at suntrust, we help you manage your money at home. and make it easy when you're away. and where ever you go, atm fees won't follow.

get back to what really matters switch to suntrust checking today suntrust. live solid, bank solid. good morning. welcome to "this week in defense news." i'm vago muradian. how can the u.s. military enjoy the benefits of social media but also ensure the safety of its computer network? and we'll look at how a remarkable new book is teaching junior officers the vital complexities of counterinsurgency warfare. first, few tools proven better to society in general than cyberspace. modern networks handle intelligence, operate unmanned vehicles and more.

they also constitute an enormous vulnerability, coming under attacks daily from foreign governments, criminals, terrorists and private individuals. our next guest says there needs to be sweeping change that includes new international laws and redefine roles for government, industry and the public. he was once the chief information officer for the intelligence community and now the vice president and general manager of cyber and information assurance for the harris corporation. dale, welcome to the show. >> thank you. >> you have a very different view as to what the problem is. you're saying it's not really a security problem but a national problem. can you explain that? >> absolutely. cyberspace underpins virtually every segment of our society, whether you get money from an atm, whether it controls flood gaits of dams, transportation systems, medical records. etc. >> the entire power grid? >> yes. the united states military uses it for critical military operations. and so cyberspace has become the new language of interaction

in virtual space. >> so why do you say that it's not a security problem but a national one? when people get focused on cybersecurity? >> the purpose of cyberspace is to accomplish someone, deliver value in some way. the business of protecting it or securing it is how you make it efficient and effective. you don't necessarily build cyberspace just to secure it. the analogy is something like a canary in a mine. canary being the security piece, the mine being something to mind. you don't build the mine to give the canary a job. >> how is the cybersecurity danger greater than most recognize? >> i believe it is, for all kinds of reasons but primarily because it blurs traditional rules and definitions. for instance, every person that touches cyberspace is a user or consumer, a victim, a threat and an attacker all at the same time. irrespective of what their

intent is. >> what is the best way then to think about the problem before you start to tackle it? >> first of all i think that all the issues in cyberspace mirror many of the other national discussions that we're having. what is the rule of government? what responsibilities should industry have and what accountability does our citizenry have? again, the fact that it is borderless blurs all the lines of traditional definition. >> how well organized is the u.s. government? and will governments in general, when it comes to trying to tackle the problem rit large? >> you will find pockets of excellence and they are very good. there's a modicum of capability across the board because in fact we daily fight all kinds of attacks. for instance, the pentagon takes two million attacks a day in stride and continues to deliver capability and do its job. but there's no uniformity with regards to standards.

with regards to expectations, with regards to law enforcement, with regards to legislation and such. >> the obama administration has made it -- well, obama entering office said that cybersecurity and cyber will be a priority of his. we're still waiting for sort of the national czar to be appointed on that. do we need entirely new different legal tools, forensic tools, jurisdictional tools to deal with what is actually a transnational problem? when you and i talked earlier you said that the robbery is something we know how to deal with. what do we need to put in place to deal with this new kind of crime? >> i agree that we need to approach this holistically in lots of ways. having the right kind of legislation which recognizes what rights are in cyberspace i think is very important. again, you alluded to the analogy that your house gets broken into, not oath you, the police, the courts, the judicial system, all knows how

to handle that, your computer gets broken into, no surgeon jurisprudes -- no such jurisprudence, jurisdiction or ideaen how to solve the problem exists. >> it even gets down to trying to find the person who did it. generally you say the attacker originated from russia or china or elsewhere. >> right. but in my experience of the last several decades of working in networks, where the attack appeared to have come from never has been where it actually came from. in cyberspace you usually try and hide who you are when you're trying to doing something surreptitious or nefarious. >> what are some of the tactics and strategies used by cyberattackers? there's an analogy, when you said that everybody is an attacker or user all simultaneously. what are some tactics and strategies that they are using? >> for instance, an attacker, whether it be a criminal, extremist or nation state, attempts to use either lily

pads or robots, that's where you get the term "bot" from of computer for doing things. so they will be pastors and aliases and all kinds of things that they will use as tactics which may be surround and attack an intended target from different angles. but the curious thing about that is, is that no attacker knows perfectly how the network is set up or how peoples computers are configured. while they may get their intended target they also may get thousands of other unintended targets and cybercollateral damage. >> that is a huge number of people. >> it's huge number of people, falling in that category. that's why you have to be k5eu68. when you hear the first reports that say 60,000 computers attacked something, may only be two or three people using thousands of computers when then appear in thousands of other computers in creating that attack. >> there was that --

somebody was arrested as i recall, controlling 66 million computers which is staggering web you think about it. >> the thing to think about cyber, sometimes big numbers, while they are mind boggling are really kind of meaningless because if you think with b the speed of light and speed of cyberspace the numbers again generated very quickly. it's not necessarily numbers. it's effectiveness. >> we have 30 seconds left -- how soon before there are bots and viruses that are inserted into the system to destroy hardware, not just incapacitate it or get information? >> i think those already exist again, oftentimes we mistake the effects for being equipment malfunction. and oftentimes you don't find out until subsequently later whether that was an attack, equipment malfunction or whatever. how it gets manifested is what makes it so confusing. back to my point, it blurs

traditional definitions. >> dale, thank you very much for joining us. coming up, balancing the benefits of social networks against the military risks.

