I honestly never thought I’d use the phrase “continuing series” about a military CIO’s totally stagnant website. You jab ‘em in a column, they get off their duffs, then you move on … yet here I sit, writing once more about visible stagnation in the office of the Air Force Chief Information Officer.

Lt Gen William Shelton, the outgoing CIO, has nailed a promotion if you can believe it — in part for failing to get anyone in his office to do anything with his official “bully pulpit 2.0″ website. Is this guy ROAD or what?

If, as a child, you ever found a mosquito nursery in an old tire, then you know how I feel right now. “Grandma, where do you keep the chlorine bottle? I found some stagnant waterweb pages…”

Seriously, folks: how can one top cyber-warrior after another ignore such a vital marketing tool? I quote myself from my previous column in this continuing series:

“This CIO, more than anyone else, should have used his website to hawk his agency’s cyberspace prowess. And yet the other military CIOs put him to shame with their updated content…”

“C’mon, Rob, it’s just a website. Is it really such a big deal?” Yes. It goes all the way up to the office of the Secretary of the Air Force, who warned that “just as Billy Mitchell endeavored to prove the potential of air power to a skeptical nation, we must now prove the critical importance of cyberspace as a war fighting domain.” He clearly wants a CIO with enough drive to to use the bully pulpit for its intended purpose— oops! The cited URL used Billy Mitchell’s name in vain re: a new email policy. Hmph. It pains me when USAF insinuates Mitchell spoke legalese with a bureaucratic accent. If you’ll let me start over, I promise to cite a much better URL…

Is this guy ROAD or what?

“C’mon, Rob, it’s just a website. Is it really such a big deal?” Yes. It goes all the way up to the office of the director of the National Security Agency, who lamented that “there is no modern Billy Mitchell.” The last two generals to hold the title of “Air Force CIO” certainly embody this lament — ironically at a time when USAF needed them to pound their fists on the digital lectern.

Memo to the Secretary of the Air Force: you really need to pick a CIO with at least enough drive & vision to use a “bully pulpit 2.0″ for its intended purpose. Capisce?

Okay. So. Michael Peterson never did anything as CIO if we’re to believe the official website. Nor did William Shelton. Up next for the job: William T. Lord, who will pin on a third star after his own aborted effort to launch “AFCYBER.”

“Rob, do you think Lord will leave the CIO website in stagnation like his predecessors did?” No. If my sourcehunch proves right, Lord will finally turn the CIO website into a bully pulpit. He seems to enjoy the limelight, you know. (I’ll bet he got seriously miffed when General Kevin Chilton discussed cyberspace on the Charlie Rose show.)

Memo to General Lord: Let’s make this the last column in my “continuing series” about a stagnant USAF CIO website. Deal?

I’ve written quite a bit of prose on the U.S. Air Force’s stillborn effort to launch a full-blown “Cyber Command,” one equal in stature to Air Mobility Command and Air Combat Command. To put it simply: USAF wants to win the race to codify a DoD-centric cyber mission.

(I feel it’s a testament to this website that USAF started using the phrase “codify a DoD-centric cyber mission” after reading about it here. But hey, let’s not digress.)

I obtained a docu­ment that may have con­vinced AFSPC bureau­crats to go to war against AFCYBER bureau­crats — a war that con­tri­buted to the death of AFCYBER as a major command.

If you believe the official story line, then you believe USAF aborted “AFCYBER” only at the eleventh hour after they suffered a string of embarrassing nuclear accidents. “You guys need to focus on the core missions you’ve already got,” Defense Secretary Robert Gates told the flyboys. He fired his top two Air Force officials and scolded a few others for losing sight of the big picture.

USAF’s newly installed top officials thought about it and said “maybe we should scrap the idea of converting our old nuclear bomber command to a newfangled cyber command. Maybe our nuclear bomber command should focus on nuclear bomber duties. And maybe we should let Air Force Space Command (AFSPC) handle the ‘cyber space’ duties, given the fact we only just realized that ‘cyber’ and ‘outer’ are exactly the same thing when it involves bits & bytes.”

That’s if you believe the official story line.

Some very interesting people in AFSPC might tell you a different story if you buy the first round of beers. They’ll say a bitter rivalry exists between the “space cadets” and the “comm weenies” — a rivalry accidentally revealed in this classified photo. I quote from my previous column:

The big screens in the far background reveal … which major commands fall under which regions of AFCYBER’s Integrated Network Operations Security Center (INOSC). Noticeably missing from the list is Air Force Space Command.

