Feral Jundi

Tuesday, June 21, 2011

Letter Of Marque: Inching Closer To A World Of Cyber Privateering

Lately, there has been an increased intensity of hacking attacks on government and business. Of course, government is doing all it can to keep up and stop these hackers. And like the piracy problem on the high seas, hackers in the commons called cyber space are operating with virtual impunity.

To me, there are several areas of weakness that today’s hackers are exploiting. One is the shear enormity of the internet and cyber space, and all the potential targets that a hacker can attack. Like with the pirates of Somalia, hackers have plenty of ocean and are constantly searching for new hunting grounds and weaknesses to exploit.

Their rewards can be immense. Hack into a bank, steal information from a technology firm, or hack a government website and exploit that information. Or they do it because of the ‘lulz’ or the hell of it, just to prove they are the best. Or worse, they attack individuals. (companies or the government has done nothing to protect the little guys– like this blog, from attacks)  And these hackers can do it all from a terminal at some random location in the world.

The other thing at play here is scale. Once folks see for themselves how successful one group or individual is, then others will copy them. They will borrow brilliance and follow a model of operation that works, all to achieve a goal. And like today’s example of piracy, hacking spreads because it is inspired by the success of others and by the rewards of the risk taking.

It also spreads when money or organizational influence comes into play. China or a cartel from Mexico can easily do things to add fire to the world of hacking and cyber warfare. All nations add to scale of such things. Just wait until ‘plomo o plata‘ comes to the world of hacking, and then that is when cyber lances will really become essential.

Which brings me to the point of this post. Because this problem is only growing, there must be measures that equal the size and scale of this global deluge. Legal tools like the LoM must be considered to even the scale between black hat and the company use of white hat hackers. Of course it would be nice if government and it’s law enforcement apparatus could be large enough enough to apply the rule of law to all corners of the cyber universe. But like with today’s modern day scourge of piracy, government cannot be everywhere and at all times.

So here is where I like to take the next step forward.  Companies need the legal authority to effectively combat black hat hackers. That legal authority can and should come in the form of a Letter of Marque and Reprisal.  Or maybe a government can come up with a different title for this license.  But either way, by giving companies the legal authority to do what they need to do to combat the problem, they in essence help to put ‘the armed guards on boats’. (another analogy with today’s piracy problem)

Here is some more food for thought. If the targets of hackers are companies, then is the government the best tool to use to protect all of these companies out there?  Who would have more interest and incentive to protect a company’s infrastructure–a government or the the company itself?  Of course a company would love for someone to do it for free, but the problem here is that there is too much at stake to put the security of a company simply in the hands of a burdensome, bureaucratic and highly inefficient  government organizations. Government does not have the resources to watch over every company, and it does not have the personal motivation to defend a company’s assets to the fullest degree.

Yet again, the piracy analogy works for this example. All of the navies in the world have not stopped piracy, and if anything, the problem has grown. Likewise, the US government was not able to protect Sony, Google or Lockheed Martin from vicious hacking attacks, even though the government has cyber warfare units and tons of agencies tasked with monitoring cyber related activities.

So what is the solution?  I say government should listen to what the companies have to say about how best to help them. The government would also have to re-evaluate what ‘help’ really means, in the context of this problem. If a company says it is legally constrained when trying to defend against black hat hackers, then what is the logical solution?  Do you put the government’s police forces in charge of a company’s security anti-hacking units, or do we license a company to combat this problem?  To me, issuing a license to companies so they can actually compete with these black hat hackers, is the equivalent of putting ‘armed guards on boats’ to defend against Somali Pirates. It makes sense, and it answers the problem of scale.

It also sounds like this is the natural progression anyways?  The new DIB Cyber Pilot program sounds like another step towards empowering companies. With companies like Lockheed Martin, it behooves the government to help them because this company is very much a part of our national security.  So will licensing companies be the next ‘natural progression’ as an answer to this world wide scourge? I know myself, and the Morgan Doctrine blog will be following this stuff, and we will see….-Matt

 

 

Saturday, May 22, 2010

Building Snowmobiles: Cyber Privateers

     Ahhhh, time to fire up the old Building Snowmobiles category again, and thanks to James from Death Valley Magazine for giving me the heads up on this story below. Wired’s Danger Room wrote up an interesting article on the latest contract that Booz Allen Hamilton won with the Air Force in regards to cyber-security. This is interesting to me, because it is a government contracting a PMC to provide security in a commons called cyber space.  It reminds me of our original privateers in the US who were contracted by Congress via the Letter of Marque, to go after the British in that other ‘commons’ called the open sea. And with this latest contract, I would have to say that Booz Allen Hamilton gets the award for top cyber privateer. lol (that is not to say that Booz Hamilton will be getting bounties or seizing assets any time soon, but private industry is certainly answering the call for this one and making some serious money)

     I have lately been toying with the idea of how the Letter of Marque (LoM) could be applied to today’s current cyber security threats and to cyber warfare.  The scope of threats are so large and so complex, that there must be a strategy implemented that can keep up with these threats.  It is my belief that you should approach the problem with multiple solutions that all contribute to the overall strategy, and to create those solutions you need some analysis and you need synthesis.  And cyber privateers is some serious synthesis in my opinion, and I don’t think anyone has really delved into this before.  Issuing a LoM to individuals or companies might be one way to tap into the creativity and freedom of private industry, and still keep a leash on them based on the legal requirements of the letter.  It would be a way for congress to keep control over these kinds of contractors, yet still allow them to do their thing out there.  That kind of free market warfare coupled with very specific control mechanisms is crucial to this concept.

