Cyber Defence on the cheap

A2_Matelot

LE
Book Reviewer
#1
From the BBC:

"Defence Secretary Philip Hammond, who will address the conference on Sunday, appealed for IT experts to join up as military reservists to help protect the UK's computer networks from cyber attack".

This isn't necessarily a dig at LIAG or Reserve forces but what are the buffoons in MoD thinking. To my mind this just sends some mixed and bad messages .

Firstly how about MoD addresses the regular component first. We as yet haven't even got an agreed definition of cyber and its boundaries which gives you some idea of how slow off the mark we are. We have an entirely random and haphazard means of staffing, educating and training the regulars sent to our current defence unit. Most of which stems from single service issues and a failure to identify the aptitude, skills and experience needed. We then train these people quite extensively and at great expense and subsequently the single services return them to utterly mundane duties hence they grow dissatisfied.

Lets be grown up, define the skills, create a career path, address renumeration and retention properly. Maybe its time to consider ICT specialists akin to spec aircrew, paid more but rank limited. If the capability is so critical to Defence and the wider UK why look to the Reserves?

I really don't see why there is this push to bolster Reserve elements, accepting some individuals will have skills and experience in this area, let them bolster regular units. It is incredibly unlikely in their civilian guise they will have had accessto the tooling and intelligence that the regulars do. They stand to gain more not the other way around.
 
#2
Got that off your chest then shipmate?!
 
#4
Reply With Quote
From the BBC:

"Defence Secretary Philip Hammond, who will address the conference on Sunday, appealed for IT experts to join up as military reservists to help protect the UK's computer networks from cyber attack".

This isn't necessarily a dig at LIAG or Reserve forces but what are the buffoons in MoD thinking. To my mind this just sends some mixed and bad messages .

Firstly how about MoD addresses the regular component first. We as yet haven't even got an agreed definition of cyber and its boundaries which gives you some idea of how slow off the mark we are. We have an entirely random and haphazard means of staffing, educating and training the regulars sent to our current defence unit. Most of which stems from single service issues and a failure to identify the aptitude, skills and experience needed. We then train these people quite extensively and at great expense and subsequently the single services return them to utterly mundane duties hence they grow dissatisfied.

Lets be grown up, define the skills, create a career path, address renumeration and retention properly. Maybe its time to consider ICT specialists akin to spec aircrew, paid more but rank limited. If the capability is so critical to Defence and the wider UK why look to the Reserves?

I really don't see why their is this push to bolster Reserve elements
Doubt MOD could afford to retain a significant number of top flight IT specialists to have them square-bashing (or virtual equivalent) five days out of seven... Even two days out of seven. Even in civvy street a lot of the best guys are contractors.
 

A2_Matelot

LE
Book Reviewer
#5
I'm not so sure. Quite a lot of people I've spoken to have left specialist units and gone back to mainstream units and become bored and unenthused. PVR soon becomes an option. Their civilian salaries aren't football player level. I suggest if we paid them some form if specialist pay and kept them in the specialist units we could retain them and increase the pool internally. They could have a decent career path internally and with op tours and exchange posts to NATO/5E nations.

We're not talking thousands of people.
 
#6
Isn't protection from cyber attack within the remit of the Intelligence service?

Cyber being the ability of an outsider to gain access too and control critical systems.

If the risks are as great as they are being made out to be then there needs to be a whole department monitoring things 24/7 with some of the best brains in the business.

This is not the business of the reserve.
 
#7
By going to the TA you have the opportunity to employ people already being paid very well for the required skill set. I would suggest that anyone serving in the regular forces with the required skill set isn't going to be around long.


Posted from the ARRSE Mobile app (iOS or Android)
 

A2_Matelot

LE
Book Reviewer
#8
By going to the TA you have the opportunity to employ people already being paid very well for the required skill set. I would suggest that anyone serving in the regular forces with the required skill set isn't going to be around long.


Posted from the ARRSE Mobile app (iOS or Android)
Read my subsequent posts. It doesn't have to be that way and from what we've seen bar a few niche companies, cyber ninjas in industry are as scarce as they are in the forces.
 

