Russia: Return of the Cold War

BloodStripe

Marine
SOF Support
Joined
Feb 27, 2014
Messages
4,139
Location
CONUS
SSMP
Military Mentor
To my understanding, the DoD simply cannot match the private sector in salary and freedom of work. Why would talented, college educated individuals with a highly sought after talent pass up a starting six figure salary working 9 to 5 for O1 pay and a more demanding/stressful work environment in the DoD?
Regardless, the Navy (I can only speak to the Navy) cyber community isn't expanding fast enough. At the Academy everyone is required to take two semesters of cyber. They push for more and more Computer Science, Information Technology, and Cyber Security majors. They've began building a multi-million dollar academic building specifically for the Cyber department (no other single department has its own building). This is all well and good, but when they only allow 1% of every graduating class to enter Cyber Command, it shows there's a difference between what the DoD wants to do/is doing and what they are actually doing.
The DOD has many great work/life programs that easily rival that of any company. NAVSEA has a lot of civilians who 100% telework, on top of their flex schedules, regular days off (four day work weeks), four hours sick leave accured every pay period, and up to eight (8) hours leave accrured every pay period.
 

Ooh-Rah

Marine
Moderator
Joined
Sep 12, 2012
Messages
11,430
Letting them serve in the molest without having the same PT standard or rank?
I’ve been preaching for years that there are likely gay and transgender Americans who genuinely want to serve their country but have zero interest in doing anything combat related.

For that matter, there are likely “straight” Americans who would like to serve their country but have zero interest in anything to do with combat arms.

I see absolutely nothing wrong with recruiting Americans who meet specific skill sets, and letting them serve in that capacity. Maybe structure to the GS role.

Hell, we pay crazy retention bonus’s for grunts, why not pay the same kind of money to folks who might not be able to pass a PFT, but sure as fuck drive the Chinese crazy and ensure that no one is hacking our satellites and fucking out our GPS.
 

SaintKP

Member
Joined
Sep 6, 2017
Messages
1,354
Location
Midwest
@Dienekes Sorry for getting back so late, I read the NPR. While very informative and interesting, I still believe that a nuclear conflict is extremely unlikely. Regardless of how much a potential deterrent they may be, I don't see how with our current stockpile why that shouldn't be enough? Russia has to realize that even though they can increase their nuclear armament that it almost immediately has diminishing returns. That, if a nuclear conflict kicked off, it would almost assuredly end with world wide disaster. Not to mention the monumental environmental impact something like that would have for the survivors.

@AWP You're right while Russia and China have traditionally not been best of friends, is it that far out to believe they would put aside their differences to disrupt the current pecking order? Even in the NPR it goes into detail about how communications between the US and China/Russia have deteriorated markedly and shows no signs of immediately improving. Yet, Putin and Jingping seem to be mirroring each other's movements. Now whether they're using one another for their own gain is up in the air. But for the mean time it's working.

I remember reading a NYT article going into detail about the various resources stolen from the NSA and while they have been disastrous none of it was allegedly developed after 2013. So there remains hope that our most current cyber warfare tools were left untouched it remains to be seen the long term effect this will have on us.

Since I'm just a civilian with an interest in this area, I'd be extremely interested in hearing what you think we should do going forward and how ti recover from this. I can't remember what post it was that you made but it was about some coworker of yours trying to bring a unauthorized USB drive into a secure building, maybe we need to look over basic PERSEC/OPSEC practices again?
 

Gunz

Combined Action
Verified Military
Joined
Jun 29, 2014
Messages
7,177

I'd use "extremely unlikely" for Pakistan and India having a nuclear exchange, unless, as @AWP wrote, in desperation.

As far as the US/Russia/PRC, we glared at each other across the table threatening annihilation for almost half a century, and yet, behind the closed doors of power in Washington, Moscow and Beijing, it was the one great fear that kept all the parties from edging too close to the abyss. That fear drove policy. It factored into dealings in the Middle East, in Korea, in Vietnam, in Cuba...any point of friction.

The Cold War, in my view, still stands as the litmus test of nuclear confrontation, and to the behavior of antagonistic states in a world filled with nuclear weapons.
 

AWP

Formerly Known as Freefalling
Administrator
Joined
Sep 8, 2006
Messages
15,765
Location
Not Afghanistan
@SaintKP I'll respond in the morning (Middle Eastern time), I don't want you to think I'm blowing you off.
 

