The following article is part of our cross-posting partnership with Information Dissemination’s Jon Solomon. It is republished here with the author’s permission. You can read it in its original form here.
By Jon Solomon
Future high-end maritime warfare tends to be described as the use of distributed, networked maritime sensors that ‘seamlessly’ cue the tactical actions of dispersed forces armed with standoff-range guided weapons. Most commentary regarding these ‘sensor-to-shooter’ networks has been based around their hypothesized performances under ‘perfect’ conditions: sensors that see all within their predicted fields of view, processors that unfailingly discriminate and classify targets correctly, communications pathways that reliably and securely transmit data between network nodes, and situational pictures that assuredly portray ground truth to combat decision-makers. While it is not unreasonable to start with such an idealized view in order to grasp these networks’ potential, it is misguided to end analysis there. Regrettably, it is not unusual to come across predictions implying that these networks will provide their operators with an unshakable and nearly-omniscient degree of situational awareness, or that the more tightly-networked a force becomes the more likely the geographic area it covers will become a graveyard for the enemy.
Although we implicitly understand networked maritime warfare relies upon the electromagnetic spectrum and cyberspace, for some reason we tend to overlook the fact that these partially-overlapping domains will be fiercely contested in any major conflict. It follows that we tend not to consider the effects of an adversary’s cyber warfare and Electronic Warfare (EW) when assessing proposed operating concepts and force networking architectures. Part of this stems from the fact that U.S. Navy forces engaged in actual combat over the past seventy years seldom faced severe EW opposition, and have never faced equivalent cyber attacks. Even so, as recently as the 1980s, the Navy’s forward deployed forces routinely operated within intensive EW environments. Though certain specific skill sets and capabilities were highly compartmentalized due to classification considerations, Cold War-era regular Navy units and battle groups were trained not only to fight-through an adversary’s electronic attacks but also to wield intricate EW methods of their own for deception and concealment.[i] The Navy’s EW (and now cyber warfare) prowess lives on within its nascent Information Dominance Corps, but this is not the same as having a broad majority of the overall force equipped and conditioned to operate in heavily contested cyber-electromagnetic warfare environments.
Any theory of how force networking should influence naval procurement, force structure, or doctrine is dangerously incomplete if it inadequately addresses the challenges posed by cyber-electromagnetic opposition. Accordingly, we need to understand whether cyber-electromagnetic warfare principles exist that can guide our debates about future maritime operating concepts.
This week I’ll be proposing several candidate principles that seem logical based on modern naval warfare systems’ and networks’ general characteristics. The resulting list should hardly be considered comprehensive, and is solely intended to stimulate debate. Needless to say, these candidates (and any others) will need to be subjected to rigorous testing within war games, campaign analyses, fleet exercises, and real world operations if they are to be validated as principles.
Candidate Principle #1: All Systems and Networks are Inherently Exploitable
It is a fact of nature, not to mention engineering, that notwithstanding their security features all complex systems (and especially the ‘systems of systems’ that constitute networks) inherently possess exploitable design vulnerabilities.[ii] Many vulnerabilities are relatively easy to identify and exploit, which conversely increases the chances a defender will uncover and then effectively mitigate them before an attacker can make best use of them. Others are buried deep within a system, which therefore makes them difficult for an adversary to discover let alone directly access. Still others, though perhaps more readily discernable, are only exploitable under very narrow circumstances or if significant resources are committed. It is entirely possible that notwithstanding its inherent vulnerabilities, a given system might survive an entire protracted conflict without being seriously exploited by an adversary. To confidently assume this ideal outcome would in fact occur, though, amounts to a high-stakes gamble at best and technologically unjustified hubris at worst. Instead, system architects and operators must assume that with enough time, an adversary will not only uncover a usable vulnerability but also develop a viable means of exploiting it if the anticipated spoils merit the requisite investments.
