Homeland Security is more the domestic threats. As such, especially in the area of Cybersecurity– there is no foreign and domestic domain. It is all one continuum, with the same threats, vulnerabilities and responses. The divide is something the lawyers dreamed up long ago!!!

The DHS NIPP– National Infrastructure Protection Plan are where you can look at the attack targets.

Cyberwarfare and conventional warfare have much in common, but the big difference is the length of the lifecycles involved. Cybersecurity has much, much faster lifecycles. The group that has much experience in split second decision making is with the USAF with their pilot training– decision time lifecycles and reaction time lifecycles. The Navy and the Army takes much longer to react. SOCOM is a good example of training to allow individuals to make decisions based on specialized skill sets and leadership qualities, independent of management (Officer) control, and oftentimes input.

Privacy and such periphery solutions are at the individual operator– customer/client interface.

Cyberwarfare will not depend on the General as to outcome. It will depend on the young 30 year old Warfare Officer who can match the attacker, move for move, in a Cyberwarfare world. That is where the CyberPoint of the Spear is.…

The whole systems is broken. We must rebuild it from the National Security Council to the Cyberwarfare Operator and Warfare Officer, to combat the Cyberwarfare threat.

Presently our Organizational Design, Human Capital Management and Knowledge Management abilities are not even close to what we need. The present Command and Control management system is way to centralized and process based. Process, as opposed to Knowledge based, is reactive, non adaptive, non innovative and risk adverse. Not what we need to fight Cyberwarfare scenarios.

Yes, just what we need, another government agency, another non profit group, another think tank, another vendor whoring their wares.

Yes, more of the same thing to solve the problem.….

ha ha.

Was this a joke?

Pretty good.

But the issues is that you have a military culture and you have a civilian culture. The command and control culture process management culture of business, govt. and the military does not exploit the needed knowledge management collaborative culture to take us from a Reactive, Non Innovative, Non Adaptive, and Risk Adverse process management world to a Proactive, Innovative, Adaptive and Risk Taking Knowledge Management collaborative world.

This is not, in the end about how you manage technology, or even process, but about other more human factors, such as Culture, Personality, Behavior, and Knowledge (CPB-KPT).

Just a heads up…

This is being done.

The reorganization of the National Security Act of 1947 is being done under the PNSR– President’s Project for National Security Reform. This is a top down reorganization from the National Security Council downwards. General James L. Jones, Jr. is leading this effort.

He is an intelligent, deliberate, competent and thoughtful man who is well prepared, both in experience and in personality to manage such a reorganization.

I can’t say more.…

Here is the web site.

YOu can find it on the web site.

It can be downloaded at

http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471536&Location=U2&doc=GetTRDoc.pdf

Of course we need this to be decided upon soon, but, a sniper that shots ‚a .308 projectile that’s on target towards the enemy does not care if the weapon he is using is composed of parts from different manufacturers, just that it all works together to get the job done.

There are opportunities later on to upgrade the parts as needed during down time.

Service specific SOF elemenst to meet the SOF needs of a service, with specialization and skill sets related to warfighting concepts of the services, but also with SOCOM to integrate multi-service acquisition, training and operations with a world-wide focus.

Is the relationship between Cyberwar and conventional war conceptually different than the dofference between Special Opns and conventional war?

we migth want to include Homeland Defense and Treasury into the mix too, because the threat to financial info systems is more immediate and damaging than the threat posed to military info systems, with the exception of the nuke arsenal

$.02

Generals Lord and Elder at USAF and Cybercommand will be a best of Breed silo within the Air Force, just like C3ISR is for the Navy and such for the other services. These agency best of breed silos will then integrate with each other across the DoD, then with intel sharing ODNI, DHS and DoJustice, then with the rest of Federal Govt. and then with Civilian/Private sector (NIPP of DHS).

