Category Archives: Future Tech

What is coming down the pipe in naval and maritime technology?

Hyper-Converged Networks and Artificial Intelligence: Fighting at Machine Speed

By Travis Howard

Lieutenant Stacey Alto sits in the Joint Intelligence Center aboard the Wasp-class Amphibious Assault ship USS ESSEX (LHD 2). As the Force Intelligence Watch Officer (FIWO), her job is to absorb relevant information related to current and future operations of the Essex Amphibious Ready Group, as well as the general intelligence within the operating theater. Her zero-client, virtual desktop environment (VDE) 6-panel display at her watch station allows her a single-pane-of-glass into Unclassified, Secret, Top Secret, and Coalition enclaves through the Consolidated Afloat Networking and Enterprise Services (CANES) network.

One of her watch standers, an Intelligence Specialist Second Class, approaches her desk with new information from the Joint Operations Center (JOC), the nerve center of ARG operations, announcing new orders from the fleet commander to enter the Gulf of Oman, which represents a shift in operating theater from their current position in the Arabian Sea.

Stacey goes to work immediately, enlisting the help of two Intelligence Specialists and one of the Information Systems Technicians standing watch in the Ship’s Signal Exploitation Space (SSES). She queries the onboard widget carousel on her CANES SECRET terminal. Using a combination of mouse, keyboard, and touchscreen, she pulls together several ready-made widgets and snaps them into place, each taking advantage of a pool of “big data” information stored on the ship’s carry-on Distributed Common Ground System-Navy (DCGS-N) and off-ship sources from the intelligence cloud. Her development work gets passed to the next watch team, as they set the application’s variables for data parsing, consolidating inputs, and terrain mapping to put together a relevant, real-time intelligence picture.

By the time Stacey returns to her watch station almost 24 hours later, the IT personnel in SSES have put the new application through the automated cybersecurity testing process and have released it to the onboard “app store,” which Stacey can now install on her virtualized, thin-client desktop within seconds. She calls the JOC, the Marine Landing Force Operations Center (LFOC), and the ship’s Combat Information Center (CIC) announcing the system’s readiness with separate logins at the appropriate classification level for each watch station. By the time ESSEX enters the Gulf of Oman, the application has mapped adversarial positions and capabilities, pulled from several disparate databases afloat and ashore, all at varying levels of classification necessary for operational planning throughout the ship.

Building a More Maneuverable Network Afloat

The above scenario is almost a reality, representing several emergent advances in network technology and application portability (the “mobility” factor) that the Navy will soon capitalize on: a hardware and network-layer software architecture known as hyper converged infrastructure (HCI). The performance and cost efficiencies realized by this architecture will pave the way for disruptive changes to how we maneuver the network across the entire spectrum of operations: as a business system, as a decision support system, and as a warfighting platform.

Hyper-convergence is the integration of several hardware devices through a hypervisor, which acts as an intermediary and resource broker between software and hardware. Independent IT components are no longer siloed but combined, simplifying the entire infrastructure and improving speed and agility of the virtual network.1 The advantages of HCI seem obvious, but the real disruptive effect is how we can build upon it. The opening scenario describes on-demand application development at the tactical edge. This is achievable through HCI efficiency and another emerging network process known as Agile Core Services (ACS), a joint software development initiative being built into several programs throughout the Navy and Air Force, and one that CANES (as the afloat and maritime operations center network provider) is leveraging.

Hyper-Convergence in Network Hardware combines storage and processing power into a single appliance for simplified management, faster deployment, and could even lower acquisition costs ( Helixstorm.com)

ACS allows applications to use a common mix of services at the platform level, reducing cost and time of development but also forcing all applications to “speak the same language.” All that is needed to make on-demand, tactical application delivery a reality is a framework for plug-ins that takes advantage of big data we already have aboard ships and available at both the operational and tactical levels of war.

Previous articles in the United States Naval Institute’s magazine Proceedings have argued for thin-client solutions aboard warships,2 leveraging the CANES network program to ultimately achieve network efficiency that can remove “fat clients” (standard computer desktops) from the architecture to be replaced by thin or zero-clients (user workstation nodes with virtualized desktops and no onboard storage or input devices beyond keyboard and mouse). Removing clients from the equation eases the burden on shipboard technicians, consolidates the information security posture, and overall presents a more efficient network management picture through smart automation that makes better use of available manpower. HCI is the architecture solution that will eventually enable a full-scale, afloat, thin-client solution.

Hyperconverged.org is a website dedicated to delivering the message of advantages that HCI can bring,3 and lists ten compelling advantages that HCI brings to any IT infrastructure, to include:

  • Focus on software-defined data centers to allow faster software modernization and more agile vulnerability patching
  • Use of commercial off the shelf (COTS) commodity hardware that provides failure avoidance without the additional costs
  • Centralized systems and management
  • Enhanced agility in network management, automation, virtualization of operating systems, and shared resources across a common resource manager (such as hypervisor)
  • Improved scalability and efficiency
  • Potentially lower costs (caveat: in the commercial sector this may be truer than in the government sector, but smart contract competitions and vendor choices can drive down costs for the government as well)
  • Consolidated data protection through improved backup and recovery options, more efficient resource utilization, and faster network management tools

The advantages of HCI are numerous, and represent the true next step in IT architecture that will enable future software capabilities. How can we, as warfighters, take advantage of this emerging technology? It cannot be overstated that our current processes for procuring and delivering software-based services and capabilities must be revamped to keep pace with industry and take advantage of the speed and agility that HCI brings.

Faster, More Efficient Application Development is the Next Step

In our current hardware development methodology, programs of record within the Department of Defense (DoD) have little difficulty determining a clear modernization path that fits within the cost, schedule, and performance constraints outlined by the DoD acquisition framework. However, software development is an entirely different story, and is no longer agile enough to suit our needs. If we can iterate hardware infrastructure at near the speed of industry, then software and application development becomes the pacing function that we must address before we can realize the opening scenario of this essay.