I did a bit of research on this rivalry. It ultimately led to a document some space cadets secretly despise — a document that may have convinced the AFSPC bureaucracy to wage war against the AFCYBER bureaucracy.

AFCYBER’s death knell may have come (in no small part) from the foreword to an innocuous “AFNETOPS Classification Guide” signed on 20 April 2007 by Lieutenant General Robert J. Elder, Jr., the commander of Air Force Network Operations. I finally obtained this document’s foreword on 17 June 2009 via the Freedom of Information Act. Note the highlighted portion that offends space cadets:

This guide establishes security procedures, guidelines and administrative controls to protect information related to Air Force Network Operations (AFNetOps) policies, programs, capabilities, assessments and activities and serves as classification guidance for exercises and operations relating to AFNetOps. AFNetOps is the global-level command and control for the Air Force’s provisioned portion of the Global Information Grid. The Eighth Air Force Commander (8AF/CC) is designated as the AFNetOps Commander and the Original Classification Authority. Currently, AFNetOps is limited to terrestrial networks (i.e., NIPRNET and SIPRNET) with the provision to include airborne and space networks in the future. This guide addresses computer networks only. Information noted as classified by this guide could be expected to cause damage or serious damage to national security if disclosed without authorization. The Original Classification Authority shall identify or describe the nature of such damage.

“What does the highlighted portion mean, Rob?” It means a three-star general told a four-star general “you will report to me someday.” Ouch!

As Paul Harvey would say: “now you know the rest of the story…”

---

Honestly? I don’t believe this little “oops” delivered the mortal blow to AFCYBER.

If we use Murder on the Orient Express as our analogy, then we can view the offending document’s foreword as the twelfth stab wound. The mortal blow in this case came from AFCYBER itself — or should I say, AFCYBER’s bureaucratic buffoons.

Better yet, let’s think of it as a Darwin Award rather than a murder mystery. This is what you get when bureaucrats take command of military operations…

(Memo to Lt Gen Elder: one word, Bob. “Groupthink.”)

As you may know, USAF downgraded their cyberspace role from its important status as a major command … to the mundane status of just a numbered air force.

Out of curiosity … did Major General William T. Lord have a “flying exec”?

The implosion of “AFCYBER” means I may never know the answer to a simple question. I’ve always wondered if commanding general William T. Lord had a flying exec like other flag officers in operational positions.

A “flying exec” is slang for an Air Force combat pilot who pulls double duty, flying both an aircraft and a desk. They serve as an executive assistant to a colonel or a general — yet they continue to slip the surly bonds of earth.

So. If General Lord had a flying exec … what did he/she fly & fight with? Perhaps a Dell 2950 rack-mounted server, flown from a ClearCube ground-control station…

The U.S. Air Force routinely holds a “Corona” meeting where top generals make course corrections for their military branch. At their latest shindig, they downgraded cyberspace from the “mission essential” status of a major command … to the “mission component” status of a numbered air force.

“We ripped the guts out of your project at the last possible second. Con­grat­u­la­tions! You get a medal…”

Indeed, the brand-new Secretary of the Air Force didn’t even mention cyber in his top five near-term priorities. This guy seems far more concerned about a wayward nuke than a wayward network. Go figure.

Still, AFCYBER managed to pump out an upbeat press release. Commanding general William T. Lord — the man who fathered a stillborn MAJCOM — did his best to explain how “the operation was a success even though the patient died.” But hey, they at least gave him another patient to work on. That should keep him occupied for awhile.

To be honest: Lord’s got a point about the “success” of his efforts. His mothballed Strategic Air Command would have taken on new life as Communications Cyberspace Command … if USAF hadn’t ironically fumbled SAC’s old nuclear football.

So. When it’s all said & done, USAF will pin medals on the midwives who delivered this stillborn. I anticipate the following quotas:

• E3-E5 and O1 will receive an Achievement Medal;
• E6-E7 and O2-O3E will receive a Commendation Medal;
• E8-E9, O4-O5, plus “lesser” O6 will receive a Meritorious Service Medal; and
• Senior staffers will receive more gratuitous medals that rank above the Bronze Star.

And everybody’s performance report will, of course, make it sound like he/she actually did stand up a major command.

In all fairness, I shouldn’t criticize the medals; nor should I criticize the performance reports. Why? Because the decision to gut this project came from USAF’s very highest eschelon. Everyone involved — even Lord — can honestly say “it all occurred way above my pay grade.” When something like this happens, you issue a press release to say the Corona decision “makes sense” and then you move on.

