Tag Archives: cyber

Harvesting the Electromagnetic Bycatch

By Tim McGeehan

Most Navy bridge watchstanders have had the experience of adjusting their surface-search radar to eliminate sea clutter or rain. In relation to the task of detecting surface ships, these artifacts represent “noise,” just as when one tunes out unwanted transmissions or static to improve radio communications.

However, information can be gleaned indirectly from unintentionally received signals such as these to yield details about the operating environment, and it may reveal the presence, capabilities, and even intent of an adversary. This “electromagnetic bycatch” is a potential gold mine for the Navy’s information warfare community (IWC) in its drive to achieve battlespace awareness, and represents a largely untapped source of competitive advantage in the Navy’s execution of electromagnetic maneuver warfare (EMW).

Electromagnetic Bycatch

The term electromagnetic bycatch describes signals that Navy sensors receive unintentionally. These signals are not the intended target of the sensors and usually are disregarded as noise. This is analogous to the bycatch of the commercial fishing industry, defined as “fish which are harvested in a fishery, but which are not sold or kept for personal use, and includes economic discards [edible but not commercially viable for the local market] and regulatory discards [prohibited to keep based on species, sex, or size].”1

The amount of fisheries bycatch is significant, with annual global estimates reaching twenty million tons.2 Navy sensor systems also receive a significant volume of bycatch, as evidenced by efforts to drive down false-alarm rates, operator training to recognize and discard artifacts on system displays, and the extensive use of processing algorithms to filter and clean sensor data and extract the desired signal. Noise in the sensor’s internal components may necessitate some of this processing, but many algorithms aim to remove artifacts from outside the sensor (i.e., the sensor is detecting some sort of phenomenon in addition to the targeted one).

U.S. and international efforts are underway to reduce fishing bycatch by using more-selective fishing gear and methods.3 Likewise, there are efforts to reduce electromagnetic bycatch, with modifications to Navy sensors and processing algorithms via new installations, patches, and upgrades. However, it is unlikely that either form of bycatch ever will be eliminated completely. Recognition of this within the fishing industry has given rise to innovative efforts such as Alaska’s “bycatch to food banks” program that allows fishermen to donate their bycatch to feed the hungry instead of discarding it at sea.4 This begs the question: Can the Navy repurpose its electromagnetic bycatch too?

The answer is yes. Navy leaders have called for innovative ideas to help meet twenty-first century challenges, and do to so in a constrained fiscal environment. At the Sea-Air-Space Symposium in 2015, Admiral Jonathan W. Greenert, then-Chief of Naval Operations, called for the Navy to reuse and repurpose what it already has on hand.5 Past materiel examples include converting ballistic-missile submarines to guided-missile submarines; converting Alaska-class tankers to expeditionary transfer docks (ESDs), then to expeditionary mobile bases (ESBs); and, more recently, repurposing the SM-6 missile from an anti-air to an anti-surface and anti-ballistic missile role.6 However, the Navy needs to go even further, extending this mindset from the materiel world to the realm of raw sensor data to repurpose electromagnetic bycatch.

Over The River and To The Moon

The potential value of bycatch that U.S. fisheries alone discard exceeds one billion dollars annually (for context, the annual U.S. fisheries catch is valued at about five billion dollars).7 Likewise, the Navy previously has found high-value signals in its electromagnetic bycatch.

In 1922, Albert Taylor and Leo Young, two engineers working at the Naval Aircraft Radio Laboratory in Washington, DC, were exploring the use of high-frequency waves as new communication channels for the Navy. They deployed their equipment on the two sides of the Potomac River and observed the communication signals between them. Soon the signals began to fade in and out slowly. The engineers realized that the source of the interference was ships moving past on the river.8 Taylor forwarded a letter to the Bureau of Engineering that described a proposed application of this discovery:

If it is possible to detect, with stations one half mile apart, the passage of a wooden vessel, it is believed that with suitable parabolic reflectors at transmitter and receiver, using a concentrated instead of a diffused beam, the passage of vessels, particularly of steel vessels (warships) could be noted at much greater distances. Possibly an arrangement could be worked out whereby destroyers located on a line a number of miles apart could be immediately aware of the passage of an enemy vessel between any two destroyers in the line, irrespective of fog, darkness or smoke screen. It is impossible to say whether this idea is a practical one at the present stage of the work, but it seems worthy of investigation.9

However, this appeal fell on deaf ears; the idea was not considered worthy of additional study. Later, in 1930, after it was demonstrated that aircraft also could be detected, the newly formed Naval Research Laboratory (NRL) moved forward and developed the early pulsed radio detection systems whose successors are still in use today.10 What started as degradations in radio communication signals (owing to objects blocking the propagation path) evolved to being the signal of interest itself. Today that bycatch is used extensively for revealing the presence of adversaries, navigating safely, and enforcing the speed limit. It is known as RAdio Detection And Ranging, or simply by its acronym: RADAR.

Notebook entry of James H. Trexler, dated 28 January 1945, showing calculations for a long-distance communications link between Los Angeles, California, and Washington, D.C., via the Moon. (Courtesy of the Naval Research Laboratory)

During World War II, Navy radar and radio receivers became increasingly sensitive and began picking up stray signals from around the world. Instead of discarding these signals, the Navy set out to collect them. The NRL Radio Division had been investigating this phenomenon since the mid-1920s, and in 1945 NRL established a Countermeasures Branch, which had an interest in gathering random signals arriving via these “anomalous propagation” paths.11 By 1947, it had erected antennas at its Washington, DC, field site to intercept anomalous signals from Europe and the Soviet Union.12 Just the year before, the Army Signal Corps had detected radio waves bounced off the moon. The convergence of these events set the stage for one of the most innovative operations of the Cold War.

NRL engineer James Trexler, a member of the Countermeasures Branch, advocated exploiting the moon-bounce phenomenon for electronic intelligence (ELINT). He outlined his idea in a 1948 notebook entry:

From the RCM [Radio Counter Measures] point of view this system hold[s] promise as a communication and radar intercept device for signals that cannot be studied at close range where normal propagation is possible. It might be well to point out that many radars are very close to the theoretical possibility of contacting the Moon (the MEW [actually BMEWS, for Ballistic Missile Early Warning System] for example) and hence the practicability of building a system capable of intercepting these systems by reflections from the Moon is not beyond the realm of possibility.13

Trexler’s idea addressed a particular intelligence gap, namely the parameters of air- and missile-defense radars located deep within the Soviet border. With an understanding of these parameters, the capabilities of the systems could be inferred. This was information of strategic importance. As friendly ground and airborne collection systems could not achieve the required proximity to intercept these particular radar signals, the moon-bounce method provided a way ahead. All that was required was for both the Soviet radar and the distant collection site to have the moon in view at the same time. What followed were NRL’s Passive Moon Relay experiments (known as PAMOR) and ultimately the Intelligence Community’s Moon Bounce ELINT program, which enjoyed long success at collecting intelligence on multiple Soviet systems.14

Around this time, the Navy grew concerned about ionospheric disturbances that affected long-range communications.15 So the service employed the new moon-bounce propagation path to yield another Navy capability, the communications moon relay. This enabled reliable communications between Washington, DC, and Hawaii, and later the capability to communicate to ships at sea.16 Thus, what started as bycatch led to a search for the sources of stray signals, revealed adversary air- and missile-defense capabilities, and ultimately led to new communications capabilities for the Navy.

Extracting the Electromagnetic Terrain

Signals in the electromagnetic spectrum do not propagate in straight lines. Rather, they refract or bend on the basis of their frequency and variations in the atmospheric properties of humidity, temperature, and pressure. Signals can encounter conditions that direct them upward into space, bend them downward over the horizon, or trap them in ducts that act as wave guides. Knowing this electromagnetic terrain is critical to success in EMW, and can prove instrumental in countering adversary anti-access/area-denial capabilities.

Variation in electromagnetic propagation paths can lead to shortened or extended radar and communications ranges. Depending on the mission and the situation, this can be an advantage or a vulnerability. Shortened ranges may lead to holes or blind spots in radar coverage. This information could drive a decision for an alternate laydown of forces to mitigate these blind spots. It also could aid spectrum management, allowing multiple users of the same frequency to operate in closer proximity without affecting one another. Alternatively, extended radar ranges can allow one to “see” farther, pushing out the range at which one can detect, classify, and identify contacts. Signals of interest could be collected from more distant emitters. However, the adversary also can take advantage of extended ranges and detect friendly forces at a greater distance via radar, or passively collect friendly emissions. Identifying this situation could prompt one to sector, reduce power, or secure the emitter.

As the weather constantly changes, so too does signal propagation and the resultant benefit or vulnerability. Understanding these effects is critical to making informed decisions on managing emitters and balancing sensor coverage against the signature presented to the adversary. However, all these applications rely on sufficient meteorological data, which typically is sparse in space and time. More frequent and more distributed atmospheric sampling would give the U.S. Navy more-complete awareness of changing conditions and increase its competitive advantage.