The key term when discussing the speed of system development is agility, defined by the Massachusetts Institute of Technology (MIT) as “the speed of operations within an organization and speed in responding to customers…or reduced cycle times.”4 The federal government, DoD in particular, has been struggling with acquisition reform for some time, and with the signing of the National Defense Authorization Act in fiscal year 2010, Congress placed renewed emphasis on the need to transform the acquisition process for information technology. Several programmatic changes to acquisition helped (such as the approval of the “IT Box” programmatic framework in the joint requirements process), but the agility of software development and modernization remains challenged. Ensuring proper testing and evaluation (T&E) methodology, bureaucratic approval processes to ensure affordability, joint interoperability testing, and lengthy proof-in testing are just some of the processes facing software applications prior to gaining approval for full-rate production and fielding to the warfighter.

Matthew Kennedy and Lieutenant Colonel Dan Ward (U.S. Air Force), in a 2012 article for Defense Acquisition University, argued for agility in system development by discussing flaws in the current “agile software development” model.5 Developed in the early 2000s, this model is not as agile as the name would imply, and still defines requirements to be developed in advance, which doesn’t leave room for innovation or rapid, iterative changes to keep pace with the speed of industry. Exciting initiatives are being fielded in the commercial sector, such as cloud-based development and learning models, and mobility technology that many of the services would use to great effect. Innovative prototyping of disruptive technology at the service or component level of DoD, such as the now-disbanded Chief of Naval Operation’s Rapid Innovation Cell (CRIC), proved that there are operational advantages to emerging tech such as wearable mobile devices, if only we could “turn a tighter circle” within our acquisition framework and work with agility to field newer and better versions to the force.

Thankfully, we don’t have to reinvent the wheel when implementing a more agile software development framework; we must take lessons from industry and apply them to the unique needs of each of the DoD components. This may be easier said than done, but Kennedy and Ward, and indeed likely many other acquisition professionals and scholars, would agree that it is entirely possible if leadership demanded it, and the policies, procedures, and resourcing followed suit to support it. Kennedy and Ward offered a common set of software and business aspect practices to support agile practices that would allow a predictable, faster software refresh cycle (not just patches, but cumulative updates) to ensure software remains agile and relevant to the warfighter. Using small teams for incremental development, lean initiatives to shorten timelines, and continuous user involvement with co-located teams are just some of the practices offered.6

Improving our software development and modernization framework to be even more agile than it is now is necessary considering the recent industry shift to software-as-a-service and cloud-based business models. No longer will software versions be deliberate releases, but rather iterative updates such as Microsoft’s “current branch for business” (CBB) model. With this model, Microsoft envisions that Windows 10 could be the last “version” of Windows to be released, which will then be built upon in future “service pack-like” updates every 12-18 months. Organizations that do not update their operating systems to the latest CBB will be left behind with unsupported versions. Not only does such a change demand a rapid speed-to-force update solution for DoD, but it represents a disruptive process change that will ultimately allow us to reach the opening scenario’s on-demand tactical application process, leveraging big data in a way that units at the tactical edge have never done before – and in a way that may never have been imagined by the system’s original developers.

Hyper-convergence infrastructure, together with agility-based application development and modernization, represents a near-term possibility that will enable true innovation at the tactical level of war and put the power of information superiority into the hands of the warfighter. While re-developing the acquisition framework to achieve this may be difficult, it is entirely possible and, many would say, necessary if DoD is to keep pace with emerging threats, take advantage of emerging technology and innovation, and ultimately retain its status as the best equipped and trained force the world has ever known.

Artificial Intelligence: The Next AEGIS Combat System

Now let’s imagine another scenario. USS LYNDON B. JOHNSON (DDG 1002), last of the Zumwalt-class destroyer line and used primarily to test emergent technology prototypes in real-world scenarios, slips silently through the South China Sea in the dead of night. She is the first ship in the U.S. Navy to possess Nelson, a recursively-improving artificial intelligence (RIAI). Utilizing an HCI supercomputer core, Nelson acts as an integrator for the various shipboard combat systems in a similar concept to today’s AEGIS Combat System, except much faster and with machine-speed environmental adaption.

American relations with China have broken down, resulting in a shooting war in the South China Sea that threatens to spill into the Pacific proper, and eventually reach Hawaii. In an effort to change the dynamic, DDG-1002 forward deploys in stealth to collect intelligence on enemy force disposition and, if the opportunity presents itself, offer a first-strike capability to the U.S. Pacific Command. JOHNSON is spotted by a surface action group of three Chinese destroyers, who take immediate action by firing a salvo of anti-ship cruise missiles followed by surface gunnery fire once in range.

At the voice command of the Tactical Action Officer, Nelson goes to work, taking control of the ship’s self-defense system and prioritizing targets in a similar fashion to Aegis, only much faster, while constantly providing voice feedback on system readiness, target status, and battle damage assessments through the internal battle circuit, essentially acting as a member of the CIC team. Nelson’s adaptability as an AI allows it to evolve its tactical recommendations based on the environment and the sensory input from the ship’s 3D and 2D radars, intelligence feeds, and even the voice reports over the battle circuit. Compiling the tactical picture on a large display in CIC, Nelson simultaneously responds to threats against the ship while providing a fused battle management display to the Captain and Tactical Action Officer. The RIAI does much to lift the fog of war, and automates enough of the ship’s defensive and information-gathering functions to allow the humans to focus on tactically employing the ship to stop the threat rather than reacting to it.

While hyper-convergence, coupled with agile and rapidly-developed software innovation, is the emerging technology, recursively-improving artificial intelligence is the ultimate disruptive technology in the near to medium-term and represents the giant leap forward that many research and development efforts are striving towards. AI has often been relegated to the work of science fiction, and while many futurists see it as the inevitable “singularity” to happen as soon as the mid-21st century, it has not quite gained acceptance in the mainstream technical community. What must be focused on from a warfighter’s perspective is the near-term (within the next 30-50 years) prospects of advances in quantum computing, neural networks, robotics, nanotechnology, and hyper-convergence. These advances could put us on a path towards artificial intelligence within the lifetime of generations currently serving or about to serve in the armed forces.

