For Those Who Serve (Forgotten Troops)

In my office I have a plaque that Kenny Williams gave me when I decided to leave Joint Forces and move on to work with DISA.

From One Warrior to a Cyber Warrior

I see this almost every day, sometimes I am facing it for hours.    What does it mean? What does it mean to you?

What does it mean?

As I have stated in earlier posts, Ken for me is a personal living hero.  He is a man of honor and integrity, he is a man of purpose, and he is a true leader.   Most people talk about “the warfighter” and don’t know anything about war or service for that matter.   Ken doesn’t just talk about people in the field, he actively works to help them.   This year as shown in his dispatches from the field, he chose to go out and help them in person.   To me it is no different from a firefighter or a police officer or anyone else who serves our community and makes sacrifices for the GREATER GOOD of our country and our way of life.

It is a volunteer military but what would this country do if people didn’t volunteer?   These people are making a choice and a sacrifice.   In some cases they make the ultimate sacrifice.

I am responding to those of you who can’t deal with what Ken has been writing and to those of you that have told me that it is by choice that our service members are serving.  You are RIGHT!  It was their choice, and their choice made it so that you or your children or grand children aren’t sitting in a festering pit wondering what war they are fighting and why.

The common saying by service members is “I would rather fight the enemy on their land as opposed to ours.” The young men and women of our country are doing us a service and they deserve not only our respect but they deserve our support and our attention.

It is my personal responsibility as an American and as a person who recognizes that people are putting themselves in danger for ME and my family to do everything I can to recognize them and support them.

What does it mean to you?

I am sharing my plaque with you.  I can’t write a blog every week saying the same thing as you will either stop reading or ignore me.  This is reality.   What I can do is share with you this reminder,  copy the picture, print it do what you want but know that this plaque is for all of us.   This is what it really says to you.

You may not be a Marine, but the Marines love you.  They would give and have given everything to protect you and our way of life.   You don’t have to be there with them to help.   You can be where you are and lead/follow from where you are to help them.   Although this plaque says “Semper Fidelis”  the blade this plaque holds is not bound to one service .   Take a moment at some point everyday to remember that good people are working for and fighting for you today.   Find ways to stand up for them and protect them and remember them,  think about them because they are certainly thinking of you.

Final Thoughts

There are American troops in everywhere, if you are serving them in some way as a government employee or contractor don’t fail them.  Don’t make excuses either, excuses don’t stop bullets.   If you are a citizen, please take some time to think of them.  If you are service member, Thank You.

Dispatches from the Front: 29 July 2012

… From Ken

Friends,

In some of the return e-mails, several have asked I not include or discuss the “un-pleasantries of war” in my “Dispatches”.  To those kind souls, my advice is to simply delete all future e-mails from me.

Unfortunately, I am not in a pleasant place to accommodate such a request.  The truth often is not pretty.  It matters not how eloquently words are strung together, daily death and destruction is difficult to mask.  I will try harder, but there is little in the few local Afghan merchants, third world mess hall workers, the barren landscape with its’

oppressive heat, the three separate species of birds [(1) mourning dove;

(2) black and white winged starling; (3) small body sparrow], the mice and rats, that are available to write nice things about.  I promised myself to record what I have seen and not made-up fiction.  I have

always believed, “to thy own self be true”.

Your’ Marines, Soldiers, Sailors, Air Force, and Coast Guard, our coalition partners, and the civilians, both DoD and contractors are doing a terrific job with their tasks.  Never have I seen any of them appear weary in doing their duty.  They are the doers of good and doers of the right thing.  I have never seen them afraid or discouraged, only strong and courageous. Sure they bitch, but I remember the same grumbling heard during any deployment or any place I have ever worked or traveled.  It would worry me more if I heard nothing.  They all have and draw from an inner strength securely put in place before their arrival.

To each, it is different; as it should be.  A life lived is determined by circumstance, luck, timing and your beliefs.   Surely there are other qualifiers, but without the benefit of a glass or two of a fine ancient single malt whisky to stimulate the senses, those are enough.  For me my inner strength comes from my absolute belief in God and His Son Jesus.

