Flashpoint’s Post

There are myriad facets to creating a new branch that I'll never understand, so I can't make an argument that Nakasone is wrong. But any opponents of a #CyberForce need to answer one question: When so much technical talent is leaving the existing branches due to cultural incompatibility, what is your plan for fixing this problem absent a new organization with a blank cultural slate?

Need to try something. We just aren’t flexible enough for cyber. Constantly see fighter jet analogy. That is clearly not working. How long did it take to get the f16 fielded? Cyber platforms need flexibility.

What I find interesting with the “not the right time” argument is this… (Admittedly a simplification) we either reorganize pre-conflict, in conflict, or post-conflict… and we can all agree that “in conflict” isn’t the answer. Which only leaves pre and post. A post-conflict reorg would certainly be on brand for the US. My perpetual optimism just continues to hope one day we will learn to anticipate instead of react. If we go with with pre-conflict option, the longer we wait the more difficult we make it on ourselves. So yes, an independent study for a separate Cyber Service makes PERFECT SENSE. Capture the problem, understand the current system and the SWOT, then come back with a recommendation… and do it quick. Military Cyber Professionals Association Rebecca Lively

A very insightful text about the problems and challenges faced by the US Armed Forces in the context of sustaining capabilities and effective operate in cyberspace. Decision-makers around the world will sooner or later face these types of challenges. Fortunately, Poland had this in mind from the very beginning of the work on creating the Cyberspace Defense Forces, and today we are in a much better position.

Food for Thought: It is easy to follow the line of reasoning here. I have to ask, “What is happening with all the other organizations also addressing cybersecurity, specifically: DHS and CISA, NSA, CIS, NIST, CERT, IC3, and we can go on-and-on? What exactly will this new military command do and with what authority to act and respond? You have to wonder is this defensive and/or offensive, and to what extent? How much will ML and AI play into this? Just saying, “It’s food for thought!”

Good afternoon colleagues! This is my first note supporting the excellent Foundation for Defense of Democracies (FDD) publication “United States Cyber Force: A Defense Imperative” by Dr. Erica Lonergan and Rear Adm. (ret.) Mark Montgomery, March 2024. This report exposes DoD’s decade-long inadequacies in generating a suitable force that US Cyber Command can operationally employ. As the executive summary concludes, “America’s cyber force generation system is clearly broken. Fixing it demands nothing less than the establishment of an independent cyber service” (p. 7). This is just the latest in a long series of publications and testimonies on the subject - including a one written by myself and my colleague Dave Schroeder 🇺🇸 for CIMSEC: Center for International Maritime Security (link in the comments) – we saw the writing on the wall in 2018, as visionary flag officers like Admiral James Stavridis saw it long before that. Read for yourself and hear the explosive comments from my fellow officers, active and retired alike, on what’s wrong with the current model and how we might fix it: create a 10,000-person strong service, aligned under the Department of the Army, that can focus on manning, training, and equipping the fighting force we need to defend America’s interests in cyberspace. #nationalcyberdefense #uscyberforce #nationalstrategy

Information Security: China says new support force will be strategic branch - CGTN: Information Security: China says new support force will be strategic branch  CGTN #CyberSecurity #InfoSec #SecurityInsights

"If all of us want more security, you cannot say to the armed forces, it's your problem" - says Chair of the NATO Military Committee Admiral Rob Bauer. Admiral Bauer is spot on. Everyone in commercial and public sectors have a role to play to ensure our nations strengthen their cyber resilience. This week NATO highlighted the growing threat of malicious cyber activities and commits to enhancing capabilities to detect, defend against, and respond to such threats, including 💻 hybrid and cyber threats in the context of cooperation with Western Balkans & the Black Sea region 🚨identifying China as a source of sustained malicious cyber activities ‼️in addition Russia's hybrid actions, including malicious cyber activities, are recognised as threats to Allied security The UK is now the third most targeted nation for cyberattacks. We must therefore collectively enhance our domestic defences and international collaboration. Public sector entities remain prime targets, with 40% of cyber incidents impacting them between 2020 and 2021. Despite this, a proposed amendment by Labour to prioritise cybersecurity in public procurement was rejected by the previous government, missing an opportunity to elevate it as a strategic national concern. As techUK indicates in their ‘Seven Tech Priorities’ for a new government there has been a welcome focus on supply chain security, but more needs to be done to ensure secure hardware architecture and software. Procurement levers can be leveraged to help achieve this and the National Procurement Policy Statement, which provides national priorities and guidance for contracting authorities, could better set out cyber security requirements for procured goods and services. The lack of focus on end-point security often remains a challenge, particularly for the public sector. When it comes to cybersecurity, everyone typically thinks about software, but the resilience of our PCs, laptops and printers is often underappreciated. There are three simple steps a new Government could take to up our game: 1. The National Procurement Policy Statement (NPPS), which sets out national priorities and guidance for contracting authorities, to set out cyber security requirements as a required purchasing criteria in public sector procurement. 2. Mandate device security requirements as one of the award criteria for the purchase of laptops, computers, and printers. Use expertise and guidance from the National Cyber Security Centre to set stronger cyber requirements for public sector and their supply chain, including hardware security. 3. Monitor compliance and set out transparent mechanisms to intervene or exclude providers were necessary. Taken together, these measures would help better safeguard the UK from any potential attack from rogue actors and nation-states and bring us into line with best practice from across the world.

Happening now, ... SOCOM and Cyber Command testimony related to National Security, Cybersecurity, and Counter Terrorism. Just heard topics re: "Deterrents" aimed at adversaries (including Offensive Cyber capabilities) and the need for a future-ready workforce. #CybersecurityTraining #UpSkill #ReSkill #OffSec #Pentesting #RedTeam #BlueTeam #CyberRange #NCWES https://lnkd.in/eTCdV9A3