Civil Cyber Patrol?

[NIN]

http://www.defenseone.com/ideas/2017/03/cybersecuritys-human-side-how-can-we-solve-our-people-problem/136296/

Interesting.

[PhoenixRisen]

I didn't see it mentioned in the article, but the UK has recently established the Joint Cyber Reserve, which seems to be right in line with this article.  (Further info.)  There's not much info on it, but it's part of their larger "Sponsored Reserves", which are a category of military reserve specialist functions that are directly carried out by civilian professionals.

As someone who works in cybersecurity and is beyond qualified to DoDI 8570 standards (CISSP, GSEC, SSCP, yadda, yadda...), but can't join the military due to a medical disqualification.... I'd get in on something like this in a heartbeat if we stood up a comparable unit.  I'd even volunteer my time in the non-paid, CAP-style sense of the term "volunteer"...

I've been keeping my eye on the development of the National Guard/Reserve cyber forces (as this article discusses), and dreaming that, one day, a special enlistment/commissioning option may become available for those who are qualified to fill these roles, but may have something keeping them out of regular service, such as a medical qualification.

[chuckmilam]

As someone who works in cybersecurity and is beyond qualified to DoDI 8570 standards (CISSP, GSEC, SSCP, yadda, yadda...), but can't join the military due to a medical disqualification....

If you can stand the pay cut, you could work as a GS Civilian.  Many government Information Assurance/Cyber Security jobs are open under direct hire authority, so they look at your aptitude, education, certifications, and experience; ostensibly to hire the most-qualified candidates outside of the normal hiring procedures. 

[PhoenixRisen]

If you can stand the pay cut, you could work as a GS Civilian.  Many government Information Assurance/Cyber Security jobs are open under direct hire authority, so they look at your aptitude, education, certifications, and experience; ostensibly to hire the most-qualified candidates outside of the normal hiring procedures.

That's definitely something on my radar for the future, but unfortunately, it'll require me to relocate quite a ways.  The handful of GS-2210 jobs that pop up in my area are typically AGR-type jobs for the local Guard/Reserve units.

If I were back in my hometown (San Diego), that's most likely what I'd be doing right about now!   

[Nick]

This is a subject that's been broached at national, but buy-in has been slow to build. We'll get there, it just won't happen this year.


Sent from my iPhone using Tapatalk

[Ed Bos]

I'd be interested in getting a group together to talk about what this unit would look like, and what kind of service it could provide.

Volunteers assisting with cybersecurity? What sort of qualifications should members have before they're on the team? What sort of training could be provided?

This is a subject that's been broached at national, but buy-in has been slow to build. We'll get there, it just won't happen this year.

Hey Nick, can you share any details about what sort of broaching has been done? Is this like a conversation over coffee at a conference, or a multi-meeting strategy session with principles and SMEs?

[Nick]

what sort of broaching has been done? Is this like a conversation over coffee at a conference, or a multi-meeting strategy session with principles and SMEs?

This was a formal process that put together a recommended national strategy for CAP cyber priorities, involved discussion with the SAF/RE's office among other government entities, and then was presented to the board of governors. Simply put, the interest at this time is for a cadet-focused cyber education program. I think it will evolve over time, but the biggest support that will give  CAP exposure to "the cyber" right now is in the cadet program.

[Live2Learn]

FWIW, 'cyber' security appears to be a whole lot more relevant than CAP's expensive and rapidly obsolescing aviation role in the world we face today.  Major cyber breaches of the criminal garden variety sort compete daily with State sponsored breaches.  Training young people for this large national need, plus the potential for CAP SM who have cyber skills to support existing national priorities seems like a potential future with long term prospects for relevancy that would provide purpose for both SM and cadets.