The debate over whether recursively self-improving artificial intelligence is possible continues,5 with some theorists stating that such an AI cannot be achieved because intelligence could be “upper bounded” in a way that transcends processor speed, available memory, and sensor resolution improvements. Others suggest that intelligence “is the ability to find patterns in data”7 and that, regardless of the more fringe theories surrounding AI, transhumanism, and the ontological discussions of the singularity, “a sub-human level system capable of self-improvement can’t be excluded.”8  It is the sub-human AI, capable of adapting to changing data patterns, that makes a combat system AI an exciting near-future prospect. 

Conclusion

This article presented two hypothetical scenarios. In the near-term, a Navy watchstander takes advantage of a hyper-converged infrastructure network environment onboard a U.S. Navy warship to rapidly develop a tactical application to take advantage of disparate databases and cloud data resources, ultimately producing a battle management aid for the ship’s next mission. This scenario took advantage of two emerging technological concepts: hyper-convergence in hardware infrastructure, a reality some major defense acquisition programs such as the Navy’s CANES has already resourced and on-track to field in the coming years, and agile software development in defense acquisition, which is a conceptual framework that must be developed to ensure more rapid and innovative software capabilities are delivered to the force.

The funding for these technological advances must remain stable to deliver HCI to our operating forces as a hardware baseline for future development, and policy makers must continue to find efficiencies in IT acquisition that lead to agile software development to really take advantage of the efficiencies HCI brings. Additionally, DoD IT leaders must think critically and dynamically about how future software updates will be tested and fielded rapidly; our current lengthy testing and evaluation cycle is no longer compatible with either the speed of industry’s vulnerability patching, a fluid content upgrade schedule, or the pace of adversarial threats.

The second scenario describes a near-future incorporation of recursively-improving artificial intelligence within a combat system, which builds upon hyper converged hardware and recursively improving software to deliver a warfighting platform that can defend itself more rapidly and learn from its tactical situation. The simple fact is that technology is changing at a pace no one dared dream as early as 20 years ago, and if we don’t build it, our adversaries will. A recent (2016) article in Reuters, and reported in other media outlets, showcases the People Republic of China’s (PRC) desire to build AI-integrated weapons,9 citing Wang Changqing of China Aerospace and Industry Corp with saying “our future cruise missiles will have a very high level of artificial intelligence and automation.” DoD must adapt its processes to keep pace and remain the world’s leader in incorporating emerging and disruptive technology into its warfighting systems.

Travis Howard is an active duty U.S. Naval Officer assigned to the staff of the Chief of Naval Operations in Washington D.C. He holds advanced degrees and certifications in cybersecurity policy and business administration, and has over 16 years of enlisted and commissioned experience in surface warfare and Navy information systems. The views expressed here are solely those of the author and do not necessarily reflect those of the Department of the Navy, Department of Defense, or the United States Government.

References

1. Scott Morris. “Putting The ‘Hyper’ Into Convergence.” NetworkWorld Asia 12.2 (2015): 44. 28 Jan 2017.

2. Travis Howard, LT, USN. “’The Next Generation’ of Afloat Networking.” Proceedings Magazine, Mar 2015, Vol. 141/3/1,345

3. Hyperconverged.org. “Ten Things Hyperconverged Can Do For You: Leveraging the Benefits of Hyperconverged Infrastructure.” Retrieved Feb 2 2017, http://www.hyperconverged.org/10-things-hyperconvergence-can-do/

4. Matthew Kennedy & Lt Col Dan Ward. “Inserting Agility In System Development.” Defense Acquisition Research Journal: A Publication Of The Defense Acquisition University 19.3 (2012): 249-264. 4 Feb 2017.

5. Ibid

6. Ibid

7. Roman Yampolskiy. “From Seed AI to Technological Singularity via Recursively Self-Improving Software.” Cornell University Library. arXiv:1502.06512 [cs.AI]. 23 Feb 2015.

8. Ibid

9. Ben Blanchard. “China eyes artificial intelligence for new cruise missiles.” Reuters, World News. 19 Aug 2016, http://www.reuters.com/article/us-china-defence-missiles-idUSKCN10U0EM

Featured Image: Electronic Warfare Specialist 2nd Class Sarah Lanoo from South Bend, Ind., operates a Naval Tactical Data System (NTDS) console in the Combat Direction Center (CDC) aboard the USS Abraham Lincoln as it conducts combat operations in support of Operation Southern Watch. (U.S. Navy photo by Photographer’s Mate 3rd Class Patricia Totemeier)

The Threat, Defense, and Control of Cyber Warfare

NAFAC Week

By Lin Yang Kang

The Internet has grown phenomenally since the 1990s and currently has about 3.5 billion users who make up 47 percent of the world population.1 Out of the 201 countries surveyed, 38 percent have a penetration rate of at least 80 percent of its population.2 The ubiquity and reliance on cyberspace to improve the efficiency and capability of government, military, and civilian sectors lead to the Internet of Things (IOT) for day-to-day operations and in this pervasiveness of the use of Internet lies the potential for devastating cyber-attacks.

This paper seeks to discuss the crippling effects and dangers of cyber-attacks and outline the defensive responses against and control of cyber warfare.

The lethality, and hence appeal of cyber warfare, lies in its asymmetric3 and stealthy nature. Little resource, such as teams of experienced hackers, is required to render a disproportional amount of devastating damage to the core and day-to-day operations of both the government as well as the military. Unlike conventional warfare where a military build-up and transportation of resources are tell-tale signs of preparation, cyber-attacks can be conducted without warning. In this regard, it is akin to covert operations, such as the use of Special Forces or submarines, with added advantage of not exposing soldiers to the risk of harm. Coupled with the inherent difficulty in pinpointing attribution,4 subjects of a cyber-attack are left with the choice of either doing nothing except to try to recover or to retaliate against the suspected attacker without concrete proof and lose moral high ground, neither of which is optimal.

An example of a well-coordinated attack demonstrating the covert nature of cyber warfare occurred in 2007 when the Estonian government and government-related web-services were disabled.5 Though no physical damage was inflicted, it created widespread disruption for Estonian citizens. While Russia was the suspected perpetrator, it was never proven or acknowledged. In 2010, it was discovered that Iranian nuclear centrifuges that are responsible for enriching uranium gas had been infected and crippled by a malware, codenamed “Stuxnet.”This successful insertion of this malware effectively set the Iranian nuclear program back for a few years and demonstrated an effective and non-attributable way7 to pressurize if not exert will without the use of military might as it achieved what the United Nations Security Council (UNSC) had hitherto failed to do, i.e., curtail the development of nuclear weapons by Iran.