Yes yes yes, so their production got whacked at the eleventh hour. Yes yes yes, so the scope of their objective got cut from a MAJCOM to a NAF. But that’s no reason not to celebrate! Bartender, a round of cyber medals for everyone…

Hollywood’s newest cinema release, “Eagle Eye,” continues their infatuation with blood-spilling high-action big-budget cyber-terror movies. Major film critics, on the other hand, continue to pan any flick with an absurd Rube Goldberg cyberspace plot.

[Editor's note: this column contains spoilers for the movie "Eagle Eye."]

But here’s the kicker. The U.S. Air Force desperately wants a role in every absurdist cyberspace big-budget movie made today. They now brag on their website about contributing to “Eagle Eye” and its Colossus / WOPR / Skynet plotline.

Let’s make sure we get this straight, folks. From roughly a third of the way in until the post-climactic wrap, the actors consistently describe it as the most horrifying act of “cyber-terrorism” ever inflicted on the United States. And who master­minded all this cyber-terror against the U.S.? No evil empires, no chest-thumping bad guys, no CIA double agents, no alien cyborgs… Believe it or not, the U.S. Depart­ment of Defense itself orchestrated every single bit of the movie’s cyber-terrorism, aided by a hoard of “comm weenies” with AFSCs like 3C0x2 and 3C0x1 and 3C1x1 and 3C2x1.

Now you know why the U.S. Air Force must lead the way in cyberspace. America needs them to build digital armories filled with deadly cyber weapons so insane villains can remotely hack into them during Phase IV of their diabolical plan to overthrow the United States government.

It pains me to say this, but … USAF has finally topped its “Iron Eagle” debacle of 1986. Let’s check out just a few of the Air Force’s bragging rights in “Eagle Eye,” shall we?

• A missile fired from an MQ-9 UAV wipes out an innocent funeral procession in an Afghan village;
• A malfunctioning, autonomous, self-aware, ultra-secret super­computer buried under the Pentagon no doubt falls under the auspices of Air Force Cyberspace Command;
• Two hapless individuals at a civilian airport step aboard a C-17 ramp with an unguarded (!) “A1 priority” container destined for the Pentagon;
• A hacked F-16 ejects its pilot over the Washington, DC region; and
• A hacked MQ-9 UAV fires missiles inside a freeway tunnel (aka a critical U.S. infrastructure) in the Washington, DC region.

It’s a movie cliché: “USAF will lose remote-control of deadly cyber­space weapon sys­tems that will go on to kill inno­cent people in the U.S. and/or a third-world country…”

You’ll notice I said “just a few of” USAF’s bragging rights. Don’t even get me started on a self-evolving weapon system that magically overcomes its intrinsic physical limitations to make the leap from omniscient to omnipotent. And don’t get me started on the posse comitatus issues for a Pentagon network that performs domestic spy ops. And don’t get me started on all the airports, trains, traffic lights, street cams, Porsche cruise controls, cell phones, X-ray machines, OnStarand any other non-USAF hacks.

Roger Ebert opened his movie review by saying “the word preposterous is too moderate to describe ‘Eagle Eye.’ This film contains not a single plausible moment after the opening sequence.” He goes on to stab the Rube Goldberg plotline: “Why not get a couple of no-neck guys from the West Side to kidnap Jerry, haul him on board a private jet and transport him to Them?”

I agree completely with Ebert. The apartment scene alone qualifies as an epic logistical nightmare. If a rogue military super­computer can acquire an entire truckload of bomb-making materials, poisons, sniper rifles, classified documents, plus fake passports without arousing any federal bureaucratic suspicion whatsoever, then lure delivery men to haul everything to an upstairs apartment without question, precisely during a small window of opportunity while the apartment dweller attends a family funeral—

—then certainly a rogue military super­computer can lure an FBI team to escort our protagonist to the Pentagon, believing he’ll slip into his twin brother’s shoes to wrap up a CIA mission.

I mean, come on! We’re talking about a military super­computer with enough artificial intelligence to fully understand and correctly exploit both human fear and maternal instinct. Tapping a federal marshal’s psychological factors should be a no-brainer, folks.

To paraphrase comedian Greg Giraldo: “Eagle Eye’s plotline has more holes in it than Mel Gibson’s apology.”