SPIDER38

On ROPS
On ROPs
#9
I was reading about the US spy Warrant Officer John Antony Walker he spied for 25 year's,he started of by going to the Soviet Embassy in Washington DC and giving them a cipher card for several thousand dollars then it increased to him telling the Soviets that the US subs knew exactly where the soviet subs were by the sound of the propellers,the soviets then re-shamfered these propellers and the US from the on lost complete track of them he was also suspected in a US ship being captured by the North Koreans and in the disapearance of the USS Scorpian this sub is said to have been torpedoed by the soviet's on the imformation he supplied......it is alledged that the Soviet's knew the exact location of all US submarine patches in the North Atlantic from him,they also say that if a war broke out the soviets would have been able to destroy US subs at will,he and his ring supplied an estimated one million piece's of intelligence to the soviets.....all this was done for one reason financial gain,so let's hope that the people we are employing are vetted correctly and payed accordingly....
 
#10
I'm not so sure. Quite a lot of people I've spoken to have left specialist units and gone back to mainstream units and become bored and unenthused. PVR soon becomes an option. Their civilian salaries aren't football player level. I suggest if we paid them some form if specialist pay and kept them in the specialist units we could retain them and increase the pool internally. They could have a decent career path internally and with op tours and exchange posts to NATO/5E nations.

We're not talking thousands of people.


MOD's IT strategy is simply ****ing clueless. Their idea of suitable salaries for the right people has the competent people bursting out laughing.

Yes Graduate in IT, we can start you on £26k! And you get a pension but no career prospects!
Uh, no thanks, I just got head hunted by a Yank outfit and got offered twice that as a start, fast track career path, great pension, and lots of opportunities for travel.

And FWIW, the chappie they offered that sterling £26k package to was already a TA Lt. Now? He's head of systems for a very well known US defence outfit and spends a lot of time in that big five sided building on the Potomac.

The MOD, trying to catch IT sharks with breadcrumbs.
 
#11
Let's us a little perspective here. The majority of the works is watching a network monitor screen and chimps can be trained to do that.


Posted from the ARRSE Mobile app (iOS or Android)
 
#12
spider38 said:
I was reading about the US spy Warrant Officer John Antony Walker he spied for 25 year's,he started of by going to the Soviet Embassy in Washington DC and giving them a cipher card for several thousand dollars then it increased to him telling the Soviets that the US subs knew exactly where the soviet subs were by the sound of the propellers,the soviets then re-shamfered these propellers and the US from the on lost complete track of them he was also suspected in a US ship being captured by the North Koreans and in the disapearance of the USS Scorpian this sub is said to have been torpedoed by the soviet's on the imformation he supplied......it is alledged that the Soviet's knew the exact location of all US submarine patches in the North Atlantic from him,they also say that if a war broke out the soviets would have been able to destroy US subs at will,he and his ring supplied an estimated one million piece's of intelligence to the soviets.....all this was done for one reason financial gain,so let's hope that the people we are employing are vetted correctly and payed accordingly....
Nuclear submariner tried to pass secrets to Russians to 'hurt' Royal Navy - Telegraph

Not that they'd get very far if they did try and betray us in this day and age...
 
#13
Let's us a little perspective here. The majority of the works is watching a network monitor screen and chimps can be trained to do that.


Posted from the ARRSE Mobile app (iOS or Android)
Yes, you can rely on chimps watching network monitors, or, you can do like the grown ups at this lark do.
Employ geeks with brains the size of small planets, but poor personal hygiene and limited inter-personal skills with girlees.
Stick them in a room away from normal people with the best IT money can buy and they will have the time of their lives playing a super geek game of hack the hacker. Problem is, they don't fit into the MOD hierarchy and need close supervising by talented managers with equally good IT skills.
 
#14
Let's us a little perspective here. The majority of the works is watching a network monitor screen and chimps can be trained to do that.


Posted from the ARRSE Mobile app (iOS or Android)
I suppose you could be looking for a bite, but then again maybe not.

