...and like people believing lots of other people are making lots of money at blogging.

They had one, sorta. More like one in each armed service.

The Air Force had been looking to stand up AF Cyber Command (looking to develop actual cyber-warfighting capability) in 2007, after announcing it in late 2006. The number and frequency of cyber-attacks had become so egregious that it just cried out for a response. See "The Dogs of Web War" from the Jan 2008 issue of Air Force Magazine. That was kind of a pet project of the AF leadership of the time.

But the scuttlebutt is that AFCYBER's aggressive self-promotion, plus USAF leadership's public pronouncements that cyber would be an offensive, warfighting (as well as reactive, defensive) domain, irritated the Pentagon's senior uniformed (i.e. Chairman, JCS) and civilian brass (OSD). So they looked to the Navy's Network Warfare Command as the newly anointed leader, plus the Space and Naval Warfare Systems Center. After the AF's senior leadership got sacked by Gates, AFCYBER got shuffled into a numbered air force under AF Space Command, and the dream of USAF as executive agent for the cyber domain went down in flames.

Now it's a bit of a mess and Gates will probably create some damned new agency under STRATCOM or DHS just to oversee cyber work.

Matthew Broderick...War Games...1983.

You don't really want to go there, do you? May as well complain that we don't have a bulletproof solution to aerial bombing. After all heavier-than-air aircraft have been around since at least 1903...How could they drop the ball on that, right?

The scale of the cyber threat, along with the delivery systems and countermeasures, have evolved continuously since 1983. The countermeasures of yesterday are no help against the threats of today. The Pentagon isn't the weak point here so much as the defence contractors (and the sub-contractors they hire), who may not be quite so rigorous about their IT security. Another factor is the unspoken elephant in the room; the hardware.

In 1994 8.2 percent of American homes had a personal computer. The percentage of homes that also had a modem was much smaller than that. The percentage of homes which had a computer, a modem, and a working knowledge of say, NORAD modem numbers was even smaller. According to a 2007 CEA survey, now 67% of homes have a desktop and 37% have a laptop (with some overlap between the two, naturally), and according to 2003 US census data, 55% of Americans have a computer with internet access. So first and foremost the number of platforms that can launch attacks has increased dramatically. In 1983 you had a small chunk of Americans, plus a larger chunk of foreign adversaries, who might be interested in getting into your computers. Today you have to defend against potentially every device and appliance on the network, worldwide. And your weak spots, wherever they are, are exposed on public forums for the interested. And let's not forget the army of foreign state actors, with appropriate resources, infecting zombies and trying hard to disguise themselves as civilian or non-state actors.

How is the Pentagon supposed to predict which manufacturer's hardware or software product will dominate the marketplace, and craft a solution to guard against that product's specific technical shortfalls? I am not a guy that likes to poke a stick in the eye of Microsoft (they get way too much of that already), but if anyone deserves the lion's share of the blame for the bulk of unsecured civil and corporate computers, it's them. Sorta. Ultimately, blame everybody who bought the essentially unsecure, non-multitasking 8-bit MS-DOS, spurring development of the sorta-multitasking Win16 platform, spurring the development of the unsecure Win32 platform, in all its variations, making it the zombie bonanza that it is today.

Second, the number of targets was also small. There weren't a lot of net-connected nodes to try and infiltrate. It would have been much more effective to use HUMINT and turn a guy on the inside, than to try and code something so that a couple of modem-connected DARPA boxes could dial Moscow and spend the next five years uploading junk at 300 baud. Now just about every military facility is net-connected (on civil unsecured and military secure nets). DoD and contractors have made a lot of good steps in moving the most critical stuff off the civil, public-access internet, but they are going to fall down from time to time.

Third, the vector of those attacks has also changed dramatically. If you wanted to hack something in 1983 you really only had two options. 1) get a guy on the inside to copy data to floppies or tapes and hand them off to you; or 2) if the target also had a modem, dial in and attempt brute-force password hacking as many times as possible. Getting viruses and worms in there was useless from an intel perspective. You might be able to get a virus-loaded tape or floppy inside, but if it called your modem and attempted to transmit data, first it would take all week to send anything useful, and second it wouldn't be very hard for them to find out the phone number that it had called. Which would lead right to your door. Infecting another unsuspecting machine as a zombie to do your bidding was pretty laughable, because in the age of DOS there was no multitasking. The owner would know what the computer was doing the instant they looked at the screen. Hey, what's this? My Vic-20 was supposed to be playing Radar Rat Race, not dialing Colorado Springs. Safeguarding the network meant keeping people out the building who weren't supposed to be there, changing your passwords once a while, and making sure the remote login disconnected dialed-in people after 4-5 failed attempts.

Now, computers can do many many things at once, and many are connected to the net all of the time. Smart, non-destructive trojans can sit on your PC and restrain themselves to a reasonable level of resource utilisation. Your computer can be sending midget porn to the UAE via a nice, normal-looking big-company host like Akamai Technologies, and you will be oblivious to it unless you are the sort that enjoys the regular use of the netstat command. And has a good handle on what processes talk to which external hosts, how often and for what purpose. If you want to be bulletproof today you need sysadmins and security people who are at the top of their game, on a network with the best equipment. I'm sorry to say that a life spent working in IT has convinced me that no shop operates at the top of their game all the time. They may be there for a few years but inevitably a budget cutback here or there forces them to scrimp on gear, or hire less-than-stellar staff, who implement (or more often, accede to top-down) stupid, vulnerability-creating processes, and now that one budget decision has just opened a gaping but unseen vulnerability in your environment. Try getting CEOs and CFOs—not to mention the average Joe flying a desk—to think on those terms; it ain't gonna happen.