SaintKP

Member
Joined
Sep 6, 2017
Messages
1,354
Location
Midwest
Fair point @Ocoka I think I view nuclear conflict with a grain of salt because I never grew up during the cold war and so I was never privy to how very real a possibility it could be with school drills, neighbors building bunkers, and as you said every single foreign policy being shaped by the potential for conflict. It will be really interesting to see how we handle a second Cold War compared to the first one.

@AWP you're fine man, no hurry it's the day off here and I'm looking to grill and become inebriated. Stay safe.
 

AWP

Formerly Known as Freefalling
Administrator
Joined
Sep 8, 2006
Messages
15,765
Location
Not Afghanistan
Since I'm just a civilian with an interest in this area, I'd be extremely interested in hearing what you think we should do going forward and how ti recover from this. I can't remember what post it was that you made but it was about some coworker of yours trying to bring a unauthorized USB drive into a secure building, maybe we need to look over basic PERSEC/OPSEC practices again?
First, consider there are essentially 3 domains in the cyber realm. Offensive, defensive, and administrative. I think our offensive capability is probably the weakest, "newest" to us, and hardest to develop. Defensive stuff is refined every day, almost to the point where Sys Admins can't effectively manage their networks (that's part of a larger discussion).. Administrative is kind of a subset of the defensive side, but I consider it it be your policies, procedures, and paperwork...and there's a lot of paperwork to track.*

The biggest threat to any network, civilian or military, is from your users. Intential or unintentional, a threat is a threat. I'm mostly the admin guy with a small role in the defensive side, things like patching machines, reviwing logs, vulnerability remediation, etc. So, given that your threats are mostly internal your local cybersecurity guy is the first line of defense, BUT without leadership to back them up they are mostly toothless admin bitches.

Short of patdowns or some type of draconian or electronic measures, guys are going to bring in stuff they shouldn't and do things they shouldn't. You can only train someone so much before they tune you out and the paperwork is mostly leadership's CYA tool with a side dish of HR leverage for the chronically stupid. Ultimately, you can nip some problems in the bud, but you have to do that via paperwork and I've seen too many places give guys a pass or two, and usually they only take a hit if an outside entity knows about the violation; that forces leadership to act. If you set a soft example, don't be surprised if you have an incident on your hands.

* These aren't CISSP definitions, but I'm not looking up those in my books. Sue me.
 

SaintKP

Member
Joined
Sep 6, 2017
Messages
1,354
Location
Midwest
First, consider there are essentially 3 domains in the cyber realm. Offensive, defensive, and administrative. I think our offensive capability is probably the weakest, "newest" to us, and hardest to develop. Defensive stuff is refined every day, almost to the point where Sys Admins can't effectively manage their networks (that's part of a larger discussion).. Administrative is kind of a subset of the defensive side, but I consider it it be your policies, procedures, and paperwork...and there's a lot of paperwork to track.*

The biggest threat to any network, civilian or military, is from your users. Intential or unintentional, a threat is a threat. I'm mostly the admin guy with a small role in the defensive side, things like patching machines, reviwing logs, vulnerability remediation, etc. So, given that your threats are mostly internal your local cybersecurity guy is the first line of defense, BUT without leadership to back them up they are mostly toothless admin bitches.

Short of patdowns or some type of draconian or electronic measures, guys are going to bring in stuff they shouldn't and do things they shouldn't. You can only train someone so much before they tune you out and the paperwork is mostly leadership's CYA tool with a side dish of HR leverage for the chronically stupid. Ultimately, you can nip some problems in the bud, but you have to do that via paperwork and I've seen too many places give guys a pass or two, and usually they only take a hit if an outside entity knows about the violation; that forces leadership to act. If you set a soft example, don't be surprised if you have an incident on your hands.

* These aren't CISSP definitions, but I'm not looking up those in my books. Sue me.

Thanks for the explanation. Obviously the information leaks we've suffered in recent memory have been from a mix of people doing things they shouldn't and foreign entities gaining entry. But how do we stop this from happening aside from a complete and total lockdown and constant surveillance of employees? Like you said a person will eventually tune out safety brief #87 for the month, obviously you need a strong leadership to instill the right culture and mentality for things like this to stop happening.

Maybe the leadership in terms of managers (or whatever the equivalent is in the alphabet letter agencies), need to be looked at and evaluated instead of regular joe?
 

