Russia: Return of the Cold War

NFB19 said:
To my understanding, the DoD simply cannot match the private sector in salary and freedom of work. Why would talented, college educated individuals with a highly sought after talent pass up a starting six figure salary working 9 to 5 for O1 pay and a more demanding/stressful work environment in the DoD?
Regardless, the Navy (I can only speak to the Navy) cyber community isn't expanding fast enough. At the Academy everyone is required to take two semesters of cyber. They push for more and more Computer Science, Information Technology, and Cyber Security majors. They've began building a multi-million dollar academic building specifically for the Cyber department (no other single department has its own building). This is all well and good, but when they only allow 1% of every graduating class to enter Cyber Command, it shows there's a difference between what the DoD wants to do/is doing and what they are actually doing.
Click to expand...

The DOD has many great work/life programs that easily rival that of any company. NAVSEA has a lot of civilians who 100% telework, on top of their flex schedules, regular days off (four day work weeks), four hours sick leave accured every pay period, and up to eight (8) hours leave accrured every pay period.
 
NavyBuyer said:
Letting them serve in the molest without having the same PT standard or rank?
Click to expand...
I’ve been preaching for years that there are likely gay and transgender Americans who genuinely want to serve their country but have zero interest in doing anything combat related.

For that matter, there are likely “straight” Americans who would like to serve their country but have zero interest in anything to do with combat arms.

I see absolutely nothing wrong with recruiting Americans who meet specific skill sets, and letting them serve in that capacity. Maybe structure to the GS role.

Hell, we pay crazy retention bonus’s for grunts, why not pay the same kind of money to folks who might not be able to pass a PFT, but sure as fuck drive the Chinese crazy and ensure that no one is hacking our satellites and fucking out our GPS.
 
@Dienekes Sorry for getting back so late, I read the NPR. While very informative and interesting, I still believe that a nuclear conflict is extremely unlikely. Regardless of how much a potential deterrent they may be, I don't see how with our current stockpile why that shouldn't be enough? Russia has to realize that even though they can increase their nuclear armament that it almost immediately has diminishing returns. That, if a nuclear conflict kicked off, it would almost assuredly end with world wide disaster. Not to mention the monumental environmental impact something like that would have for the survivors.

@AWP You're right while Russia and China have traditionally not been best of friends, is it that far out to believe they would put aside their differences to disrupt the current pecking order? Even in the NPR it goes into detail about how communications between the US and China/Russia have deteriorated markedly and shows no signs of immediately improving. Yet, Putin and Jingping seem to be mirroring each other's movements. Now whether they're using one another for their own gain is up in the air. But for the mean time it's working.

I remember reading a NYT article going into detail about the various resources stolen from the NSA and while they have been disastrous none of it was allegedly developed after 2013. So there remains hope that our most current cyber warfare tools were left untouched it remains to be seen the long term effect this will have on us.

Since I'm just a civilian with an interest in this area, I'd be extremely interested in hearing what you think we should do going forward and how ti recover from this. I can't remember what post it was that you made but it was about some coworker of yours trying to bring a unauthorized USB drive into a secure building, maybe we need to look over basic PERSEC/OPSEC practices again?
 
SaintKP said:
...I still believe that a nuclear conflict is [I]extremely [/I]unlikely.
Click to expand...


I'd use "extremely unlikely" for Pakistan and India having a nuclear exchange, unless, as @AWP wrote, in desperation.

As far as the US/Russia/PRC, we glared at each other across the table threatening annihilation for almost half a century, and yet, behind the closed doors of power in Washington, Moscow and Beijing, it was the one great fear that kept all the parties from edging too close to the abyss. That fear drove policy. It factored into dealings in the Middle East, in Korea, in Vietnam, in Cuba...any point of friction.

The Cold War, in my view, still stands as the litmus test of nuclear confrontation, and to the behavior of antagonistic states in a world filled with nuclear weapons.
 
Fair point @Ocoka I think I view nuclear conflict with a grain of salt because I never grew up during the cold war and so I was never privy to how very real a possibility it could be with school drills, neighbors building bunkers, and as you said every single foreign policy being shaped by the potential for conflict. It will be really interesting to see how we handle a second Cold War compared to the first one.

