Cyber Security roles in Royal Sigs.

[Tired_Tech]

I take it this happened on Saturday?

might have. It's pretty much the place to drink becks. If he'd not been such a crow, he'd have known about 13 and it's detties. His theory of 7 is half of 14 came to nowt

 

[Deleted 3147]

hahahahahahaha, a recent FofS IS or an old skool one ?

define old skool? He worked for me as a Sgt in Telic/Herrick. I'm going to say true Mafioso.

He might have signed a contract, but you can't get much done without DFTS involvement, and that isn't going to change for a while. Again, fluff.

You think? You do realise it wasn't re-use of the incumbents circuits and it's a complete change. Underway, by no means graceful, but underway nonetheless.

 

[2ndpreimage]

Certainly for the RN the order has been fix it, and because they've looked at the issue in the planning cycle there has been time to step back and develop options. You're right in part around the amount of contracting/managed services but with time these have the levers in place to make changes (albeit at cost and a fat wheezy snails pace).

Your latter point is one reason why the RN will look to regain some of that agility and in-source a lot more work in the future particularly as we adopt great use of open architectures/standards to enable true share infrastructures on ships that host delivered services. We want to own the data (APIs, interfaces et al), be able to add value (add in AI services, data aggregation etc) and be able to alter/update services and integrate them at our pace, not a contractors pace. Of course this means a significant change in how we train our maintainers/administrators which will benefit everyone. It won't happen overnight but it is happening.

With a more agile method of working binding product owner to ongoing delivery is just going to becomes how we live. Whether public sector and their suppliers like it or not, things are going to have to change. You may not be in-sourcing so much as findementally rebasing your supplier rlationships so that it feels like it.

 

[Kroneit44]

define old skool? He worked for me as a Sgt in Telic/Herrick. I'm going to say true Mafioso.

You think? You do realise it wasn't re-use of the incumbents circuits and it's a complete change. Underway, by no means graceful, but underway nonetheless.

Old Skool - 9 week course, majority dross. New school 12 month course minority dross. As for a complete change, I’ll wager a ten spot for charity that DFTS is still in use mid 2019?

 

[greenbaggyskin]

define old skool? He worked for me as a Sgt in Telic/Herrick. I'm going to say true Mafioso.

[snip]

Splutter...cough!!!!! FofS (IS) proper mafioso? I don't 'kin think so. 'Kin amateur hobbyists. They are the technical equivalent of bleedin' airsofters.

 

[Kroneit44]

Splutter...cough!!!!! FofS (IS) proper mafioso? I don't 'kin think so. 'Kin amateur hobbyists. They were the technical equivalent of bleedin' airsofters.

Fixed that for you.

 

[greenbaggyskin]

Fixed that for you.

Last year I had dealings with two of them on a major NATO exercise; a WO1 and a WO2. Clueless! I reckon they would have struggled to set up a Sharepoint site, never mind manage any FAS's.

Bunch of f'in' cowboys the lot of 'em.

 

[Kroneit44]

Last year I had dealings with two of them on a major NATO exercise; a WO1 and a WO2. Clueless! I reckon they would have struggled to set up a Sharepoint site, never mind manage any FAS's.

Bunch of f'in' cowboys the lot of 'em.

The young guns are hitting WO2 now. Unfortunately there’s still plenty of sharepoint gurus sat at WO1/LE. Just to put the nail in, it looks like the FofS as we know it will cease to exist and the FoS IS will drop the IS.

 

[greenbaggyskin]

The young guns are hitting WO2 now. Unfortunately there’s still plenty of sharepoint gurus sat at WO1/LE. Just to put the nail in, it looks like the FofS as we know it will cease to exist and the FoS IS will drop the IS.

Weeeellllll, as you probably know the next iteration of FofS course is only 10 months long and, unsurprisingly, doesn't attract a degree. That's just what we need; supervisors who are less technical.

 

[Kroneit44]

Weeeellllll, as you probably know the next iteration of FofS course is only 10 months long and, unsurprisingly, doesn't attract a degree. That's just what we need; supervisors who are less technical.

The only fact is that the current course will no longer exist. The new course has not even been looked at and anything in the recent RSIN ‘lacked accuracy’. Worse case is that the new course will be accredited by Lincoln business college as they’ll accredit anything.