And USAF feels proud to have worked on it! Check out this movie studio press release:

Rosario Dawson actually traveled to the Air Force’s OSI headquarters in Washington, D.C. to learn what her real-life counterparts’ lives were like. “We arranged for her to meet with them to learn about what they do,” explains Air Force technical advisor [SMSgt] Vince Aragona. Dawson also spoke with a female agent similar to her own character at L.A. Air Force Base. “That person actually ended up as an extra in the movie,” appearing as Dawson’s sidekick in some scenes.

Other active duty military also appear in the film as extras. “When you get active duty people in here wearing uniform,” Aragona says, “they already know how to walk, how to carry themselves, how to wear the uniforms properly. They’re active duty, they know what they’re doing. Plus, they love doing it…”

I should note the fact Aragona’s name appears in the end credits.

Oh, by the way! Aragona is USAF’s casting director for the upcoming “Trans­formers” sequel. Contact him if you serve in the Air force and want to lose your life in an aerial battle you couldn’t possibly win. But there’s a catch — cyberspace weenies need not apply. The producers want dashing young Pararescue Jumpers and Forward Air Controllers and any other in-lieu-of AFSC that includes a beret.

---

The most absurd quote comes to us from a positively glowing USAF press release:

“This was a great opportunity for the Air Force to be involved in such an action-packed thriller that reflects our core values through a prominent character in the story,” said Lt. Col. Francisco Hamm, the Air Force Entertainment Liaison Office director…

“Core values,” he says? Core values?!? CORE VALUES?!?

In the film, AFOSI special agent Zoe Perez plays one of many unwitting pawns in a military super­computer’s plot to overthrow the U.S. government. Heck, she doesn’t even deliver a monologue. What core value does “secondary movie character” fall under? And what core value does “stabbing a super­computer to death” fall under?

Believe it, folks — our intrepid female Air Force agent stabbed a super­computer to death. You see, unlike a normal COTS super­computer that stands idle in a corner, this MILSPEC monstrosity can freely move its silicon brain around the room on a metallic spine that hovers over a moat, and, uh… well…

Waitaminit. A moat? Man, you gotta love Hollywood.

Hmph. If someone asked me to visualize “a silicon brain on a metallic spine,” I’d think of a Star Trek android like Data or Ilia or Nomad. You know: something that can use its spine to leave a moat-filled bunker. But hey, let’s not digress…

So anyway. If we wait for the DVD, we’ll probably find a deleted scene where Perez’s core values of “integrity, service, and excellence” reflect in the way she retrieves that hacked UAV from the tunnel chase. I can already hear the monologue she delivers over Tom Morgan’s lifeless body:

“You know, when I first met Agent Morgan, we ended up facing off over an Airman’s supposedly accidental death. Both of us engaged in needless posturing while American lives stood at grave risk. I wanted to speak to the dead man’s twin brother; he wouldn’t let me. Later he needed my help to stop a terror attack, but I just verbally flipped him the bird and hopped a flight. I see now that each of us is an important asset in the fight against terror here or abroad. But it took Morgan’s death to open my eyes. It was he, not I, who made the first move. It was he who believed in me first. I learned, almost too late, that this counter-terrorism agent was a feeling creature and, because of it, the greatest in America. I learned, too late for him, that agents have to make their own way, to make their own mistakes. There can’t be any gift of perfection from outside ourselves. And, when agents seek such perfection, they find there’s only death, fire, loss, disillusionment, cyber-terrorism, the end of everything that’s gone forward. Counter-terror agents have always sought an end to toil and misery. It can’t be given; it has to be achieved. There is hope, but it has to come from inside, from an agent himself…

Now that’s a monologue, folks. Somebody look on the cutting room floor for Perez’s core values, will you?

“But Rob, Perez’s work led her to the Pentagon where she linked up with the Secretary of Defense.” You’d call a chance meeting important? Bah. Everybody can brag about sitting across from some renowned VIP at some chance meeting. My work led me to the White House for a computer security round­table with Richard Clarke. Big whoop.

And besides, I monologue about my own core values way more than this fictitious “Zoe Perez” movie character ever did. So there.

Listen to me, folks. I said it before and I’ll say it again. Hollywood thinks the Air Force’s core value is to set up digital armories filled with deadly cyber weapons so insane villains can remotely hack into them during Phase IV of their diabolical plan to overthrow the United States. If USAF envisions that as one of its core values, then Hamm deserves a glowing performance report.

It’s practically a movie cliché these days for any high-tech government plotline — “USAF will lose remote-control of deadly cyber­space weapon sys­tems that go on to kill inno­cent people in the U.S. and/or a third-world country.” Sad but true. And the U.S. Air Force willingly helps Hollywood to perpetuate this cliché.