Luckily, Navy radar sensors already collect a meteorological bycatch. Normally it is filtered out as noise, but emerging systems can extract it. The Hazardous Weather Detection and Display Capability (HWDDC) is a system that takes a passive tap from the output of the SPS-48 air-search radar (located on most big-deck amphibious ships and carriers) and repurposes it like a Doppler weather radar.17 Besides providing real-time weather information to support operations and flight safety, it can stream data to the Fleet Numerical Meteorology and Oceanography Center in Monterey, California, to feed atmospheric models. With this data, the models can generate better weather forecasts and drive electromagnetic propagation models for prediction of radar and communications-system performance.18 The Tactical Environmental Processor (TEP) will perform the same function by extracting atmospheric data from the SPY-1 radar.19

By passively using the existing radar feeds, HWDDC and TEP provide new capabilities while avoiding additional requirements for power, space, frequency deconfliction, and overall system integration that would be associated with adding a new radar, antenna, or weather sensor. There also is the potential to extract refractivity data from the radar returns of sea clutter.20 The multitude of radar platforms in the Navy’s inventory represents an untapped opportunity to conduct “through the sensor” environmental data collection in support of battlespace awareness.

Likewise, the Global Positioning System (GPS) also collects meteorological bycatch. As GPS signals pass through the atmosphere, they are affected by the presence of water vapor, leading to errors in positioning. The receiver or processing software makes corrections, modeling the water vapor effect to compensate, thereby obtaining accurate receiver positions. However, water vapor is a key meteorological variable. If the receiver location is already known, the error can be analyzed to extract information about the water vapor, and by using multiple receivers, its three-dimensional distribution can be reconstructed.21 Instead of dumping the bycatch of water vapor, it can be (and is) assimilated into numerical weather prediction models for improved short-range (three-, six-, and twelve-hour) precipitation forecasts.22

Do Not Adjust Your Set

There is also great potential to harvest bycatch from routine broadcast signals. While a traditional radar system emits its own pulse of energy that bounces back to indicate the presence of an object, passive systems take advantage of signals already present in the environment, such as television and radio broadcasts or even signals from cell towers or GPS.23 These signals propagate, encounter objects, and reflect off. This leads to the “multipath effect,” in which a transmitted signal bounces off different objects, then arrives at the same receiver at slightly different times owing to the varied distances traveled. (This is what used to cause the “ghost” effect on television, in which an old image seemed to remain on screen momentarily even as the new image was displayed.) Variations in this effect can be used to infer the presence or movement of an object that was reflecting the signals.

In a related concept, “multistatic” systems collect these reflections with multiple, geographically separated receivers, then process the signals to detect, locate, and track these objects in real time.24 These systems have proved effective. In a 2002 demonstration, Lockheed Martin’s Silent Sentry system tracked all the air traffic over Washington, DC, using only FM radio and television signal echoes.25 More recently, another passive system went beyond simple tracking and actually classified a contact as a small, single-propeller aircraft by using ambient FM radio signals to determine its propeller rotation rate.26 This level of detail, combined with maneuvering behavior, operating profiles, and deviations from associated pattern-of-life trends, could even give clues to adversary intent.

Passive radar systems have many advantages. They emit no energy of their own, which increases their survivability because they do not reveal friendly platform location and are not susceptible to anti-radiation weapons. They do not add to a crowded spectrum, nor do they need to be deconflicted from other systems because of electromagnetic interference. The receivers can be mounted on multiple fixed or mobile platforms. Technological advances in processing and computing power have taken much of the guesswork out of using passive systems by automating correlation and identification. Moving forward, there is great potential to leverage radar-like passive detection systems.

That being said, operators of the passive radar systems described may require extensive training to achieve proficiency. Even though the systems are algorithm- and processing-intensive, they may require a significant level of operator interaction to select the best signals to use and to reconfigure the network of receivers continually, particularly in a dynamic combat environment when various broadcasts begin to go offline. Likewise, the acquisition, distribution, placement, and management of the many receivers for multistatic systems (and their associated communications links) is a fundamental departure from the traditional employment of radar, and will require new concepts of operations and doctrine for employment and optimization. These efforts could be informed by ongoing work or lessons learned from the surface warfare community’s “distributed lethality” concept, which also involves managing dispersed platforms and capabilities.27

Challenges and Opportunities

Among the services, the Navy in particular has the potential to gain much from harvesting the electromagnetic bycatch. During war or peace, the Navy operates forward around the world, providing it unique access to many remote locations that are particularly sparse on data. Use of ships provides significant dwell time on station without requiring basing rights. Navy platforms tend to be sensor intensive, and so provide the means for extensive data collection. This extends from automated, routine meteorological observations that feed near-term forecasts and long-term environmental databases to preconflict intelligence-gathering applications that include mapping out indigenous signals for passive systems to use later.28 The mobility of Navy platforms allows for multiple units to be brought to bear, scaling up the effect to create increased capacity when necessary.

However, there are many challenges to overcome. The Navy soon may find itself “swimming in sensors and drowning in data”; managing this information will require careful consideration.29 Returning to the fishing analogy, to avoid wasting bycatch fishermen need to identify what they have caught in their nets, find someone who can use it, temporarily store it, transport it back to port, and get it to the customer before it spoils. Likewise, the Navy needs to dig into the sensor data and figure out exactly what extra information it has gathered, identify possible applications, determine how to store it, transfer it to customers, and exploit it while it is still actionable.

This hinges most on the identification of electromagnetic bycatch in the first place. As automation increases, sensor feeds should be monitored continuously for anomalies. Besides serving to notify operators when feeds are running outside normal parameters, such anomalous data streams should be archived and analyzed periodically by the scientists and engineers of the relevant systems command (SYSCOM) to determine the presence, nature, and identity of unexpected signals. Once a signal is identified, the SYSCOM team would need to cast a wide net to determine whether the signal has a possible application, with priority given to satisfying existing information needs, intelligence requirements, and science and technology objectives.30 

History has shown that this is a nontrivial task; remember that the original discovery and proposed application of radar were dismissed. If the unplanned signal is determined to have no current use, it should be noted for possible future exploitation. Subsequent sensor upgrades, algorithm improvements, and software patches then should strive to eliminate the signal from future incidental collection. If there is potential value in the incidental signal, upgrades, algorithms, and patches should optimize its continued reception along with the original signal via the same sensor, or possibly even demonstrate a requirement for a new sensor optimized for the new signal. The identified uses for the electromagnetic bycatch will drive the follow-on considerations of what and how much data to store for later exploitation and what data needs to be offloaded immediately within the limited bandwidth owing to its value or time sensitivity.

The analogy to fisheries bycatch also raises a regulatory aspect. Much as a fisherman may find that he has caught a prohibited catch (possibly even an endangered species) that he cannot retain, the same holds true for electromagnetic bycatch. It is possible that an incidental signal might reveal information about U.S. citizens or entities. Once the signal is identified, intelligence oversight (IO) requirements would drive subsequent actions. Navy IO programs regulate all Navy intelligence activities, operations, and programs, ensuring that they function in compliance with applicable U.S. laws, directives, and policies.31 IO requirements likely would force the SYSCOM to alter the sensor’s mode of operation or develop upgrades, algorithms, and patches to avoid future collection of the signal.

The Role of the Information Warfare Community

The Navy’s IWC is ideally suited to play a key role in responding to these challenges. Its personnel have experience across the diverse disciplines of intelligence, cryptology, electronic warfare, meteorology and oceanography (METOC), communications, and space operations, and assembling these different viewpoints might reveal instances in which one group can use another’s bycatch for a completely different application. IWC officers now come together to make connections and exchange expertise in formal settings such as the Information Warfare Basic Course and the Information Warfare Officer Milestone and Department Head Course. Further cross-pollination is increasing owing to the cross-detailing of officers among commands of different designators. Recent reorganization of carrier strike group staffs under the Information Warfare Commander construct has increased and institutionalized collaboration in operational settings. Restructuring has trickled down even to the platform level, where, for example, the METOC division has been realigned under the Intelligence Department across the carrier force. As a net result of these changes, the IWC has a unique opportunity to have new eyes looking at the flows of sensor data, providing warfighter perspectives in addition to the SYSCOM sensor review described above.

The Navy also can capitalize on the collective IWC’s extensive experience and expertise with issues pertaining to data collection, processing, transport, bandwidth management, archiving, and exploitation. Furthermore, the different components of the IWC share a SYSCOM (the Space and Naval Warfare Systems Command, or SPAWAR); a resource sponsor (OPNAV N2/N6); a type commander (Navy Information Forces); a warfighting-development center (the Navy Information Warfighting Development Center); and a training group (the Navy Information Warfare Training Group will be established by the end of 2017). This positions the IWC to collaborate across the doctrine, organization, training, materiel, leadership and education, personnel, and facilities  (DOTMLPF) spectrum. This will support shared ideas and unified approaches regarding the employment of emerging capabilities such as the machine-learning and “big-data” analytics that will sift through future electromagnetic bycatch. Ultimately, the members of the IWC can forge a unified way forward to develop the next generation of sensors, data assimilators, and processors.


