Cyber security specialist...

Discussion in 'Army Reserve' started by Flight, Jul 17, 2011.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. Flight

    Flight LE Book Reviewer

    "The Defence Secretary will also announce new specialist roles for the reserves including cyber security, intelligence, linguistic and medical duties. The regenerated forces will also play a part in homeland security and policing roles."

    Defence shake-up means our smallest Army since the Boer War - Telegraph

    Will be interesting to see what this entails..

    The spooks have been complaining for some time that they can't keep hold of cyber types due to the salaries offered in the civvy realm.

    Can't honestly say that I hold out too much hope for the breadth of the role ( by the numbers, left button click!) though if it is reasonably meaty it might tempt me out of retirement...
     
  2. A couple of potential problems:

    1. The government can't get proper 'cyber' security on the cheap, or as a commodity. It might even involve scrapping a lot of expensive kit and building almost from scratch.

    2. A lot of the high-level decision making has to be done by the security experts themselves, not by politicians, to avoid the kind of cock up we saw with JPA. It probably means a lot more commissioned officers than the MoD wants.
     
  3. Flight

    Flight LE Book Reviewer

    I can't see much but problems to be honest!

    I suspect the role will be more along the lines of making sure no-one puts anything rude on facebook than it's name suggests.
     
  4. I would presume these guys would be the natural starting point?

    http://www.army.mod.uk/signals/organisation/9190.aspx
     
  5. That troop already exists, as anyone who has done OPTAG recently will know. The real int these days is on twitter anyway.
     
    • Like Like x 2
  6. Makes sense. If Flight's read that correctly, it's going to be like LIAG on a larger scale, assuming the reserves can recruit a decent number from information security. Not sure how it's going to work out in practice, though.
     
  7. What do LIAG, actually do though?
     
  8. Right, I read that, but how does that work in practice? Do they sit in tents pen testing webapps?
     
  9. Listed on the Army's public site under Land Information Assurance Group:

    • Penetration testing
    • Web Application Testing
    • Database Security Testing
    • Vulnerability Assessment
    • Network Traffic Analysis
    • Computer Forensics
    • Compliance Checking
    • Incident Handling
    • Firewall Testing
    • Wireless Network Scanning
    • Intrusion Detection
    In civvy street, it's a massively comprehensive area known as information assurance, and involves checking for every conceivable vulnerability in a network, computer systems, software and sometimes physical security, and then fixing whatever weaknesses they find. It's especially important in the case of commercial systems used by high-profile organisations, since the updates and patches you get from Microsoft, et. al. are typically released a couple of months after someone discovered the vulnerability.

    The forensics side is essentially about pulling data off a system and going through it meticulously to establish the most accurate possible reconstruction of events leading up to something. The procedures vary depending on whether evidence needs preserving, and there are several very different types of analysis that might be used.

    'Right, I read that, but how does that work in practice? Do they sit in tents pen testing webapps?'
    Forensics work mostly involves sitting in a lab eating pasties :)
     
  10. ok, before this all gets really mega :)

    In my day job, one of my hats is IA. I am a "Security Champion" (yes, we're trying to come up with a better name because this is shite)

    I do,
    # Penetration testing
    # Web Application Testing
    # Database Security Testing
    # Vulnerability Assessment
    # Network Traffic Analysis
    # Incident Handling

    So, what sort of applications do they test?
     
  11. Should have checked. Stupid me :)

    I should imagine they test most the commercial equipment and software the Army's using, without naming anything. Can't tell you much more beyond what's published on the Army's site.
     
  12. That's another one I'd be interested in, although I avoid market-speak and procurement people like the plague :)
     
  13. blue sky and new horizons????