 

[2ndpreimage]

The young guns are hitting WO2 now. Unfortunately there’s still plenty of sharepoint gurus sat at WO1/LE. Just to put the nail in, it looks like the FofS as we know it will cease to exist and the FoS IS will drop the IS.

My bold, what're those?

 

[2ndpreimage]

I'm perfectly willing to accept that the Naval Service has a grip on its own requirements, as regards the information and data support its platforms require and the necessary infrastructure to knit it all together, ditto the RAF and the tri-Service ISTAR community; all jolly good and all fine and dandy. I expect the Army does its bit as well in terms of enabling the operational support and coordination that information systems supply - all good. As far as I'm aware, defence of all that good stuff is pretty much OK as well - money has been spent sensibly and the defence networks are protected to an OK standard, say around where the banks were five years ago, which isn't that bad. By their nature, defence systems tend to be a touch more resilient, given the redundancy which is built in - and should be built in, it's a feature, not a mistake, at least in resilience terms.

Where my doubts start to creep in is once the conversation turns from the 6 space with hints of 2 (Sy) and starts to move into the 3 and 2 (collect) spaces. This is where I see a true capability gap in terms of what the Services can deliver - and where I suspect this is deliberate. Offensive cyber, whether reconnaissance or attack, is a hugely, hugely dodgy issue for a nation state nowadays and, while I'm confident that the UK has a highly sophisticated capability and can generate a number of interesting effects from that capability, I'm highly dubious that it would entrust any operational initiative in this field to the Services.

My bold, on the first bit, it's not a good state of affairs and talking to colleagues at various places everyone has strengths (and weaknesses). It's just the threat wasn't what it was today. But it's still not a great state of affairs.

A few things pop up:
1) Lots of people who are scrabbling to improve their internal boundaries
2) Externally facing application level compromises are still low (compared to the amount of threat toolkits and operating system or infra attacks)
3) App level compromises are absolutely devastating
4) Monitor, monitor, monitor

There is an acceptance that improving the app level stance is the most time consuming and hard to scale process, so whilst doing that, improving your segregation helps with both app level compromise and pivot and OS and infra level attacks. The last one, monitoring, nobody is doing enough of that.

Therefore if military types aren't talking about increased segregation, how to make that easy (like configuring squillions of switches by hand isn't) and detailed ongoing monitoring then they've obviously got a different perspective on the threat than the rest of the world.


On the second highlighted point, that's going to be tricky. I am willing to bet that there are aspects to each services operating environment that provide different challenges and opportunities. If they can resource (and that's the trick) the development of capability either organically or through specific R&D then I don't see why they wouldn't unless they're specifically embargoed. I imagine it'll be like going out and trying to procure a single service weapon system, AFAIK challenger isn't operated by the RN for instance. I get the sense of the days of, x or y or z group being the only ones that produce the special toys are over but I have nothing to back that up.

 

[Kroneit44]

My bold, what're those?

Foreman of Signals and Forman of Signals Information Systems. In a nutshell the individuals responsible for ensuring our CIS capabilities are deployable and our ICS is available once deployed.

 

[2ndpreimage]

Foreman of Signals and Forman of Signals Information Systems. In a nutshell the individuals responsible for ensuring our CIS capabilities are deployable and our ICS is available once deployed.

ok, so simplistically that's people who look after comms infrastructure and the IT systems that run on some infrastructure (might be the same, might be different)

 

[Deleted 3147]

Old Skool - 9 week course, majority dross. New school 12 month course minority dross. As for a complete change, I’ll wager a ten spot for charity that DFTS is still in use mid 2019?

DFTS isn't a single entity, firstly it was a contract (with an enormous number of additions and amendments, over too long a period), secondly it was compromised of more than just the SOC. As a contractual construct, DFTS is long gone. Whether FJ, in taking on services, chose to use some BT offerings that's not an issue as long as they meet the service levels and outputs required. In the interim I'd bet they would use some, but many will be migrated across quickly to far better capabilities.