While the Navy might not recognize exactly what it has, its sensors are collecting significant amounts of electromagnetic bycatch. The Navy’s forward presence positions it to collect volumes of unique data with untold potential. The associated electromagnetic bycatch is being used now, previously has yielded game-changing capabilities, and could do so again with future applications. Instead of stripping and discarding it during data processing, the Navy needs to take an objective look at what it can salvage and repurpose to gain competitive advantage. The fishing bycatch dumped every year could feed millions of people; the Navy needs to use its electromagnetic bycatch to feed new capabilities. Don’t dump it!

Tim McGeehan is a U.S. Navy Officer currently serving in Washington.  

The ideas presented are those of the author alone and do not reflect the views of the Department of the Navy or Department of Defense.

[1] Magnuson-Stevens Fishery Conservation and Management Act of 1976, 16 U.S.C. § 1802 (2) (1976), available at www.law.cornell.edu/.

[2] United Nations, International Guidelines on Bycatch Management and Reduction of Discards (Rome: Food and Agriculture Organization, 2011), p. 2, available at www.fao.org/.

[3] Ibid., p. 13; Lee R. Benaka et al., eds., U.S. National Bycatch Report First Edition Update 1 (Silver Spring, MD: NOAA National Marine Fisheries Service, December 2013), available at www.st.nmfs.noaa.gov/.

[4] Laine Welch, “Gulf Bycatch Will Help Feed the Hungry,” Alaska Dispatch News, June 4, 2011, www.adn.com/; Laine Welch, “Bycatch to Food Banks Outgrows Its Beginnings,” Alaska Fish Radio, August 3, 2016, www.alaskafishradio.com/.

[5] Sydney J. Freedberg Jr., “Tablets & Tomahawks: Navy, Marines Scramble to Innovate,” Breaking Defense, April 13, 2015, breakingdefense.com/.

[6] Sam Lagrone, “SECDEF Carter Confirms Navy Developing Supersonic Anti-Ship Missile for Cruisers, Destroyers,” USNI News, February 4, 2016, news.usni.org/; Missile Defense Agency, “MDA Conducts SM-6 MRBM Intercept Test,” news release, December 14, 2016, www.mda.mil/.

[7] Amanda Keledjian et al., “Wasted Cash: The Price of Waste in the U.S. Fishing Industry,” Oceana (2014), p. 1, available at oceana.org/.

[8] David Kite Allison, New Eye for the Navy: The Origin of Radar at the Naval Research Laboratory, NRL Report 8466 (Washington, DC: Naval Research Laboratory, 1981), p. 39, available at www.dtic.mil/.

[9] Ibid, p. 40.

[10] “Development of the Radar Principle,” U.S. Naval Research Laboratory, n.d., www.nrl.navy.mil/.

[11] David K. van Keuren, “Moon in Their Eyes: Moon Communication Relay at the Naval Research Laboratory, 1951–1962,” in Beyond the Ionosphere, ed. Andrew J. Butrica (Washington, DC: NASA History Office, 1995), available at history.nasa.gov/.

[12] Ibid.

[13] Ibid.

[14] Frank Eliot, “Moon Bounce ELINT,” Central Intelligence Agency, July 2, 1996, www.cia.gov/.

[15] Van Keuren, “Moon in Their Eyes.”

[16] Pennsylvania State Univ., From the Sea to the Stars: A Chronicle of the U.S. Navy’s Space and Space-Related Activities, 1944–2009 (State College, PA: Applied Research Laboratory, 2010), available at edocs.nps.edu/; Van Keuren, “Moon in Their Eyes.”

[17] SPAWAR Systems Center Pacific, “Hazardous Weather Detection & Display Capability (HWDDC),” news release, n.d., www.public.navy.mil/; Timothy Maese et al., “Hazardous Weather Detection and Display Capability for US Navy Ships” (paper presented at the 87th annual meeting of the American Meteorological Society, San Antonio, TX, January 16, 2007), available at ams.confex.com/.

[18] Tim Maese and Randy Case, “Extracting Weather Data from a Hybrid PAR” (presentation, Second National Symposium on Multifunction Phased Array Radar, Norman, OK, November 18, 2009), available at bcisensors.com/.

[19] Hank Owen, “Tactical Environmental Processor At-Sea Demonstration,” DTIC, 1998, www.handle.dtic.mil/.

[20] Ted Rogers, “Refractivity-from-Clutter,” DTIC, 2012, www.dtic.mil/.

[21] Richard B. Langley, “Innovation: Better Weather Prediction Using GPS,” GPS World, July 1, 2010, gpsworld.com/.

[22] Steven Businger, “Applications of GPS in Meteorology” (presentation, CGSIC Regional Meeting, Honolulu, HI, June 23–24, 2009), available at www.gps.gov/; Tracy Lorraine Smith et al., “Short-Range Forecast Impact from Assimilation of GPS-IPW Observations into the Rapid Update Cycle,” Monthly Weather Review 135 (August 2007),  available at journals.ametsoc.org/; Hans-Stefan Bauer et al., “Operational Assimilation of GPS Slant Path Delay Measurements into the MM5 4DVAR System,” Tellus A 63 (2011), available at onlinelibrary.wiley.com/.

[23] Lockheed Martin Corp., “Lockheed Martin Announces ‘Silent Sentry(TM)’ Surveillance System; Passive System Uses TV-Radio Signals to Detect, Track Airborne Objects,” PR Newswire, October 12, 1998, www.prnewswire.com/; Otis Port, “Super-Radar, Done Dirt Cheap,” Bloomberg, October 20, 2003, www.bloomberg.com/.

[24] Lockheed Martin Corp., “Silent Sentry: Innovative Technology for Passive, Persistent Surveillance,” news release, 2005, available at www.mobileradar.org/.

[25] Port, “Super-Radar, Done Dirt Cheap.”

[26] F. D. V. Maasdorp et al., “Simulation and Measurement of Propeller Modulation Using FM Broadcast Band Commensal Radar,” Electronics Letters 49, no. 23 (November 2013), pp. 1481–82, available at ieeexplore.ieee.org/.

[27] Thomas Rowden [Vice Adm., USN], Peter Gumataotao [Rear Adm., USN], and Peter Fanta [Rear Adm., USN], “Distributed Lethality,” U.S. Naval Institute Proceedings 141/1/1,343 (January 2015), available at www.usni.org/.

[28] “Automated Shipboard Weather Observation System,” Office of Naval Research, n.d., www.onr.navy.mil/.

[29] Stew Magnuson, “Military ‘Swimming in Sensors and Drowning in Data,’” National Defense, January 2010; www.nationaldefensemagazine.org/.

[30] U.S. Navy Dept., Naval Science and Technology Strategy: Innovations for the Future Force (Arlington, VA: Office of Naval Research, 2015), available at www.navy.mil/.

[31] “Intelligence Oversight Division,” Department of the Navy, Office of Inspector General, n.d., www.secnav.navy.mil/.

Featured Image: ARABIAN GULF (March 4, 2016) Electronics Technician 3rd Class Jordan Issler conducts maintenance on a radar aboard aircraft carrier USS Harry S. Truman (CVN 75). (U.S. Navy photo by Mass Communication Specialist 3rd Class Justin R. Pacheco/Released)

Sea Control 143 – Cyber Threats to Navies with Dr. Alison Russell

By Matthew Merighi 

Join us for the latest episode of Sea Control for a conversation with Dr. Alison Russell of Merrimack College about navies and their relationship with cyber. It’s about the distinct layers of cybersecurity, how navies use them to enhance their capabilities, and the challenges in securing and maintaining that domain.

Download Sea Control 143 – Cyber Threats to Navies with Alison Russell 

This interview was conducted by the Institute for Security Policy at Kiel University. A transcript of the interview between Alison Russell (AR) and Roger Hilton (RH) is below. The transcript has been edited for clarity. Special thanks to Associate Producer Cris Lee for producing this episode.

RH: Hello and Moin Moin, Center for International Maritime Security listeners. I am Roger Hilton, a nonresident academic fellow at the Institute for Security Policy at Kiel University, welcoming you back for another edition of the Sea Control series podcast. Did any listeners read the news on twitter, message your friend on Facebook, or even do some mobile banking? Are you streaming this podcast for your enjoyment? If you did any of the above, like myself, you are dependent on the internet. So logically, based on this fact, it should come as no surprise that contemporary navies are as well. Naval technological capabilities and strategies have exponentially evolved from the nascent beginnings. Steam ships have been replaced by nuclear powered carriers while cannons have been substituted for intercontinental ballistic missiles. No doubt the power of modern navies is awesome, and as a result, their dependency and reliance on the cyber realm must not be overlooked.

