US must prioritize cybersecurity training for the military’s engineers

[rangerrebew]

US must prioritize cybersecurity training for the military’s engineers
The Defense Department faces a startling capability gap.
By
Alison King
,
Annie Fixler
and
Rear Adm. (Ret.) Mark Montgomery

March 13, 2025
 
The Trump administration begins under the shadow of a series of consequential Chinese cyber hacks targeting U.S. critical infrastructure. While incoming officials grapple with long-standing failures to deter China and other adversaries from launching cyberattacks on the U.S. homeland, the Department of Defense (DOD) faces a startling capability gap: The civilian and military professionals responsible for protecting the same type of assets that China compromised receive inadequate training in recognizing, defending against, and recovering from malicious state-sponsored cyber activity. There is no institutional home for this vital training.

The U.S. military maintains an extensive global footprint, with 800 installations spanning more than 70 countries and territories. Public and private utilities own and operate the power lines, water pipes, and fiber optic cables that supply these bases. Yet once those systems cross the fence line onto military facilities, the U.S. military is responsible for ensuring their safe and reliable operation and restoration during an attack.

The problem is many of the professionals tasked with maintaining these critical systems might not recognize a cyberattack for what it is because they’ve received no specified training. They often see an operational disruption, assume it is just a system malfunction, and move quickly to restore systems, potentially wiping out the forensics data that cyber professionals need to discern how an attacker got in and disrupted the system.

Without a dedicated forensic investigation, engineers who respond to the symptoms of an attack may simply revert the system back to the same vulnerable state that the attacker exploited in the first place. Crucial intelligence clues about the attack’s provenance and intent will be lost.

https://defensescoop.com/2025/03/13/prioritize-cybersecurity-training-military-engineers/

[DefiantMassRINO]

Cybersecurity consists of multiple concentric rings of deterence, detection, and diagnosis.

If an attacker get to a system, the IT organization lacks sufficient paranoia to do an effective job.

Many IT managers are focused on meeting deadlines and budgets, specifically for the CIO's / CTO's latest new shiny toys.  Things that add time and cost, including quality assurance and security, are to be avoided.

No manager ever gets credit, a bonus, or a promotion for the resolving the cyberattack that never happened because of great security.

Paranoia is a cyber security analyst's best friend.  Nobody wants to admit that their systems are vulnerable.  Everyone wants to feel like they are doing a great job.

It's best to bring in vetted, outside white-hat hackers to challenge your infrastructure, systems, technicians, and management.  The outside, vetted white-hat hackers will not be subject to organizational blindness.

It's amazing how many compromising things that shouldn't happen, actually can.

Myself and a system admin found a gaping hole in a security vendor's product was manipulated, by accident, to allow someone to login to System A as root (admin/god) only to find themselves on System B (which they had not even connected to) logged in as root.  In no sane, logical universe should that be able to happen, but it did.

A vendor's security product opened a 'worm hole' to other unintended systems.  We were astounded, because that is they type of exploit black-hat hackers dream of.  I would have never intentionally thought of that attack vector because it was so illogical.  This is an example of my logical blindness. An outside, vetted white-hat hacker would have been more likely seek and find this vulnerability on purpose.  We only found it by accident of luck.