The above examples illustrate the potential damage of small-scale and limited cyber-attacks. Extrapolating from these examples, it is conceivable that the damage from a successful large-scale cyber-attack on a well-connected country that relies heavily on IOT can range from disruption of essential services, crippling confusion and even operational paralysis of both government and the military. For the government, a cyber-attack across every essential means and aspects of daily living including but not limited to destruction of financial data, records and transactions, forms of travel, communication means, and national power grid create chaos and confusion resulting in psychological shock that will in turn sap the will and resilience of the citizens. For the military, the irony is that the more modern and advanced a military is with its concomitant reliance on technology and network centric warfare, the more vulnerable it is to a potential cyber Pearl Harbor attack that will render its technological superiority over its adversary impotent. Given the symbiotic relation between the government and the military, a successful simultaneous cyber-attack on both government and the military can achieve Sun Tze’s axiom that the supreme art of war is to subdue the enemy without fighting.

Given its unique nature and unmatched demonstrated potential for lethality, it is understandable the attractiveness of cyber warfare as an instrument of choice for all players, both state and non-state actors and even individuals. As with all other forms of warfare, the need for defense against should be proportional to the threat. It is a game of cat and mouse,8 where hackers seek to find security vulnerabilities while defenders attempt to patch them up as soon as they are exploited and redirect the attackers to digital traps, preventing them from obtaining crucial information or cause damages. Specialized cyber warfare military branches have been formed in many countries, and extensive cyber defensive measures and contingency plans are being developed by government, military, and civil sectors of states. Through inter-cooperation, potential attacks could be resolved in the shortest time possible and minimize disruption, while preventing future attacks. As the world begins to witness the increasing use of cyber warfare as a weapon, cyber-attacks may not be as easy to conduct as before as states that understand the lethality of such attacks seek to safeguard their nation.9

Beyond defense at the national level, there is a lack of well-defined norms on the rules of cyber warfare as the international law community is still interpreting how current law of war can apply to cyber warfare. Recently, Tallinn Manual 2.0 was published by NATO’s Cooperative Cyber Defence Centre of Excellence (CCDOE) and is to date the most detailed study of how existing international laws can govern cyber operations.10 However, it currently serves as a reference and is non-binding. It is crucial for nations to iron out the rules for cyber warfare together and abide by it, ensuring that it will not affect the lives of civilians and minimize potential damages to non-military installations by cyber-attacks and cyber warfare.

Cyber warfare is a real and growing threat which has the potential to create disruption that the world has yet to witness. As nations become even more reliant on cyberspace as it ventures into automation and smart cities, they need to invest adequately in cyber defense and ensure that this new frontier is well-guarded. Apart from dealing with it domestically, on an international level, rules of cyber warfare need to be clarified and be abided by the international community to safeguard civilians. Cyber warfare may be threatening, but if the international community abides by clarified rules of cyber warfare and has sufficient cyber defensive measures established, the potential devastation caused by cyber-attacks could be minimized.

Yang Kang is a naval officer from the Republic of Singapore and a freshman at the Nanyang Technological University (NTU) in Singapore currently studying Electrical and Electronics Engineering. Before attending NTU, Yang Kang underwent midshipman training in Midshipman Wing, Officer Cadet School of the Singapore Armed Forces and was appointed Midshipman Engineering Commanding Officer during the Advanced Naval Term, his final phase of training.

Bibliography

Barker, Colin. “Hackers and defenders continue cybersecurity game of cat and mouse.” ZDNet. February 04, 2016. Accessed March 28, 2017. http://www.zdnet.com/article/hackers-and-defenders-continue-cyber-security-game-of-cat-and-mouse/.

Davis, Joshua. “Hackers Take Down the Most Wired Country in Europe.” Wired. August 21, 2007. Accessed March 21, 2017. https://www.wired.com/2007/08/ff-estonia/.

Geers, Kenneth. Strategic cyber security. Tallinn: NATO Cooperative Cyber Defence Centre of Excellence, 2011.

Zetter, Kim. “An Unprecedented Look at Stuxnet, the World’s First Digital Weapon.” Wired. November 03, 2014. Accessed March 21, 2017. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.

“Cyber Warfare Integral Part of Modern Politics, New Analysis Reaffirms.” NATO Cooperative Cyber Defence Centre of Excellence. December 01, 2015. Accessed March 15, 2017. https://ccdcoe.org/cyber-warfare-integral-part-modern-politics-new-analysis-reaffirms.html.

“Global Cybersecurity Index & Cyberwellness Profiles Report.” April 2015. Accessed March 23, 2017. https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-SECU-2015-PDF-E.pdf.

“NATO presents the Tallinn Manual 2.0 on International Law Applicable to cyberspace.” Security Affairs. February 05, 2017. Accessed March 25, 2017. http://securityaffairs.co/wordpress/56004/cyber-warfare-2/nato-tallinn-manual-2-0.html.

“Internet Users by Country (2016).” Internet Users by Country (2016) – Internet Live Stats. Accessed March 20, 2017. http://www.internetlivestats.com/internet-users-by-country/.

“Internet Users.” Number of Internet Users (2016) – Internet Live Stats. Accessed March 20, 2017. http://www.internetlivestats.com/internet-users/.

“The Asymmetric Nature of Cyber Warfare.” USNI News. February 05, 2013. Accessed March 20, 2017. https://news.usni.org/2012/10/14/asymmetric-nature-cyber-warfare.

“The Attribution Problem in Cyber Attacks.” InfoSec Resources. July 19, 2013. Accessed March 25, 2017. http://resources.infosecinstitute.com/attribution-problem-in-cyber-attacks/#gref.

1. “Internet Users.” Number of Internet Users (2016) – Internet Live Stats. Accessed March 20, 2017. http://www.internetlivestats.com/internet-users/.

