-
Posts
1,705 -
Joined
-
Last visited
-
Days Won
25
Content Type
Profiles
Forums
Gallery
Blogs
Downloads
Wiki
Everything posted by 17D_guy
-
I'm a privacy nut. Still I think we can work something out.
-
https://www.cnn.com/2017/01/11/politics/donald-trump-press-conference-highlights/index.html If nothing else, we'll get to see him back-pedal when finally presented with evidence repeatedly. Perhaps while pissing on prostitutes...and blame "the intelligence agencies" for the leak of a clearly commercial dossier. Or he just stops taking Intel Briefs again. Who knows. Strap in folks.
-
Are you in any of the "cyber" committees and/or test and evaluation/gov't oversight committees?
-
Then you've got wikileaks, who got called out hard in the report complaining about leaks... And their popular front trying to put together a "influence network" to identify those hostile to their efforts: The original, now deleted tweet, says "We are thinking of making an online database with all "verified" twitter accounts & their family/job/financial/housing relationships." Influence Operations at their best. PEOTUS is a twitter nut, maybe he can beat them at their own game.
-
The unclass report is out - https://www.dni.gov/index.php/newsroom/press-releases/224-press-releases-2017/1466-odni-statement-on-declassified-intelligence-community-assessment-of-russian-activities-and-intentions-in-recent Sent from my Pixel using Baseops Network Forums mobile app
-
Exactly. Even the nomenclature for the names is the same: Air Office:Cyber Officer. There's much going on now that is akin to the struggles our early military aviation pioneers had within the community. Everyone wants cyber to turn off missiles mid-flight when that's just not possible--today. I hope we can avoid the "Strategic Daylight Bombing" type of pitfalls. You're talking about IT, which isn't Cyber. IT will move out of blue-suit support into a contract/DISA maintenance scheme. It's already happened with JIE and our migrations to JRSS. As Gen Bender said above that they view "maintenance" on the network as still Ops because that's how the domain exists, so you can't maintain it without operating on it. It's now causing serious issues because if I have an outage scheduled, and need to canx for base mission... is that a Cyber Ops failure? Or is that just CANX MX, reattempt at a later date? Some would/are saying it is an Ops Failure and we need to get C2 involved in it. Either way, in 5-10 years we'll be out of the IT business for the most part. I strongly disagree with Cyber as its own service. Because the enemy can always just unplug, and still fight. We will continue to bring capability, creating kinetic effects that kill bad-people, but I can't really see the value in spinning up a Cyber Corps...that'll just go and put people back on Army/Navy/AF bases to ensure the mission sets and/or DCO actions. Doesn't make sense to me, and the loss of choke-con for Mission Assurance wouldn't fly. Instead I forsee it being like AFSOC and JSOC. It's not going to be some huge separate-service. It needs to be small, agile and responsive to the services who operate in their individual areas within the physical domain. Cyber doesn't bring that type of strategic shift...yet. Perhaps in another decade, but I'll be an old(er)-head by then and cashing that check for life.
-
Here's the notes from Gen Bender's lunch chat I mentioned before. Please note these are his words mangled by my interpretation. Overall I found the time spent with him worth it, not a dog-phony show, and informative. I was also confident that the future of Cyber is at least vectored in a good-direction, despite my disagreements with some of where we're going.So the first was, "We're the best advanced Air Force of the Industrial Age." Which was echoed a couple times in other thoughts and comments as we ate and talked. Overall, he appeared to be getting at our ability to dominate Air and all aspects of it, but being ill-suited to continue to dominate Air as we struggle to get a grasp on Cyber. If we don't grasp how Cyber impacts Air Operations (ex. Maintainers utilizing web-enabled laptops to update maps, AOC NIPR/SIPR Access Points, ICS/SCADA systems overall, etc.) and make sure we've covered those attack-vectors, we're not going to succeed. Some of this can be seen in the Ukraine Artillery hack or not. "The days of the pilot on the pointy end being the only operator are old fashioned and over. We need a focus on teamwork because everyone is impacted by cyber, not just our Operators on the keyboards. On a football team--who's the operator?" This was a comment after a discussion about how we're going to differentiate between operators, maintainers and users of the AFNET. Gen Bender was not of the mind to spec out a separate Cyber Mx line (I am). Because if you're operating on the domain for Mx, that's still operations. He doesn't want someone to think of the domain as Air, and we "hop off" the domain to do Mx. Cyber can't allow that mindset. Interesting thought, not sure I agree.There was a good discussion about a technical track for Cyber Officers and Gen Bender said it's something he's taking back to the CSAF. Because the retention problem is going to be very different from the pilot one (pays, privileges, smaller outside hire opportunities) and the specifics required are more specialized. So a pilot can spend an assignment getting spun up on an airframe, and stay within that airframe. But we don't' have any of that in Cyber and taking someone from ICS/SCADA systems and throwing them into Router Exploitation is very different from F16->F15 or even F-16->Drone. (Note - please correct me if I'm wrong in this assumption.) It was also pointed out that we can't just have a cadre of technical experts at the O1-O4 level and have no one moving up the chain to advocate for capes and resources. It appeared lost on my fellow O's, but it's a good point.There was also some discussion about AFSPC as the home for Cyber. Because cyber has to be fast and that is not AFSPC. They'll spend decades on a project and it's ok, because: rockets, satellites, and the void. They fail one launch, at that's a cool $2B instantly gone. But if we spend 2 years on a cyber project, it's already outdated and we're behind. 