The complexity of cyber defence is way beyond a couple of speccie geeks sitting around in their mum's cellar surrounded by pizza boxes and empty Red Bull cans. The reality is nothing like the movies where Jeff Goldblum slips a malformed DOS file into an enemy's disk drive and bring down his whole force. It is very very serious and it is happening to you now. Right now!

Frankly I find the way Hammond is portraying this is ridiculous. What the f*** does he think is involved? Does he believe this is akin to the 1916 RFC where a few jolly chaps, with a penchant for this kind of thing, fire up their rusty old crates and give the hun a good seeing-to? I accept that he probably doesn't actually understand the strategy, but even if he did he couldn't really outline it in public media outlets. Fair enough! But to portray it as something like Dad's Army is FU beyond all belief.

Not taking cyber seriously is like a football team that plans to win by scoring more goals than their opposition, so does not bother fielding any defenders or a goalkeeper. Or, an infantry commander who plans his patrol routine but doesn't even consider possible enemy activity while doing so.

Grrrr, rant, foam, etc.

Edited to add: I made the mistake of reading what was in the press before the actual press release. Apologies to Hammond. He didn't make it sound pathetic, the media did.
 
#15
Let's us a little perspective here. The majority of the works is watching a network monitor screen and chimps can be trained to do that.


Posted from the ARRSE Mobile app (iOS or Android)
The NSA budget is around $10 Billion. That's a lot of bananas.

If the UK wishes to play against the big boys like the PLA GhostNet, I venture to suggest it will require something rather more expensive than a Reserve unit of trained chimps. :roll:
 
#16
Let's us a little perspective here. The majority of the works is watching a network monitor screen and chimps can be trained to do that.


Posted from the ARRSE Mobile app (iOS or Android)
You a BBC employee by any chance?

The MOD's attitude to IT experts as previously stated is quite frankly worse than a combination of Benny Hill V Monty Python, investing in the UK's IT Defence capability requires people who know how to identify & diagnose & write network programmes, encryption, coding and scenario planning without restrictions as a bare minimum.

The UK has a wealth of undiscovered IT talent, even the Met Police's ecrime Unit knows how to recruit the suitable personnel.


Posted from the ARRSE Mobile app (iOS or Android)
 
#17
Stand by for a cyber geeks walting as been 'second in the Iranian Embassy database'
One of the biggest problems being faced here is that there's a significant percentage of cyber geeks who would prefer to boast that they threw everyone off the balcony database... 4 da lulz.

The attitude is countered by.... Large quantities of cash.
 
#19
@ sunnoficarus. What on earth do you imagine that GCHQ is, if not exactly what you have just described?


Posted from my ARRSE (iOS or Android)
Which is one of the many problems facing this new unit. IT talent can be broken down into 3 basic levels:

Neo Level: these are the IT Gods. The MoD has zero chance of recruiting them, since most of them are working for multinational corporations for salaries of 5 figures and upwards. The MoD trying to recruit these people would be as laughable as Rangers putting in a bid for Messi.

Q Level: not quite as good as Neo's but still very well trained, highly skilled and experienced. Most, if they are not in the Private Sector, will already work for GCHQ or other UK Intelligence/Law Enforcement agencies. Good luck getting them to share their toys with the Army. In any case, I doubt there will be huge rush of people wanting to do essentially the same job in their spare time, with the added embuggerance of Military duties and discipline.

Trained Chimps: Nowhere near the levels of Neo's or Q's, but possessing basic skills and knowledge. Putting them up against GhostNet would be like Scotland playing Brazil. So you would need to train your Chimps up to standard. A process that would be neither quick nor cheap. And once you have trained them to the level they need to compete with the best in the world, good luck retaining them.

So the two levels of IT ability the MoD needs to make this unit viable are not available to them. And the talent pool it can draw on is too shallow to work.
 
#20
Me a journo, with my England? Anyway, all this rubbish about going up against ghost net? The bulk requirement for mod is to keep their patches up to date. Not exactly the task of a highly paid cyber engineer is it?


Posted from the ARRSE Mobile app (iOS or Android)
 

Similar threads

Latest Threads

Top