2. “Internet Users by Country (2016).” Internet Users by Country (2016) – Internet Live Stats. Accessed March 20, 2017. http://www.internetlivestats.com/internet-users-by-country/.

3. “The Asymmetric Nature of Cyber Warfare.” USNI News. February 05, 2013. Accessed March 20, 2017. https://news.usni.org/2012/10/14/asymmetric-nature-cyber-warfare.

4. “The Attribution Problem in Cyber Attacks.” InfoSec Resources. July 19, 2013. Accessed March 25, 2017. http://resources.infosecinstitute.com/attribution-problem-in-cyber-attacks/#gref.

5. Davis, Joshua. “Hackers Take Down the Most Wired Country in Europe.” Wired. August 21, 2007. Accessed March 21, 2017. https://www.wired.com/2007/08/ff-estonia/.

6. Zetter, Kim. “An Unprecedented Look at Stuxnet, the World’s First Digital Weapon.” Wired. November 03, 2014. Accessed March 21, 2017. https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.

7. The United States and Israel were allegedly responsible for this cyber attacked but as with the Estonian example, it was never proven or acknowledged.

8. Barker, Colin. “Hackers and defenders continue cybersecurity game of cat and mouse.” ZDNet. February 04, 2016. Accessed March 28, 2017. http://www.zdnet.com/article/hackers-and-defenders-continue-cyber-security-game-of-cat-and-mouse/.

9. “Global Cybersecurity Index & Cyberwellness Profiles Report.” April 2015. Accessed March 23, 2017. https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-SECU-2015-PDF-E.pdf.

10. “NATO presents the Tallinn Manual 2.0 on International Law Applicable to cyberspace.” Security Affairs. February 05, 2017. Accessed March 25, 2017. http://securityaffairs.co/wordpress/56004/cyber-warfare-2/nato-tallinn-manual-2-0.html.

Featured Image: U.S. sailors assigned to Navy Cyber Defense Operations Command man their stations at Joint Expeditionary Base Little Creek-Fort Story, Va., Aug. 4, 2010. NCDOC sailors monitor, analyze, detect and respond to unauthorized activity within U.S. Navy information systems and computer networks. (U.S. Navy photo by Petty Officer 2nd Class Joshua J. Wahl)  

NAFAC: The 4th Battle for the Atlantic and Technology’s Impact on Warfighting

By Sally DeBoer

For the past fifty-six years, the United States Naval Academy has hosted the Naval Academy Foreign Affairs Conference (NAFAC). NAFAC, planned and executed by the midshipmen themselves, brings together outstanding undergraduate delegates as well as notable speakers, scholars, and subject matter experts from around the nation and the world to discuss a current and relevant international relations issue. The theme for this year’s conference, A New Era of Great Power Competition?, seeks to explore the shifting dynamics of the international system, challenges to a U.S. – led world order, the nature of potential future conflicts, the challenge of proto-peer competitors and rising  as well as what steps the U.S. might take to remain the primary arbiter of the international system at large. As this topic is of great interest to CIMSEC’s readership, we are proud to partner with NAFAC in this, their 57th year, to bring you a series of real-time posts from the day’s events in Annapolis, MD. CIMSEC would like to recognize MIDN 1/C Charlotte Asdal, NAFAC Director, and her staff for allowing us to participate in this year’s events and for inviting our readership to virtually share in the week’s rich academic environment.

Robert H. McKinney Address – Vice Admiral James Foggo, III, Director, Navy Staff and Former Commander 6th Fleet

“The greatest leaders must be educated broadly.” – Gen. George Olmstead

Vice Admiral James Foggo III addressed midshipmen and delegates Thursday morning, the last day of the NAFAC conference. The address, bolstered by personal anecdotes, videos, and photographs from the Navy Staff Director and former 6th Fleet Commander, largely addressed the question of great power competition from the perspective of the United States’ relationship with the Russian Federation. The admiral’s address familiarized the audience with recent history and current operations within the Mediterranean, Arctic, Baltic and beyond, informing the day’s discussion on the evolution of great power competition in the coming decades.

What Makes a Great Power?

To begin, VADM Foggo was careful to define the terms used in answering the question: Are we in a new era of great power competition? The admiral expressed confidence that the United States remains the greatest nation in the world, providing exposition on what makes the United States a great power.  Great powers, he explained, go beyond the sum of their people, economic, or military strength to offer ideas, opportunity, and leadership, using their power to affect change for the world’s weakest and most vulnerable populations. Russia, he went on to conclude, is not by this definition a great power – their “sum” qualifies the Federation as a major power, but their actions, primarily enacted in self-interest, disqualify them from great power status.  Understanding this distinction is crucial.

The 4th Battle for the Atlantic

VADM Foggo provided helpful historical context for the historical relationship between the Soviet Union/Russian Federation and the United States. The First Battle for the Atlantic, he explained, occurred during the course of World War One, while the Second, where the United States and her allies defeated axis powers relentless undersea tactics with “grit, resolution, the submarine detection system, and the lend-lease program to Britain.” The third battle, he explained, occurred during the course of the Cold War. An unclassified report based on the 3rd Battle Innovation Project commissioned by the United States Submarine Force on the contribution of U.S. undersea assets to U.S. victory in the Cold War concluded with the following sentiment: “someday, we may face a 4th Battle of the Atlantic.” VADM Foggo asserted that we are, indeed, in the midst of this battle now. The admiral and his co-author Alarik Fritz of the Center for Naval Analysis, collected their thoughts in an article published by the United States Naval Institute,  “The 4th Battle for the Atlantic.”

Rising Tensions 

VADM Foggo characterized the aforementioned 4th Battle for the Atlantic though a series of examples and anecdotes. Beginning with Russia’s invasion of Georgia in 2008, the United States exercised its responsibility as a great power to seek to deescalate tensions and compromise where possible by pursuing the Reset policy with the Russian Federation. This policy, he explained, did not work as intended. In 2014, the U.S. was once again surprised by Russia’s aggressive and illegal actions in Ukraine. This unjustified action, he went on, is an example of why Russia is not a great power, but rather only a major power. This action partially inspired the “back to basics” policy for U.S. defense thinkers and policymakers called for by ADM Greenert.