@AWP you're fine man, no hurry it's the day off here and I'm looking to grill and become inebriated. Stay safe.
 
SaintKP said:
Since I'm just a civilian with an interest in this area, I'd be extremely interested in hearing what you think we should do going forward and how ti recover from this. I can't remember what post it was that you made but it was about some coworker of yours trying to bring a unauthorized USB drive into a secure building, maybe we need to look over basic PERSEC/OPSEC practices again?
Click to expand...

First, consider there are essentially 3 domains in the cyber realm. Offensive, defensive, and administrative. I think our offensive capability is probably the weakest, "newest" to us, and hardest to develop. Defensive stuff is refined every day, almost to the point where Sys Admins can't effectively manage their networks (that's part of a larger discussion).. Administrative is kind of a subset of the defensive side, but I consider it it be your policies, procedures, and paperwork...and there's a lot of paperwork to track.*

The biggest threat to any network, civilian or military, is from your users. Intential or unintentional, a threat is a threat. I'm mostly the admin guy with a small role in the defensive side, things like patching machines, reviwing logs, vulnerability remediation, etc. So, given that your threats are mostly internal your local cybersecurity guy is the first line of defense, BUT without leadership to back them up they are mostly toothless admin bitches.

Short of patdowns or some type of draconian or electronic measures, guys are going to bring in stuff they shouldn't and do things they shouldn't. You can only train someone so much before they tune you out and the paperwork is mostly leadership's CYA tool with a side dish of HR leverage for the chronically stupid. Ultimately, you can nip some problems in the bud, but you have to do that via paperwork and I've seen too many places give guys a pass or two, and usually they only take a hit if an outside entity knows about the violation; that forces leadership to act. If you set a soft example, don't be surprised if you have an incident on your hands.

* These aren't CISSP definitions, but I'm not looking up those in my books. Sue me.
 
AWP said:
First, consider there are essentially 3 domains in the cyber realm. Offensive, defensive, and administrative. I think our offensive capability is probably the weakest, "newest" to us, and hardest to develop. Defensive stuff is refined every day, almost to the point where Sys Admins can't effectively manage their networks (that's part of a larger discussion).. Administrative is kind of a subset of the defensive side, but I consider it it be your policies, procedures, and paperwork...and there's a lot of paperwork to track.*

The biggest threat to any network, civilian or military, is from your users. Intential or unintentional, a threat is a threat. I'm mostly the admin guy with a small role in the defensive side, things like patching machines, reviwing logs, vulnerability remediation, etc. So, given that your threats are mostly internal your local cybersecurity guy is the first line of defense, BUT without leadership to back them up they are mostly toothless admin bitches.

Short of patdowns or some type of draconian or electronic measures, guys are going to bring in stuff they shouldn't and do things they shouldn't. You can only train someone so much before they tune you out and the paperwork is mostly leadership's CYA tool with a side dish of HR leverage for the chronically stupid. Ultimately, you can nip some problems in the bud, but you have to do that via paperwork and I've seen too many places give guys a pass or two, and usually they only take a hit if an outside entity knows about the violation; that forces leadership to act. If you set a soft example, don't be surprised if you have an incident on your hands.

* These aren't CISSP definitions, but I'm not looking up those in my books. Sue me.
Click to expand...


Thanks for the explanation. Obviously the information leaks we've suffered in recent memory have been from a mix of people doing things they shouldn't and foreign entities gaining entry. But how do we stop this from happening aside from a complete and total lockdown and constant surveillance of employees? Like you said a person will eventually tune out safety brief #87 for the month, obviously you need a strong leadership to instill the right culture and mentality for things like this to stop happening.

Maybe the leadership in terms of managers (or whatever the equivalent is in the alphabet letter agencies), need to be looked at and evaluated instead of regular joe?
 
SaintKP said:
Thanks for the explanation. Obviously the information leaks we've suffered in recent memory have been from a mix of people doing things they shouldn't and foreign entities gaining entry. But how do we stop this from happening aside from a complete and total lockdown and constant surveillance of employees?
Click to expand...