few technologies allowed people to connect with one another more than facebook and twitter. and with many mooning deployments they are -- among deployments they are popular. but there's questions in the pentagon on whether they hurt security. senior officials like the new navy secretary and chairman of the joint chiefs of staff tweet regularly as a leadership and motivational tool. last month the pentagon launched a study on whether to ban or limit the media on the networks. mike carpenter is here, senior vice president at macafee, one of the leading computer security companies. welcome to the show. >> thank you. >> how do you make the tools

safe enough for the military to embrace? >> banning the tools is a very difficult thing to do, right? the access through the port 80, within a technology environment, in order to block it you would have to, not just block the specific protocols but actually shut down port 80 which is internet access. the idea of actually banning it is something i don't think can be done. i think there will be individuals, users will find ways around it, whether it be through their cell phone or whether through other internet access points. >> is that the biggest message you would like the pentagon to bear in mind as it goes through this review process? >> i think the biggest message is, is that security is built to empower businesses, government entities, to leverage technologies for leadership, for communication. and banning technology is getting in the way of -- of what security companies like to do, is to provide security that

would enable your entity to leverage tweeting our social networks or facebooks, or technology that can empower and help organizations communicate. >> for folks who are in the field and trying to communicate with their families, obviously that is a big hit. there were sailors who had their access restricted and had expressed frustration. the pentagon, however, is very divided when it d o tomes to what to do about this. how do you make sense of it gimp there's so many -- given there's so many different positions within the pentagon? >> for the moaft part when i look at the pentagon's answer to security and i look at the department of defense's overall answer of security whether it be individual enclave or combat and command community i believe they take security more importantly and they do a much better job than a lot of the other verticals that exist across the u.s. or even across the world. i think it's a world-class

organization that has done a gut jod of setting policy. >> by verticals you mean other businesses or industries? >> yes. whether it be finance or automotive or high-tech. i think they did a great job of setting policy and then enforcing the measures. i think it's a similar answer that needs to be taken. i think the way the pentagon and defendant of defense should be looking at social network and media is how can we embrace it? how can we set policies and then measure them? the tools they've acquired, the tools they will acquire in the future have the capability of measuring the conat the present time, measuring the leakage of potential content they don't want leaving their environment. and policies can be enforced, what is appropriate to send over twitter or to tweet in a given environment or given social network. >> it's actually shifting away from good old fashioned security to just enforcing discipline as to what it is you discuss and what pictures you post and what you don't. >> i think it is good old-fashioned security. i think security is not about

stopping, it's about empowering. it's about enforcing compliance and setting policies and saying what can i do and what can i not do? how you can we leverage security and technologies? otherwise left unchecked it would be dangerous? the administration is in the process of developing a macrostrategy when it comes to cyber. is there a challenge with the pentagon sort of moving out forward to try to do this? until that grander administration and national strategy is set? >> absolutely. i think you have to. i don't think you can sit. or stand still. there's a lot of people tweeting normally. there's a lot of social networking sites that can be very dangerous. i don't think we can wait for the administration to act. we've been waiting a long time for the cyberczar to be chosen. there's a lot of conversation, they are standing up now, in cybercommand. these things take time when trying to boil the ocean.

you are changed in the way that government handles security. until that time i believe the enclaves need to stand up, the pentagon needs to stand up and start taking direction on policy, setting policy and enforcing policy. >> what else is coming down the pike by way of social media that will complicate the situation? there's always new technology. >> i think the normal advancement of people getting more comfortable using twitter. the capability of watching it over encristed networks. how do you stop it? if there's a ban on it how do you stop it? somebody can log on and use twitter and would have no idea what they are actually doing, what they are logging on. i think what we need to do as a defense community is to take hold of the powerful technology and these powerful web sites and set policies on what you can and can't do. i think that needs to happen now. so that individual i.t. infrastructures and i.t. personnel can help leverage the

technologies that exist today that can measure the content and find what should and shouldn't be going out based on the policies that exist across the community. >> thank you very much for joining us. >> thank you. what is one of the most complefer doctor clever ways the army is improving its counterinsurgency skills? find out. fiber one. i'm looking for some fiber.

this bar is an excellent source of fiber. there's no fiber in this. tastes too good. there is fiber. [ chuckle ] no. i can't taste the fiber in this chocolate. they have 35% of your daily value.

