
In secret cyberwar game, reservist techies pummel miltary cyberwarriors - dctoedt
http://www.navytimes.com/article/20140804/NEWS04/308040019
======
__john
So I can off some first hand perspective here.

>Do the military "cyberwarriors" even have local admin rights on their
machines?

We don't, hell I don't even have access to some of the basic tools I need
(i.e. version control)

>Hackers don't sign up for active duty military.

They do, I've met the smartest people I know in the military . The hacker
types never stay though they either get kicked out because they don't want to
put up with the bullshit or separate after their first enlistment and
quadruple their salary.

Basically the problem with the military is that they won't (or can't) pay
enough to retain any of the talent they have and are unwilling to compensate
for the low salary by changing the "culture" they've developed over the last
century.

~~~
thefreeman
I don't understand how the military cannot afford to compete with the private
sector. This is where wars will be won now (or soon). It's pretty important to
defend ourselves. And we have trillions of dollars...

~~~
phaus
Part of it is that the government doesn't want to, the other part of it is
that the American people would shit their pants if they found out that a low-
ranking Soldier was making 6 figures a year off of taxpayer money. People
resent it when government employees make more money than they do. Also, in the
Army, you make the same amount of money no matter what your job is. The people
they used to have that were only qualified to do laundry 40 hours a week as a
full-time job get paid the same amount of money as intelligence analysts and
information technology specialists.

~~~
zachrose
The NSA has no problem paying for top talent, but they do it by going through
consulting firms. It's true that most Americans would shit their pants at 6
figure soldiers, but few military skills are so valued by the open market. As
we're constantly told by the tech media, you should prefer five $200,000
people to ten $100,000 people, or—god forbid—50+ people writing PowerShell
scripts for minimum wage.

~~~
phaus
>It's true that most Americans would shit their pants at 6 figure soldiers,
but few military skills are so valued by the open market.

Infantrymen won't have marketable skills, but we are talking about military
security analysts. These guys often do have skills equivalent to their
civilian counterparts. You seem to be making the same assumption that many
others in this thread have: that all Soldiers are infantrymen of less than
average intelligence.

~~~
zachrose
The link upthread of us shows that annual pay for federal cybersecurity
professionals is about on par with industry [1], especially when considering
geography/cost of living.

My surprise had more to do with learning that cyberwarefare reservists exist,
let alone enlisted soldiers. (I'm not familiar with the military.)

[1]:
[http://www.rand.org/content/dam/rand/pubs/research_reports/R...](http://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR430/RAND_RR430.pdf)
p.64

~~~
phaus
>My surprise had more to do with learning that cyberwarefare reservists
exist..

I can see how you would be surprised. It seems counter-intuitive, but its
actually normal for reservists in technical fields to be better at their jobs
than the military. The best example I can think of is the field of aviation.
Many reserve pilots are commercial pilots that get to fly 1000s of hours each
year. Their full-time military counterparts don't get to fly their fancy
fighter jets very often, because its really expensive.

------
superuser2
Civilian hackers have a solid intuitive understanding and can use that to
select, build, and modify whatever tools they please according to their
intentions, and use them however they want to.

Do the military "cyberwarriors" even have local admin rights on their
machines? Do they have the education necessary to think about systems and
vulnerabilities and the requisite leeway to use that knowledge, or are they
(as I would guess) "highly trained," where "trained" means "good at following
a set of procedures"?

I'm not knocking that as part of military culture. I want the people in
control of weapons and aircraft, etc. to be great at following orders and the
procedures they were trained to follow, and do little else. The ICMB fleet is
not a place for improvisation.

But computer security is. It's a creativity-driven field that moves quickly,
evolves hourly, and requires intellectual agility. I would imagine that from a
locked-down, out-of-date OS with a years-long procurement cycle to buy third-
rate software from huge, blundering contractors and no leeway to try new
things on a whim, it would be impossible to beat a team of educated,
unencumbered civilians in a field like this.