Admiral Foggo recommended several books to the audience, including ONI’s Russian Navy report, which he emphasized was a “must read” for tomorrow’s defense and foreign policy leaders.

Continued Vigilance

VADM Foggo explored a few key areas where Russia is challenging U.S. and allied interests, providing tangible examples. In the Arctic, he explained, Russians currently operate seven former Cold War bases at company- and battalion- strength units with an endurance of a year or more. Russia has militarized the Arctic, which concerns the U.S. and our allies, particularly the Norwegians, regarding restricted access to international waters. To drive this point home, the admiral displayed a photograph of the Russian flag planted at the geographical North Pole, moved there by a Russian submersible.

U.S. Navy ship encounters aggressive Russian aircraft in Baltic Sea, April 12, 2016. (U.S. European Command)

Given the venue of the conference, VADM Foggo appropriately addressed his professional experience with aggressive actions by the Russian Federation at sea. Beginning with the Su-24 flyby of the USS Donald Cook (DDG-75) in the Black Sea, during which, he emphasized, the wingtip of the Russian aircraft was no more than 30 feet from the deck of the destroyer, the Russian Naval forces escalated tensions in response to U.S. presence in Russia’s adjacent international waters and beyond. The admiral explained the import of strategic communication to gain the moral high ground, which the U.S. achieved by declassifying and releasing an image of the Su-24 narrowly off the bridge wing of the Donald Cook, along with diplomatic protest and meaningful presence in the form of BALTOPS 2016.

“49 Ships Became 52”

BALTOPS is a NATO exercise to improve and display the interoperability of allied forces. The 2016 exercise communicated a clear strategic message; the exercise boasted three amphibious landing operations (versus the previous year’s two), extensive anti-submarine warfare (ASW) operations with three allied submarines and maritime patrol and reconnaissance (MPRA) aircraft, and more. In an effective anecdote that illustrated the Russian response to the exercise, the admiral shared that when reviewing photos from the PHOTOEX conducted during BALTOPS, 52 ships appeared in the photograph – 49 allied vessels, two Russian destroyers, and a Russian AGI. “49 ships, he recalled, became 52.” Tellingly, the Russian response to the success of the strategic messaging of the exercise included “a Stalin-like purge of Russian commanders in the Baltic Fleet,” due to their unwillingness to challenge western ships. Further reinforcing the point, VADM Foggo shared moreexamples of his interactions with Russian counterparts in multilateral and bilateral discussions.

Looking Forward – “The Surest Guarantee of Peace”

The tone of VADM Foggo’s remarks was one of stark realism, but also optimism as well. The admiral expressed confidence in the forces that were under his command, but reiterated to the audience of future diplomatic and military leaders the crucial nature of continued vigilance and continued action in support of the United States’ responsibilities as a great power. He included a timely example – the recent strikes on a Syrian airbase in response to the use of chemical weapons by the Assad regime. “Great powers react, but they react proportionally,” the VADM concluded, expressing belief in the possibility that such actions can bring compromise – a concept, he said, a great power should pursue and prioritize.

Technology and Cyber-Competition Panel

Note: The following information is paraphrased from the panelists’ remarks – their thoughts, remarks, and research are their own and are reproduced here for the information of our audience only.

Panelists Brigadier General Greg Touhill, USAF (ret.), the First Federal Chief of Information Security Officer, Mr. August Cole, Senior Fellow at the Atlantic Council and co-author of Ghost Fleet, and Dr. Nicol Turner-Lee, Fellow at the Center for Technology and Innovation at the Brookings Institution, were given the opportunity to provide open-ended remarks before the question and answer portion of the panel.

A Strategic Framework for Cybersecurity

Cybersecurity is a provocative issue, and General Touhill used his opening remarks to dispel some common rumors about the cyber realm. This is not a technology issue, he went on, but a risk management issue; it is an instrinsic facet of [the United States’] national economy and security to be sensitive to the protection of our technology, information, and competitive advantage. Cybersecurity, he explained, is not all about the tech, but rather about the information. When considering cyber strategy, the General contended that a direct, simple strategy is best and most likely to be effectively executed. To this end, he outlined five lines of effort:

  • Harden the workforce: risk exposure is tremendous, as our culture, norms, and economy rely on automated information systems – this includes home, federal, and corporate entities
  • You can’t defend what you don’t know you have. Information is an asset, and should be treated as such.
  • Within five years, every business will be conducting asset inventory and valuation of its information as any other asset – some entities within the Federal Government, he explained, may not appreciate the value of their information and may not even realize they have it.
  • Do the right things, the right way, at the right time: Cyber hygiene is great, but has to be applied smartly – 85 percent of breaches, he explained, are due to improper patching of common vulnerabilities. The basics come first – stakeholders should update apps, OS, and apply other simple fixes. Care and due diligence is required.
  • Investment. The General introduced “Touhill’s Law,” which contends that one human years accounts for twenty five “computer” years – by this math, some machines in the federal government architecture are several thousand years old. Depreciation and recapitalization are key; from a strategic standpoint, neglecting this reality is a failure.
  • It’s all about the risk. In a contemporary sense, much of the risk is deferred to server management teams and IT, and decisions on that risk are not being made at the right levels.

The general indicated a desperate need for a cogent strategic cyber framework on which to operate and that these five lines of effort are a good foundation for such a framework.

Fiction’s Role in Challenging Assumptions

August Cole, a noted analyst and fiction author, began by recounting the impact that Tom Clancy’s 1986 thriller Red Storm Rising had on his life. As a fiction author, he went on the explain, his job is to think the unthinkable, devoting intellectual energy and professional attention to considering tomorrow’s conflict from a multitude of perspectives. Fiction, Cole explained, allows us to consider an adversaries perspective and confront our own biases to present a bigger truth.

Cole and his co-author Peter Signer’s novel Ghost Fleet addresses the rise of China – the book starts a conversation in an engaging way that captured the authors’ imagination. The writing process caused the authors to confront some uncomfortable truths. The American way of war, he said, is predicated on technical superiority that isn’t necessarily in line with our evolving reality. The reliance on tech creates a vulnerability, and through the lens of great power competition, we should be thinking about the difference between our assumptions about conflict and how conflict will actually be. One must challenge their assumptions, and resist the urge to fall in love with their own investments.