Consequently, does this interconnectedness between hardware and software in fact leave 21st century navies more exposed to attacks from invisible torpedoes than actual physical ones? Here to help us navigate the minefield of the cyber threats facing both naval strategy and security is Dr. Allison Russell, she’s a professor of political science and international relations at Merrimack College in Massachusetts and a nonresident researcher at the Center for Naval Analyses. In addition, she’s the author of two books, Cyber Blockade and more recently, Strategic A2AD in Cyberspace. Dr. Russell, thanks for coming aboard today.

AR: It is great to be speaking with you Roger. Thank you for having me in your program today.

RH: Well, let’s get right into it. There’s no doubt that cyberspace and threats associated with it are hot topics today. While much of the news coverage on cyber threats is focused on hackers spreading disinformation, or even potentially gaining access to critical infrastructure, can you provide an initial overview of the role cyber plays in the contemporary maritime environment and as well as some of the menaces targeting the Navy?

AR: I would be glad to. As you pointed out, much of the attention on cyber threats focuses on hackers, data thefts, cyber espionage, and information or influence campaigns. And those are important. But these really are not the biggest threats in the maritime environment. The threats naval forces face in a maritime environment vary depending upon the part of cyberspace we’re talking about.

See, there are four levels in cyberspace: the physical, the logic, the information, and the user layers. The physical layer is the physical infrastructure, the hardware that underpins the global grid that is the basis of cyberspace. Although we tend to think of the internet and cyberspace as wireless or in the cloud, it is very much reliant upon physical infrastructure at its most basic level. Fiber optic cables including undersea cables, and satellites comprise some of the more prominent features of the physical layers of cyberspace.

The second layer is the logic layer. This is the central nervous system of cyberspace. This is where the decision-making and routing occurs to send and receive messages to retrieve files, really to do anything in cyberspace. The request must be processed through the logic layer. The key element of the logic layer are things such as DNS, the Domain Name Servers, and internet protocols.

The third level is the information level. This is what we see when we go on the internet: Websites, chats, emails, photos, documents, apps. All of that is the information posted at this level. But it is reliant on the previous two levels in order to function.

Lastly, the fourth level is the user level: the humans who are using the devices and are interacting with cyberspace. They matter because cyberspace is a man-made entity and its topography can be changed by people. Cyberspace is critical to modern naval strategy and security because it underpins the essential communications networks and capabilities of naval forces. And adversaries will seek to destroy or degrade those capabilities in the event of a conflict. Cyberspace enables robust command and control, battlespace awareness, intelligence gathering, and precision targeting, which are at the core of mission success. These days navies must defend and maintain their freedom to operate within cyberspace in order to be effective forces at sea.

RH: Thanks for the brief outline. As I mentioned earlier the identity of the navy has changed greatly since its original inception into conflict theaters. Accordingly, the advent of cyberspace has added an entirely different dynamic to the field. And you mention some of them as well. Consequently, what are some of the new responsibilities that have arrived with the integration of cyber to navies? And in general, what is the role the navy plays within a larger national security architecture?

AR: The cyber capabilities are really integrated at all levels at the naval mission. So, the core capabilities navies seek to provide are the blue-water capabilities of forward presence, deterrence, control, sea control, and power projection, as well as maritime security and humanitarian assistance or disaster response. All of these core capabilities are supported and enhanced by cyber capabilities. Thus, the full spectrum of naval operations and the corresponding naval strategy involve cyber capabilities today.

For more technologically advanced navies, these cyber capabilities are so integrated into weapon systems and platforms, that they’ve become essential to full spectrum warfighting operations. For the less technologically advanced navies, cyber capabilities can still play an important role in augmenting other capabilities by providing command and control and acting as a force multiplier in certain situations. In addition to their blue water role, naval forces are responsible for providing cyber capabilities to support combatant commanders’ objectives in defense of national information networks and for fleet deployment. They are force providers to joint and interagency operations. They are supporters of the national mission and blue-water warriors all at the same time. As a result, they must have a holistic, full spectrum understanding of the role cyberspace plays from tactics to operations to grand strategy.

RH: That was a great encompassing of it. As you can see it comes full circle when you compare conflict theatres to human assistance missions which is great you mentioned. At the same time Dr. Russell, you cite out naval strategies are in a period of transition at the moment. Could you elaborate on these implications with regard to how cyberspace is impacting the current formation of national naval strategies?

AR: Yes, naval strategies are in a period of transition with regards to cyberspace. Most navies acknowledge the importance of cyberspace as a critical enabler, but there’s emerging recognition that cyberspace is also much more than that. Ultimately, cyberspace is a game changer for naval forces and security forces in general. All phases of conflict now have a cyber dimension. From phase zero planning to phase five stabilization and reconstruction, cyberspace affects all levels of war, from strategic to the operational to the tactical. All types of conflict are affected by cyberspace including conflicts in the other four domains. For naval forces in particular, cyberspace enables new kinds of fires: Cyber-fires. It improves situational awareness and enhances command and control.

It has also opened the door to new threats. Anti-access and area denial operations, improved targeting capabilities by adversaries, and presenting more targets for attack in the form of cyber-attacks. As naval forces adopt next technologies to leverage the unique capabilities of cyberspace, reliable access to cyberspace is a necessity. Assuring access to cyberspace and confident C2 for deployed forces regardless of the threat environment is a top priority for the U.S. Navy as well as for many others.

RH: There’s no doubt based on your texts and some of the other content out there that reliable access seems to be driving naval strategy and security, especially among the technically advanced navies. So thank you for mentioning that to the listeners.

We spoke about technologically advanced navies and less technologically advanced navies. To demonstrate some of the diversity in strategy, can you provide a quick comparison about how some of the national strategies have integrated cyberspace in their doctrine?

AR: Yes, I think a comparison of the U.S. and Russia helps to illustrates this.

RH: You couldn’t have picked two better countries to compare at the moment, so thank you for that selection, Dr. Russell.

AR: (Laughs) Well, there’s a lot of interesting things happening there. The current U.S. maritime strategy, the 2015 Cooperative Strategy for 21st Century Seapower, has incorporated cyberspace and cyber power into that strategy in a very robust way. The strategy talks exclusively about all domain access and cross-domain synergy. By which it means, synchronizing battlespace awareness with all the layers and sensors and intelligence within that, and synchronizing that with the short access to networks. Offensive and defensive cyber operations, electromagnetic maneuver warfare, and integrated kinetic and non-kinetic fires. All of this is apparent in U.S. maritime strategy as essential elements in supporting the naval mission. And it’s all spelled out.

In contrast, there is very little information that is publicly available about how cyberspace effects the Russian maritime strategy. At last check, Russian maritime strategy does not directly address cyberspace and cyber security as a maritime or naval responsibility. But it does recognize the importance of what it calls information support of maritime activities for the maintenance and development of global information systems, including systems for navigation, hydrographic, and other forms of security. Most of the publicly available Russian cyber strategy in general focuses on information operations and disinformation campaigns. Despite having advanced cyber-capabilities, there’s not much information available on how that is being integrated into the Russian naval strategy.

RH: You know, it’s very unfortunate that there was no release of any new information recently in St. Petersburg, they celebrated national Navy day with President Putin visiting. But I guess we’ll have to stay on the lookout for any new information.

Before we even go up into the highly integrated platforms of navies in cyber, you reference very acutely the Kremlin’s use of synchronized fires. Can you briefly elaborate on what this concept is and if we can expect to see a similar pattern in future conflict theaters?

AR: Yes, without a doubt I think we can expect to see a similar pattern in the future. For those who don’t know, during the Russia-Georgia War of 2008, Russian forces assaulted Georgia on land, in the air, and from the sea, while at the same time Georgia was subjected to destructive distributed denial of service or DDOS attacks on the websites of Georgian government offices, financial services, and in news agencies. So, this was a synchronized attack in multiple domains on Georgia from Russia simultaneously.

In the Russia-Ukraine conflict, similarly Ukraine suffered multiple cyber attacks in conjunction with that conflict, including cyber attacks targeting infrastructure. I think that these synchronized integrated fires will likely continue and eventually become the norm in conventional conflict unless some action is taken, diplomatically or otherwise, to limit the use of cyber fires or restrict the number of quote unquote “legitimate” cyber targets.

RH: Again, that’s Russia picking on countries that are less developed, but it would be interesting to see moving forward against another more developed or modern adversary if it would be as effective a concept. When assessing operational level warfare, as well as tactical level warfare, how does cyberspace enhance their application?

AR: Starting with the operational level, cyberspace operations can be categorized in three ways: Offensive action, defensive action, and network operations.

Offensive cyberspace operations are designed to project power through the application of force in or through cyberspace. They’re cyber attacks. Defensive cyberspace operations are intended to defend national or allied cyberspace systems or infrastructure. Network operations design, build, configure, secure, operate, and maintain information networks and the communications systems themselves to ensure the availability of data, the integrity of the system, and confidentiality. So those all work together on operational level.

