Saturday, February 7, 2009

Gen Lorenz on leadership: At war in cyberspace

http://www.af.mil/news/story.asp?id=123129337

Commentary by Gen. Stephen R. Lorenz
Air Education and Training Command commander


12/23/2008 - RANDOLPH AIR FORCE BASE, Texas (AFNS) -- "The stark reality is that the bad guys are winning and our nation is at risk." 

That's what retired Air Force Lieutenant General Harry Raduege, Jr., writes in an insightful article about cyberspace titled, "Evolving Cybersecurity Faces a New Dawn." As he describes our many challenges in cyberspace, General Raduege observes that "the list of concerns is growing and endless: rampant cybercrime, increasing identity theft, sophisticated social engineering techniques, relentless intrusions into government networks, and widespread vulnerabilities continuously exploited by a variety of entities ranging from criminal organizations and entrepreneurial hackers to well-resourced espionage actors." 

Over the last few weeks, we have focused on the security of our computer networks, and we have found that we have big challenges. 

The bottom line is that we are at war in cyberspace...today...all the time. 

Our enemies are attacking our network -- the same network you use to send e-mails, share documents and access the internet. They are using stealth and surprise to insert malicious code into our network in order to gain intelligence. What is our enemy's intention? We don't know, but it's not friendly. 

Chief Master Sergeant Rob Tappana, our command chief, said something that caught my attention. He observed that if our front gate was under attack, we would do something about it. We would reinforce the guards with our security forces, convene the battle staff, increase patrols and raise awareness levels throughout the base. Chief Tappana then pointed at the computer on a nearby desk and said, "We must realize that that's our front gate too." 

He is right. We need to think and act like warriors in cyberspace. That's where leadership is essential. 

General Raduege describes four stages in our journey to secure cyberspace. The first stage is ignorance. We don't know what we don't know about cyberspace attacks. We are past that stage now. If you didn't know about our vulnerability in cyberspace, you do now. 

The second stage is awareness. We now realize that we are at war in cyberspace, and we are vulnerable. We no longer take access to the network for granted -- we realize that it can be taken away unless we take steps to defend it. 

The third stage is actualization. We share a sense of urgency that we need to do something about the attacks on our network. We will learn more and more about cybersecurity. We will all work together to reduce our vulnerability and defend the network from attack. 

The final stage is the "cyber mindset," where we think and act as warriors in cyberspace just as we do in air and space. We will train to protect ourselves and our networks from attack. We will all be "on patrol" as we look for new threats. Leaders at all levels will measure our vulnerability and direct defensive actions to counter the enemy. 

To get to the fourth stage, we are going to have to work through a paradigm shift about security in cyberspace. Many of us, including me in the past, have taken the network for granted. We can't do that anymore. Every computer connected to the network is part of the battlespace. Every person that has access to the network is operating in a combat environment. Everyone must act responsibly, or it opens a hole in our defense. 

As I've written before, I believe you are all leaders, because you all have influence over other people in your workplaces, your families and your communities. It's going to take your leadership to help us make this paradigm shift. How do you lead others through change? You work through the stages of change faster than the people around you. 

So, as leaders, I ask that you move from awareness to actualization as quickly as possible. Talk to our experts, beginning with our communication professionals. Set the right example by following the procedures and not taking shortcuts. Learn about and use the tools we have today. I promise that more tools are on the way. 

I am working through the stages as fast as I can. We are improving the security of our computers at our headquarters, and I have directed that no one is exempt from security measures, including me. If my computer has to restart while I'm in the middle of something, so be it. We must be willing to accept a moderate amount of mission degradation to secure ourselves against the enemy "at the gate." 

General Raduege writes that, despite the challenges facing us in cyberspace, he is optimistic that we are "on the verge of a new dawn for cybersecurity." I am optimistic as well, because we are fortunate to have you to help lead us through this change in our mindset. We are at war in cyberspace and we will all need to apply our warrior skills to prevail. Fight's on! 


No comments: