2015, the ACI announced a Call for Presentations for the next Cyber Talks, which took place on Sep-
tember 22nd, 2015 in Lincoln Hall Auditorium on the campus of the National Defense University at Fort
Leslie J. McNair in Washington DC. As with previous Cyber Talks, the successful day ended with a social at
the Fort McNair Officers Club hosted by the National Capital Region Chapter (NCR) of the Military Cyber
Professionals Association (MCPA).
Cyber Talks was first conceived by LTG Edward Cardon, Commander of U.S. Army Cyber Command
(ARCYBER). He asked the ACI for help in organizing a TED Talks-like event focused on cyber operations
for ARCYBER personnel and the extended cyber operations community of interest. LTG Cardon envi-
sioned a day-long series of short, high-impact talks that highlight innovative ideas in cyber security to take
place at a location convenient to ARCYBER personnel. Reactions to the first two Cyber Talks events, held
in September 2014 and March 2015, were overwhelmingly positive.
Rock Stevens and Michael Weigand presenting at Cyber Talks, 22 Sept 2015.
Photo courtesy of ACI.
45

48
For each event, the ACI reaches out to contacts in
the DoD, academia, industry, and government to
put together a lineup of speakers that will deliver
informative and thought-provoking talks relevant
to the cyber operations community. The previous
call-for-presentations garnered over 30 excellent
abstracts. Previous industry speakers have includ-
ed Dmitri Alperovitch, co-founder and CTO of About the Author
CrowdStrike, Bruce Potter, CEO of Ponte Technolo- Dr. David Raymond is a retired US Army
gies and the Shmoo Group, Ed Skoudis, Senior Lieutenant Colonel and was Director of
SANS instructor and CEO of Counter Hack Challeng- Education Research at the Army Cyber
es, Rick Howard, CISO of Palo Alto Networks, and Institute at West Point. He is now Dep-
Christopher Cleary from Verizon. We have also had uty Director of the Virginia Tech IT
a range of excellent military speakers, to include Security Lab.
CAPT Sean Heritage, XO to ADM Michael Rogers
(NSA Director and CDR, US Cyber Command), COL
Carmine Cicalese from the Department of the Army
G3, LTC Scott Applegate and CPT Roy Ragsdale
from US Army Cyber Command, and MAJ Joseph
Billingsley, founder of the Military Cyber Profession-
als Association.
Responses to the next Call for Presentations (found

at cyber.army.mil) should be submitted to
cyber.talks@usma.edu no later than the published
due date, after which selected speakers will be no-
tified. Abstracts should be 200 300 words long,
and should be accompanied by speaker name, rank
(if applicable), organization, position, and a brief
biography. Talks should be unclassified, publicly
releasable, unique, and fit the Cyber Talks mission
to provide high-impact, innovative ideas. Note that At the post-Cyber Talks social, the author being
ideas do not necessarily need to be fully formed, recognized with the MCPA Order of Thor
nor politically correct (be aware, however, that the medal from retired Lieutenant General
audience is encouraged to ask questions and will Hernandez, former ARCYBER Commander.
take you to task if they do not agree with you).
Cyber Talks are free of charge and open to all inter-

ested parties. Registration is required and instruc-
tions will accompany upcoming event announce-
ments.
46

49
Thank you for your partnership in
support of our nations security
and prosperity in cyberspace.
50
Thank you for the printing support!
UPS Store 6274, located at the Main Exchange on Ft. Belvoir
8651 JOHN J. KINGMAN ROAD, FORT BELVOIR, VA 22060, store6274@theupsstore.com, (703) 781-0269
Available products and services include:

Printing Products Printing Services Mailbox Services
Flyers Online Printing Package Acceptance
Brochures Mobile Printing Package Receipt Notification
Presentations and Manuals Full Service Digital Printing Mail Forwarding
Newsletters Binding 24-Hour Access
Business Cards Laminating Call-in MailCheck
Letterhead Stapling
Postcards Wide Format Printing Small Business Solutions
Posters Collating Fax Services, Send and Receive
Banners Padding Printed Marketing & Business Materials
Invitations Folding Graphic Design
Menus 24-Hour Access Direct Mail Solutions
Calendars Color and Black & White Printing and Copying House Account Program
Shrink Wrapping Vendor Referral Program
Mailing Services Mounting Computer Rental
Stamps & Metered Mail Internet Access
Priority Mail Shipping Services
Express Mail UPS Next Day Air Early A.M. Packing Services
Parcel Post UPS Next Day Air Custom Packaging
First Class Mail UPS Next Day Air Saver Packaging Boxes & Supplies
Global Express Guaranteed UPS 2nd Day Air A.M. Electronics Packaging
Delivery Confirmation UPS 2nd Day Air Pack & Ship Guarantee
Signature Confirmation UPS 3 Day Select Packaging Peanuts Recycling
Certified Mail with Return Receipt UPS Ground Moving Boxes & Supplies
Every Door Direct Mail Retail UPS International
DHL International Freight
Additional Products and Services UPS My Choice(SM) Ground Freight
Office Products and Supplies Custom Crating & Packaging
Notary Services Air Freight
Passport/ID Photo Services International Air and Ocean Freight
Rubber Stamps Local Pick up
51
52

Cyber Magazine First Issue

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Magazine First Issue

Uploaded by

Copyright:

Available Formats

Feature Article

from John Davis,

ALSO IN THIS FALL 2015 INAUGURAL ISSUE:

VANESSA REDMAN SHAWNA BAYLISS

CYBER IS THE OFFICIAL MAGAZINE OF THE MILITARY CYBER PROFESSIONALS ASSOCIA-

CYBER IS ALWAYS ACCEPTING DIVERSE ORIGINAL CONTENT FOR PUBLICATION! SUBMIS-

A Year of Developing Military Cyber Professionals in Our Nations Heartland......2

Military Cyber Professionals Compete in Joint Cyber Competition.......8

The National Military Strategy from a Cyber Perspective.........20

The Military Cyber Professionals Association Mentoring Program.....36

Challenges to Tactical Cyber Defense....39

Cyber Talks Call For Presentations.....45

From the Founder

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

About the Author

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

About the first competition team:

See right image. Hammer of Thor (HoT) was

About the Author

See left image.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

1. Strong teamwork and effective partnerships are essential to cybersecurity success.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

2011 and 2015 DoD Cyber Strategies

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

The International Telecommunica-

Additionally, IoT accelerates the obsoles-

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

If the device doesn't require a strong password, use one anyway.

[1] ITU, Internet of Things Draft Standard, August 9, 2015

About the Author

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

About the Author

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

LTG(R) Hernandez RADM(R) Leigher MG(R) Moulton MG(R) Davis

RADM(R) Singer MG(R) Testa MG Fogarty BG(R) Skoch

Dr. Peter Denning Paul de Souza Jason Healey Dr. Ed Rockower

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

that wall came down. When I hear the emergency

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

Given the forward progress and in-

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.

CYBER: THE MAGAZINE OF THE MCPA, 2015, ALL RIGHTS RESERVED.