So, to give an example, we already talked about how cyberspace enables assured command and control, integrated fires, battlespace awareness, intelligence, as well as protection and sustainment. It also enables naval maneuvers, with positioning, navigation, and timing support. For sea-based power projection, in a landscape that is very often devoid of signposts and landmarks, the ability to have precise navigational information and over-the-horizon situational awareness is particularly critical. Cyber and satellite-based global positioning and navigational systems provide this capability. Beyond the navy itself, commercial and academic institutions that provide support to the fleet or the military in the form of design, manufacturing, research, and other products and services, are also part of the broader environment for naval security.

So, naval security and warfighting advantage depends in part upon thwarting attacks on military or government sites, as well as securing sensitive information from cyber theft or cyber espionage. Sensitive information in the wrong hands can of course undermine the operational effectiveness of the fleet by improving targeting of naval forces by adversaries and increasing the adversary’s knowledge of how forces man, train, and equip for warfighting.

Moving to the tactical level, naval commanders must incorporate the use of cyber technologies into their battlefield tactics. In practical terms, this means that defensive and offensive cyber capabilities will be integrated alongside kinetic action. This is the integrated fires. Cyberspace can increase the effectiveness of traditional kinetic fires through improved intelligence and targeting. But it also presents new challenges for defensive operations to protect these systems from cyberattack as well as kinetic fires.

Cyberspace and cyber capabilities play a particularly important role in supporting network-centric weapon systems, such as the tactical Tomahawk missile, which the U.S. launched into Syria in April. Tactical Tomahawks receive in-flight targeting data from operational command centers. Similarly, carrier aviation maintenance programs rely on cyberspace to enable them to provide mission ready aircraft.

There are alternatives and workarounds to overcome system failures, but the point is that reliable access to cyberspace is critical to the successful employment of these systems. Naval security also depends upon the protection of access and critical information whether it is classified or not. For naval forces, this process of protecting critical information means educating and training sailors in good cyber hygiene habits and having cyber security integrated into the life cycles of systems.


RH: Moving on, we’ve discussed how naval strategies revolve around the four key layers. It is clear that the structure of cyberspace begins with the physical layer. Sometimes users forget how hardware like fiber optic cables and satellites are hidden from view in our daily use of cyberspace. It looks to be a frightening future as you provided a few examples that confirm how vulnerable these physical elements are to tampering.

An appropriate contextualization for the listeners of this threat was on display in a 2015 New York Times article that describes increased Russian submarine activity and how the construction of unmanned, undersea drones related to fiber optic cables is rattling the Pentagon. According to Rear Admiral Fredrick Roegge, commander of the Navy Submarine fleet Pacific (COMSUBPAC) he was quoted as saying, “I’m worried everyday about what the Russians could be doing.” What is your take on the threat to the physical layer and is this threat explicitly exaggerated? Or is it a feature that national security policy makers should be more concerned with?

AR: That’s a great question, I don’t believe that it’s exaggerated. The cables carrying global business for more than $10 trillion per day and 95 percent of daily communications. They are very important to our global economic and political structure.

Back in the 70s before there was a system as robust and widespread as it is today, the U.S. was willing to take great risks to tap into the cables in Soviet waters to gain intelligence. Now these cables carry much more information and have much more value in the present context. The Russians are seeking to identify and potentially exploit infrastructure weaknesses of the US and the West. So, I think it is absolutely worth being concerned about.

RH: Can you comment a little bit on what would happen in the event of tampering and what the process of repair might look like moving forward?

 AR: Well, it’s a little hard to speculate on exactly what would happen, but somethings that could happen is, cables could be severed, they could be cut, which would cause a slowdown in the system, and it would be difficult to repair them, particularly because these cables lie along the ocean bed, the floor of the ocean. And so, there are a certain number of ships in the world that can go to these places and fix the cables and that can be a process that is expensive and is time consuming. That’s just one scenario where the cables are cut.

Another scenario is that they can be potentially tapped into somehow. That is, of course, what the U.S. did to the Soviet Union in Operation Ivy Bells in the 1970s, and that was used for espionage purposes. So, something along those lines could be done with these cables with information being stolen or simply recorded and copied, but then passed along so that nobody knows that someone else was listening in. So, there are a variety of different things and they would require different responses, but some of them would be difficult to detect and to identify that there was a problem, while others like a cut in the cable would be immediately apparent.

RH: In terms of the logic layer, do you think it’s conceivable that a Stuxnet-like attack could seriously damage naval operations? It is worth noting to our audience that even in the case of air-gapped networks, which is what Iran was using, infections from viruses are still possible.

AR: I think it is entirely possible that a cyber-attack could manipulate the logic layer of cyberspace in a number of ways which could cause it to malfunction or shut down completely in order to inhibit the flow of data, which could directly affect naval operations. You make a very good point that even air-gap networks are still at risk. The Stuxnet attack happened 10 years ago, but it successfully targeted highly sensitive protected air-gap systems. And the technology and cyberweapons have advanced quite a lot in the decade since then.

RH: It seems like a bit of an antiquated question, but in the event, that a Stuxnet attack hit a naval operation, what would the response of the Navy be? I mean, do they still know how to use compasses and work like they did back in the day?

AR: (Laughs) This is a good question. But there are workarounds. There are capabilities that are redundant that have resiliency built in. Things would not function perfectly, but most things would still continue to function, so they would still be able to get to where they were going, but they wouldn’t be as effective as they’re intended to be. And so, it would be problematic. Absolutely.

RH: Just as an example for listeners though, but again theoretically, if there was a Stuxnet attack on an operation, it could kill the ability of network-centric weapons to function, correct?


AR: It has that potential, or could cause them to malfunction. So, an object could appear to go on course  go off course, or not be able to function entirely or, if it’s ordnance, explode too early, something along those lines.

It can cause a variety of effects, depending on exactly what type of attack it is and what it’s designed to do. Because these attacks – we say attacks in cyberspace happen very quickly because they do in cyberspace – but they also typically take a very long time to develop.

So, that’s another thing where we can develop the cyberweapons and keep them until you’re ready to use them, they do take a while to actually develop. But once you deploy them they happen almost immediately.

RH: A lot of those symptoms you just mentioned earlier about, sort of, missiles veering off course or exploding too early, that’s also a good way to look at the early stages of the North Korean missile program, which unfortunately has evolved to a dangerous point right now. But that’s also maybe a good example if you would agree about the various difficulties that come with a Stuxnet like attack on any sort of cyber infrastructure.

AR: I think that’s an excellent sample.

RH: Drives people crazy in Pyongyang. We have an established the crucial role of cyber for naval strategies, and touched on the composition and structure. Against this backdrop, what are the main opportunities for naval forces and policy makers moving forward with cyber?

AR: Well, there are many potential opportunities but there are three that I think are the most important and exciting.

The first is improved battlespace awareness. Cyber capabilities allow naval forces to have a better understanding of the environment in which they are operating and that is very very good for them.

The second is that cyberspace presents new opportunities for modelling and simulation to help naval forces prepare and train for warfighting.

And then third, as a new domain, cyberspace presents opportunities for cooperation with partner nations for developing, maintaining, and protecting a domain to ensure things like reliable access for allies and partners. And limiting the adversary’s maneuverability within the domain.

So, the domain is essentially a blank slate for cooperation within the international community. That provides some really exciting and interesting opportunities.

RH: Despite these improvements in the maritime domain, it is safe to say that you still remain skeptical of the numerous challenges that threaten naval security. Can you identify and describe some of the major threats? To either advanced technological navies or less advanced navies.

AR: Yes, and there are many challenges, but again I’ll pick the top three that I consider to be the most dangerous or the most important:

First, anti-access and area denial operations in cyberspace are the most significant challenge to the basic goals of naval forces: To retain freedom of maneuvering in cyberspace and deny freedom of action to the adversaries. Cyberspace is essential to naval operations so therefore; the protection of cyberspace is also essential. It doesn’t matter how new or fancy your ships are, if they don’t have the capabilities you need because you can’t access cyberspace. So, I think the most important challenge is, maintaining access to the domain.

The second is significant challenge for naval forces is that offense has the advantage. Threats in cyberspace develop faster than forces can protect against in many cases. The domain is constantly evolving, and innovation is happening so quickly that creating new systems, platforms, and tools occurs at a rapid pace. With the creation of new applications comes the opportunity for new vulnerabilities within the systems. Adversaries are constantly seeking new ways of attack or penetration of networks.

While defensive cyber operations have to work very hard to keep up with the constant onslaught of attacks, there are things like advanced persistent threats, APTs, that are these stealthy persistent attacks on a targeted computer system in order to continuously monitor and extract data. These are particularly problematic because they are so difficult to detect and could render significant damage. We just saw recently that a very prominent cyber security firm was actually targeted with the use APTs, which is very worrying given that they are a prominent cyber security firm. And in addition, the speed at which some cyber attacks can take place, the relatively low barriers on entry to cyberspace, and the potentially big impact of an attack provides a lot of incentive for attackers to keep trying. So, it’s difficult for defensive operations to keep up with them and innovate to protect against future attacks.

