Civil Cyber Patrol?

[NIN]

http://www.defenseone.com/ideas/2017/03/cybersecuritys-human-side-how-can-we-solve-our-people-problem/136296/

Interesting.

[PhoenixRisen]

I didn't see it mentioned in the article, but the UK has recently established the Joint Cyber Reserve, which seems to be right in line with this article.  (Further info.)  There's not much info on it, but it's part of their larger "Sponsored Reserves", which are a category of military reserve specialist functions that are directly carried out by civilian professionals.

As someone who works in cybersecurity and is beyond qualified to DoDI 8570 standards (CISSP, GSEC, SSCP, yadda, yadda...), but can't join the military due to a medical disqualification.... I'd get in on something like this in a heartbeat if we stood up a comparable unit.  I'd even volunteer my time in the non-paid, CAP-style sense of the term "volunteer"...

I've been keeping my eye on the development of the National Guard/Reserve cyber forces (as this article discusses), and dreaming that, one day, a special enlistment/commissioning option may become available for those who are qualified to fill these roles, but may have something keeping them out of regular service, such as a medical qualification.

[chuckmilam]

As someone who works in cybersecurity and is beyond qualified to DoDI 8570 standards (CISSP, GSEC, SSCP, yadda, yadda...), but can't join the military due to a medical disqualification....

If you can stand the pay cut, you could work as a GS Civilian.  Many government Information Assurance/Cyber Security jobs are open under direct hire authority, so they look at your aptitude, education, certifications, and experience; ostensibly to hire the most-qualified candidates outside of the normal hiring procedures. 

[PhoenixRisen]

If you can stand the pay cut, you could work as a GS Civilian.  Many government Information Assurance/Cyber Security jobs are open under direct hire authority, so they look at your aptitude, education, certifications, and experience; ostensibly to hire the most-qualified candidates outside of the normal hiring procedures.

That's definitely something on my radar for the future, but unfortunately, it'll require me to relocate quite a ways.  The handful of GS-2210 jobs that pop up in my area are typically AGR-type jobs for the local Guard/Reserve units.

If I were back in my hometown (San Diego), that's most likely what I'd be doing right about now!   

[Nick]

This is a subject that's been broached at national, but buy-in has been slow to build. We'll get there, it just won't happen this year.


Sent from my iPhone using Tapatalk

[Ed Bos]

I'd be interested in getting a group together to talk about what this unit would look like, and what kind of service it could provide.

Volunteers assisting with cybersecurity? What sort of qualifications should members have before they're on the team? What sort of training could be provided?

This is a subject that's been broached at national, but buy-in has been slow to build. We'll get there, it just won't happen this year.

Hey Nick, can you share any details about what sort of broaching has been done? Is this like a conversation over coffee at a conference, or a multi-meeting strategy session with principles and SMEs?

[Nick]

what sort of broaching has been done? Is this like a conversation over coffee at a conference, or a multi-meeting strategy session with principles and SMEs?

This was a formal process that put together a recommended national strategy for CAP cyber priorities, involved discussion with the SAF/RE's office among other government entities, and then was presented to the board of governors. Simply put, the interest at this time is for a cadet-focused cyber education program. I think it will evolve over time, but the biggest support that will give  CAP exposure to "the cyber" right now is in the cadet program.

[Live2Learn]

FWIW, 'cyber' security appears to be a whole lot more relevant than CAP's expensive and rapidly obsolescing aviation role in the world we face today.  Major cyber breaches of the criminal garden variety sort compete daily with State sponsored breaches.  Training young people for this large national need, plus the potential for CAP SM who have cyber skills to support existing national priorities seems like a potential future with long term prospects for relevancy that would provide purpose for both SM and cadets.

On the other hand, both relevancy and prospects for CAP aviation ops in the future are much less than rosy. While there may be an artificial 'pilot shortage' today thanks in large measure to Senator Schummer's legislated "fix" to ATP qualifications and training, that draw for SM and Cadets may be short lived.  IMHO, it's likely the "shortage" will only accelerate the trend toward automating cockpits... with the likely prospect of evaporating demand for human pilots.  Both the trend toward automation, and the existence of new uncrewed SAR/DR platforms bring into question CAP's investment in and emphasis on FW SE piston aircraft.   Why crew an expensive (relatively speaking compared to a fully functional CAP cyber security program) Cessna which is fundamentally a 60+ year old airframe dressed up with pretty (and expensive to maintain) avionics?  Aviation media offer increasing numbers of stories about current UAS platforms that are more capable than any CAP assets.  Plus UAS platforms do not place 'air' crews at risk.  Does CAP maintain a large fleet of SE FW aircraft (the "largest fleet of Cessnas in the world") because the inventory is cost effective, highly capable of succeeding in our typical SAR/DR mission profile, and is it in high demand?  It's my observation that neither is true.  Perhaps the "largest fleet of Cessnas in the world" just follows a well rutted road from the past.  FWIW, the ratio of recent missing aircraft search to find stats I've seen from the PNW don't offer a lot of confidence that even a massive effort involving our existing aviation assets is likely to result in a 'find'. 