A handful of subtle design shortcomings may be enough to enable the blinding, distraction, or deception of a sensor system; disruption or penetration of network infrastructure systems; or manipulation of a Command and Control (C2) system’s situational picture. Systems can also be sabotaged, with ‘insider threats’ such as components received from compromised supply chains—not to mention actions by malevolent personnel—arguably being just as effective as remotely-launched attacks. For example, a successful inside-the-lifelines attack against the industrial controls of a shipboard auxiliary system might have the indirect effect of crippling any warfare systems that rely upon the former’s services. Cyber-electromagnetic indiscipline within one’s own forces might even be viewed as a particularly damaging, though not deliberately malicious, form of insider threat in which the inadequate ‘hygiene’ or ill-considered tactics of a single operator or maintainer can eviscerate an entire system’s or network’s security architecture.[iii]
Moreover, networking can allow an adversary to use their exploitation of a single, easily-overlooked system as a gateway for directly attacking important systems elsewhere, thereby negating the latter’s robust outward-facing cyber-electromagnetic defenses. Any proposed network connection into a system must be cynically viewed as a potential doorway for attack, even if its exploitation would seem to be incredibly difficult or costly to achieve.
This hardly means system developers must build a ‘brick wall’ behind every known vulnerability, if that were even feasible. Instead, a continuous process of searching for and examining potential vulnerabilities and exploits is necessary so that risks can be recognized and mitigation measures prioritized.[v] Operators, however, cannot take solace if told that the risks associated with every ‘critical’ vulnerability known at a given moment have been satisfactorily mitigated. There is simply no way to guarantee that undiscovered critical vulnerabilities do not exist, that all known ‘non-critical’ vulnerabilities’ characteristics are fully understood, that the mitigations are indeed sufficient, or that the remedies themselves do not spawn new vulnerabilities.
The next post in the series will investigate the fallacy of judging a force network’s combat viability by merely counting its number of nodes. We will also examine the challenges in classifying and identifying potential targets, and what that means for the employment of standoff-range weapons. Read Part Two here.
Jon Solomon is a Senior Systems and Technology Analyst at Systems Planning and Analysis, Inc. in Alexandria, VA. He can be reached at firstname.lastname@example.org. The views expressed herein are solely those of the author and are presented in his personal capacity on his own initiative. They do not reflect the official positions of Systems Planning and Analysis, Inc. and to the author’s knowledge do not reflect the policies or positions of the U.S. Department of Defense, any U.S. armed service, or any other U.S. Government agency. These views have not been coordinated with, and are not offered in the interest of, Systems Planning and Analysis, Inc. or any of its customers.
[i] Jonathan F. Solomon. “Defending the Fleet from China’s Anti-Ship Ballistic Missile: Naval Deception’s Roles in Sea-Based Missile Defense.” (master’s thesis, Georgetown University, 2011), 58-62.
[ii] Bruce Schneier. Secrets and Lies: Digital Security in a Networked World. (Indianapolis, IN: Wiley Publishing, 2004), 5-8.
[iii] For elaboration on the currently observed breadth and impacts of insufficient cyber discipline and hygiene, see 1. “FY12 Annual Report: Information Assurance (IA) and Interoperability (IOP).” (Washington, D.C.: Office of the Director, Operational Test and Evaluation (DOT&E), December 2012), 307-309; 2. “FY13 Annual Report: Information Assurance (IA) and Interoperability (IOP).” (Washington, D.C.: Office of the Director, Operational Test and Evaluation (DOT&E), January 2014), 330, 332-334.
[iv] For an excellent discussion of this and other vulnerability-related considerations from U.S. Navy senior leaders’ perspective, see Sydney J. Freedberg Jr. “Navy Battles Cyber Threats: Thumb Drives, Wireless Hacking, & China.” Breaking Defense, 04 April 2013, accessed 1/7/14, http://breakingdefense.com/2013/04/navy-cyber-threats-thumb-drives-wireless-hacking-china/
[v] Schneier, 288-303.