RH: I have to be honest Dr. Russell, based on our discussion and the litany of challenges, I’m more inclined to believe that navies will remain exposed to invisible torpedoes more so than physical ones. But hopefully the offensive actions and the various layers will become more resilient in defending and fighting them off. Undoubtedly, it has been an eye-opening podcast that has served to expand our collective assessment on the role of cyberspace and the implications for both naval strategy and security. As we sail off on another sea control series podcast Dr. Russell, do you have any operational takeaways for the listeners or the issues they should pay special attention to?

AR: Well, the rise of cyber capabilities of allies and adversaries such as precision targeting and long-range attacks on systems mean that navies will be simultaneously more connected and more vulnerable at sea than ever before. The modern Navy has so many capabilities that rely on cyberspace that it must not take access to cyberspace for granted. As our ships grow smarter and we invest more and more in the high-end capabilities that allow this unprecedented array of actions, let us not forget to simultaneously ensure that the cyber-connected systems are protected so that our new technology can be used effectively when it’s called upon.

Sun Tzu observed that it is best to win a war without fighting. If modern navies did not have access to cyberspace, it would be very difficult for them to fight. The goal of the navies in the future will be to retain freedom of maneuver and deny freedom of action to adversaries at sea. As well as in cyberspace.

RH: Dr. Russell, thank you again for taking the time to enlighten us on such a relevant and complicated issue.

If our listeners want to follow up in more detail on cyberspace and maritime strategy, or gain a better outlook on the general maritime domain, The Routledge Handbook of Naval Strategy and Security, edited by Sebastian Bruns and Joachim Krause, published in 2016 is an indispensable resource to have. Please check www.kielseapowerseries.com for more info on the book and other podcasts derived from the book.

With no shortage of maritime issues within the greater geopolitical landscape, I promise I will be back to keep CIMSEC listeners well-informed. From the Institute for Security Policy at Kiel University and its adjunct, the Center for Maritime Strategy and Security, I’m Roger Hilton saying farewell and auf wiedersehen.

Dr. Alison Russell is an Assistant Professor of Political Science and International Studies at Merrimack College.  The author of Cyber Blockades (Georgetown University Press, 2014), she worked for six years as a security analyst at the Center for Naval Analyses where she specialized in naval strategic planning. She holds a Ph.D. from the Fletcher School of Law and Diplomacy, an M.A. in International Relations from American University in Washington, D.C., and a B.A. in Political Science and French Literature from Boston College.

Roger Hilton is a nonresident academic fellow for the Institute for Security Policy at the University of Kiel.

Matthew Merighi is the Senior Producer for Sea Control. 

Beijing’s Views on Norms in Cyberspace and Cyber Warfare Strategy Pt. 2

By LCDR Jake Bebber USN

The following is a two-part series looking at PRC use of cyberspace operations in pursuit of its national strategies and the establishment of the Strategic Support Force. Part 1 considered the centrality of information operations and information war to the PRC’s approach toward its current struggle against the U.S. Part 2 looks at the PRC’s use of international norms and institutions in cyberspace, and possible U.S. responses.

Cyber-Enabled Public Opinion and Political Warfare

Many American planners are carefully considering scenarios such as China making a play to force the integration of Taiwan, seize the Senkaku Islands from Japan, or seize and project power from any and all claimed reefs and islands in the South China Sea. Under these scenarios we can expect preemptive strikes in the space and network domains in an attempt to “blind” or confuse American and allied understanding and establish a fait accompli. This will, in Chinese thinking, force the National Command Authority to consider a long and difficult campaign in order to eject Chinese forces, and the CCP is placing a bet that American decision makers will choose to reach a political accommodation that recognizes the new “facts on the ground” rather than risk a wider military and economic confrontation.

The role of public opinion warfare may be an integral component of future crisis and conflict in Asia. Well in advance of any potential confrontation, Chinese writing emphasizes the role of “political warfare” and “public opinion warfare” as an offensive deterrence strategy. China will seek to actively shape American, allied, and world opinion to legitimize any military action the CCP deems necessary. We might see cyber-enabled means to “incessantly disseminate false and confused information to the enemy side … through elaborate planning [in peacetime], and [thereby] interfere with and disrupt the enemy side’s perception, thinking, willpower and judgment, so that it will generate erroneous determination and measures.”1 China may try to leverage large populations of Chinese nationals and those of Chinese heritage living outside China as a way to influence other countries and generate new narratives that promote the PRC’s position. Consider, for example, how Chinese social media campaigns led to the boycotts of bananas from the Philippines when it seized Scarborough Reef, or similar campaigns against Japanese-made cars during its ongoing territorial dispute over the Senkaku Islands. Most recently, Lotte Duty Free, a South Korean company, suffered distributed denial-of-service attacks from Chinese IP servers – almost certainly a response to South Korea’s recent decision to host the THAAD missile defense system.

It is also critical to recognize China’s understanding and leverage of the American political, information, and economic system. Over decades, China has intertwined its interests and money with American universities, research institutes, corporate institutions, media and entertainment, political lobbying, and special interest organizations. This has had the effect of co-opting a number of institutions and elite opinion makers who view any competition or conflict with China as, at best, detrimental to American interests, and at worst, as a hopeless cause, some going so far as to suggest that it is better for the U.S. to recognize Chinese primacy and hegemony, at least in Asia, if not worldwide. Either way, China will maximize attempts to use cyber-enabled means to shape American and world understanding so as to paint China as the “victim” in any scenario, being “forced” into action by American or Western “interference” or “provocation.”

What can the U.S. do to Enhance Network Resilience?

One of the most important ways that network resiliency can be addressed is by fundamentally changing the intellectual and conceptual approach to critical networks. Richard Harknett, the former scholar-in-residence at U.S. Cyber Command, has suggested a better approach. In a recent issue of the Journal of Information Warfare, he points out that cyberspace is not a deterrence space, but an offense-persistent environment. By that he means that it is an inherently active, iterative, and adaptive domain. Norms are not established by seeking to impose an understood order (such as at Bretton Woods) or through a “doctrine of restraint,” but rather through the regular and constant interactions between states and other actors.  Defense and resiliency are possible in this space, but attrition is not. Conflict here cannot be contained to “areas of hostility” or “military exclusion zones.” No steady state can exist here—every defense is a new opportunity for offense, and every offense generates a new defense.2

Second, the policy and legal approach to network resiliency must shift from a law enforcement paradigm to a national security paradigm. This paradigm is important because it affects the framework under which operations are conducted. The emphasis becomes one of active defense, adaptation, identification of vulnerabilities and systemic redundancy and resilience. A national security approach would also be better suited for mobilizing a whole-of-nation response in which the government, industry, and the population are engaged as active participants in network defense and resiliency. Important to this is the development of partnership mechanisms and professional networking that permit rapid sharing of information at the lowest level possible. Major telecommunications firms, which provide the infrastructure backbone of critical networks, require timely, actionable information in order to respond to malicious threats. Engagement with the private sector must be conducted in the same way they engage with each other – by developing personal trust and providing actionable information.

Network hardening must be coupled with the capabilities needed to rapidly reconstitute critical networks and the resiliency to fight through network attack. This includes the development of alternative command, control, and communication capabilities. In this regard, the military and government can look to industries such as online retail, online streaming, and online financial networks (among others) that operate under constant attack on an hourly basis while proving capable of providing on-demand service to customers without interruption. Some lessons might be learned here.    

Third, new operational concepts must emphasize persistent engagement over static defense. The United States must have the capacity to contest and counter the cyber capabilities of its adversaries and the intelligence capacity to anticipate vulnerabilities so we move away from a reactive approach to cyber incidents and instead position ourselves to find security through retaining the initiative across the spectrum of resiliency and active defensive and offensive cyber operations.

Congressional Action and Implementing a Whole-of-Government Approach

There are five “big hammers” that Congress and the federal government have at their disposal to effect large changes – these are known as the “Rishikof of Big 5” after Harvey Rishikof, Chairman of the Standing Committee on Law and National Security for the American Bar Association. These “hammers” include the tax code and budget, the regulatory code, insurance premiums, litigation, and international treaties. A comprehensive, whole-of-nation response to the challenge China represents to the American-led international system will require a mixture of these “big hammers.” No one change or alteration in Department of Defense policy toward cyberspace operations will have nearly the impact as these “hammers.”3

The tax code and budget, coupled with regulation, can be structured to incentivize network resiliency and security by default (cyber security built into software and hardware as a priority standard), not only among key critical infrastructure industries, but among the population as a whole to include the telecommunication Internet border gateways, small-to-medium sized Internet service providers, and information technology suppliers. Since the federal government, Defense Department, and Homeland Security rely largely on private industry and third-party suppliers for communications and information technology, this would have the attendant effect of improving the systems used by those supporting national security and homeland defense. The key question then is: how can Congress incentivize network resiliency and security standards, to include protecting the supply chain, most especially for those in industry who provide goods and services to the government?

If the tax code, budget, and regulation might provide some incentive (“carrots”), so too can they provide “sticks.” Litigation and insurance premiums can also provide similar effects, both to incentivize standards and practices and discourage poor cyber hygiene and lax network security practices. Again, Congress must balance the “carrots” and “sticks” within a national security framework.

