The networked world is beginning to discover that sharing is not always beneficial. Marauders always have been the bane of cyberspace, but now a new set of threats has emerged to imperil more than just the usual targets. Ordinary citizens now are menaced by sophisticated organizations seeking to damage society or to loot it of its funds—or both. And, as always, the network-centric military is under assault by increasingly frequent and effective cyberagents operating under foreign government control.

In Launching Stealth Warfare, Maryann Lawlor returns to report on the possibility of the next major war being launched by a digital attack. Her interview with the director of cyberspace operations for the Air Force describes how the effects—or lack thereof—of that initial attack in cyberspace may define success or failure in the war that ensues.

Computer network defense is an important element of cyberspace operations, and Henry Kenyon explores efforts to thwart attacks. Changing Strategy for Computer Network Defense looks at how a U.S. national laboratory is trying to apply scientific method to what amounts to an art—the art of defending cyberspace in the information age.

Crime prevention often is not artistic, and Rita Boland delves into the gritty aspects of cybercrime. Government Works to Stop Actual Bad Guys in the Virtual Realm draws back the curtain on how the U.S. Justice Department is trying to catch up with existing cybercriminals while staying ahead of their future activities.

On another topic that literally spans the Atlantic Ocean, NATO is striving to modernize its force in a way that ensures interoperability. One group that is ramping up its efforts to assist the alliance is NATO’s Industrial Advisory Group, or NIAG. This four-decade-old organization is looking to redefine the relationship between NATO and industry in a way that benefits both parties, as its chairman explains in Industry Looks to Aid NATO.

Incoming this month takes a look at the path we have taken so far in adapting to cyberspace-oriented challenges, with Lt. Gen. Harry D. Raduege Jr., USAF (Ret.) describing the phases we’ve been through: ignorance, awareness and actualization–where we are now. But, he says, we’re not done, and probably never will be:

While actions are slowly moving in the right direction, we still are a long way from the last stage.

This fourth stage is the cyber mindset. In this stage, we reach a level of transformation where government, business and individuals are keenly aware of information security mechanisms. Cybersecurity becomes institutionalized and paramount in a rapidly changing information technology environment. In this new cyberculture, the concept of “service-oriented enterprise architectures” will help organizations understand their business environments better while supporting improved information sharing between the public and private sectors. Also, we will have sufficient, but not overburdening, legislation to improve the security of the global networked environment and enable operational resilience to cyberthreats. Strong identity management and authentication capabilities will become more tightly integrated into online transactions involving banking, collaboration and sharing of personal information.

Yet, while all this progress is occurring, cybercriminals, terrorist organizations and espionage forces will continue to focus on countering our best efforts. Obviously, the fourth stage never will reach steady state, but we will achieve a much higher state of effectiveness than today. Good efforts already are underway, and our collective sense of urgency is increasing daily. We certainly are on the verge of a new dawn for cybersecurity as a national priority.

So, the big question for this month is:
As cybercrime and cyberwarfare continue to be the defining challenges of the 21st century, how can the new administration and Congress best prepare the country to fully embrace cybersecurity as a national priority?

The dream of a separate and distinct cyberspace command is not going to happen, because cyberspace is an arena in which everyone operates. This was the declaration of the director, U.S. Army Information Operations (USAIOP) and U.S. Army Computer Network Operation-Electronic Warfare Proponents (USAEWP), Combined Arms Command, Fort Leavenworth. Col. Wayne A. Parks, USA, told a track presentation audience yesterday that all aspects of the force use cyberspace, so it is not so much a specific discipline as a theater of operations.

“We have operations in cyberspace, not cyberspace operations,” he stated.

Col. Parks added that cyberspace cannot be separated from electronic warfare, as adversaries are using all of the electromagnetic spectrum to access networks. The wired and wireless worlds now are similar.

Gen. Kevin P. Chilton, USAF, commander, U.S. Strategic Command had a message for attendees here, emphasizing that cyberspace is a domain that the military must operate in and defend. “I consider the surface of the ocean a domain…I consider land a domain,” he said during the morning plenary address. “I consider air a domain. I consider space a domain and I consider cyberspace a domain.”

Problems in cyberspace can extend to other domains, reducing the ability to command and control troops and conduct missions effectively. In addition, vulnerabilites in one part of the network can affect locations worldwide. Intelligence support is critical for network operations just as it is for operations in other areas. Gen. Chilton called recent attacks on U.S. networks espionage, similar to the practices used by spies. “This can all be done from the comfort of your home in your parent country,” he stated

To protect the network, personnel must be prepared and policies must be enforced. The U.S. military needs to improve the security of the Nonsecure Internet protocol routing network by training all warfighters on rules and regulations regarding its use and ensuring such procedures are followed. Gen. Chilton recommends that commanders make it their business to pay attention to the health of the networks every day, and concern themselves with problems and violations. To help alleviate these problems, he advocates cyberspace training in the military academies and service schools, as well as military cyberspace exercises and training events to prepare for attacks.

The general also addressed security concerns. Denial of service attacks are one of his major worries, but he said his biggest fear is the potential ability of enemies to infiltrate a network and pose as a valid user. Adversaries could then send out misleading information and, worse yet, create doubt in the minds of users, undermining faith in all information coming through the network. To help reduce problems with malware and other threats, Gen. Chilton wants the military to move away from blacklisting items to whitelisting them. Through this process, the military would ask operators what they need for their missions and then open access only to those areas.