On the other hand, both relevancy and prospects for CAP aviation ops in the future are much less than rosy. While there may be an artificial 'pilot shortage' today thanks in large measure to Senator Schummer's legislated "fix" to ATP qualifications and training, that draw for SM and Cadets may be short lived.  IMHO, it's likely the "shortage" will only accelerate the trend toward automating cockpits... with the likely prospect of evaporating demand for human pilots.  Both the trend toward automation, and the existence of new uncrewed SAR/DR platforms bring into question CAP's investment in and emphasis on FW SE piston aircraft.   Why crew an expensive (relatively speaking compared to a fully functional CAP cyber security program) Cessna which is fundamentally a 60+ year old airframe dressed up with pretty (and expensive to maintain) avionics?  Aviation media offer increasing numbers of stories about current UAS platforms that are more capable than any CAP assets.  Plus UAS platforms do not place 'air' crews at risk.  Does CAP maintain a large fleet of SE FW aircraft (the "largest fleet of Cessnas in the world") because the inventory is cost effective, highly capable of succeeding in our typical SAR/DR mission profile, and is it in high demand?  It's my observation that neither is true.  Perhaps the "largest fleet of Cessnas in the world" just follows a well rutted road from the past.  FWIW, the ratio of recent missing aircraft search to find stats I've seen from the PNW don't offer a lot of confidence that even a massive effort involving our existing aviation assets is likely to result in a 'find'. 

I have to wonder whether serious discussion about updating our corporate mission + capabilities is over due at National, with the USAF, and certainly with Congress.  And yes, that will certainly have consequences for how CAP's budget is allocated.

[Eclipse]

If CAP wants relevence in IT security, it might want to start by not adopting 20 year old buzz words like "cyber".

I'm on board with this being a new mission, if it's done properly, however then there needs to be decisions about which of the old missions will be reduced or eliminated.

There are only so many hours in a meeting, only so many meetings in a year, and the expectations of successful cadets and units already exceed the time allotted for most years, especially in light of the shrinking membership, reduced resources and charters, and higher lever of choce and school requirements for kids today.

[chuckmilam]

If CAP wants relevence in IT security, it might want to start by not adopting 20 year old buzz words like "cyber".

Tell that to the Federal Government/DoD, then.  They just changed "Information Assurance" to "Cyber Security" like yesterday (in government time.) 

(To be fair, I cringe a little at "cyber," too.)

[Майор Хаткевич]

If CAP wants relevence in IT security, it might want to start by not adopting 20 year old buzz words like "cyber".

Tell that to the Federal Government/DoD, then.  They just changed "Information Assurance" to "Cyber Security" like yesterday (in government time.) 

(To be fair, I cringe a little at "cyber," too.)

Well the President really liked that "Cyber" word. No surprise.

[Spaceman3750]

I finally gave up the fight. "What do you do at work?" "I do cyber security."

It's a lot easier than explaining what information security is. Thanks CNN.

[Eclipse]

I finally gave up the fight. "What do you do at work?" "I do cyber security."

((*snicker*)) Passing out computer access slips to the homeless at the library is not ((*snort*)) "cyber security"...

[Spaceman3750]

I finally gave up the fight. "What do you do at work?" "I do cyber security."

((*snicker*)) Passing out computer access slips to the homeless at the library is not ((*snort*)) "cyber security"...

NOTE to future employers: This is a joke 

[Luis R. Ramos]

From Eclipse...

...((*snicker*)) Passing out computer access slips to the homeless at the library is not ((*snort*)) "cyber security"...

:clap: :clap: :clap:

I love this, but I guess I may be behind the times because I did not realize the term, cyber security was so old!

[Live2Learn]

:clap: :clap: :clap:

I love this, but I guess I may be behind the times because I did not realize the term, cyber security was so old!

The term's not old, us guys ('guys'  = politically correct gender neutral and therefore non-judgmental term) chortling about it are... Look at the post times.  Only retired, tired, and bored have time at this time of day to debate 'cyber' whatever...   

[Nick]

I'm currently in the last quarter of my master's degree in cybersecurity studies, and one of the assigned readings was a 2015 book on information assurance.  It broke it down this way:

- Information assurance is the overarching approach for identifying, understanding, and managing risk through an organization's use of information and information systems

- Information security is a subdomain of information assurance that focuses on the CIA triad of information and information systems

- Information protection is a subset of information security that uses a variety of means such as policy, standards, physical controls, technical controls, monitoring, and information classification or categorization to protect the confidentiality and integrity of information and information systems

- Cybersecurity is a relatively new term that has largely replaced the term "computer security" and is used to describe the measures taken to protect electronic information systems against unauthorized access or attack, and is primarily concerned with the same objectives of information security within the scope of electronic information systems' CIA

Taking this into consideration, combined with the last release of JP 3-12 renaming everything that referred to information operations with cyberspace operations, and the consequent redesignation of every cyber operations organization in the military from information warfare to cyberspace, I think it's pretty evident where the road is going insofar as the use of "cyber" as a thing.