AWP

Formerly Known as Freefalling
Administrator
Joined
Sep 8, 2006
Messages
15,765
Location
Not Afghanistan
Thanks for the explanation. Obviously the information leaks we've suffered in recent memory have been from a mix of people doing things they shouldn't and foreign entities gaining entry. But how do we stop this from happening aside from a complete and total lockdown and constant surveillance of employees?
You don't. You can mitigate the risk, but never eliminate it, that becomes "residual risk." (I remembered something from my cert. Yay me!) You compartmentalize, move employees around, security scans, audits, training, oversight... you'd have to run any facility processing classified information (as you can imagine, this is a ridiculously large number) like a Vegas casino...now think of that manpower drain. Even then, you still have risk because people are people. They are weak, they are exploitable, they are angry, they are in debt, they are scumbags, etc.

The best thing IMO is regular thrid party audits with consequences for security violations...of course, good luck firing a gov't employee. "You left your safe open while you went on vacation and haven't inventoried the contents since 2016? Here's your tenth write-up, don't do it again."
 

Etype

Special Forces
Verified SOF
Joined
Sep 18, 2010
Messages
2,219
I wonder if the Russians have faith in their nuclear arsenal these days. A lot of the declassified Cold War era reports showed that the Soviets had little to no faith in their nuclear weaponry, and were under the impression that the US would annihilate them in the case of war.
 

Gunz

Combined Action
Verified Military
Joined
Jun 29, 2014
Messages
7,177
I wonder if the Russians have faith in their nuclear arsenal these days. A lot of the declassified Cold War era reports showed that the Soviets had little to no faith in their nuclear weaponry, and were under the impression that the US would annihilate them in the case of war.
That's very true. (And it's good to see you posting again.)
 

Gunz

Combined Action
Verified Military
Joined
Jun 29, 2014
Messages
7,177
This morning Putin delivered the Russia equivalent to the State of the Union Address. During part of it he essentially put the US back on notice that they are nuclear armed and we need to listen to them. They are also building up their stockpile of nuclear weapons as we are shrinking ours. Will this shift the tide in our nuclear program to grow, especially since our current POTUS is already threatening NK?

I personally would like to see an increase in our cyber programs. We know countries like Russia and NK are expanding in that arena and with everything requiring some type of connectivity, you can't nuke your way out of everything.

Going back to the OP and Putin's recent remarks, I think Trump welcomed a new nuclear arms race in a tweet about a year ago. The gist of it was that he planned to increase and upgrade our nuclear arsenal and dared any other country to keep pace with us.

One of the main reasons the Cold War thawed was the tremendous cost of nuclear competition on the US and USSR. It was an enormously expensive, decades-long drain on both economies, especially on the USSR.
 

Marauder06

Intel Enabler
Moderator
Joined
Sep 9, 2006
Messages
10,508
Location
CONUS
To my understanding, the DoD simply cannot match the private sector in salary and freedom of work. Why would talented, college educated individuals with a highly sought after talent pass up a starting six figure salary working 9 to 5 for O1 pay and a more demanding/stressful work environment in the DoD?
Regardless, the Navy (I can only speak to the Navy) cyber community isn't expanding fast enough. At the Academy everyone is required to take two semesters of cyber. They push for more and more Computer Science, Information Technology, and Cyber Security majors. They've began building a multi-million dollar academic building specifically for the Cyber department (no other single department has its own building). This is all well and good, but when they only allow 1% of every graduating class to enter Cyber Command, it shows there's a difference between what the DoD wants to do/is doing and what they are actually doing.

Why? Because of the prestige associated with being an officer in the US military. It's HUGELY attractive to people outside of the military. We see it all the time with other professionals like doctors and lawyers. The military is the most respected institution in America. There are a lot of people who want to be a part of that.

I think letting people adopt the trappings of our profession without assuming the dignity, standards, and ethos of our profession will have a long-term, damaging effect. We have plenty of people in the military as DoD civilians. Hire them into the DoD, pay them a whole bunch of money, and tap into their expertise when and as we need them. Don't let them dress up in a costume and play "officer." If someone wants that, they can leave their blue hair and hash at the door and jock up like the rest of us.
 

DC

Navy Diver
SOF Support
Joined
Oct 17, 2016
Messages
854
Does this mean I have to return my Cold War service certificate?
 
Top