Leafing through a magazine right now, you are desperately trying to put off having to go back to checking your team’s timesheets, ploughing through a financial spreadsheet for this afternoon’s budget review and justifying to the bean counters why you need to upgrade a laptop that still has the ‘Optimised for NT4’ sticker on the back. Not exactly why you got into IT security is it?
You thought it was going to be a cross between Cybergeddon and The Matrix, and here you are, doing financial forecast spreadsheets whilst the UK, its citizens, businesses, armed forces and government are under daily attack.
Last year computer networks associated with the UK government were hit with approximately 20,000 malicious emails per month; of which about five per cent were serious cyber attacks.
Now, let’s consider a slightly different scenario. As you reluctantly put this magazine down and turn back to your screen the phone chirps twice before you manage to answer it.
‘Hello, David Brookes1 speaking.’ You try to keep the irritation out of your voice, that spreadsheet isn’t going to fill itself in and you can already see your lunch break dwindling to a snatched sandwich at your desk.
‘Ah David, it’s Colonel Elliott2,I’m glad I caught you. Are you free to talk?’
You sit up straighter in your chair. The commanding officer of the Land Information Assurance Group doesn’t generally call in the middle of the day for idle chitchat.
‘Sure Colonel.’
‘We’ve just been thrown a fastball and need to put a team together able to conduct an urgent vulnerability assessment on a Unix environment. If you’re able to, I’d like you as team leader. It’s probably going to take a few days.’
‘I’ll need to clear it with the company and her indoors. How soon do you need me?’
‘Tomorrow morning?’
‘It’s that urgent?’
The colonel pauses for a long moment before replying carefully. ‘Yes David, I do believe it is.’
The hairs prickle on the back of your neck as a host of questions spring to mind before being equally swiftly discarded as unsuitable for an insecure line. Finally, one passes muster as relatively safe. ‘Colonel, do I need to pack my body armour?’
Again a long pause before the colonel replies, now with a hint of wry humour in her voice. ‘Yes David, that might be very wise.’
There’s a war out there
Buzzwords seem to rule these days. Be it cloud computing, social networking, big data or cyberwar. Definitions vary according to the vendor and what they are trying to sell you. But cyberwar, cyberwar is different. It changes everything. And the definition is inarguable.
Cyberwar is the use of computers to attack other computers; it’s as simple as that. But let’s face it, when did anything involving computers remain simple?
For cyberwar, read malware, distributed-denial-of-service, crafted malware, coordinated cyber and kinetic (i.e. doing physical stuff, like driving a tank across a border) operations, advanced persistent threats, cyberwar outsourcing, plausible deniability and the legal status of a cyber attack in relation to armed attacks - it got complicated all of a sudden, didn’t it?
The press is full of articles about Estonia, Georgia, Israel, Syria, Iran, China and the Balkans and there is a real need for experienced security professionals to help protect the UK armed forces, wherever they are, from cyber attack.
The UK MoD is investing heavily in its cyber capability and a key strand of that capability are people like David, and maybe you, as cyber operations officers holding the Queen’s commission in the Land Information Assurance Group (LIAG).
LIAG is a Territorial Army (TA) unit formed in 1999 that recruits experienced IT security professionals into the Royal Signals in the same manner that doctors, surgeons, lawyers and members of the cloth are recruited and commissioned into the TA.
Let’s take ‘David’ as an example. David is on average about 39. He’s a long-term IT professional, having probably worked in systems development, network engineering or systems administration before settling into a formal security role.
He may work for a large UK company such as BAE Systems, Fujitsu or CSC, or just as likely, be an independent contractor of some standing, a CLAS consultant with a host of other security qualifications, such as CISSP, CISM, CCNA, ITPC and membership of national computing or security organisations. But David has always harboured an ambition to be a soldier and cyber operations have given David a way of fulfilling that ambition as an officer in the TA.
Over the last 12 years, David and his colleagues have worked as cyber operations officers on operations in the UK, Iraq, Afghanistan, the Balkans, the Falklands, Cyprus, Africa, Gibraltar, Canada, and Germany; in fact in all deployed MoD locations. Note, operations. This is not TA training, although LIAG officers do that too. This is real support to the UK’s national security and deployed military operations that only people like you can do.
So, if you are interested, go to www.army.mod.uk and search LIAG.
Your country needs you.
The author is a serving officer in the Land Information Assurance Group when not working for a multinational security software company.
1. Actually {Insert name here} would be more accurate, but I had to come up with something so ‘David Brookes’ will do. Let’s be honest, no one has ever answered the phone saying, ‘Hello {Insert name here} speaking’. For one thing how would you get those wiggly brackets into the conversation and keep a straight face?
2. And no, this isn’t the real name of the commanding officer - that’s classified, unless you know him of course.