I have to wonder whether serious discussion about updating our corporate mission + capabilities is over due at National, with the USAF, and certainly with Congress.  And yes, that will certainly have consequences for how CAP's budget is allocated.

[Eclipse]

If CAP wants relevence in IT security, it might want to start by not adopting 20 year old buzz words like "cyber".

I'm on board with this being a new mission, if it's done properly, however then there needs to be decisions about which of the old missions will be reduced or eliminated.

There are only so many hours in a meeting, only so many meetings in a year, and the expectations of successful cadets and units already exceed the time allotted for most years, especially in light of the shrinking membership, reduced resources and charters, and higher lever of choce and school requirements for kids today.

[chuckmilam]

If CAP wants relevence in IT security, it might want to start by not adopting 20 year old buzz words like "cyber".

Tell that to the Federal Government/DoD, then.  They just changed "Information Assurance" to "Cyber Security" like yesterday (in government time.) 

(To be fair, I cringe a little at "cyber," too.)

[Майор Хаткевич]

If CAP wants relevence in IT security, it might want to start by not adopting 20 year old buzz words like "cyber".

Tell that to the Federal Government/DoD, then.  They just changed "Information Assurance" to "Cyber Security" like yesterday (in government time.) 

(To be fair, I cringe a little at "cyber," too.)

Well the President really liked that "Cyber" word. No surprise.

[Spaceman3750]

I finally gave up the fight. "What do you do at work?" "I do cyber security."

It's a lot easier than explaining what information security is. Thanks CNN.

[Eclipse]

I finally gave up the fight. "What do you do at work?" "I do cyber security."

((*snicker*)) Passing out computer access slips to the homeless at the library is not ((*snort*)) "cyber security"...

[Spaceman3750]

I finally gave up the fight. "What do you do at work?" "I do cyber security."

((*snicker*)) Passing out computer access slips to the homeless at the library is not ((*snort*)) "cyber security"...

NOTE to future employers: This is a joke 

[Luis R. Ramos]

From Eclipse...

...((*snicker*)) Passing out computer access slips to the homeless at the library is not ((*snort*)) "cyber security"...

:clap: :clap: :clap:

I love this, but I guess I may be behind the times because I did not realize the term, cyber security was so old!

[Live2Learn]

:clap: :clap: :clap:

I love this, but I guess I may be behind the times because I did not realize the term, cyber security was so old!

The term's not old, us guys ('guys'  = politically correct gender neutral and therefore non-judgmental term) chortling about it are... Look at the post times.  Only retired, tired, and bored have time at this time of day to debate 'cyber' whatever...   

[Nick]

I'm currently in the last quarter of my master's degree in cybersecurity studies, and one of the assigned readings was a 2015 book on information assurance.  It broke it down this way:

- Information assurance is the overarching approach for identifying, understanding, and managing risk through an organization's use of information and information systems

- Information security is a subdomain of information assurance that focuses on the CIA triad of information and information systems

- Information protection is a subset of information security that uses a variety of means such as policy, standards, physical controls, technical controls, monitoring, and information classification or categorization to protect the confidentiality and integrity of information and information systems

- Cybersecurity is a relatively new term that has largely replaced the term "computer security" and is used to describe the measures taken to protect electronic information systems against unauthorized access or attack, and is primarily concerned with the same objectives of information security within the scope of electronic information systems' CIA

Taking this into consideration, combined with the last release of JP 3-12 renaming everything that referred to information operations with cyberspace operations, and the consequent redesignation of every cyber operations organization in the military from information warfare to cyberspace, I think it's pretty evident where the road is going insofar as the use of "cyber" as a thing.

[Luis R. Ramos]

Yeah.

Try to explain that to any bystander that does not know what CAP is or does.

"What do  you guys do?"

"Cyber Security. It is different from Information Assurance, which is..."

Eyes glazed over. You continue:

"...and Information Protection is..."

At this time you start directing cadets or senior members to get behind that guy or gal because he starts falling down.

"But wait! We also do ES, Cadet Programs, and AE! The CAP is the AF..."

While forgetting that they may not be aware what the initials mean...

[Eclipse]

CAP has been in the "cyber" business for 75+ years and didn't even know it...

Why You Sound Dumb When You Use The Word 'Cyber'
https://www.gizmodo.com.au/2014/03/why-you-sound-dumb-when-you-use-the-word-cyber/

"The original word, cybernetic, is actually derived from the Greek word "kybernetes", which also means "steersman".
In its simplest form, it more accurately describes the pilot of a plane — the interface between human and machine control
systems — than someone who sits alone in a studio apartment stealing all of your Bitcoins."

Full disclosure, the Gibson was my wallpaper for quite a while back in my USR days...

http://www.youtube.com/watch?v=Bmz67ErIRa4

[Nick]

I get it. You guys don't like the term. That doesn't change the fact that it is one of, if not the colloquial reference to the Internets and computers generally. According to Merriam-Webster, its popularity is in the top 30% of all English words. I don't expect its use to be going away anytime soon.