hmm. oh, samples. hmm. autobahn. wackenschdol. fiber one chewy bars. cardboard no. delicious yes. more than a century ago a british army captain wrote an innovative book on insurgency tactics, lessons that revealed

themselves. the same battle is fought over and over again until it's final right. that book helped britain fight other irregular wars maintaining its empire. fast forward to the aqir war, two u.s. army officers wrote a similairbook. "the defen of jazir redoaa." a ou cghulndtf maomer inmantcoually assesses new situations to shape necessary outcomes. here to talk about this new book is major mark barkwart. welcome to the show. i want to say all the proceeds go to the fisher house, a very worthy charity. >> it does, correct. >> most captains don't write books like this. why did you write it? >> at the time it was me and a friend of mine. he was at the time a observer/controller and er/control evaluating units that were about to go to iraq. at the time i was a company

commander and third id in fort stewart. we were both talking on a daily basis. he was talking about some units more prepared than others. i had just gotten a group of new lieutenants. i was trying to figure out a way to teach them how to do counterinsurgency. i remember we had read the book "the defense of duffer's drift" as lieutenants. through a series of six dreams, at the end of it he learns how to fight the mission correctly. we figured it was a good backdrop to be able to develop a lesson for counterinsurgency. that is how we kind of came up with the idea and created the new book. >> in hindsight, how well prepared were you before you were deployed to iraq in you suth errgsurger ntin 2005 and surge. rg e.su >> 2007. >> we deployed in 2005, january. we std tearusing the lessons we

had .re before.ewocadeuls i woacd bntk weac b for thrgsun ie,e 2005 there were a lot of lessons we learned while out there. but in 2007 when we went back to the surge the army had already created the coin academy, counterinsurgency academy and required all leaders to go to the academy and understand the strategy all the way down to the tactical levels of counterinsurgency so. the army was doing an incredible job at changing its focus in a matter of a few years. and implementing institutions, armywide including in iraq itself to prepare officers for come -- woman -- combat. >> how is it the army, one of the things that comes through, it appears the unforgotten rules of war that everyone in the army is taught the minute they enter service. >> our ennt it with the ntbos k to focus on the fundamentals. you can find them in different books. with counterinsurgency after the release of f-324 which is

the counterinsurgency manual we thought there were a lot of goods books on counterinsurgency but no small easy-to-read book that grabbed just some of the key points. we didn't feel there was a good gateway, it was kind of open discussion so we figured if we wrote an easy narrative like this we could reinforce the lessons learned. a lot of them are the same. you'll see in the first couple of dreams we talk about fundamentals of defense which is the same fundamentals that was in "the defense of duffer's drift" which is also include in the book. we expanded on that. >> what is the feedback been from the field? as well as -- from the field as well as from the army school system on this? >> it's been very positive. from the field itself we've had a number of officers that have written to us and told us it

served great, again, in an opening of the discussion. it's a great training tool for someone to read before, when they start implementing the counterinsurgency lessons into their training plan it's a great tool to start it off. also from the schoolhouse, we have a friend of ours that is one of the professors there that is actually included in one of his syllabuses at west point for, i think seniors. so we've had a lot of positive feedback but the most important, or the most exciting feedback has been from nonmilitary people. when we first wrote it, it was a pdf file on line and gathered a lot of steam. so some people helpeds get it published. since then nonmilitary people have been reading it and say it's a great tool to understand what is going on in iraq. we see the news but it's hard for us to imagine day-to-day what exactly is happening and why is it so difficult? that opens that up for people, nonmilitary people to get a grasp of what we're encountering out there. >> it also bridges the

dramatic change from the two times you deployed from learning on the job to going in with a far better, smarter plan. >> right. the army overall, it's a great learning institution. ever since, after vietnam and you had the drawdown of forces and all volunteer force that came into play and then the senior and junior leaders at the time really focused on developing an institution that was focused on learning. that was one of the greatest things i think the army has to offer. and we create -- the army created the center for -- call center, a center for army lessons learned. and we recycle a lot of those lessons. so what the army has done has been absolutely impressive to change the focus from a high intensey conflict from the good morning intensity conflict in the beginning of 2000, 2001 to a counterinsurgency fight over the last two years. >> thank you very much for joining us. >> thank you. coming up in my notebook, why the administration should encourage the military to

participate in charity events. b@

b@ oh, hi! welcome back to progressive.com! how's that car insurance? great! just bought a house... and you just heard progressive offers homeowner's insurance. yeah! i also heard i could save a bundle -- because progressive already insures your car. yeah, and i like -- one-stop shopping! right. i know! anything else i should know? yes -- make sure you stay away from shag carpeting. getting your auto and home insurance all in one place -- now that's progressive. call or click today.

few realize how heavily america's military depends on charity. when the two navy hospital ships why at sail they carried supplies or eye glasses from charities. contributions also covered goods for wounded warriors, housed family members visiting while hospitalized or scholarships of those killed in action. a bad economy means charitable contributions are sharply down and fundraising tough for another reason. the obama administration ethics rules and how they are being interpreted are making fundraising harder by dissuading officials from participating in charity events. it's -- some officials are skipping such events entirely, wary of the complex process. if officials solicit the

donations over whom they hold sway that's wrong but supporting causes that are good for the families and the nation are not. thank you for joining us for "this week in defense news." you can watch this program on line at defensenewstv.com. i'll be back sunday morning at 11:00. have a great week. hey buddy, i appreciate the ride, you know. no problem. ♪ mind if i take a shortcut? yeah, sure. ♪ i knew the subaru legacy was the smart choice... what i didn't expect... was the fun. the all-new subaru legacy. feel the love.