     The LoM can also allow the government to contract with one person or an entire company.  Companies like Booz Hamilton might not be able to attract the star players of cyber warfare.  So if the government wants to get these lone wolves on their side(both foreign and domestic), the LoM and an extremely lucrative bounty or prize law system would be one way to do that. The LoM could also give that lone wolf cyber warrior a license that is signed off and approved by the nations top law makers.  That to me has more appeal than being a subcontractor for some military branch of service, and hanging in limbo as to what laws and policies I need to follow or pay attention too.  Please note all the legal issues surrounding today’s usage of private military companies in the war.  The LoM could be the answer to mitigate those issues for today’s union between private industry and the government.

     Also, the way the LoM works is pretty flexible in my view.  It can be as complex or as simple as we want to make it.  After all, congress would be the ones forming the committee to issue the things, and they would be writing the thing up.  I am sure no one would want the LoM if it did not fully answer all and any legal issues, hence ‘my lawyer will talk with your lawyer’.  That is the way I would envision this.  Because if not, no one would want to do business with Congress and the US government if it did not have all the right protections in that document.

     As to what kind of activities the cyber privateers could do?  Hmmmm. Let your imagination run wild I guess.  Basically, if China wants to use hackers to go after the US for example, those Chinese hackers would be prime targets for cyber privateers.  Hell, cyber privateers could be tasked with going after entire countries that we consider threats. You could also use cyber privateers to go after organized crime, terrorists, etc., and set up bounties for all types of activities that a congress would want their cyber privateers to do. You might want to use cyber privateers for a very specific corner of the cyber warfare market, and the imagination is the only limit. Like Thomas Jefferson once said “Every possible encouragement should be given to privateering in time of war.” Using cyber privateers to conduct cyber warfare or defend the country, is one tool that the government could implement. For further study on the subject of LoM, I would suggest the reader check out this post and publication here, and use the search feature on this blog. –Matt

——————————————————————-

Booz Allen hiring 5,000 employees this year

Friday, May 14, 2010

Washington Business Journal – by Bryant Ruiz Switzky and Gayle S. Putrich

Consulting giant Booz Allen Hamilton Inc. is going on a major hiring binge.

The McLean-based government contractor is hiring 1,500 people over the next two months and expects to hire about 5,000 workers in 2010, some of which are rehires.

More than 60 percent of those jobs will be in the Washington area, said Leslie Esposito, director of recruiting.

Most of the positions are for consultants and include cost estimators, intelligence analysts, operations research analysts, program managers, acquisitions analysts, clinical health consultants, energy consultants, environmental consultants and human capital management and organizational efficiency experts. There is also a wide range of technology-related positions.

Story here.

——————————————————————-

Recent Air Force Contracts with Booz Allen & Hamilton

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $24,302,677 contract which will provide combat-ready forces to conduct secure cyber operations in and through the electromagnetic spectrum, with air and space operations.  At this time, $496,032 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Deliver Order 0414).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $24,283,152 contract which will provide innovative recommendations on information assurance disciplines for Systems Center Atlantic to develop information assurance capabilities for the Federal Compliance Program.  At this time, $122,060 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0407).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $23,302,445 contract which will provide instrumented live, virtual and constructive joint exercise enabled via the Joint National Training Capability’s global grid to enhance information assurance/cyber activities under U.S. Space Command’s span of control.  At this time, $2,672,756 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0417).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $19,835,902 contract which will provide information integrity and integration of information assurance capabilities into existing operational command and control networks and systems.  At this time, $5,000 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0415).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $19,831,145 contract which will define information assurance scientific and technical analysis to be applied to future military satellite communication systems development and assess vulnerabilities of emerging satellite communication systems to provide secure end-to-end communications services to deployed warfighters.  At this time, $1,607,798 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0411).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $15,870.840 contract which will provide secure and highly reliable network operations and computer network defense components in order to carry out Air Combat Command’s mission.  At this time, $45,120 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Deliver Order 0408).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $14,877,735 contract which will provide information assurance and information systems security improvements to U.S. military ground communication systems and onboard U.S. military airborne systems and platforms.  At this time, $2,692,270 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0413).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded a $14,880,375 contract which will provide state of the art information assurance capabilities in order to increase interoperability and availability of secure information to improve decision making.  At this time, $347,793 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0409).

                Booz Allen & Hamilton, Inc., Herndon, Va., was awarded an $8,925,518 contract which will develop innovative cyber security capabilities and network defense for Air Force information systems.  At this time, $164,682 has been obligated.  55 CONS/LGCD, Offutt Air Force Base, Neb., is the contracting activity (SP0700-98-D-4002, Delivery Order 0410).

——————————————————————

Defense Firms Pursue Cyber-Security Work

MARCH 18, 2009

By AUGUST COLE and SIOBHAN GORMAN

WASHINGTON — The biggest U.S. military contractors are counting on winning billions of dollars in work to protect the federal government against electronic attacks.

U.S. agencies from the Pentagon to the Department of Homeland Security have experienced major cyber-break-ins in recent years, even into classified systems. Cyberspies also have siphoned off critical data from Pentagon contractors, including one breach that cost a major aerospace contractor $15 million.

Intelligence officials estimate annual U.S. losses from cyber breaches to be in the billions of dollars, and some worry that cyber attackers could take control of a nuclear power plant or subway line via the Internet — or wipe out the data of a major financial institution.

(more…)

Powered by WordPress