Information as a Commodity and Vulnerability

As a policy analyst and social scientist, Dr. Turner-Lee looks to understand behaviors that are overlaid with technology – she has focused on what we need to do to create equitable access to technology. Tech, she explained, is changing the nature of human behavior and increasing vulnerabilities. We must consider, she said, how we are contributing to the evolution of the tech ecosystem from the realm of consumption to an entity that effects the fabric of national security. What we understand as being “simple” actually isn’t, and what started as a privacy discussion has evolved into a security issue. When considering social media, Dr. Turner-Lee went on, it is interesting to see how 140 characters can become the catalyst for campaigns that threaten national security.

Dr. Turner-Lee  mentioned the concept of pushback from technology companies against government requests for information and policies that need to be engaged to address this. There is a role, she explained, for the military to identifies vulnerabilities, while companies are appointing chief privacy officers and innovation officers, while lastly, the research community needs people to understand how information has become a commodity. As researchers, she explained, she and her colleagues are trying to find vulnerability and understand the impact on our national economy by looking at the nature of human behavior prescribing the right policies to ensure threats are minimized.

Given the current security landscape for cyber, what do you see as the greatest cyber threats facing the U.S.?

Brig. Get Touhill explained that at the Department of Homeland Security, they binned threats into 6 groups:

  • Vandals – frequent and common
  • Burglars – financially motivated and prevalent 
  • Muggers – this includes hacks like SONY as well as cyber-bullies
  • Spies – can be either insiders or traditional political-military threat looking to gain a competitive edge by stealing intellectual property.
  • Sabatuers – pernicious, difficult to find, and could be, for example, an individual who is fired but retains access to a system.
  • Negligent Users – This group constitutes the greatest threat. This group includes the careless, negligent, and indifferent in our own ranks.

China has been evidently and aggressively pursuing AI, hypersonic, quantum computing, and other next-generation technology – what does this mean for our assumption about the American way of war over the next several decades?

August Cole explained that the U.S. must directly confront the assumption that we will always have the edge of technical superiority – this may very well remain true, he said, but we cannot count on it. From a PRC military point of view, they look to not only acquire capabilities but further their knowledge on how best to employ them. We must, he went on, work to connect information and technology that we would not instinctively put in the same basket by considering, for instance, the battlefield implications of a hack on a healthcare provider who serviced military personnel. Technology, he explained, will alter the relationship between power and people, and understanding this connection is complex and difficult. Fiction allows us to synthesize these realms in a way that may be difficult otherwise – and appreciate the operational implications.

How has social media impacted our ability to monitor and address national security threats?

Dr. Turner-Lee began by exploring the implication of emerging social media tools that do not curate data (think Snapchat), explaining that as encryption technology has become more sophisticated, it has further complicated the national security problem. Nicole referred to “permission-less innovation,” meaning that the tech community continues to innovate in ways that cannot be controlled and this innovation is sometimes disruptive. Social media, she went on, is not always designed with privacy in mind, and enacting privacy policies has been reactionary for many companies.

Turner-Lee addressed the general hesitation of users to hand over or allow the collection of their information – personal data, she said, is seen as just that – personal – and companies promote this quality in their tech. For instance, she alluded to the current lawsuit between Twitter and the federal government over the identities of disruptive Twitter accounts. The disconnect between privacy and security, she concluded, can sometimes constitute a weakness.

The moderator pointed out that while tech has developed, policy has lagged. Mr. Cole added that the “internet of things” provides a corollary to this. Further development of wearable or say-to-day tech that generates and collects data automatically has national security implications. He provided an example in the domain of land warfare, suggesting that operators could notionally create a digital map based on device feedback. The data and processing power to make these analytics will exist, he affirmed, but we haven’t considered it.

Dr. Turner-Lee further elaborated that machine-to-machine interactions, which are based on algorithms that predict what you will or will not do, sustain a threat to national security when those algorithms are incorrect or tampered with. For instance, autonomous vehicles could be hacked and directed in a way that makes them a vehicular bomb. Overcoming machine-to-machine bias is very difficult and constitutes a security risk proportional to our dependence on machine-to-machine tech. This is a space, she said, with many vulnerabilities, driving itself in ways we are unaware of.

Conclusion

The final day of NAFAC 2017 proved a fitting end to three days of intense discussion and consideration on the topic of a new era of great power competition. VADM Foggo’s address brought a much needed operational perspective to the delegates and attendees, relaying the seriousness and immediate applicability of the question at hand, particularly for those midshipmen who will be serving aboard operational vessels in just a few short months. Further, the Technology and Cyber-Competition panel provided much needed context for the changing nature of tomorrow’s conflicts, challenging many long-held assumptions about the way of war.

Our representatives were impressed with the diligence, research, and creative thought participants brought to the round table panels. Readers can look for select publications from the Round Tables next week, when CIMSEC will share outstanding research essays from delegates. CIMSEC is extremely grateful to the United States Naval Academy, MIDN Charlotte Asdal and her NAFAC staff, and senior advisors and moderators for allowing us to participate in this year’s conference and share the great value of this discussion with our readership.

Until next year!

Sally DeBoer is the President of CIMSEC for 2016-2017. She can be reached at president@cimsec.org.