“[This movie] re­flects our core values through a promi­nent charac­ter in the story,’ said Lt. Col. Fran­cisco Hamm, the Air Force Enter­tain­ment Liaison Office director…”

Frankly, I view this movie cliché as a side effect of USAF’s fetish to codify a DoD-centric cyberspace mission. Their public affairs branch followed orders to hawk cyberspace as a combat zone … but it looks like no one rescinded the order. USAF’s newly knighted commanding general, Norton Schwartz, should walk down the hall to his public affairs office and say “stop making us look like Colonel Klink; start making us look like Colonel Hogan.”

“Hamm.” What a name for a guy who schmoozes with Hollywood’s glitterati. I’ll bet a soda this staff officer enjoys an open TDY order. Check out his military bio (archived), his civilian bio (archived), plus his LinkedIn profile (archived). Unlike some active duty airmen who bag groceries or deliver pizzas to make ends meet, this airman played an extra in the movie “White Squall” and snapped photos for the indie film “Run Cody.”

(I’ll see a lot of email over this but someone needs to say it. “Doesn’t Hamm’s LinkedIn bio remind you of General ‘Doc Hollywood’?” I’ll bet a soda Hamm’s overseas tour overlapped Doc’s reign of TV terror. “He will probably be remembered most by service­members stationed in Europe for his many commercials on American Forces Network Television…”)

---

It pains me to say this, but USAF has finally topped its “Iron Eagle” debacle of 1986.

I admit you’ll find some notable exceptions to this movie cliché. For example:

• In “Transformers,” USAF loses a battle on one of its own airfields and gets hacked into by a robot that slipped undetected onto Air Force One. U.S. Air Force officials pitched in to make the combat losses look authentic.
• In “Iron Man,” USAF loses an F-22 fighter jet; lets VIPs walk around a military hanger unescorted; lets officers carry personal cell phones into a classified air operations facility; and lets field-grade officers override flag-grade rules of engagement. U.S. Air Force officials pitched in to make the security lapses look authentic.
• In “Stealth,” yet another malfunctioning autonomous self-aware computer—

—oops, waitaminit. “Stealth” centered on the U.S. Navy. My bad. Still, it’s obvious USAF wants to help Hollywood make movies that make USAF look like a bunch of cyber-imbeciles. Hmph.

So. The U.S. Air Force wants to be the third leg in a triad known as the “military-industrial-entertainment complex,” eh? Fair enough. But their misplaced pride in their contributions to “Eagle Eye” makes me wonder if USAF played any role in the production of this action movie…

Readers will recall I lambasted the new Air Force Cyberspace Command for publishing a classified publicity photo. A few others have since blogged on this snafu.

Now — more than a year after the photo made its debut on USAF’s website — I received an email telling me it’s the focus of a contest at Kadena Air Base in Okinawa, Japan. The person who identifies the most boo-boos in the photo will earn a gift certificate for two large pizzas at the local food joint.

Don’t worry: my source knows to avoid plagiarism in his entry. He even offered to share the pizzas with me if he wins. Hmmm, where did I put my passport?

I surmise this contest is the brainchild of either Kadena’s Intel­li­gence Branch or (more likely) the base Com­mu­ni­ca­tions Squadron. Good for them! Airmen can learn things the easy way by studying others who learned the hard way. Let’s hope Kadena hangs the winning entry next to this motivational poster.

“A contest, Rob? It seems a bit cruel to the people in the photo.” I agree. And a mother cheetah is equally cruel when she brings live prey to her cubs so they can learn to hunt. If USAF wants to hunt the enemy in cyberspace, then a pizza contest is a small price to pay for the skills they’ll need.

I don’t know how you can enter the contest, but I do hope we get to read the winning entry. Stay tuned…

Popular Mechanics filed a nice PR story on the burgeoning new Air Force Cyberspace Command. Reporter Glenn Derene included this priceless observation:

There are no physical connections between [NIPRNET and SIPRNET] anywhere in the Defense Department’s 5 million–computer network, yet in the AFNOC, the Ethernet jacks are only 1½ in. apart. That proximity got me wondering. “What if someone connected them?” I asked information officer 2nd Lt. Mike Forostoski. He laughed in disbelief, as though I had asked him what would happen if a flaming nuclear blimp headed for the building. Then he answered with cautious understatement: “That would be bad. What would happen, of course, is a national-security breach that would probably be an act of treason.”

