Almost immediately after posting my last blog, What will be the impact of a massive attack in cyberspace?, a good friend asked me to “define Massive”, to which I responded, tongue in cheek: “Bigger than just me”?
It struck me with the weight of an ex-wife: things have not changed in 20 years, we are still stuck in what many of us call “Definitional Wars” or the struggle to get definitions approved that are not only accurate but widely accepted. Did you notice the word “approved” in the preceding sentence? Approved by whom? Who gave them the authority over me? If I was working on the Joint Staff in the Pentagon, I know that any definition in a Joint Publication would be an official definition. It had gone through many rewrites, many reviews and been the subject of countless ‘fall on your sword’ fights. Sometimes the struggle was altruistic, it was about making sure the word or phrase encompassed all pertinent arguments. Of course, much of the time the fight was about a rice bowl, which is someone’s pet project. It could also be about money, one word could reduce one’s budget in the following budget cycle. It was also about power, perceived power that is, of those caught up in the struggle between powerful personalities of the leaders of various groups. Another problem is Joint definitions must be followed by the Services – the Army, Navy, Air Force and the Marines, but the Services may have their own interpretation of how that applies within their particular Service. This last sentence is more powerful than you might ever learn, one Service in particular is really stretching the limits… nuff said. As a good friend just relayed to me, another great problem we have is with factions, there are also different camps of thinkers. Think of Colonel John Boyd, the father of modern warfare. His thinking was radical and forced developing fighter jets to be smaller and more nimble. He also invented a new way of thinking and fighting modern wars, the OODA loop. The same thing for Special Forces, by its very nature they are unconventional and many conventional leaders are severely intimidated, so they found ways to hinder some SF operations.
I choose not to get caught up in definitional wars, as we have been for the past 15 years. A big problem is we have no real leaders who say “this is the definition” and stick with it. We have a wonderful leader in General Alexander, for whom I have worked numerous times, so I have a little insight. He is brilliant and not constrained by conventional thinking. In my humble opinion he does things for the right reasons, there is no need for him to ever blow his own horn. To digress for just one second, my biggest fear is not of Cyber Command and the National Security Agency under one leader, it is who would follow him. I know of only one leader with the savvy, the experience and the leadership capabilities to properly lead both, but he only has two stars. I emphasize the leadership capability because in the past the Director of NSA was an intelligence officer but did not have Title 10 Authority. General Alexander is a career intelligence officer but as Commander of the US Cyber Command he must have Title 10 Authority and does.
A bigger problem is the constant evolution of technology and terminology. By the time a definition is properly staffed and is published, it is usually obsolete. For instance, an attack might be 50 pings per second. Next month it might be 500 pings in one second. The following year it might be 5,000 pings… and during this time period we still are discussing 50 pings per second.
Earlier this year I discussed this problem while at a conference in Toronto, Canada, with a number of seniors. I floated an idea which was warmly received but I am not absolutely certain it is politically correct. Okay, I know it’s not politically correct, but it sure is the right thing to do. Let us all agree on a working definition. Let us write it in a Wiki type format and then allow the numbers to change with the cyber-environment. As technology changes we can insert the proper words. As the environment changes we can insert new numbers or new thresholds. I think it’s worth a shot. Do you?
- Pentagon Announces Launch Of Endless Perpetual CyberWar (dprogram.net)
- Business agility, fighter pilot style (gigaom.com)
- Distinction between Leading and Facilitating (a Conference/Discussion/Meeting (management-me.com)
- New Air Force Mission: Cyberwar Belongs to Us (battleland.blogs.time.com)
- Lawmaker wants to clarify Pentagon’s authority for cyber operations (powersthatbeat.wordpress.com)
- Fault Lines: Cyberwar (milkandcookies.com)
- “Cyber Situational Awareness: We want the benefit of hindsight & we want it now!” # How Cyberpeople Think (dropsafe.crypticide.com)
- Living with the reality of virtual threats (thehindu.com)
- Audio of my Professorial Lecture on the Future of Cyberspace (travelsinvirtuality.typepad.com)