I believe in Them as much as I believe there is a United States Marine Corps.  I make a sorry Christian but I learned early in life, “once you trust in the Lord, fear not what others can do unto you”. I was also taught that “a man’s true worth is what he has done to help others”.

Every day is a gift and you only are given so many.  How you consume each daily gift is totally up to you.  I promise you, a day does not pass without reflection on just how lucky I am to live in the day and time I do and to be blessed with the people I know and have known.

Sadly, I am confident my enemy believes in Allah as much as he believes in the Taliban. That is why I have to help and do all that I can to kill him.   Negotiations, peaceful resolutions, let’s meet and sing “kume bye aye” are for the diplomats and politicians.  God bless their work.  A warrior’s work requires a more direct solution.  I never liked it years back when I first read it, but now fully understand, “From the ashes of the vanquished, the victor is able to build unencumbered”.

Unfortunately, we will not see victory in Afghanistan.  Also, the last I checked, we are not here to make Afghanistan the 51st state.

Counterinsurgency warfare or “COIN” operations is our current strategy.

Winning the hearts and minds of the people is a good thing.  I am from the old school and new techniques come hard to me, especially when a “time line” is put in place and when reached; you declare “success” and leave. COIN will indeed work as long as the people you have “won over” feel protected and free from retribution of evil.  I simply do not believe the Afghanistan military and police will be able to maintain good order and discipline throughout this miserable country once we and our coalition partners depart. My opinion and my opinion alone, their success will be short lived and “good order and discipline” is not going to happen. The evil that awaits the Afghan military, police and peoples still exists and patiently waits.  My advice if asked by the Afghan military or their government would be simply what I was taught as a young Marine officer; successful warfare requires the identification of the enemy, massing all available weapons and firepower and then close with and destroy them. I would also recommend they concentrate their remaining time and efforts on mastering all fire support weapons and the ability to deliver accurate artillery and mortar fires whenever and wherever needed. I would include close air support (CAS) but Afghan air force does not exist.

You cannot blame the Taliban for their tactics.  Even our forefathers shot from behind trees and harassed the British and with deadly accuracy.  When combined with determination, luck and tenacity they overcame the odds of winning against the mightiest military of that time.  The IED is the Taliban’s tree.  And yes there are volumes written on what really caused the Colonial victory.  However, I bet you, not facing a superior force on the grounds of their choosing, army against army, will be mentioned as a factor.

Daily routine has settled.  I am up at 0330 and complete the causality report by 0700.  If there are no US KIA’s, I decree that day as a good day. The report covers from midnight to midnight the day prior.

Unfortunately, someone has died every day for 41 days since I started this task.  Whether US, Coalition, Afghan military, police, innocent civilians; someone has been killed due to this war.  Compared to the bombing of London, Dresden, Tokyo of wars past, civilian causalities are very small.  But to the family of the one killed, it is as tragic as it was back during any time period.  The enemy also pays a toll.  I read and write those reports too.  I hate to say it, with each EKIA, the same glee that comes from catching, rolling and then crushing a Tsetse fly stirs within the black chamber of my heart.  May the Lord forgive me.

For those who have never hunted in Africa: The Tsetse fly has a harden exoskeleton that when he bites you and you slap him as you would a mosquito; once your hand is removed, it flies away to bite again.

The rest of my day 2200+ is crunching data sent in from the outlying US and coalition commanders concerning their assessment of the Afghanistan military’s and police’s ability to maintain good order and discipline.

Make no mistake; it was 46 partner nations who took from the Taliban their position and influence in this country.  Those nations are the same ones who trained and supplied the Afghan security forces.  These newly trained units are holding their own in the “cat and mouse” campaign being conducted by the insurgents.  I have observed, as soon as the “mouse” is recognized as a “rat”, the “cat” extends its lethal claws and calls in coalition fire support to neutralize the threat. The “rat” is quickly terminated but most often sent back into its hole.  For those times, congratulations abound and medals issued. Once close air support and effective artillery have been taken out of the equation, it is easy to predict the future as well as outcome.  The Afghan military and police may now own the nice shiny watch given to them by the coalition partners. Unfortunately, we all know, it is the Taliban who owns the time.