If you hold any Cisco certifications, then you know the absurdity of declaring a “national-security breach” if a sleepy Airman links two disparate networks with a patch cord. The routers at each end of the wire won’t know how to transfer packets. BGP, EIGRP, etc. will need a lot of tweaking and you’ll need administrator access to each router. You can theoretically do it, but it’ll take a lot more than just a piece of wire to commit treason. Ah, but I digress…

Derene goes on to abbreviate Air Force Cyberspace Command as “AFCC” — practically a four-letter word to the folks at Barksdale AFB. Seriously! Call them “AFCC” and they’ll act like you slapped them in the face. “We are not AFCC and in fact that agency will report to us when AFCYBER stands up in October…”

Yet there’s the rub: someone way high up in the Pentagon has put AFCYBER on hold. The Register quotes a story in NextGov that cites a leaked directive to suspend the big kickoff. NextGov then drops this bomb:

The Cyber Command hyped its capabilities on TV, in Web video advertisements and in a series of high-profile presentations conducted by [commanding general William T.] Lord. The hard sell may have been the undoing of the Cyber Command, which seemed to be a grab by the Air Force to take the lead role in cyberspace…

The decision to ratchet back the Cyber Command may have come from Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, who wants to see a greater role for the Navy in cyberspace, said an Air Force source.

So, do I think AFCYBER is its own worst enemy? Actually, no — it’s the bureaucrats who want their agencies to reorganize under AFCYBER for self-serving reasons. Those bureaucrats used their muddled groupthink to concoct a pathetic marketing strategy best seen in the early 1980s when Air Force Communications Command pitched a self-serving idea to merge with Air Force Data Automation— oops!

—a pathetic marketing strategy best seen in Intercom magazine, a glossy news organ of the Air Force Communications Agency (the real “AFCC”). I quote myself from more than a year ago: “[their] award-winning ‘Intercom’ magazine perpetuates the notion of ‘cyber’ as a support function,” not an operational mission.

The photo at right is a perfect example of poor marketing. When you see airmen updating their antivirus software, does it inspire you to hunt down the terrorists involved in the World Trade Center attack? Of course not — this photo highlights a support function, not an operational mission.

If your daughter and your wife and your mother can update antivirus software on their PCs, then it’s not a military operation. That’s poor marketing.

---

At the end of his story, reporter Glenn Derene admits “the awed kid in me” wanted to see the B-52 bombers sitting on the tarmac. “We drove out to the airfield, and there they were, perhaps the most massive attack planes ever created, the very symbol of American megapower, each one capable of devastating an entire city.”

Derene wrapped up by comparing the old days of air combat to the new days of cyber combat. But really, folks — if he had to choose between standing around in a computer room or flying around in a nuclear bomber, do you think he would have written about the short distance between those Ethernet connections? That’s poor marketing for you.

If you remember Air Force Communications Command in the early 1980s, then you know what I mean when I say “history is repeating itself with Air Force Cyberspace Command.”

So, kudos to whoever yanked the parking brake at AFCYBER. I said it before and I’ll say it again — their muddled groupthink has turned a “hot project” into a cancerous quest for an Einstein-ish unification theory that homogenizes Military Intelligence with Communications under a single major command.

IF YOU TYPE ”forces support squadron site:.com” into Google, you’ll notice a slew of Air Force units operating from dot-com domains rather than from USAF’s standard “af.mil” domain.

Let’s start at the top of the Google hits and do a whois on the dot-com domain for Seymour-Johnson AFB.  It reveals a private registration, yet a simple Freedom of Information Act request will tell us everything we wish to know.  A traceroute reveals a commercial ISP hosts this official Air Force website, and this fact raises an embarrassing question — how does AFCYBER protect this Force Support Squadron website from devastating cyber attacks?

Move down the list of Google hits and you find a commercial website for Hill AFB.  A whois reveals it belongs to the 75th Mission Support Group in building #460 on Hill AFB.  A traceroute reveals (you guessed it!) a commercial ISP hosts this official Air Force website.  Again I ask: how does AFCYBER protect this Mission Support Group from devastating cyber attacks?

Moving down the list of Google hits, we find an Air Force unit stationed half a world away at Misawa AB, Japan.  A whois reveals another private registration — the Air Force pays extra for that privilege — and yet a simple Freedom of Information Act request will tell us everything we wish to know.  A traceroute doesn’t give us exactly the details we want, but a quick check of the website’s IP address reveals it belongs to a commercial ISP.

Move down the list of Google hits and … well, you get the hint.

This forces us to ask a very serious question, folks.  If the Air Force (as they so claim) protects the Pentagon from millions of cyber attacks every day — then who protects all of these ISP-run Air Force websites?  The answer is “not the Air Force.”  And that’s embarrassing.