 

[Deleted 3147]

Splutter...cough!!!!! FofS (IS) proper mafioso? I don't 'kin think so. 'Kin amateur hobbyists. They are the technical equivalent of bleedin' airsofters.

Everyone's entitled to an opinion. The FoS(IS) I worked with were in the main excellent and their RMIS equivalents are superb. I tend to work with the latter more regularly these days and they certainly are hugely useful and we're commissioning many into the RN.

 

[Donny]

Everyone's entitled to an opinion. The FoS(IS) I worked with were in the main excellent and their RMIS equivalents are superb. I tend to work with the latter more regularly these days and they certainly are hugely useful and we're commissioning many into the RN.

If they're being commissioned as SMEs to advise generally well-informed commanders, that's a good thing. If they're being seen as an alternative to the N3/5 community learning enough about the subject to make sensible decisions, as has happened in all three services in the past (but particularly RN, in my experience), then not such a good thing...

 

[Kroneit44]

DFTS isn't a single entity, firstly it was a contract (with an enormous number of additions and amendments, over too long a period), secondly it was compromised of more than just the SOC. As a contractual construct, DFTS is long gone. Whether FJ, in taking on services, chose to use some BT offerings that's not an issue as long as they meet the service levels and outputs required. In the interim I'd bet they would use some, but many will be migrated across quickly to far better capabilities.

Still sounds like corporate fluff to me. FJ will take on the easy services but seem to hit a brick wall as soon as anything becomes mildly complicated. In fact I’ll make the odds better I’ll go Jun 2020 and we’ll still be on their networks.

 

[Kroneit44]

ok, so simplistically that's people who look after comms infrastructure and the IT systems that run on some infrastructure (might be the same, might be different)

Plan the deployment of, establish, maintain and most important Problem manage (including resolution). In Blandford the look after weapon cleaning too.

 

[Glad_its_all_over]

My bold, on the first bit, it's not a good state of affairs and talking to colleagues at various places everyone has strengths (and weaknesses). It's just the threat wasn't what it was today. But it's still not a great state of affairs.

A few things pop up:
1) Lots of people who are scrabbling to improve their internal boundaries
2) Externally facing application level compromises are still low (compared to the amount of threat toolkits and operating system or infra attacks)
3) App level compromises are absolutely devastating
4) Monitor, monitor, monitor

There is an acceptance that improving the app level stance is the most time consuming and hard to scale process, so whilst doing that, improving your segregation helps with both app level compromise and pivot and OS and infra level attacks. The last one, monitoring, nobody is doing enough of that.

Therefore if military types aren't talking about increased segregation, how to make that easy (like configuring squillions of switches by hand isn't) and detailed ongoing monitoring then they've obviously got a different perspective on the threat than the rest of the world.

Empire-building is the norm whenever a new aspect of IT appears and it'll go away soon enough, once things settle down and commoditise. The security function is no different, it's hot and sexy at the moment but not, actually, that interesting or exciting in the core enterprise space, where the first of the two functions - daily grind, running the SOC, keeping the machine turning - takes huge energy and the more esoteric disciplines - investigation, attribution, root cause analysis, forensics and the ever-sexy 'threat hunting' are generally a 'nice if' rather than a 'must have'.

As you note, situational awareness is key and this implies monitoring - and a deep knowledge of the current state as built, rather than as-designed. Only this allows the early identification of activating attacks - and the discovery of shadow IT departments which are the bane of any security guy's life. Monitoring ain't easy and the move to analytics-based architectures and away from the SIEM gives some hope that situational awareness is within grasp, albeit at a cost.

Defence isn't in that bad a place, really, it's just nowhere near the leading edge, as far as I can tell.

On the second highlighted point, that's going to be tricky. I am willing to bet that there are aspects to each services operating environment that provide different challenges and opportunities. If they can resource (and that's the trick) the development of capability either organically or through specific R&D then I don't see why they wouldn't unless they're specifically embargoed. I imagine it'll be like going out and trying to procure a single service weapon system, AFAIK challenger isn't operated by the RN for instance. I get the sense of the days of, x or y or z group being the only ones that produce the special toys are over but I have nothing to back that up.

Oh, I'm sure there will be defence assets pulling the trigger. I just doubt that any defence asset will be part of the planning and authorisation chain.