[Luis R. Ramos]

Yeah.

Try to explain that to any bystander that does not know what CAP is or does.

"What do  you guys do?"

"Cyber Security. It is different from Information Assurance, which is..."

Eyes glazed over. You continue:

"...and Information Protection is..."

At this time you start directing cadets or senior members to get behind that guy or gal because he starts falling down.

"But wait! We also do ES, Cadet Programs, and AE! The CAP is the AF..."

While forgetting that they may not be aware what the initials mean...

[Eclipse]

CAP has been in the "cyber" business for 75+ years and didn't even know it...

Why You Sound Dumb When You Use The Word 'Cyber'
https://www.gizmodo.com.au/2014/03/why-you-sound-dumb-when-you-use-the-word-cyber/

"The original word, cybernetic, is actually derived from the Greek word "kybernetes", which also means "steersman".
In its simplest form, it more accurately describes the pilot of a plane — the interface between human and machine control
systems — than someone who sits alone in a studio apartment stealing all of your Bitcoins."

Full disclosure, the Gibson was my wallpaper for quite a while back in my USR days...

http://www.youtube.com/watch?v=Bmz67ErIRa4

[Nick]

I get it. You guys don't like the term. That doesn't change the fact that it is one of, if not the colloquial reference to the Internets and computers generally. According to Merriam-Webster, its popularity is in the top 30% of all English words. I don't expect its use to be going away anytime soon.

[Holding Pattern]

Thankfully I gave up the war on terminology fights ages ago.

But I have been thinking that squadrons that engage in the digital realm is an idea on the SM side that needs to be seriously explored.

At the bare minimum we could hold public seminars on online safety for the populace; at the most extreme we could be utilized for the programs that the military services are seriously considering hiring for but dropping the Basic requirement since they can't seem to get people into the service for the jobs...

I have had a half dozen people ask me if there is a Senior cyber program yet, people with heavy background in infosec, database management, systems administration, and one person who is retired but takes GIAC cert courses for fun.

We could be an amazing force multiplier for the country and the Air Force just as soon as we put together a plan for it. If anyone at national is listening to this thread, I hereby volunteer to lead the push.

[CyBorgII]

I didn't write this, it's by a band called Queensryche, but I thought it fit with the topic, with what I am  , and that it would give my former CAP colleagues a bit of a giggle.

"Screaming In Digital"

I am the beat of your pulse
The computer word made flesh
We are one you and I
We are versions of the same
When you can see what I feel
Don't turn your back on me
Or you might find that your dreams
Are only program cards

Your mind is open for me
Open for intake of all propaganda
Your Eyes see now what to see
My eyes see only the programs you give me

I'll teach you to laugh and to cry
They're really the same you'll see
All of the why's in your life
Are under my control
Feed me more lines
I will try to tell you all I can
Before the light you must know what lies
Behind my screams

I can't tell you all I know
Am I the son that you've always been wanting
There's more to me than what shows
Are you my father
The one that was promised

Hush now, I'll give all you need to know
and pre-live your dreams for you
You're a good boy

Freedom belongs only to those
Without video screens
For eyes and mouth

You have no voice
To be heard my son
No one can hear when you're
Screaming in Digital

I'm not your slave
You can't control my emotions
No Father, please let me keep learning

Can't you see I'm human
Can't you tell

I'm not your slave
Oh Father no
Please don't keep me from dreaming
Oh can't someone hear

[Paul Creed III]

Thankfully I gave up the war on terminology fights ages ago.

But I have been thinking that squadrons that engage in the digital realm is an idea on the SM side that needs to be seriously explored.

At the bare minimum we could hold public seminars on online safety for the populace; at the most extreme we could be utilized for the programs that the military services are seriously considering hiring for but dropping the Basic requirement since they can't seem to get people into the service for the jobs...

I have had a half dozen people ask me if there is a Senior cyber program yet, people with heavy background in infosec, database management, systems administration, and one person who is retired but takes GIAC cert courses for fun.

We could be an amazing force multiplier for the country and the Air Force just as soon as we put together a plan for it. If anyone at national is listening to this thread, I hereby volunteer to lead the push.

This right here is the dream of those of us who work on the CAP cyber side of things. For the time being, we're working the cadet side of things.