And it forces us to ask an embarrassing philosophical question.  If the Air Force hires ISPs to protect its own cyberspace, then why does the Pentagon need the Air Force to protect them?  Defense Secretary Robert Gates should simply farm it out to GoDaddy.com and be done with it…

USAF’s latest press release touts their 50,000th air sortie in Operation Noble Eagle — a mission flown right over my RV, coincidentally enough.

USAF logs its aircraft missions with extreme precision; we know this for a fact.  They can tell you exactly who flew exactly what type of mission for exactly what military operation on exactly what date at exactly what time for exactly how long in exactly which aircraft.  Want to know if a “tail swap” or a crew swap took place at the last minute?  Did the aircraft fly around restricted airspace or take on fuel from a tanker?  Don’t worry, USAF logged it.  They keep these records on file for decades.

USAF also logs its aircraft maintenance with extreme precision; we know this for a fact.  They can tell you exactly who performed an engine swap on exactly what date for exactly how long (!) on exactly which aircraft.  Want to know the serial numbers for the old & new engines?  Don’t worry, USAF logged it.  They keep these records on file for decades.

USAF logs its satellite missions and satellite maintenance with extreme precision, too.  They (should) also log every missile mission and missile maintenance with extreme precision.  Indeed, the Secretary of Defense fired USAF’s top brass for lapses of extreme precision in this realm.

USAF keeps detailed records even on things like a Predator ground station unit and a K-9 working dog.  If it’s a bona fide weapon system, USAF’s bureaucracy tracks it with extreme precision.

But on the day they flew that 50,000th Noble Eagle mission, USAF didn’t log very much at all about its cyberspace defense efforts.  They simply don’t know exactly who deleted exactly how many copies of exactly what virus from exactly which computer on exactly what date at exactly what base.

USAF uses Symantec antivirus software; we know this for a fact (although they insist this fact is for official use only).  Symantec’s antivirus product for Microsoft Vista — by default — only keeps its (very limited) log data for a very short time.  I’ll bet one day’s wage against Maj Gen William T. Lord that Air Force Cyberspace Command dismisses as transient data the very antivirus logs generated by the computers in his very office.

Mind you: USAF officially insists every desktop computer is a bona fide “weapon system” equal in stature to its fleets of air, space, and missile weapons.  Yet computers are the only weapon system they don’t care enough to document with extreme precision.

We can’t take the notion of a “cyberspace” mission seriously until USAF at least tracks its network & computer defense efforts with the extreme precision they demand for bona fide weapon systems.

---

Of course it begs the question — does USAF track cyberspace sorties with extreme precision?  Purely for the sake of argument, let’s suppose U.S. airmen helped Israel hack into Syria’s air defense system.  That would qualify in my book as at least one “sortie” in cyberspace.  If it’s a sortie, then:

1. Do those (highly classified) logs contain a record of exactly who flew exactly what type of mission for exactly what military operation on exactly what date at exactly what time for exactly how long on exactly which cyberspace weapon system?
2. Did a tail swap or a crew swap take place at the last minute?
3. Did the crew earn credit for their flying hours?
4. Did an interim country restrict its cyberspace, thereby forcing the crew to take an alternate route to the target?
5. If the nature of the mission required even the slightest modification to the weapon system, did the “digital wrench-turners” document it with extreme precision in that particular weapon system’s maintenance logs?
6. Will all of these logs remain on file for decades?

Let’s ask THE fundamental question, folks.  If USAF knows exactly how many air missions they’ve flown in Operation Noble Eagle … shouldn’t they also know exactly how many cyberspace missions they’ve flown in Operation Iraqi Freedom?

The council on Foreign Relations held a roundtable with Major General William T. Lord, the top digital pilot at Air Force Cyberspace Command. The press gave him some ink over the following quote:

“Perhaps we need a different kind of warrior in this domain. Today, all of our armed forces have a physical fitness test… Perhaps that’s not the right construct for these kinds of kids in the future… How do you attract the brains of some of this crowd that you might not want to wire up to a polygraph, but yet use their wonderful innovative ability. But they’re not the same kind of folks that perhaps you want to march to breakfast in the morning.”

It sounds like the general subscribes to a Hollywood version of hackers who’d be declared “4F” if not for their amazing criminal minds. This, my friends, is just one more thing I find wrong with today’s “cyberspace” leadership.