Oh look!!! There goes a little mouse scampering across the floor with a bit of cracker!  Isn’t he cute?  I will name him Marroof.  What else do you want to know about that mouse?

Semper Fidelis,

Ken

CJTF-1, ID, CJ5 Assessments

Task Force Defender

Bagram Air Field, Afghanistan

APO, AE 09354

“It boiled down to courage and tenacity”: My “Inbox Interview” with Howard Cohen, Community Manager at DISA Forge.mil and Technologist by Chris Maher

I was interviewed a few weeks back by Chris Maher on Linkedin.  The topic was concerning “Trusted Computing”  and ramblings on security.

CM: Howard, as you know, I quoted you at the 2011 NSA Trusted Computing Conference & Exposition: “Well.. I believe in Americans. I believe that when we see various challenges that we individually step up and out to deal with them. We have put your faith and trust in leadership and leadership has been pounded with more work than they can handle (yes, I am being nice). That being said, it is up to us individually to lead where we are. We must individually work to change our own behavior and look to influence others by leading from where we are. If I am a Janitor, then I look for ways to be efficient in cleaning and thrifty in spending for supplies, or find ways to reuse supplies. If you are an Executive Assistant, find ways to make a difference in the office. If you are a Technical Strategist, teach everyone everything you know about Service Orientation and Trusted Computing and technical reuse models. It doesn’t matter who you are, it matters what you do. Our jobs do not define us holistically. In recent days I have seen civilian leaders (you know who you are) step up to the plate and take risks in order to share their ideas on how to create a more effective and efficient acquisition solutions. It isn’t only up to them. We will find more success together by working to change these behaviors and tackling the challenges we can see one person and one problem at a time…” (SOURCE):https://cohenovate.wordpress.com/category/howard-cohen/

It’s a great quote for a variety of reasons. That said, I want to focus on your awareness of and experiences with Trusted Computing. How you were first introduced to Trusted Computing?

Chris,  Thank you very for clearly understanding and articulating the message of “leading from where we are.”  I have been working for the Department of Defense for close to a decade now, before that I worked at a school division and the commercial industry.  I have worked for Joint Forces Command, Joint Staff and now DISA.   I started hearing about Trusted Computing while working at the school division, if anyone is going to break your system it will be the kids.  I learned a great deal about system hardening as I entered the world of military architectures at J8.   I started at US Joint Forces Command by using security technical implementation guides (STIGs) as we call them.   Prior to that I was using non-military oriented technologies like hard drive sheriff, deep freeze, bootable cd os (barts PE), stuff like that. 
And, in your estimation, why does Trusted Computing matter? Why is it important?
In enterprise computing you want to be able to leverage standards. We need the ability to look at metrics and we need to understand what “expected behavior” is.  In other words, we need to be able to know when something is not working right.   So you need standards so that experts can be on the same page and understand what they are looking for as “normal” as opposed to seeing something that “interesting” , if everyone is doing their own thing at the enterprise it makes it very complicated to know what the heck is going on.   You have “shadow IT” that will compromise the integrity of the network simply because it exists.   When working in an enterprise users and operators need to trust that mechanisms are in place to protect them.  I can go on about this but the bottom line is that to know if something is wrong you need to establish that something is right.  I believe that is why Trusted Computing is important. 

CM: As you may know, Richard Stallman once rebranded Trusted Computing (TC) as “Treacherous Computing” which made a neutral set of technologies out to be a threat to open computing and/or our civil liberties. Stallman conflated Microsoft’s Palladium effort with the word of then TCPA. Ever since, TC has been dogged by the adjective “controversial.” For me, TC (including self-encrypting drives) actually protects my civil liberties by arming me, the digital citizen, with technologies that can defend my information from any intruder… including an intrusive government. But that’s just my opinion. How do you assess the intersection of Trusted Computing and civil liberties.

