By Gen. Stephen
R. Lorenz
Commander, Air Education and Training Command
RANDOLPH AIR
FORCE BASE, Texas -- "The stark reality is that the bad guys are
winning and our nation is at risk."
That's what retired Air Force Lieutenant General Harry Raduege,
Jr., writes in an insightful article about cyberspace titled,
"Evolving Cybersecurity Faces a New Dawn." As he describes our
many challenges in cyberspace, General Raduege observes that
"the list of concerns is growing and endless: rampant cybercrime,
increasing identity theft, sophisticated social engineering
techniques, relentless intrusions into government networks, and
widespread vulnerabilities continuously exploited by a variety
of entities ranging from criminal organizations and
entrepreneurial hackers to well-resourced espionage actors."
Over the last few weeks, we have focused on the security of our
computer networks, and we have found that we have big
challenges.
The bottom line is that we are at war in
cyberspace...today...all the time.
Our enemies are attacking our network -- the same network you
use to send e-mails, share documents and access the internet.
They are using stealth and surprise to insert malicious code
into our network in order to gain intelligence. What is our
enemy's intention? We don't know, but it's not friendly.
Chief Master Sergeant Rob Tappana, our command chief, said
something that caught my attention. He observed that if our
front gate was under attack, we would do something about it. We
would reinforce the guards with our security forces, convene the
battle staff, increase patrols and raise awareness levels
throughout the base. Chief Tappana then pointed at the computer
on a nearby desk and said, "We must realize that that's our
front gate too."
He is right. We need to think and act like warriors in
cyberspace. That's where leadership is essential.
General Raduege describes four stages in our journey to secure
cyberspace. The first stage is ignorance. We don't know what we
don't know about cyberspace attacks. We are past that stage now.
If you didn't know about our vulnerability in cyberspace, you do
now.
The second stage is awareness. We now realize that we are at war
in cyberspace, and we are vulnerable. We no longer take access
to the network for granted -- we realize that it can be taken
away unless we take steps to defend it.
The third stage is actualization. We share a sense of urgency
that we need to do something about the attacks on our network.
We will learn more and more about cybersecurity. We will all
work together to reduce our vulnerability and defend the network
from attack.
The final stage is the "cyber mindset," where we think and act
as warriors in cyberspace just as we do in air and space. We
will train to protect ourselves and our networks from attack. We
will all be "on patrol" as we look for new threats. Leaders at
all levels will measure our vulnerability and direct defensive
actions to counter the enemy.
To get to the fourth stage, we are going to have to work through
a paradigm shift about security in cyberspace. Many of us,
including me in the past, have taken the network for granted. We
can't do that anymore. Every computer connected to the network
is part of the battlespace. Every person that has access to the
network is operating in a combat environment. Everyone must act
responsibly, or it opens a hole in our defense.
As I've written before, I believe you are all leaders, because
you all have influence over other people in your workplaces,
your families and your communities. It's going to take your
leadership to help us make this paradigm shift. How do you lead
others through change? You work through the stages of change
faster than the people around you.
So, as leaders, I ask that you move from awareness to
actualization as quickly as possible. Talk to our experts,
beginning with our communication professionals. Set the right
example by following the procedures and not taking shortcuts.
Learn about and use the tools we have today. I promise that more
tools are on the way.
I am working through the stages as fast as I can. We are
improving the security of our computers at our headquarters, and
I have directed that no one is exempt from security measures,
including me. If my computer has to restart while I'm in the
middle of something, so be it. We must be willing to accept a
moderate amount of mission degradation to secure ourselves
against the enemy "at the gate."
General Raduege writes that, despite the challenges facing us in
cyberspace, he is optimistic that we are "on the verge of a new
dawn for cybersecurity." I am optimistic as well, because we are
fortunate to have you to help lead us through this change in our
mindset. We are at war in cyberspace and we will all need to
apply our warrior skills to prevail. Fight's on!