Lord wants you to think the Air Force only just started to look at hackers. Bah! When I enlisted as a “3C0X2″ (computer programmer) in 1982, I was surrounded by socially inept hackers with acceptable physical standards who started off the day with a can of soda back when coffee was the only acceptable morning beverage. Computer programmers were a unique species even back then, having been specifically trained at Tech School to ask “why?” whenever someone told them to do something a certain way.

And guys like me, who got to write software for NATO Intelligence? I assure you we were the weird ones in our crowd. We’d wear dickies with our fatigue uniforms just because NATO allowed it. If eight of us wanted lunch, we’d march all the way to the chow hall in formation just to screw with traffic. Naturally, our formations always crossed against the red lights.

And yes: we crashed that multimillion-dollar production NATO mainframe (twice!) to demonstrate a flaw deep within in its NSA-approved MLS OS.

As my career matured into the 1990s, I watched the same kids as me coming through the pipeline. They drank sodas in the morning just like I did and they couldn’t date a girl to save their life. They took great pride in messing around with the Air Force bureaucracy.

At the end of my career in 2003-07, I watched the new batch come through the pipeline and they’re exactly like the guys I hung out with. Sure: they can buy more toys than I grew up with, and they can type on a mobile phone almost as fast as I type on a keyboard, and they’ve racked up some “tent time” in the barren lands of Iraq & Afghanistan (just like I did). But deep down, they’re the same as always — a bunch of nerdy little dweebs who can look at the back of a malfunctioning Cisco router and instantly realize it has exceeded its bandwidth limit for serial plane zero … yet who turn into Forrest Gump whenever they bump into a cute female airman wearing pink lipstick.

Ignore General Lord and listen to me, folks. I have absolutely no doubt the Air Force will find the kids they need to wear a uniform. They’ve been putting kids like me into uniforms for decades! As for the hackers who can’t survive two months of basic training? Bah. Let them pick up a military contractor job with Microsoft or Symantec — if their rap sheets don’t stop them from getting a security clearance in the first place.

---

USAF RIGHT NOW is cluttered — dare I say “choked”? — with bureaucrats. Choked with people like General Lord who subscribe to the Hollywood view of what their troops should be. Choked with people like Captain Goza who don’t even know what “cyber” means. And then there are the worst of the bunch: people who drool at “cyber” as a means to pad their officer evaluations and civilian performance reports. They don’t have a clue how to bring it all together but hey, the Chief of Staff told them to stand up a cyber mission and they’re going to be the ones who get a Meritorious Service Medal for doing it!

I’ve bumped into heaven-knows-how-many idiots who claim they were the first ones to kick-start the Air Force cyberspace mission in some obscenely obscure fashion. “Well, not to brag, but I’m the guy that wrote that classified ‘just thinking outside the box’ email to JJ (that’s retired chief of staff John Jumper, back then just the commander of 9th Air Force) asking him why his folks were doing X instead of Y, and I’m happy to say that JJ wrote me back to say that was a great idea and he’d put one of his best light-birds right on it…”

The Air Force suffers from too many shallow thinkers in cyberspace. You can identify them by the way they answer a single question. “What does USAF mean by ‘sovereign options’ in cyberspace?” The shallow ones will start off with a bunch of hemming & hawing, followed by gobbledygook. “Well, you see, um, the Air Force cyberspace operations give us the ‘pointy end of the spear,’ helping us to synergistically complement and coalesce all kinetic and non-kinetic weapon systems at our disposal…” Try not to smirk when you identify them. It ruins the mood of the moment.

But when you do identify these people, I implore you to drive a knife into their egos. “That’s very interesting! You know, security critic Rob Rosenberger argues that USAF will all but lose its first cyberwar due to a fundamental flaw in its ‘sovereign options’ doctrine. What’s your opinion of that flaw?” Again, try not to smirk. It ruins the mood of the moment.

Mark my words. We’re going to pay life insurance for some people in uniform in a real cyberwar. We’re going to lose lives tomorrow thanks to today’s shallow self-serving bureaucrats — and if you recall my prediction from 2002, I said we’ll lose lives twice thanks to those very same self-serving bureaucrats. I want those bureaucrats to get out of the way so the real cyber warriors can reshape the Air Force.

“Okay Rob, who are the real cyber warriors and who are the fakes?” Excellent question. I’ll paraphrase George Carlin. If you’re in cyberspace and you feel like you’re part of the solution, then you may very well be part of the solution. But if you run around in public telling people “I’m in cyberspace and I’m part of the solution,” then you’re part of the problem. Get out of the way.