As long as there are people involved in computing, there are going to be hackers.   As long as we are at war with others, there will be people who will look to harm us in the real world or through technology.  Sure you are sharing the standards but I would say process and method are two different things.  In other words, you may have common technological frameworks and standards but how enterprise strategists think about and employ these technologies are different.   For example, I know of an organization that uses two layers of username and password and additionally requires a common access card, all of which are standardized.   The practice is abnormal but if a technologist was brought in to help solve a problem once he or she understood the architecture and because they are using standardized technologies and platforms they can help solve the problem.   I equate it to having a human in the loop.  People are your greatest protection mechanism as well as your greatest threat.   In terms of civil liberties, I think we have some problems with the law more than technology.  We don’t have a right to privacy, it isn’t guaranteed by the constitution and that means corporations and people are free to snoop around our business.  When that gets into information gathering and data aggregation it poses a much bigger problem than just technical mechanisms to protect our data.  It is more about what information did your city just put out about you and your home value, stuff like that.  So, in other words I am not sure that Trusted Computing makes a difference here unless we are just talking about me protecting my local hard drive.

CM: Much noise is made by IT professionals about the difficulties of using TC, specifically going into the BIOS and having to turn on TPMs. And it must be said that there has not been the development of many applications that leverage TPMs. In your experience, is Trusted Computing too hard to implement?
I have seen full disk encryption at the corporate level and while working with the government.  I have not seen BIOS based modules employed and I don’t have personal experience with BIOS based secure computing.  As I mentioned earlier, while working at the school division we used a device call hdd sheriff and some technology out of Israel to perform persistent drive management and encryption.   This was over 10 years ago too but the concepts have been around for a long time.   There aren’t a lot of commercial options that I have seen at the application level that use TPM’s but I think there is value there depending upon the requirement.   This is all about balance.  Risk is the key.  How much is this going to cost you?  What are the implications?   If I am working in the financial sector, I want as much technology as I can to protect my information.  The same could be said for the medical industry, I haven’t figured that one out yet but I am sure there is a good reason.  

CM: It’s been my contention that government MUST take the lead in adopting and recommending Trusted Computing. In this regard, I’ve been heartened by the NSA’s (more or less) full-throated endorsement of TC and by the CESG’s recommendation in favor its use. Further, as you may know, NIST 800-155 (in draft form) has recommended (or will recommend) the use of a hardware root of trust as a foundation for BIOS Integrity metrics. Still, it seems like .gov and .mil domains have been quite slow to fully adopt these open standards and technologies. In your view, what’s the state of play re: TC adoption within our government?
This is about cost of implementation and ability to implement.  In other words, as long as there are programs that are “Programs of Record” with Title 10 authority, essentially meaning that they can control their own technical destiny there won’t be adoption unless it becomes part of the culture.  For example, while working for Joint Forces Command I stood up one of if not the first accredited virtual infrastructure.   Most people were getting rejected at the time because hardening didn’t exist aside from the vendor best practices.   Information Assurance folks were afraid to take the risk, although it could mean millions in savings.   It boiled down to courage and tenacity.   The government leadership I worked with and for championed the idea and helped me bring people together by supporting our teams ideas.   It took many briefs and I think I have stock in some chocolate company now as well to get people to believe that there was value in virtualizing the infrastructure.   I know that sounds funny now because so many have adopted virtual technologies.   Here is the kicker though, today even though virtualization has proven to be of great value there are many government programs that haven’t virtualized and / or won’t go because of requirements and title 10 authorities.  CM: A great deal of academic and industry research has focused on the value of TC when it comes to authenticating users in a cloud-computing context…as well as using TC to protect user’s data in the cloud from the “insider threat.” Speaking specifically about the cloud-computing context, how important do you think TC technologies (TPMs) and protocols are as enablers?

As I started working on enterprise computing concepts and strategies, I started to see a trend.  Thomas Erl talks about this in his service oriented architecture books but it has to do with understanding dependency.  Cloud computing may increase risk.  Notice I say “may” instead of will, the reason is that every enterprise situation and IT ecosystem is different, remember earlier when I was referring to process and method being two different things.   Regardless of the situation organizations will have dependencies, for example you need communication services to connect to the Internet.  As you increase services and connectivity requirements it is likely that you introduce more dependency.
The cloud really refers to “off premise” services. These services are interconnected enterprise services that go beyond an organizations local physical infrastructure.   This is very important to realize because it means that hardware and IT resources are still potentially under trusted controls of an organization which of course then leads to leveraging organizational standards etc.   