You don't. You can mitigate the risk, but never eliminate it, that becomes "residual risk." (I remembered something from my cert. Yay me!) You compartmentalize, move employees around, security scans, audits, training, oversight... you'd have to run any facility processing classified information (as you can imagine, this is a ridiculously large number) like a Vegas casino...now think of that manpower drain. Even then, you still have risk because people are people. They are weak, they are exploitable, they are angry, they are in debt, they are scumbags, etc.

The best thing IMO is regular thrid party audits with consequences for security violations...of course, good luck firing a gov't employee. "You left your safe open while you went on vacation and haven't inventoried the contents since 2016? Here's your tenth write-up, don't do it again."
 
I wonder if the Russians have faith in their nuclear arsenal these days. A lot of the declassified Cold War era reports showed that the Soviets had little to no faith in their nuclear weaponry, and were under the impression that the US would annihilate them in the case of war.
 
Etype said:
I wonder if the Russians have faith in their nuclear arsenal these days. A lot of the declassified Cold War era reports showed that the Soviets had little to no faith in their nuclear weaponry, and were under the impression that the US would annihilate them in the case of war.
Click to expand...

That's very true. (And it's good to see you posting again.)
 
NavyBuyer said:
This morning Putin delivered the Russia equivalent to the State of the Union Address. During part of it he essentially put the US back on notice that they are nuclear armed and we need to listen to them. They are also building up their stockpile of nuclear weapons as we are shrinking ours. Will this shift the tide in our nuclear program to grow, especially since our current POTUS is already threatening NK?

I personally would like to see an increase in our cyber programs. We know countries like Russia and NK are expanding in that arena and with everything requiring some type of connectivity, you can't nuke your way out of everything.
Click to expand...


Going back to the OP and Putin's recent remarks, I think Trump welcomed a new nuclear arms race in a tweet about a year ago. The gist of it was that he planned to increase and upgrade our nuclear arsenal and dared any other country to keep pace with us.

One of the main reasons the Cold War thawed was the tremendous cost of nuclear competition on the US and USSR. It was an enormously expensive, decades-long drain on both economies, especially on the USSR.
 
NFB19 said:
To my understanding, the DoD simply cannot match the private sector in salary and freedom of work. Why would talented, college educated individuals with a highly sought after talent pass up a starting six figure salary working 9 to 5 for O1 pay and a more demanding/stressful work environment in the DoD?
Regardless, the Navy (I can only speak to the Navy) cyber community isn't expanding fast enough. At the Academy everyone is required to take two semesters of cyber. They push for more and more Computer Science, Information Technology, and Cyber Security majors. They've began building a multi-million dollar academic building specifically for the Cyber department (no other single department has its own building). This is all well and good, but when they only allow 1% of every graduating class to enter Cyber Command, it shows there's a difference between what the DoD wants to do/is doing and what they are actually doing.
Click to expand...


Why? Because of the prestige associated with being an officer in the US military. It's HUGELY attractive to people outside of the military. We see it all the time with other professionals like doctors and lawyers. The military is the most respected institution in America. There are a lot of people who want to be a part of that.

I think letting people adopt the trappings of our profession without assuming the dignity, standards, and ethos of our profession will have a long-term, damaging effect. We have plenty of people in the military as DoD civilians. Hire them into the DoD, pay them a whole bunch of money, and tap into their expertise when and as we need them. Don't let them dress up in a costume and play "officer." If someone wants that, they can leave their blue hair and hash at the door and jock up like the rest of us.
 
Does this mean I have to return my Cold War service certificate?
 

Similar threads

Stukiwi
Winds of war in the Balkans
Replies
16
Views
1K
Gunz
Gunz
Marauder06
Modern War Institute at West Point Featuring... Your Military Paraphernalia?
Replies
3
Views
796
Teufel
Teufel
TYW27
Cyber War and America’s Response
2
Replies
39
Views
3K
pardus
pardus
Rapid
Have we been fighting the wrong wars? Our domestic enemies grow stronger
4 5 6
Replies
109
Views
11K
Rando375
Rando375
AWP
  • Locked
A Note From a Member of the Staff
Replies
0
Views
897
AWP
AWP
Back
Top