Feral Jundi

Sunday, December 18, 2011

Legal News: Congress Legalizes Cyber War

In language discussing the bill, conferees say that because there is no historical precedent for what constitutes traditional military activities in cyberspace, “it is necessary to affirm that such operations may be conducted pursuant to the same policy, principles and legal regimes that pertain to kinetic capabilities.”

This is big news, and historical. The rules and laws of kinetic war now apply to Cyber War, and this brings up all sorts of ideas. For example, will we see more Cyber Lance type activities?  Maybe a US special forces team combined with civilian hackers to locate and kill/capture enemy hackers or whomever?  Who knows, and who knows how these new rules will apply?

Perhaps we will see the same issues that have popped up for today’s modern wars. Especially with the hybrid of private and public forces in conflict. I say this, because the US does not have the monopoly on ‘hacking force’. If they want the best, they can try to develop that capability internally, but inevitably they will have to reach out to private companies or individuals that are experts in these fields and pay them to do it.

Here is one quote below that really perked me up. Check it out:

Since the military cannot afford to pay enough to recruit qualified software and Internet engineers for this sort of work, it has turned to commercial firms. There are already some out there, companies that are technically network security operations, but will also carry out offensive missions (often of questionable legality, but that has always been an aspect of the corporate security business.)
Some of these firms have quietly withdrawn from the Internet security business, gone dark, and apparently turned their efforts to the more lucrative task of creating Cyber War weapons for the Pentagon. It may have been one of these firms that created, or helped create, the Stuxnet worm.

I read this and thought, why not just fire up the Letter of Marque and Reprisal and give these firms the legal authority and protections necessary to take part in offensive operations?  The LoM is sitting right there in the War Powers clause in the US Constitution, and it just seems to me that we are missing the boat when it comes to doing this stuff. We could be legally authorizing the companies to steal funds and intellectual property from all sorts of enemies out there, and label these companies cyber privateers. (which if the military helped at all, would those commanders or the US be entitled to a cut? lol)

My other thought about all of this is when will we see a Cyber Weapon used in such a way as to actually kill like a real weapon?  And with this public/private partnership we will have, we could potentially see IT Security companies build these weapons, and possibly even launch it. Just imagine if Stuxnet actually caused deaths in some weapons plant or nuclear facility? That would definitely put the ‘War’ in Cyber War. Very interesting….-Matt 

 

America Legalizes Cyber War
December 18, 2011
The U.S. Congress approved a new law on December 14th that allows the Department of Defense to conduct offensive Cyber War operations in response to Cyber War attacks on the United States. That is, the U.S. military is now authorized to make war via the Internet. The new law stipulates that all the rules that apply to conventional war, also apply to Cyber War. This includes the international law of armed conflict (meant to prevent war crimes and horrid behavior in general) and the U.S. War Powers Resolution (which requires a U.S. president to get permission from Congress within 90 days of entering into a war).
The U.S. Department of Defense has long advocated going on the offensive against criminal gangs and foreign governments that seek (and often succeed) to penetrate U.S. government and military Internet security, and steal information, or sabotage operations. Over the past year, and without much fanfare, the Department of Defense has been making preparations to do just that.

(more…)

Saturday, May 22, 2010

Building Snowmobiles: Cyber Privateers

     Ahhhh, time to fire up the old Building Snowmobiles category again, and thanks to James from Death Valley Magazine for giving me the heads up on this story below. Wired’s Danger Room wrote up an interesting article on the latest contract that Booz Allen Hamilton won with the Air Force in regards to cyber-security. This is interesting to me, because it is a government contracting a PMC to provide security in a commons called cyber space.  It reminds me of our original privateers in the US who were contracted by Congress via the Letter of Marque, to go after the British in that other ‘commons’ called the open sea. And with this latest contract, I would have to say that Booz Allen Hamilton gets the award for top cyber privateer. lol (that is not to say that Booz Hamilton will be getting bounties or seizing assets any time soon, but private industry is certainly answering the call for this one and making some serious money)

     I have lately been toying with the idea of how the Letter of Marque (LoM) could be applied to today’s current cyber security threats and to cyber warfare.  The scope of threats are so large and so complex, that there must be a strategy implemented that can keep up with these threats.  It is my belief that you should approach the problem with multiple solutions that all contribute to the overall strategy, and to create those solutions you need some analysis and you need synthesis.  And cyber privateers is some serious synthesis in my opinion, and I don’t think anyone has really delved into this before.  Issuing a LoM to individuals or companies might be one way to tap into the creativity and freedom of private industry, and still keep a leash on them based on the legal requirements of the letter.  It would be a way for congress to keep control over these kinds of contractors, yet still allow them to do their thing out there.  That kind of free market warfare coupled with very specific control mechanisms is crucial to this concept.

