As a former infrastructure engineer in the INOSC for the USAF, I can tell you that this is the crux of military operations, period. I am also a former USAF NCO.

In the USAF the turf war is between the INOSC, DISA, and CITS. CITS owns the hardware on the boundaries which means for the INOSC to receive support, or funding for support, they must comply with CITS' TCTO (Time compliance technical orders - known as the CITS 'standard').

These things include what operating systems can be used on routers and switches, how they are to be configured, etc.

Yet it's DISA is who certifies the configuration and security standards of the devices and allows the networks to remain part of the USAF GIG.

The larger problem is that CITS' TCTO standards dont comply, or directly contradict with DISA standards. Hell, CITS standards mandate uses of operating systems for routers and switches that arent even supported by the vendor(s) anymore (or even downloadable from the vendors), and to top that, CITS doesnt even follow their own standards, but everyone else must. CITS still uses 10+ year old hardware on the boundaries and takes 3-6 months just to replace any defective hardware.

Not to mention that there is a culture within the USAF of promoting people beyond their potential. This infuses ignorance into operations and decision making, which breeds additional bureaucracy into already convoluted processes. Thats right - the ignorance of underqualified personnel in leadership positions breeds bureaucracy to compensate for deficiencies.

The USAF needs to start objectively hiring/promoting personnel based off of genuine qualification and merit, instead of politics and relationship.

They also need to start viewing IT as a service enabler - viewing IT as a way to empower business operations that provides a framework conducive to continuity and productivity, not control and draconian authority.

In effect, to borrow a statement from The Daily Show, the whole operation is nothing more than a Ponzi scheme of stupid.

The way things currently operate are at best, amateur.

As a culture, both corporate and military, it is obvious we have become heavily dependent on cybersystems for information, intelligence, C2, finances and many other critical infrastructure related items. If any of these goes down or is exploited, it could be absolutely catastrophic. We live in a time that a potential hacker could wreak havoc on, or even paralyze facets of our transportation infrastructure, financial institutions, or military networks. I would say that it is easier to negotiate hardware and software when compared to the interface of opinions and agendas behind human hardware.  This issue is pressing and really requires a straightforward and no nonsense approach to prioritization.  This is our National Defense we are talking about here...not some corporate merger or ability to have a group hug and get along right?  Culture within an organization as large as the Department of Defense is a hard thing to change quickly and this issue doesn’t have the luxury of time to wait.

The slant on this I can't ignore is that it is not just the Defense Department’s many agencies and interests that need aligning, but an unprecedented integration that incorporates ALL key Federal Agencies and associated response plans for cyberattacks on the military and our Nation as well. I believe the creation of the new Cyber Command under USSTRATCOM in just the past month or so is a move in the right direction to baseline our vision and goals and get us moving along, but is putting it under the already task-inundated NSA and not incorporating it as an integral branch to the National Coordinator for Cybersecurity really the best course of action? Isn't that a part of the vision behind why the position was created just recently in an effort to support National objectives? Wouldn’t a joint Civ-Mil approach to governing and implementation provide a more coordinated approach and vision for our potentially vulnerable systems? We require an effective umbrella for both military and Homeland Security versus leaving them two separate “corporate entities” that will continue to compete for budget, priorities, and vision.  Additionally, the separate branches of service are setting up and forming their own “stovepiped” cyber command entities as well to operate under the newly formed Cyber Command which seems to convolute things even more. Did we really change anything here?  Seems like instead of surgically dissecting the problem and fixing it empirically, we are convoluting it more with added layers that may impede a faster resolve for our protection. It is often harder to reach a clear endstate when multiple actors are ultimately levying for control, dollars, or importance--especially when culture is driving it.

It is no secret that non-state actors and other nations seek to infiltrate, defeat, exploit, or destroy our IT infrastructure. Modern asymmetric times have arrived and zeros and ones are now the virtual weapons that can hurt technology-reliant nations; unfortunately it appears the weakest link in our cybersystems may remain the human component in the near-term.

Our security both in the cyber and physical worlds is paramount to the protection of the aspects of the American way of life.  The U.S. government has understood and managed the physical security environment well, but in recent history with the advancements in technology, the need for cyber security has increased in importance.  The creation of the U.S. Cyber Command demonstrates that the Department of Defense (DoD) is taking steps to focus on the importance of the cyber security issues that affects the United States.  The U.S. Government is playing catch up with the advancing technologies in the cyber world.  There has not been a well coordinated unified approach among the U.S. Government organizations to the cyber threat that faces the U.S. today.  According to what I have read on the U.S. Cyber Command, it is designed to plan, coordinate and synchronize the DoD cyber activities.  This sounds like a duplication of efforts with the Information Operation commands in the DoD.  The Joint Information Operations Warfare Center is charged with the integration and employment of information operation assets to include computer network operations among DoD organizations.  The computer network operation organizations manage the DoD efforts regarding computer network attacks, defense and exploitation.  The creation of the U.S. Cyber Command sounds like a redundancy of effort in this area.  This redundancy or split effort addressing the same issues is part of the reason the U.S. hasn’t been able to keep up with the cyber threat that exist today.  Has the DoD created a new command to address the cyber issues when it already has the capability within the DoD and a simple reorganization could achieve the same results with the resources that exists today?

In recent days, PBS has mounted a series on CyberWarfare on the Lehrer Report.  Though former NSA Director Tom Hayden was highly constrained in his comments, some of them do cut to the bone.  As he did not say explicitly, but as may still be true, the Services will never operate "inside the decision loop" of hackers and cyber-war criminals of Eastern Europe, while they persist in searching for global solutions in the open environment of the Internet.  It ain't gonna happen.  If the Services expect to operate network-enabled, then they will likely need to embrace the expense and industrial base issues of operating their networks on a stand-alone basis, disconnected from the civilian Internet.  Clearly in an era of shrinking resources, that isn't going to come easily.  It may take a test strike by terrorists against the US banking system or power grids, to wake people up to reality. Open systems and cyber security are fundamentally in contradiction.