Congress might also address law and policy which permits adversary states to leverage the American system to our detriment. Today, American universities and research institutions are training China’s future leaders in information technology, artificial intelligence, autonomous systems, computer science, cryptology, directed energy and quantum mechanics. Most of these students will likely return to China to put their services to work for the Chinese government and military, designing systems to defeat us. American companies hire and train Chinese technology engineers, and have established research institutes in China.4 The American taxpayer is helping fund the growth and development of China’s military and strategic cyber forces as well as growth in China’s information technology industry.

Related specifically to the Department of Defense, Congress should work with the Department to identify ways in which the services man, train, and equip cyber mission forces. It will have to provide new tools that the services can leverage to identify and recruit talented men and women, and ensure that the nation can benefit long-term by setting up appropriate incentives to retain and promote the best and brightest. It will have to address an acquisition system structured around platforms and long-term programs of record. The current military is one where highly advanced systems have to be made to work with legacy systems and cobbled together with commercial, off-the-shelf technology. This is less than optimal and creates hidden vulnerabilities in these systems, risking cascading mission failure and putting lives in jeopardy.

Finally, Congress, the Department of Defense, and the broader intelligence and homeland security communities can work together to establish a center of excellence for the information and cyber domain that can provide the detailed system-of-systems analysis, analytic tools, and capability development necessary to operate and defend in this space. Such centers have been established in other domains, such as land (e.g., National Geospatial Intelligence Agency), sea (e.g., Office of Naval Intelligence) and air and space (e.g., National Air and Space Intelligence Center).


It is important to understand that this competition is not limited to “DOD versus PLA.” The U.S. must evaluate how it is postured as a nation is whether it is prepared fight and defend its information space, to include critical infrastructure, networks, strategic resources, economic arrangements, and the industries that mold and shape public understanding, attitude, and opinion. It must decide whether defense of the information space and the homeland is a matter of national security or one of law enforcement, because each path is governed by very different approaches to rules, roles, policies, and responses. Policymakers should consider how to best address the need to provide critical indications, warnings, threat detection, as well as the system-of-systems network intelligence required for the U.S. to develop the capabilities necessary to operate in and through cyberspace. For all other domains in which the U.S. operates, there is a lead intelligence agency devoted to that space (Office of Naval Intelligence for the maritime domain, National Air and Space Intelligence Center for the air and space domains, etc.).

It must always be remembered that for China, this is a zero-sum competition – there will be a distinct winner and loser. It intends to be that winner, and it believes that the longer it can mask the true nature of that competition and keep America wedded to its own view of the competition as a positive-sum game, it will enjoy significant leverage within the American-led system and retain strategic advantage. China is pursuing successfully, so far, a very clever strategy of working through the system the U.S. built in order to supplant it – and much of it is happening openly and in full view. This strategy can be countered in many ways, but first the U.S. must recognize its approach and decide to act.

LCDR Jake Bebber is a cryptologic warfare officer assigned to the staff of Carrier Strike Group 12. He previously served on the staff of U.S. Cyber Command from 2013 – 2017. LCDR Bebber holds a Ph.D. in public policy. He welcomes your comments at: jbebber@gmail.com. These views are his alone and do not necessarily represent any U.S. government department or agency.

1. Deal 2014.

2. Richard Harknett and Emily Goldman (2016) “The Search for Cyber Fundamentals.” Journal of Information Warfare. Vol. 15 No. 2.

3. Harvey Rishikof (2017) Personal communication, April 21.

4. See: https://www.bloomberg.com/view/articles/2013-03-28/chinese-hacking-is-made-in-the-u-s-a-

Featured Image: Nokia Security Center server room (Photo: Nokia)

Beijing’s Views on Norms in Cyberspace and Cyber Warfare Strategy Pt. 1

By LCDR Jake Bebber USN

The following is a two-part series looking at PRC use of cyberspace operations in pursuit of its national strategies and the establishment of the Strategic Support Force. Part 1 considers the centrality of information operations and information war to the PRC’s approach toward its current struggle against the U.S. Part 2 looks at the PRC’s use of international norms and institutions in cyberspace, and possible U.S. responses.


A recent article noted a marked shift in Chinese strategy a few short years ago which is only now being noticed. Newsweek author Jeff Stein wrote a passing reference to a CCP Politburo debate under the presidency of Hu Jintao in 2012 in which “Beijing’s leading economics and financial officials argued that China should avoid further antagonizing the United States, its top trading partner. But Beijing’s intelligence and military officials won the debate with arguments that China had arrived as a superpower and should pursue a more muscular campaign against the U.S.”1

The nature of this competition is slowly taking shape, and it is a much different struggle than the Cold War against the Soviet Union – however, with stakes no less important. This is a geoeconomic and geoinformational struggle. Both U.S. and PRC views on cyber warfare strategy, military cyber doctrine, and relevant norms and capabilities remain in the formative, conceptual, and empirical stages of understanding. There is an ongoing formulation of attempting to understand what cyberspace operations really are. While using similar language, each has different orientations and perspectives on cyberspace and information warfare, including limiting structures, which has led to different behaviors. However, the nature of cyberspace, from technological advancement and change, market shifts, evolving consumer preferences to inevitable compromises, means that while windows of opportunity will emerge, no one side should expect to enjoy permanent advantage. Thus, the term ‘struggle’ to capture the evolving U.S.-PRC competition.

The PRC recognized in the 1990s the centrality of information warfare and network operations to modern conflict. However, it has always understood the information space as blended and interrelated. Information is a strategic resource to be harvested and accumulated, while denied to the adversary. Information warfare supports all elements of comprehensive national power to include political warfare, legal warfare, diplomatic warfare, media warfare, economic warfare, and military warfare. It is critical to recognize that the PRC leverages the American system and its values legally (probably more so than illegally), to constrain the U.S. response, cloud American understanding, and co-opt key American institutions, allies, and assets. In many ways, the PRC approach being waged today is being hidden by their ability to work within and through our open liberal economic and political system, while supplemented with cyber-enabled covert action (such as the OPM hack).

To support their comprehensive campaign, the PRC is reforming and reorganizing the military wing of the Communist Party, the People’s Liberation Army (PLA), posturing it to fight and win in the information space. Most notably, it recently established the Strategic Support Force (SSF) as an umbrella entity for electronic, information, and cyber warfare. Critical for U.S. policymakers to understand is how the SSF will be integrated into the larger PLA force, how it will be employed in support of national and military objectives, and how it will be commanded and controlled. While much of this remains unanswered, some general observations can be made.

This reform postures the PLA to conduct “local wars under informationized conditions” in support of its historic mission to “secure dominance” in outer space and the electromagnetic domain. Network (or cyberspace) forces are now alongside electromagnetic, space, and psychological operations forces and better organized to conduct integrated operations jointly with air, land, and sea forces.2

This change presents an enormous challenge to the PLA. The establishment of the SSF disrupts traditional roles, relationships, and processes. It also disrupts power relationships within the PLA and between the PLA and the CCP. It challenges long-held organizational concepts, and is occurring in the midst of other landmark reforms, to include the establishment of new joint theater commands.3 However, if successful, it would improve information flows in support of joint operations and create a command and control organization that can develop standard operating procedures, tactics, techniques, procedures, advanced doctrine, associated training, along with driving research and development toward advanced capabilities.

While questions remain as to the exact composition of the Strategic Support Force, there seems to be some consensus that space, cyber, electronic warfare, and perhaps psychological operations forces will be centralized into a single “information warfare service.” Recent PLA writings indicate that network warfare forces will be charged with network attack and defense, space forces will focus on ISR and navigation, and electronic warfare forces will engage in jamming and disruption of adversary C4ISR. It seems likely that the PRC’s strategic information and intelligence support forces may fall under the new SSF. The PLA’s information warfare strategy calls for its information warfare forces to form into ad hoc “information operations groups” at the strategic, operational, and tactical levels, and the establishment of the SSF will save time and enable better coordination and integration into joint forces. The SSF will be better postured to conduct intelligence preparation of the battlespace, war readiness and comprehensive planning for “information dominance.”4

The establishment of the SSF creates a form of information “defense in depth,” both for the PLA and Chinese society as a whole. The SSF enables the PLA to provide the CCP with “overlapping measures of electronic, psychological, and political deterrents.” It is reasonable to expect that there will be extensive coordination and cooperation among the PRC’s military, internal security, network security, “commercial” enterprises such as Huawei and ZTE, political party organizations, state controlled media both inside and outside China, and perhaps even mobilization of Chinese populations.

Chinese Information Warfare Concepts and Applications

Recent Chinese military writings have stressed the centrality of information to modern war and modern military operations. Paying close attention to the way the West – principally the U.S. – conducted the First Gulf War and operations in Kosovo and the Balkans in the 1990s, the PRC has been aggressively pursuing a modernization and reform program that has culminated in where they are today. Indeed, there is close resemblance to PLA and PRC aspirational writing from the 1990s to today’s force structure.