     The LoM can also allow the government to contract with one person or an entire company.  Companies like Booz Hamilton might not be able to attract the star players of cyber warfare.  So if the government wants to get these lone wolves on their side(both foreign and domestic), the LoM and an extremely lucrative bounty or prize law system would be one way to do that. The LoM could also give that lone wolf cyber warrior a license that is signed off and approved by the nations top law makers.  That to me has more appeal than being a subcontractor for some military branch of service, and hanging in limbo as to what laws and policies I need to follow or pay attention too.  Please note all the legal issues surrounding today’s usage of private military companies in the war.  The LoM could be the answer to mitigate those issues for today’s union between private industry and the government.

     Also, the way the LoM works is pretty flexible in my view.  It can be as complex or as simple as we want to make it.  After all, congress would be the ones forming the committee to issue the things, and they would be writing the thing up.  I am sure no one would want the LoM if it did not fully answer all and any legal issues, hence ‘my lawyer will talk with your lawyer’.  That is the way I would envision this.  Because if not, no one would want to do business with Congress and the US government if it did not have all the right protections in that document.

     As to what kind of activities the cyber privateers could do?  Hmmmm. Let your imagination run wild I guess.  Basically, if China wants to use hackers to go after the US for example, those Chinese hackers would be prime targets for cyber privateers.  Hell, cyber privateers could be tasked with going after entire countries that we consider threats. You could also use cyber privateers to go after organized crime, terrorists, etc., and set up bounties for all types of activities that a congress would want their cyber privateers to do. You might want to use cyber privateers for a very specific corner of the cyber warfare market, and the imagination is the only limit. Like Thomas Jefferson once said “Every possible encouragement should be given to privateering in time of war.” Using cyber privateers to conduct cyber warfare or defend the country, is one tool that the government could implement. For further study on the subject of LoM, I would suggest the reader check out this post and publication here, and use the search feature on this blog. –Matt

——————————————————————-

Booz Allen hiring 5,000 employees this year

Friday, May 14, 2010

Washington Business Journal – by Bryant Ruiz Switzky and Gayle S. Putrich

Consulting giant Booz Allen Hamilton Inc. is going on a major hiring binge.

The McLean-based government contractor is hiring 1,500 people over the next two months and expects to hire about 5,000 workers in 2010, some of which are rehires.

More than 60 percent of those jobs will be in the Washington area, said Leslie Esposito, director of recruiting.

Most of the positions are for consultants and include cost estimators, intelligence analysts, operations research analysts, program managers, acquisitions analysts, clinical health consultants, energy consultants, environmental consultants and human capital management and organizational efficiency experts. There is also a wide range of technology-related positions.

Story here.

——————————————————————-

Recent Air Force Contracts with Booz Allen & Hamilton

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $24,302,677 contract which will provide combat-ready forces to conduct secure cyber operations in and through the electromagnetic spectrum, with air and space operations.  At this time, $496,032 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Deliver Order 0414).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $24,283,152 contract which will provide innovative recommendations on information assurance disciplines for Systems Center Atlantic to develop information assurance capabilities for the Federal Compliance Program.  At this time, $122,060 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0407).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $23,302,445 contract which will provide instrumented live, virtual and constructive joint exercise enabled via the Joint National Training Capability’s global grid to enhance information assurance/cyber activities under U.S. Space Command’s span of control.  At this time, $2,672,756 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0417).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $19,835,902 contract which will provide information integrity and integration of information assurance capabilities into existing operational command and control networks and systems.  At this time, $5,000 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0415).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $19,831,145 contract which will define information assurance scientific and technical analysis to be applied to future military satellite communication systems development and assess vulnerabilities of emerging satellite communication systems to provide secure end-to-end communications services to deployed warfighters.  At this time, $1,607,798 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0411).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $15,870.840 contract which will provide secure and highly reliable network operations and computer network defense components in order to carry out Air Combat Command’s mission.  At this time, $45,120 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Deliver Order 0408).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $14,877,735 contract which will provide information assurance and information systems security improvements to U.S. military ground communication systems and onboard U.S. military airborne systems and platforms.  At this time, $2,692,270 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0413).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $14,880,375 contract which will provide state of the art information assurance capabilities in order to increase interoperability and availability of secure information to improve decision making.  At this time, $347,793 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0409).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded an $8,925,518 contract which will develop innovative cyber security capabilities and network defense for Air Force information systems.  At this time, $164,682 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0410).

——————————————————————

Defense Firms Pursue Cyber-Security Work

MARCH 18, 2009

By AUGUST COLE and SIOBHAN GORMAN

WASHINGTON — The biggest U.S. military contractors are counting on winning billions of dollars in work to protect the federal government against electronic attacks.

U.S. agencies from the Pentagon to the Department of Homeland Security have experienced major cyber-break-ins in recent years, even into classified systems. Cyberspies also have siphoned off critical data from Pentagon contractors, including one breach that cost a major aerospace contractor $15 million.

Intelligence officials estimate annual U.S. losses from cyber breaches to be in the billions of dollars, and some worry that cyber attackers could take control of a nuclear power plant or subway line via the Internet — or wipe out the data of a major financial institution.

(more…)

Powered by WordPress