Featured Image: A CH-53E Super Stallion helicopter flies ahead of the amphibious assault ship USS Peleliu (LHA-5) after conducting helocast operations at Pyramid Rock Beach, Marine Corps Base Hawaii. The helocast was part of a final amphibious assault during Rim of the Pacific (RIMPAC) Exercise 2014. (U.S. Marine Corps photo by Cpl. Matthew Callahan/Released)

The Fight to Know

By Jack Whitacre

The relationship between the sea and information is ancient. In 480 BC, the Greeks learned of a secret naval invasion planned by the Persians. According to Simon Singh in The Code Book, the message was delivered steganographically on a covered tablet giving sufficient time to prepare for a defense that ultimately led to victory.1 Through information theory, the quantitative theory of coding and transmission of signals and information, we discover that information is a physical property of our reality and a resource to be guarded. In the words of Charles Seife, “Information is every bit as palpable as the weight of bullet, every bit as tangible as the heft of an artillery shell—and every bit as vulnerable as a freighter full of ammunition.”2

Today’s maritime security hinges on information. As Admiral (ret.) James Stavridis  argues, nowhere is the gap between threat (high) and defensive capability (low) as large as on the cyber front. Derived from ‘cybernetics,’ “cyber” loosely refers to information loops and everything that is connected to a computer network. The shipping industry (which feeds, fuels, and clothes our country) is growing increasingly connected to the internet and therefore more vulnerable to cyber attacks. New cyber technologies are also being used in the maritime field to solve climate and natural resource puzzles — both keys to long term human survival. Through cyber education and training, citizens and leaders can gain an edge in the digital world and invest themselves in solving some of the most pressing maritime security problems.

Oceanic Applications

Our relationship to the ocean has been transformed by cyber. As John C. Perry outlines in “Beyond the Terracentric,” the ocean can be seen as an avenue, arena, and source.3 Before the standard shipping container system was invented, ships were unloaded with back-breaking efforts of manual laborers. Today, cranes take care of the work, moving containers from the ship to the shore (and vice versa). Sometimes loading and unloading is done with humans operating joysticks, while in other places computer programs sift through the manifests and unload using algorithms. Automatic ports may be targeted by external actors looking to manipulate freight shipments for their benefit.

In 2016, The Economist and The Journal of Commerce chronicled the sagas of the Port of Long Beach, California and the Port of Rotterdam, Netherlands and their transitions towards automation. When viewing an operation with computerized manifests, automatic cranes, and even driver-less trucks moving containers, it is imperative to remember that what is connected can be compromised at every level. Such an interconnected world increases the opportunities for external targeting while raising the stakes for maritime security for the United States. Estimates show that ninety percent of the world’s goods are imported by sea.4 As a single example, each year more than $180 billion of goods (or 6.8 million containers) pass through the Port of Long Beach.5 A brief interruption in shipping made by a foreign government, company, or private individuals would likely ripple through a nation with economic effects reverberating up and down the supply chain.

On the bright side, new computer technologies may allow us to more easily monitor changes in ocean health conditions. With improved information, states and actors can ensure better protection for the ocean and fish that are crucial to industry and food supplies, especially in disputed areas. States can track each other and keep accountability through satellites and technologies like AIS (automatic identification system). New cyber capabilities like The Internet of Things (IoT) may allow us to revolutionize ocean data analysis and create new levels of environmental responsibility. Social entrepreneurship ventures like Blue Water Metrics now aim to crowdsource data collection via the world’s oceangoing shipping fleets and upload all the ocean data to a cloud database. Educating state leaders offers the best chance of maximizing the positive externalities of technological change, both in protecting natural resources and shipping assets.

Preparing Cyber Leaders

Increasing information literacy will improve competitiveness in nearly every field. Studying information theory, encryption, and coding with the same vigor as foreign languages may transform an individual’s field and personal career trajectory. In the book Dark Territory, Fred Kaplan describes how Cyber Command personnel grew from 900 to 4,000 between 2009 to 2012, and is expected to climb to 14,000 by the end of 2020.6 Established academic institutions could recognize certificate programs from organizations like Codecademy via transcript notations, which may improve educational and employment prospects.

 (March 25, 2011) – Aerographer’s Mate 3rd Class Nick Pennell, a watch stander at the Naval Oceanography and Anti-Submarine Warfare Center, looks over a Japan Self-Defense Force Mobile Operations sheet at Commander Fleet Activities Yokosuka (CFAY). (U.S. Navy photo by Mass Communication Specialist 3rd Class Mikey Mulcare/Released)

Cyber education can be seen both as a patriotic duty and as an economic opportunity. As far back as 1991 the National Research Council observed that “the modern thief can steal more with a computer than with a gun.”7 By educating tomorrow’s cyber leaders, institutions, and community, organizations can empower people to defend themselves intelligently against thieves and reinvent themselves by beginning careers in the digital world.

The Polaris of Programming

Not all innovation needs to be forward looking. In the evolutionary dance between encryption and decryption, centuries passed before certain “unbreakable” codes were broken. The Fletcher School at Tufts University combines international studies and the analysis of world events with cyber studies in its course Foundations of International Cyber Security. Scholar practitioners, such as Michele Malvesti, offer unique perspectives on the past and the pipeline of the future, including the importance of supply stream, deterrence, and attribution. Graduate-level cyber curricula can unlock strategic chess moves for governmental, citizen-led, and private organizations alike. Incorporating history in computer science education, like Harvard’s course Great Ideas in Computer Science, can provide fertile intellectual context where principles can be appraised and applied in modern contexts. Scientists throughout history, like Abu Yusuf Yaqub, Blaise de Vigenere, and Charles Babbage make great role models along with programmers like Ada Lovelace and RDML (ret.) Grace Hopper.

Conclusion

When programming is seen as an essential language, computer history as a strategic advantage, and information as an environmental and security opportunity, our digital tribe will be better able to overcome uncertainty and adversaries.

An entrepreneur and former boat captain, Jack Whitacre studied international security and maritime affairs at The Fletcher School of Law and Diplomacy. Contact him at James.C.Whitacre@gmail.com.

References

1. Simon Singh, “The Code Book: How to Make it, Break it, Hack it, Crack it,” 2001, p.8

2. Charles Seife, “Decoding the Universe,” p. 8

3. John C. Perry, “Beyond the Terracentric: Maritime Ruminations,” 2013, p.143

4. Rose George, “Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate,” 2013.

5. Port of Long Beach. “Facts at a Glance.” The Port of Long Beach: The Green Port. The Port of Long Beach. February 8th, 2017. http://www.polb.com/about/facts.asp

6. Fred Kaplan, “Dark Territory: The Secret History of Cyber War,” 2006, p. 4

7. Ibid.

Featured Image: The Port of Los Angeles in Feb. 2013. (Tim Rue — Bloomberg/Getty Images)