In many ways, the PLA understanding of modern war reflects the American understanding in so much as both refer to the centrality of information and the need to control the “network domain.” “Informatized War” and “Informatized Operations” occur within a multi-dimensional space – land, sea, air, space and the “network electromagnetic” or what Americans generally understand as “cyberspace.” The U.S. has long held that the control of the network domain provides a significant “first mover advantage,” and the PRC is well on the way toward building the capability for contesting control of the network domain. Its writings consistently hold that the PLA must degrade and destroy the adversary’s information support infrastructure to lessen its ability to respond or retaliate. This is especially necessary for “the weak to defeat the strong,” because most current writing still suggests that the PLA believes itself still inferior to American forces, though this perception is rapidly changing. Regardless, the PRC understanding of modern war supposes a strong incentive for aggressive action in the network domain immediately prior to the onset of hostilities.6 These operations are not restricted geographically, and we should expect to see full-scope network operations worldwide in pursuit of their interests, including in the American homeland.7

There are three components to a strategic first strike in the cyber domain. The first component is network reconnaissance to gain an understanding of critical adversary networks, identifying vulnerabilities, and manipulating adversary perception to obtain strategic advantage. Network forces are then postured to be able to conduct “system sabotage” at a time and place of the PRC’s choosing. When the time is right, such as a prelude to a Taiwan invasion or perhaps the establishment of an air defense identification zone over the South China Sea, the PRC will use system sabotage to render adversary information systems impotent, or to illuminate the adversary’s “strategic cyber geography” in order to establish a form of “offensive cyber deterrence.” The PRC could take action to expose its presence in critical government, military, or civilian networks and perhaps conduct some forms of attack in order to send a “warning shot across the bow” and give national decision-makers reason to pause and incentive to not intervene.8

Indeed, unlike the American perspective, which seeks to use cyberspace operations as a non-kinetic means to dissuade or deter potential adversaries in what Americans like to think of as “Phase 0,” the PLA has increasingly moved toward an operational construct that blends cyberspace operations with kinetic operations, creating a form of “cyber-kinetic strategic interaction.” The goal would be to blind, disrupt, or deceive adversary command and control and intelligence, surveillance, and reconnaissance (C4ISR) systems while almost simultaneously deploying its formidable conventional strike, ballistic missile, and maritime power projection forces. The PLA envisions this operational concept as “integrated network electronic warfare,” described by Michael Raska as the “coordinated use of cyber operations, electronic warfare, space control, and kinetic strikes designed to create ‘blind spots’ in an adversary’s C4ISR systems.”9 

The PLA has recently described this as a form of “network swarming attacks” and “multi-directional maneuvering attacks” conducted in all domains – space, cyberspace, ground, air, and sea. The Strategic Support Force has been designed to provide these integrated operations, employing electronic warfare, cyberspace operations, space and counter-space operations, military deception and psychological operations working jointly with long-range precision strike, ballistic missile forces and traditional conventional forces.

Essential to these concepts are China’s ability to achieve dominance over space-based information assets. PRC authors acknowledge this as critical to conducting joint operations and sustaining battlefield initiative. This includes not only the orbiting systems, but ground stations, tracking and telemetry control, and associated data systems. We can expect full-scope operations targeting all elements of America’s space-based information system enterprise.

Important to all of this is the necessity of preparatory operations that take place during “peacetime.” China understands that many of its cyberspace, network, electronic and space warfare capabilities will not be available unless it has gained access to and conducted extensive reconnaissance of key systems and pre-placed capabilities to achieve desired effects. We should expect that the PRC is actively attempting to penetrate and exploit key systems now in order to be able to deliver effects at a later date.

Chinese Understandings of Deterrence and International Law in Cyber Warfare

China recently released the “International Strategy of Cooperation on Cyberspace.”10 Graham Webster at the Yale Law School made some recent observations. First, it emphasizes “internet sovereignty,” which is unsurprising, since the CCP has a vested interest in strictly controlling the information space within China, and between China and the rest of the world.  This concept of “internet sovereignty” should best be understood as the primacy of Chinese interests. China would consider threatening information sources outside of the political borders of China as legitimate targets for cyber exploitation and attack. In the minds of the CCP, the governance of cyberspace should recognize the sovereignty of states, so long as the Chinese state’s sovereignty is paramount over the rest of the world’s.

Second, the strategy suggests that “[t]he tendency of militarization and deterrence buildup in cyberspace is not conducive to international security and strategic mutual trust.” This appears to be aimed squarely at the U.S., most likely the result of Edward Snowden’s actions. The U.S. seems to also be the target when the strategy refers to “interference in other countries’ internal affairs by abusing ICT and massive cyber surveillance activities,” and that “no country should pursue cyber hegemony.” Of course, the PRC has been shown to be one of the biggest sources of cyber-enabled intellectual property theft and exploitation, and China’s cyber surveillance and control regimes are legendary in scope. Immediately after decrying the “militarization” of cyberspace, the strategy calls for China to “expedite the development of a cyber force and enhance capabilities … to prevent major crisis, safeguard cyberspace security, and maintain national security and social stability.” These broad, sweeping terms would permit China to later claim that much of its activities that appear to violate its own stated principles in the strategy are indeed legitimate.

The strategy seeks to encourage a move away from multi-stakeholder governance of the Internet to multilateral decision-making among governments, preferably under the United Nations. This would certainly be in China’s interests, as China continues to hold great sway in the U.N., especially among the developing world. After all, China is rapidly expanding its geoeconomic and geoinformational programs, leveraging its state-owned enterprises to provide funding, resources, and informational infrastructure throughout Africa, Asia, Europe, and the Americas. As more countries become dependent on Chinese financing, development, and infrastructure, they will find it harder to oppose or object to governance regimes that favor Chinese interests.

Naturally, the strategy emphasizes domestic initiatives and a commitment to a strong, domestic high-tech industry. This would include the “Made in China 2025” plan, which has received a great deal of attention. The plan seeks to comprehensively upgrade and reform Chinese industry, with an emphasis on information technology.11

When considering deterrence in the Chinese understanding, it is important to remember that China approaches it from a different context than the United States. Jacqueline Deal noted that China’s basic outlook proceeds from the premise that the “natural state of world is one of conflict and competition, and the goal of strategy is to impose order through hierarchy.”12 While Americans understand deterrence as a rational calculation, the Chinese approach emphasizes the conscious manipulation of perceptions.

Indeed, the Chinese term weishe, which translates as “deterrence,” also embodies the idea of “coercion.” We might see examples of this understanding by China’s historic use of “teaching a lesson” to lesser powers. In the 20th Century, Chinese offensives against India and Vietnam – thought by many in the West to be an example of tragic misunderstanding and failed signaling of core interests – might be better thought of as attempts by China to secure its “rightful” place atop the regional hierarchy. It is a form of “lesson teaching” that has long-term deterrent effects down the road.

We can expect therefore that cyberspace would become one means among many that China will use in support of its “Three Warfares” (public opinion, media, legal) concept in support of its larger deterrent or compellence strategies. It will likely be much broader than the use of PLA SSF forces, and could include cyber-enabled economic strategies, financial leverage, and resource withholding.

LCDR Jake Bebber is a cryptologic warfare officer assigned to the staff of Carrier Strike Group 12. He previously served on the staff of U.S. Cyber Command from 2013 – 2017. LCDR Bebber holds a Ph.D. in public policy. He welcomes your comments at: jbebber@gmail.com. These views are his alone and do not necessarily represent any U.S. government department or agency.

1. Available at: http://www.newsweek.com/cia-chinese-moles-beijing-spies-577442

2. Dean Cheng (2017). Cyber Dragon: Inside China’s Information Warfare and Cyber Operations. Praeger Security International.

3. Cheng 2017.

4. John Costello and Peter Mattis (2016). “Electronic Warfare and the Renaissance of Chinese Information Operations.” in China’s Evolving Military Strategy (Joe McReynolds, editor). The Jamestown Foundation.

6. Joe McReynolds, et. Al. (2015) “TERMINE ELECTRON: Chinese Military Computer Network Warfare Theory and Practice.” Center for Intelligence Research and Analysis

7.  Barry D. Watts (2014) “Countering Enemy Informationized Operations in Peace and War.” Center for Strategic and Budgetary Assessments

8. Timothy L. Thomas (2013) “China’s Cyber Incursions.” Foreign Military Studies Office

9. See: http://www.atimes.com/article/chinas-evolving-cyber-warfare-strategies/

10. See: http://news.xinhuanet.com/english/china/2017-03/01/c_136094371.htm

11. See: https://www.csis.org/analysis/made-china-2025

12. Jacqueline N. Deal (2014). “Chinese Concepts of Deterrence and their Practical Implications for the United States.” Long Term Strategy Group.

Featured Image: The Center for Nanoscale Materials at the Advanced Photon Source. (Photo: Argonne National Laboratory)