3 years to POM for a project? GTFO (my words, obviously). He said he brought that up to the CSAF/SecAF, but as we're AFSPC now it's where we've got to work. But it's in the whole cyber mind that AFSPC isn't working out, and the efficiency wasn't as good as expected.I didn't take notes on this, but he spoke at length about the culture change and really needing to work on that and make sure we get it right. Which means bringing the right people in and getting the training right. On training, "...right now we're taking in new Airman and treating them like they've got no idea how tech works. Everyone starts at baseline zero with no regard for previous experience." He did say they're developing a test to judge aptitude for cyber capabilities, similar to the TBAS. Training for us is a realy problem. Our training pipeline is not responsive, nor does it address the AF's needs beyond warm body. I can't take a Airman out of tech school and get them prepared to start working in our operational units sooner than a year. There's topics that aren't even covered in school (ex. virtualization) because AETC doesn't want to pony up the cash for equip. Additionally, the on-going training is woefully out of date. On culture it's more about making sure that as we push towards ops that we get it right. If we can get more of you guys into cyber to educate our oncoming senior leaders (and me) about what real ops is, that would be great. EDIT - Forgot this one. He also spoke about how we're doing applications and software. Specifically mentioned the dog-shit(my words) software USAFA is using for their student actions. How he approached SalesForce about possibly utilizing their applications and got push back from corporate AF asking what experience that commercial developer had running large university management. Turns out SalesForce support a ton of universities, enough to have a dedicated portion of their site for it. Also, costs less than $100 per student.
-
I guess we can call that questioning the official story. It's more a discussion about the impact of Iraqi WMD on the current IC situation. Still waiting for Trump to drop that info on us about what he knows on the hacking.
-
Good thoughts. I'd like some articles reading/sources for point 1 if you can link them. I've yet to read anything, outside of political malarkey, that says Russia was not the culprit for these hacks. Note: the professional commercial cyber corps (which is a lot former AF/DoD-cyber dudes) are saying, and have been saying out loud for awhile, that the Russians are in everything. What motive do they have to say otherwise in relation to this hack? Concur on all. Again, I think it was this limp-dick foreign policy coming back to bite them in the ass at the worst possible time for them. That coupled with things getting worse and worse for not responding to Russian escalations (re: harassing diplomats, Crimea, etc) and an incoming President who appears to be infatuated with Russia spurred Obama to respond now. Additionally, I think our slow-roll of anything Cyber (orgs, forces, systems, IT system updates, etc.) has caused great consternation within the Administration. While I try to give my leadership the benefit-of-the-doubt always, I also think this JRA might be pressure on the DoD to speed up getting Cyber to where the admin wanted it a year ago. Unfortunately we've got the US Code thing to work through, which I think is going to be heavily modified as we move into real Cyber Ops.
-
I wasn't familiar with his talk, gave it a listen. Good stuff, but his chat with us at the "front line" was more focused on his philosophies for where we're at and where we'll be going. I didn't take notes through the whole thing, only items I found interesting. I've got them at work, so I'll try to post later this week once I return.
-
Surprised the NY Ball Drop is still a thing.
-
Yea, good points here. This admin, which I've recently heard described as "passive-aggressive" on foreign-policy, has decidedly picked a really poor time to implement this type of response. I can only speculate that it's the lame-duck president trying to get his "cyber house" in order before the new guy comes in who assures us he knows a lot about hacking. Overall, I don't think they can release too much publicly without burning IC assets. Note - this is assumption on my part. There's so much to think about in this domain as it relates to warfighting. For example, due to the LOAC we have to have a uniform, clear markings, etc. How does that translate to cyber? If the enemy can identify our weapon system domain, it's simple to block, man made domain and all. So, if we take out a Schmuckistan Air Defense System from gray/civilian space, have we just violated LOAC? Also, attribution is the hardest thing about this domain. Most of the IP addresses released in that JAR were either proxies, onion/tor nodes. Until some time in the future, we're going to have less level of confidence of the actions of our adversaries in this space. It's basically going to be - moves like a bear, talks like a bear, acts like a bear...we hope it's a bear. Man I love this shit. Happy new year you animals. My old ass is going to bed.