Of course, that's just a caricature of military culture that I'm imagining,
but can anyone speak to this?

~~~
figure_c
Special Operations forces are given considerable leeway to customize weapons
and adjust uniform standards to the situation. I think the "cyberwarriors"
would/should argue that their machines are their weapons and so should have
similar latitude.

~~~
phaus
> I think the "cyberwarriors" would/should argue that their machines are their
> weapons and so should have similar latitude.

They have argued and lost because the big picture military only cares about PT
tests, marksmanship, and hair cuts. No one important enough to change policy
understands how computers work.

~~~
Bahamut
Only the Marine Corps and maybe Army really care about PT performance - from
what I understand, promotions in the Navy and Air Force are based off of
exams.

~~~
chiph
USAF cares quite a bit about PT, as they're using it as a force-shaping tool
(a way to get rid of people as they downsize).

For years there was debate between the weightlifters and the runners in Air
Force leadership over the best way to ensure a fit force. The runners won,
which is why a waist measurement is now included in the PT standards.

------
mullingitover
If we're trying to use uniformed military troops to hack servers remotely, we
deserve to lose any 'cyber war.'

They should be used to gain physical access to hardware and people, for the
purpose of applying the xkcd decryption heuristic[1]. Leave the hacking to the
experts.

[1] [http://xkcd.com/538/](http://xkcd.com/538/)

~~~
phaus
>If we're trying to use uniformed military troops to hack servers remotely, we
deserve to lose any 'cyber war.'

Not all Soldiers are incompetent. Some of the most brilliant people I've met
are people that I met while I was in the Army. China has created numerous
units that focus on offensive hacking, and they are wildly successful.

Now, to clarify, I'm not saying that we should have troops performing cyber
attacks, I'm just saying that it isn't necessarily an endeavor that's doomed
to failure. You seem to be making the assumption that people in the military
can't be as good at something as a civilian. That's simply not true. There is
a lot of talent in the Army, its just that the organization and its rules are
making it hard to be effective.

~~~
mullingitover
I mean no disrespect to the soldiery, but why use soldiers for this, and not
the DIA/NSA/CIA/various other TLAs? I guess that's what I'm confused about.
Grunts wearing camouflage sitting in front of a laptop trying to outbrain
someone seems humorously perverse. It's like some high-level bureaucrat has it
in his mind that 'cyberattack' necessarily means that the military has to do
it, because we obviously use the military for attacking things.

~~~
phaus
>I mean no disrespect to the soldiery, but why use soldiers for this, and not
the DIA/NSA/CIA/various other TLAs?

I specifically said that I wasn't advocating this as a military mission. I was
just stating that if it was a military mission, the Soldiers themselves
wouldn't be the reason that it fails.

>Grunts wearing camouflage sitting in front of a laptop trying to outbrain
someone seems humorously perverse.

A grunt is an infantryman. Not all Soldiers are grunts. The Soldiers that work
as security analysts do it as a full time job. They still have to take a
couple PT tests each year and qualify once or twice a year with an M16, but
they spend most of their time doing their job.

I'm not sure how wearing camofluage affects a person's ability to use a
computer? They are people like everyone else.

~~~
socceroos
I guarantee you will not attract the best talent if your vision includes them
wearing camouflage.

~~~
lsc
There are lots of downsides to the military as an employer. The dresscode is
pretty far down that list.

The biggest downside, I think? As a civilian, it is my right to walk off a job
at any time. Sure, there are expectations that I'll give you some notice (and
I will) but worst comes to worst? I can always walk, and the worst my employer
can do is call me bad names.

In the military, those contracts? they mean something. Yeah, you can ask to be
transferred around; hell, I know someone who was able to actually quit the
navy half way through basic, but it was a big fucking deal.

I mean, there are advantages to the military, too. I'm not saying it's a bad
choice for everyone. I'm just saying that wearing dorky pants doesn't even
make the list.

The military, like most government jobs, makes a lot of sense for someone who
values stability. There are plenty of skilled people that value stability over
the ability to leave; I'm just not one of them.

------
syncro
I used to hear the term "cyber" when people didn't understand the internet.
Now the only time I hear it is from the US military.