The difference is that when you have a dependency on a “cloud provider” that is outside of your organization you build dependencies in which you may lose control over the IT resources.  As you give up autonomy or operational governance, you become more reliant on legal remedies.  In other words, SLA’s or Service Level Agreements become critical to the organization.   This relates to Trusted Computing in a lot of ways, for example a service provider may need to employ certain (TPM’s) prior to an agreement of use.  This increases the cost to service providers and also may limit choices as to what service providers’ organizations can use.  An example is that Amazon offers Federal services with enhanced security.  I am not advocating for any service provider, I am simply saying that as cloud services increase, the costs of these services will increase and the demands of security and stability increase.   In the grand scheme of things it wasn’t that long ago that most folks were on dial-up, it was $9.95 to $19.95, today most people pay $40.00 for Internet services not including the extra services they pay for while on the Internet.  As these costs increase, it pushes the price of everything up, simple economics.  Trusted Computing in the cloud is costly, but organizations when moving to the cloud will need to absorb these costs.  

My key point is that we can’t rely on technology alone.  Technology as it is today can be overcome by the human brain.  That being said, we still must put barriers in place to slow down attackers enough so that we can identify in some manner that our information is being attacked.   It is the difference between having a lock on the door and adding a security system.   Some people would say that adding a security system adds no value or is a waste of time.  I think as we continue to build technological solutions to thwart attackers or secure the enterprise, we strongly need to consider how we can keep “a human in the loop” and have people involved in watching the various stores.   As we move forward with these kinds of discussions we truly need to consider people, process, methods and finally tools which in my mind is where a lot of the Trusted Computing area currently addresses.  

Happy 4th of July (SPECIAL DISPATCHES FROM THE FIELD)

Today is the 4th of July.   What does it mean to you?  Joni Douglas writes “Do we ever reflect on the hardship and terror that the early Americans must have lived through day after day? Do we truly understand the hopes and dreams that lay secretly hidden away in the hearts of the people back then?”

I appreciate our past, it is what defines who we are and what we will be.  Americans as a whole, are smart, bold, brave, courageous, tolerant and most of all… AMERICANS.  Meaning when times are tough we pull together and we take care of each other.   We have a long history of thinking on our feet and challenging oppression.  We are people as one but independent, we are a tapestry that is tied together by the concept that we are all created equal and that we have unalienable rights Life, Liberty and the Pursuit of Happiness.  

Freedom isn’t free and our rights that we as a people have declared through our “Declaration of Independence” come at a cost.  As an American, I served in the US Navy and frankly I was too young at the time to really understand these concepts.  As I have become older, I have learned that how truly lucky we are to live and be part of this nation.   What is unfortunate and clear is that we are distracted by entertainment and we aren’t paying attention to the wars that we are fighting RIGHT NOW today.

If you didn’t know, I will share this with you, we are constantly under attack.  Right now while you are potentially firing up your grill to make some dogs, men and women are working to protect us on every shore including our virtual borders (cyber).

THANK YOU to our service members.

What I am about to share with you is very special.  This comes from a man that I personally consider a living hero and true patriot. This is message that he sent me today July 4th, 2012 from Bagram, Afghanistan.   As long as he is sending me notes and allows me to post them, they will appear here on my blog.

Thank you Ken Williams!

“Dispatches from the Front:4 July 2012.”

They are provided to give you a bit of insight into what is happening in this hostile land.  It is hard to imagine that in ancient history, Bagram, Afghanistan was once the primary crossroads between the civilizations of India, East Asia, Central Asia, the Middle East and thence Europe.  Today, Bagram is the crossroads to hell.

Dispatches from the Front: 4 July 2012

Happy 4th of July and I wish for you and your family only the very best this world has to offer.

Today is a regular work day here.  That is fine by me for there is no Dairy Queen to cruise and there is much to be done.