The JCS and STRATCOM would implement PNSR with JTFCOM doing the cross organizational, integrational planning. This would be for DoD, then also for CNCI, and then for the whole Federal Govt. and even to an extent for the private sector (NIPP and Emergency Preparedness).

An article on the likely appointment of a Defense Department Combat Commanding Officer (COCOM) and the likely organizational structure to manage Cyersecurity, Cyberwarfare, Cyberintelligence and CyberInformation Assurance is required.

Last Fall 2008 after a 45 day review the United States Air Force reorganized Cybercommand into an Air Force with, I believe a 3 Star Commanding. This reflects a “best of breed” organizational structure to obtain subject matter expertise in the material but leaves the question of integration management between the various service branches and then the DoD with everyone one else (ODNI, DHS and DoJustice– along with the other Federal Depts and the Private Sector), undecided.

G2/N2 etc has always been a separate and independent area, much like Cyber Information Assurance, Cybersecurity and Cyberintelligence specialty areas. They will have to integrate into a Cyberwarfare Point of the Spear Warfighter capabilities and should be a separate area outside pure Warfighter functional control.

Information Assurance Risk Management is to manage risks, but inherent outside and inside the operational Warfighter areas. You can not control these internal risks if you are inside the area you are overseeing the processes of. So Information Assurance (and Cyber Intelligence inputs and Cybersecurity actions) must be applied on top of NORMAL Warfighter Point of the Spear functional processes.

Hence why a COCOM must be appointed. But this is only the lower (operational) part of the Point of the Spear (Warfighter). There are all types of Cyber Information Assurance (Strategic Tactical) areas on top of the Operational parts. Plus Cyberintelligence and Cyber Security inputs into this system.

I know, I was working (with the people) (NSA and others) who came up with the President’s Project on National Security Reform (PNSR) since 2006. I presented on this architecture last Sept./Oct 2008 at http://secureworldexpo.com/events/index.php?id=259

BTW James Locher III, was also involved with the Goldware-Nichols Act in 1986.

Do you think it was easy in the late 1940s to rip the Air Force out of the Army? Do you think it was easy in 1986 to force Jointness down the services throats like a bad-tasting medicine?

Congresmen Ike Skelton spoke at our College (CGSC) a few years ago. He spoke at length about what it took to get the Goldwater-Nichols legislation enacted.

As reported by James Locher, one of the architects of the legislation:

one service Chief stated that this legislation would “make hash out of our Defense structure”; another warned, “The bill would have very adverse consequences for our national defense.” One service secretary argued that the reforms “would create chaos … to the point where I would have deep concerns for the future of the United States.“
REF: http://tinyurl.com/Goldwater-Nichols-10years

At least you only accused me of living in a “fantasy world.” If I recall correctly, Rep Skelton related that his very patriotism was questioned if he followed through with this legislation.

Change is never easy, necessary change is difficult and painful, but that does not lessen the need for change.

We need to create a non-profit organization to start developing solutions and legislation now. Submit to congress ASAP. Contact me if you are interested!

Dustin L. Fritz
CEO | The Computer Network Defense Group LLC
http://www.thecndgroup.com/

www(.dot)conanthedestroyer(.dot)com

Our government’s money would be completely wasted dumping it into the cesspool that is DISA.

Who to do it? Take the DISA operatioinal mission, expand it. Strip away the ash and trash missions and keep it as a DoD agency. DISA as Cyber Com comes with a staff structure and one dimension of cyber built it. Keep NSA doing what it does best…it becomes a force provider. Create an industry council as part of the command group that engages and involves industry.

Let’s get out of the mindset of who controls cyber and address who is operating in it now. Promoting NSA to cybercom works too, then DISA still turns operational and becomes the core of the services piece.

And let’s not forget Title 10.

If I get any hits to this post, I’ll expand my thoughts more. I want to be a part of this process…NOW. jfs COL, US Army

We also need to change our laws and corporate culture to value system and network security as a primary key to protecting the bottom line. The recently released Consensus Audit Guidelines are a great start, but so much more is needed.