~~~
kps
I used to hear the term "cyber" when it was the name of Control Data's
mainframe series.

[http://en.wikipedia.org/wiki/CDC_Cyber](http://en.wikipedia.org/wiki/CDC_Cyber)

------
salem
"suits and ties — or tie dyes and blue jeans"

That says it all there, written by the navy times. Seems like there is a bit
of a culture problem, and the perception of tech people by the regular
army/navy/whatever.

Apparently, anyone with deep technical skills in hacking computer systems is
either a corporate drone, or a hippie.

~~~
mabhatter
How about Polos and Kakis?

~~~
stonogo
Those who wear suits and ties see them as tie dye and jeans.

Those who wear tie dye and jeans see them as suits and ties.

------
frankydp
The DOD cyber effort will be passed off department wide to a more function
specific agency just as many other efforts before it. ie CDC NRC DARPA NASA

The specific culture or technical requirements of network technology efficacy
will/has end/ed up in a more mixed agency such as the NSA or DIA(redux).

There are a lot of "hackers" in the DOD, as others have said they usually do
not stay, but some do. The reason they seem like unicorns is because they
usually end up working in the non cat video sector.

~~~
themodelplumber
That first para is of the only comments here that gives me any hope for U.S.
cyber capability and it really makes sense. Thanks.

------
kaybe
I have the feeling that the only people using the word 'cyber' at all are
governments. Weird.

------
twodayslate
"cyberwarriors" makes me laugh every time

------
ZanyProgrammer
The fact is that people with unconventional (by military standards) are going
to look at joining the military with skepticism, so right there the military
is limiting its pool of potential security service men.

~~~
TheSpiceIsLife
and women.

------
vfclists
Since when has investing in cyberwarfare skills become a substitute for
writing correct code?

Instead of thinking long term, and learning to write open, correct code in
sane languages, the continued emphasis is in continuing to ship bug-ridden,
untested, source either open with Linux, or closed source with Windows, in an
insane languages like C, then announcing that investments need to be made in
cybersecurity because the planet needs to be saved from hackers.

Why not focus on getting things right in the first place?

------
ohashi
This doesn't seem quite right. It says reservists. They may also have roles in
civilian life, but they are also part of the Military. That seems a bit
deceptive in the title.

~~~
otoburb
If American reservists are expected to become a more critical
component/dependency for US full-time cyberwarfare defensive or offensive
capabilities, would this lead in any way to more time asked of reserve forces
at least until internal military specialists are considered to be on par with
their civilian and reservist counterparts?

I'm curious if reservists deemed to have critical skills would be called upon
to act beyond an amount comfortable for them, considering that they typically
already have full-time day jobs as mentioned in the article.

~~~
mpyne
> I'm curious if reservists deemed to have critical skills would be called
> upon to act beyond an amount comfortable for them, considering that they
> typically already have full-time day jobs as mentioned in the article.

Yes, that is certainly possible. The whole "1 weekend a month, 2 week a year"
thing died with the World Trade Center. While Reserve units certainly try to
maximize flexibility to try from interfering with their reservists work
balance, getting called up unexpectedly (even for a period of months) is not
that unusual if/when shit hits the fan somewhere.

~~~
walshemj
yes I know quite senior (RSM) people in the UK TA (reserves) who got sent to
the gulf for an extended period - though that company does sponsor a TA unit
so was fairly cool with it.

~~~
phaus
>though that company does sponsor a TA unit so was fairly cool with it.

Do they have a choice in the matter? I'm just curious because here in the U.S.
companies are obligated to hold your position for you until you get back.

~~~
walshemj
I think there are sanctions (you are pissing of Liz II) and of course it might
effect the senior mangers if their name came up for a gong or other honour.

They have discussed making it mandatory for employers to give paid leave to TA
members for annual training.