-
Here's the thing. This isn't just the DNC being embarrassed. You're making it sound like, "Eh... no biggy. They hacked a major political party and released that through wikileaks. Possibly influencing an election in their favor (proven by next-Pres tweets). No harm, no foul." Meanwhile we've got Russians using cyber for real world effects other places: Ukraine Annex, and the increased harassment of diplomats and on-going effects there. Georgian War Ukrainian Power System (twice) NATO, Finland, Germany... lets just call it Europe Joint Cheifs getting hacked Tons of other stuff not for here Why aren't you looking at this Russia cyber involvement as a whole against the electoral process? Do you not consider the Info Op as that, or do you think this is a one off? What would be your red line in this instance? I've been reading a lot about the Intel/Info Ops side of Russia for the past decade and it's fascinating what Putin's put into place and now how he's starting to extend that overseas. It's a very interesting form of power projection we're not used to, and ill-equipped to deal with at the moment. I consider the DNC hack part of that overall campaign, and am wary of simply concluding that because no one died and/or money was lost we should just call it a wash and wait for next time to at least say something. We're very close to being back in a Cold War state with a peer, not even near-peer, in Cyber. This could just be something we agree to disagree on, as I've had to with much of my hyper-right-wing family who doesn't care if it was Russians. Which... given they grew up under Reagan, is very strange.
-
Also the Chaos Computer Club just finished their Congress, which is like DEFCON in Vegas, but older and some would argue better. The videos are available here, and the german ones can be downloaded to be played with an alternate audio stream from the translators. Really good stuff if you're interested in that sort of thing - https://media.ccc.de/
-
So anyway, Finally finished the report and a few of the critiques of it. Overall, it was ok and I can understand the disappointment. News rumor mill is stating there's a classified report being made for gov't that'll more strongly tie RIS to the DNC and other hacks going on right now. Portions will prob get leaked, so we'll get more info. The JAR in itself wasn't that and appears to be more of a "we're not going to take this anymore" and heads up to the commercial side about what to look for. The second part was greatly stumbled towards, with the information put together by people who...frankly don't appear to know what they're talking about. But, good first-ish steps. With CYBERCOM coming online as its own thing we're going to probably see a step-up in this sort of material. As well as a norm-ing of what Cyber Operations is. I think it'll take us a couple generations to get it right. We've still got a lot of old heads stuck in this strange in-between place for Cyber. Clearly focused on Ops, but without the no-nonsense focus on capes/effects/etc while also refusing to acknowledge it's a man-made domain that needs maintenance. Gen Bender came to speak at my location a few weeks ago and I took notes. I'd really like some of your guys thoughts on his ideas as we move forward. Overall I'd really like some of sun-god bastards to crossover and help get us more educated on what operations actually means. But ACP and all.
-
Don't tell me that you equate Russia stealing/releasing information with journalistic uncovering political underhandedness committed by some cronies to influence elections. Not the same.
-
The watergate tapes were leaked by multiple Americans to American journalists. There was a crime committed at the behest of the president. What crime was there committed at the behest of the DNC? What was a threat to national security from the DNC along the lines of Russian Influence Operations (it was not hacking) of our election? Simply because we disagree with their political platform doesn't mean they're going to send the country plummeting into the abyss--R's kept the legislature. Don't intertwine what journalists are supposed to do with this stuff. I guess you'd say Snowden leaking the NSA's secrets (including telling them we knew Russians were hacking their own soon to be assassinated journalists) was great for the nation to? Is that the kind of corruption bullshit you're talking about? Or are you talking about the kind of bullshit where it's ok for Russian Intelligence Services to target US political parties to influence an election through a biased intermediary (wikileaks) and we all pretend it was ok because it was someone we didn't want to vote for? Also, the "hacking of the power grid" thing.. really? They found it on one laptop not on the grid with the indicators from the report and RAN to the press to report it ASAP. Didn't get a Cyber Security Org (ex. CrowdStrike, F-Secure, Mandiant) in there to figure out what was going on. So.. if there was indicators in the power grid, they're now gone.
-
Meanwhile this is the incoming administration's response - I try to be optimistic about this change from D to R... but things like this really drag down any confidence I have that we're going to have a better foreign policy/cyber policy goals. This one too -
-
I won't comment on the report yet, since I've yet to read it. But this idea has been floating around about how these emails and links are obvious. This wasn't a Nigerian scam, it was legit Intel Exploitation by a foreign state. I guess, unless you're in the incoming admin, then it was magic 400-lbs cyber-faries. You can look at the email Podesta received here along with the phishing site link. I was fooled briefly, which makes sense since these guys, cough...Russia...cough, are pros.