Millions of computers can be marshalled as zombies to execute all manner of attacks and denials of service. More importantly they can be used as warehouses for stolen data, or as innocuous-looking waystations on the way to someplace more obviously state-connected. Most of the hardware we use, incidentally, is built overseas by people who would dearly love to see what sits on certain networks. We already know they are willing to manufacture counterfeit hardware specifically for the purpose of performing espionage. You can't build electronics without using their chips today. When you are dealing with an enemy as ruthless and singleminded as they are, there is no way that they are going to fail to get inside a subcontractor's network, which means they can get inside a contractor's network, which means they can get inside DoD's network. All it takes is for one link in the chain to have sub-optimal gear, sub-optimal processes or sub-optimal personnel in the IT department.

It's not a question of will they get inside, it's what threshold is acceptable, given that you have an unremitting dependence on these systems.

What chris said.

In 1994 8.2 percent of American homes had a personal computer.

Oops... that should be *1984*. not '94.

I will have to catch up with this volume of good work later but... what is in that box?

Chris has now made my head hurt....

His point as to hardware is critical because an awful lot of the hardware is, like most everything else in the world, made in China or within reach of China. Now, hardware for computers is funny stuff - it needs "firm ware" to run. And if I were a clever cyberspy I might just look to compromise that firmware.

The other element is the difference between active and passive cyberwar. Passive is all about grabbing information and using it to defeat systems. Active is about attacking systems critical to the operation of various systems.

What may have been a rather good example of the active form occurred in the Israeli attack on the Syrian nuclear installation a couple of years ago. The Syrians had a relatively modern air defence system - apparently it did not even see the Israelis much less respond to them. I suspect this was not accidental.

the box on top of the monitor? His modem.. A 14.4 k baud modem to be exact

No, that wooden laminated thing with the open handle to the right. That isn't a monitor.

I know there was a case where some HDDs were shipped with nasty rootkit-style stuff onboard -- they started transmitting off their (new) contents to various foriegn IPs.

Then there's this:

During a speech in Texas earlier this month, Joel Brenner, head of the U.S. Office of the National Counterintelligence Executive, said officials have seen counterfeit computer chips "make their way into U.S. military fighter aircraft."
[Ed: not the F-35.]

Brenner added: "You don't sneak counterfeit chips into another nation's aircraft to steal data. When it's done intentionally, it's done to degrade systems, or to have the ability to do so at a time of one's choosing."

The OPFOR isn't dumb, they aren't scattershot about this stuff, either. They are going after capabilities and data in a targeted and methodical way. I'm about 90% sure this is why The Firm dumped our extremely popular x-Series IBM Stinkpads after the leases were up last year; the new product line was fully Lenovo, and there was a lot of noise in the press about counterfeit Chinese chips around that time. (The eventual replacements were heavier, bulkier, slower Dells!) If you can't trust your own hardware—let alone the people and software that employ it—your game is pretty well over before it has begun.

Re: Wargames trivia—be amazed at my Kreskin skills!

Sean, you are ahead of the game by about ten years... he had a 1200 baud modem, plus a totally unnecessary acoustic coupler. Not the sleek, wide but thin USR 14.4 dealies. The thing on the monitor sure does look like the later 14.4, though.

Based on this clip, I deduce the following components in this still, from left to right:

- completely unnecessary acoustic coupler (max speed: 300baud) for modem (left of Broderick's elbow).
- Matthew Broderick (foreground)
- Ally Sheedy (background)
- dot-matrix printer of undetermined make (behind Ally Sheedy)
- IMSAI 8080 computer with top cover removed, fake boards and ribbon cables inserted (top)
- FDC2-2 Dual 5.25in Floppy Drive (bottom)
- IKB-1 keyboard
- Zenith 12" video monitor
- IMSAI/Cermetek 212A 1200baud modem (on top of monitor).

Are you amazed? Well, don't be, too much. All of the dirt is available here, from the guy that made it.

Dang - well there you go. From the photo, I thought it was a quietening hood over either the monitor or a dot-matrix printer. That handle threw me and I had no intention of using lord Goog to short circuit the fun of asking .

It is kind of weird. But seeing as this was 1983 the thing probably weighed 80 pounds and needed handles to lift it. I was sure that the IMSAI 8080 thing was a screaming fake. All those blue and red flip switches... for what, exactly? Yet that's how it really looked, and it was a working PC.

In 1983 all I had was an Atari 400 hooked up to a black-and-white TV in the basement. No floppies. No modem. Every non-cartridge program lost once shutdown, and had to be laboriously and manually re-entered at boot.

The funny thing is I remember more about that machine than any of its dozen-plus successors. I remember a bit about the next big deal, a 286 with VGA(!) and a 40 MB HDD, plus a 2400baud modem. I remember that one mostly because I played hours and hours of the best game ever invented by man, F-19 Stealth Fighter. I am sure I logged about a four-to-one ratio of game time vs. WordPerfect time on that box.

Never underestimate the power and menace of bright lights and toggle switches.

Yes, much too early for a 14.4. My bad. At that time I was still using the wonderful Atari 800 xl or was it my 600 xl? cannot remember. I also was still using a 300 baud "pocket modem" to log into the big old Loyalist College Mainframe with my high school guest account.

My parents bought me a (stupid) Ti-994a in 1981. I immediately convinced my grandparents to financially assist an upgrade to a series of Atari machines, using the same bedroom black and white as a monitor plan that Chris used. I remember M.U.L.E. and Miner 2049er as fave games.... sigh.

I had a cassette drive which allowed for saving games and the laborious loading of commercial programs that took up to 45 minutes.. eeeeeooowwwwweeeEEEEEEeeeooooeeeahhhweee.. "Sean shut the #@%^ volume off when you are loading programs!!!" etc