This dispatch is to inform you on the strategic objectives of Regional Command – East (RC-E) and a few personal observations.  The following information is unclassified.

There are five operations objectives.

1.            Accelerate the Afghanistan National Security Force (ANSF)

capacity and the transfer of lead security responsibility to the ANSF.

2.            Improve security by, with, and through the ANSF.

3.            Support the Government of the Islamic Republic of Afghanistan

(GIRoA) in the development of sub-national institutions, civil service capacities, Rule of Law, and Socio-Economic Development initiatives and programs across the Coalition Joint Operating Area-Afghanistan (CJOA-A) and synchronize their efforts to support security objectives.

4.            Inform and influence the Afghan populace.

5.            Reset the Theater.

There is a Classified Campaign Plan that lays out what needs to be done.

It reads as a “tall order” from anyone’s perspective.  However, as I review the nightly situation reports, I am seeing the Afghanistan National Army (ANA) do more and more and they are successfully taking the fight to the enemy.  This may be out of necessity for I am sure the Taliban are eagerly awaiting our withdrawal.  We all realize that history is written by the victors, but honestly, the ANA is doing well.

There are still many hurdles to cross and acceptance of different ways

of doing business by both the CJTF and ANA.   I cannot state any

stronger, the real test of their effectiveness will be measured when there are no coalition forces in country available to  provide efficient and lethal support when needed.  I worry also about long term sustainment.

A real surprise to me is the obvious absence of the Afghanistan Mission Network here in RC-E.  It must be in Kabul and used by the International Joint Commission and ISAF HQ for it surely is not being used here.  The primary means of C2 by the commander of RC-E and his subordinate commanders is CENTRIXS ISAF at the SECRET level.  As I become more recognized in the JOC, I will find out for sure if the AMN extends here.

Personal observations:  Since the very beginning of my career, and now as I have grown old with white hair, one thing has always remained constant; the men and women of the U.S. military are our greatest National treasure.  What gives me hope is knowing they are a microcosm of our society proving the majority of our U.S society is still solid.

As hard as the liberal media tries, they have never been capable of tarnishing the trust most U.S citizens has in our men and women in uniform.  As long as Soldiers, Sailors, Airmen, Marines and Coast Guard men and women continue to display unbridled strength, ethics, morality, integrity, courage, duty, and honor, I fear not what the politics of this world brings forth. But I do fear that our politicians have lost sight of what it takes to keep this Nation secure in the freedoms so precious to all of us.  They are the ones who in my opinion have lost sight of their duty.  They should try to remember as Gen. R.E. Lee once said, “Do your duty in all things. You cannot to do more.  You should never do less.”

Sheets arrived yesterday and were immediately installed.  This morning I realized they do make a difference in the comfort of your rack.  Life is great!!

At 0900 local yesterday, I attended my second “Fallen Hero” ceremony.

This time it was a civilian killed in his bed asleep when his luck ran out.  A rocket attack on a different forward operating base (FOB), south of Bagram, ended his life.  Whether the man was a contractor or a GS, he was given the same respect and honors as given to a fallen military person.  I am not ashamed to say that tears once again fell down my face as the open HUMVEE carried him slowly pass me.  The stars of his flag seemed larger and the strips wider and brighter as the sun bore down on

us.   This time there were 5 musicians and I recognized one of the songs

as, “Amazing Grace”.  You are left humbled once the Sergeant Major dismisses the formation.  It is then you realize, “only for the grace of God, go I.”

Later, at 2000 local, I attended my third “Fallen Hero” ceremony for a young soldier killed in action against the enemy.  The moon was positioned perfectly over the center of the awaiting C-130.  It was full which made the bare mountains surrounding us more ominous and they seemed closer.  The wind during this time of year, at night, is constant and blows up to 20+ mph.  The color guard struggled to keep the flags under control.  Honors were rendered.  Silent tears fell as one more soldier was taken from the field of honor and sent on his way home to Arlington.

Semper Fidelis,

Ken

CJTF-1, ID, CJ5 Assessments

Task Force Defender

Bagram Air Field, Afghanistan

APO, AE 09354