-
"Due to unforeseen circumstances, the release of the 17D Officer Retention Bonus (ORB) information will be delayed until further notice. The details of the ORB are currently being worked, and once approved AFPC will release a PSDM with eligibility criteria and the application process. Thanks for your understanding and patience." Color me surprised AFPC set a date for itself, failed to meet said date, didn't announce anything about it then finally dropped this 5 hrs ago and didn't set a further date. I'm sure this is giving those that remain a warm fuzzy about further investing their lives with this professional organization. Of course, this is right in-line with the type of "Cyber Ops" leadership I've seen from most of the O5's and up.
-
Meant clearance/access to areas teams are going to visit.
-
It might. Watching the mid-tier leadership struggle with crew management issues when I think back to how you fliers do it is very frustrating. Can't figure out how to get a mission assigned and a crew tasked? Well.. fliers use PEX to track all those requirements...but we can't use that because "we're cyber" and "it's different." Brought up the idea of a scheduling office and was told that won't work because this cyber stuff requires de-conflicting clearances and access issues. Good to know you fliers don't have to deal with that sort of thing... Then they suggested contracting something like that out. Thankfully the Bro in charge was a flier and killed that idea painfully. I got <4 yrs left. I'm taking the $ and running. But I can't speak highly enough about our Reserve/Guard members. They're going to be the real leaders in the fight going forward and I think it's going to cause massive changes in how we're organized in the future. Much like flying, this isn't a field where technical proficiency is to be mocked. You've got 20 years hacking this particular device type? Fantastic, here's a boatload of money.
-
Well.. something big for us. https://www.reddit.com/r/AirForce/comments/5d9grn/17x_critical_skills_retention_bonus/ the gist of which is: "Effective the date of this memorandum(10 Nov), I designate the 17X (17D and 17S) Network Operations and Cyber Warfare Operations Officer specialty as critical to establish CSRB authority (Title 37, Section 355 USC, DoDI 1304.34). Upon approval, the Air Force will target qualified 17X Cyberspace Operations Officers with 4-12 years of commissioned service (TAFMCS) with payment of $15,000 per year for 4 years. These officers will incur an Active Duty Service Commitment (ADSC) of 4 years, and payments will be made on the anniversary of the contract. This designation of Cyberspace Operations as a critical skill and targeted CSRB is to incentivize highly skilled and experienced 17X personnel to continue leading and managing this critically manned specialty." So, I'm not too surprised it took the AF this long to figure out having our Cyber Operators continue to follow the support career path was forcing out the dudes who love the tech side of the job. They've also started to put a ADSC on the folks who receive the 3-ltr-org training as well. However, just like you fliers with the ACP, this isn't going to retain the numbers that are needed. Until there is a clear career path that allows folks to maintain tech roles for longer (or at the very least quals) we're going to continue to have a problem. If we continue to use the same career path as we did for support, while calling ourselves Ops, and meeting/not-meeting POTUS directed cyber force constitution--people are going to step. If I can't build a team to run missions because Lt So-and-so has to box check exec, PCS, etc., then people are going to leave. You can't tell educated and dedicated nerds that they're important and necessary, then file them into crap jobs when they don't have a ADSC required to put up with your crap. You can't tell some Lt/Jr Capt how important Cyber is, and how much they're needed, while PCSing them to inspect SCIF's or be a contract monitor over a "cyber integrator." We look for holes in logic and exploit it...it's literally what you pay us for. And we aren't beholden to a small group of employers with byzantine hiring requirements. Even basically accomplished individuals can trip and fall into $1XX+ year jobs. The market is in our favor. It's so strongly in our favor I can't think of a word for it. All that being said, this aligns with my plans and timelines. So... I'm a strong candidate, but I was anyway. This isn't going to turn anyone's head that wasn't already walking in that direction. Again, much like your ACP.
-
Also, Don't believe whatever they say about the shred outs (B vs S). There's nothing that keeps one from doing the others jobs except training...once you get a job. You're just a meatbag, and can fill any hole...sts Welcome to the cyber force.
-
Spot on. We're starting to see the same thing impact the "cyber ops" side of the force as well. Except the breadth is huge, possibly bigger than what you flyers are facing. I can have a Lt-Capt sit and do COMSEC inspection, Flt/CC stuff at a base, or do no-shit ninja stuff against nation states. 2 of those 3 know they're not doing the sexy job, and the sexy guy isn't looking forward to doing the non-sexy stuff. None of these guys have the ADSC to retain past about 8 years once done with even the most vigorous of training (CNODP/WO) and the tech side is throwing insane amounts of money, faster tech, faster training and better QOL. They've pulled "non-ops" AFSC's into ops slots, without the recognition or all the training because a "body is a body" and they just need someone. It's working ok for now, but all of this is going to come to a head, and faster, than the pilot retention side. And having worked at a couple different staff levels, it's amazing how much a 3-star on down lack in power to get anything done. Downright unmotivating when you see them champion for the right thing, to only get shut down due nonsense.