Tag Archives: cyber

The Full Cost of Remote Diagnostics

Last week an article came out about state-sponsored hacking that had nothing to do Edward Snowden or the NSA. Bloomberg News detailed the ongoing hacking of U.S. defense contractor QinetiQ. Two paragraphs in the piece particularly struck me:

“The [China-based] spies also took an interest in engineers working on an innovative maintenance program for the Army’s combat helicopter fleet. They targeted at least 17 people working on what’s known as Condition Based Maintenance, which uses on-board sensors to collect data on Apache and Blackhawk helicopters deployed around the world, according to experts familiar with the program.

The CBM databases contain highly sensitive information including the aircrafts’ individual PIN numbers, and could have provided the hackers with a view of the deployment, performance, flight hours, durability and other critical information of every U.S. combat helicopter from Alaska to Afghanistan, according to Abdel Bayoumi, who heads the Condition Based Maintenance Center at the University of South Carolina.”

A remote diagnostic system: safe and secure...
        A remote diagnostic system: safe and secure…

While it’s unclear whether the hackers succeeded in accessing or exploiting the data, it is clear that they saw the information as valuable. And rightly so – systems such as condition based maintenance, remote diagnostics, and remote C2 systems are designed to reduce the workload burden on front-line “warfighters”, or the logistics burden on their platforms, by shifting the location of the work to be done elsewhere. This can also facilitate the use off-site processing power for more in-depth analysis of historical data sets and trends for such things as predicting part failures. The Army is not alone in pursuing CBM. The U.S. Navy has integrated CBM into its Arleigh Burke-class DDG engineering main spaces, meaning “ship and shore engineers have real maintenance data available, in real time, at their fingertips.”

However, the very information that enables this arrangement and the benefits it brings also creates risk. Every data link or information conduit created for the benefit of an operator means a point of vulnerability that can be targeted, and potentially exploited – whether revealing or corrupting potentially crucial information. This applies not only for CBM, but more dramatically for the C2 circuits for unmanned systems. I’m by no means the first to point out that CBM, et al, means tempting targets. UAV hacking has garnered a great deal of attention in the past year, but the Bloomberg article confirms an active interest exists in hijacking the enabling access of lower profile access points.

This raises several questions for CBM and remote diagnostics, not least of which is “is it worth it?” At what point does the benefit derived from the remote access become outweighed by the risks of that access being compromised? Given the sophistication of adversary hacking, should planners operate from the starting assumption that the data will be exploited and limit the extent of its use to non-critical systems? If operating under this assumption, should “cyber defense” attempts to protect this information be kept to a minimum so as not to incur unnecessary additional costs? Or should the resources be devoted to make the access as secure as the C2 systems allowing pilots to fly drones in Afghanistan from Nevada?

Scott is a former active duty U.S. Navy Surface Warfare Officer, and the former editor of Surface Warfare magazine. He now serves as an officer in the Navy Reserve and civilian writer/editor at the Pentagon. Scott is a graduate of Georgetown University and the U.S. Naval War College.

Note: The views expressed above are solely those of the authors and do not necessarily represent those of their governments, militaries, or the Center for International Maritime Security.

Surviving the Invisible Commons

This article originally featured at the USNI Blog

In his piece, “Imminent Domain,” ADM Greenert suggests that the EM and Cyber spectrums need now be considered a stand-alone domain of conflict. Respectfully, we’re already there. The electronic environment, wired and unwired, is an obsession for defense planners. In CYBERCOM, the EM-Cyber spectrum practically has its own unified command. The navy’s component of CYBERCOM, the “10th Fleet,” in name harkens back to ADM Greenert’s example of the rise of sub-surface warfare. From the military’s fears over an assassin’s mace style EMP attack to the public’s obsession in movies like Live Free, Die Hard and games like Black Ops 2, the awareness is more than there. While we may have recognized this new environment, ADM Greenert is right in that we have not taken this challenge to heart.  If forces are going to operate as if the EM-Cyber spectrum is a domain of warfare, they must act as they would in the physical battlefield on the tactical level, not just the strategic: take cover, stay organized, and interrupt the enemy’s OODA loop.

 

TAKE COVER

 

In a battlefield, soldiers take cover to avoid detection and enemy fire. In the EM-cyber realm, we’ve made a habit of unnecessarily exposing ourselves to vulnerability. The US Navy has created an entire web of centralized databases that require not just mere control of the EM environment, but also a stability that often doesn’t exist at sea.

The Ordnance Information System-Retail (OIS-R) is the perfect example of unnecessary exposure to EM spectrum weakness. The system, designed to manage all ordnance administration, accounting, and inventory, requires a command to sign in to a shore-side database requiring uninterrupted connection through a Java interface. To access a ship’s ordnance data, one MUST have a functional internet connection either hard-wired or satellite. If account problems exist, troubleshooting must be done through other wireless means (phone, email, etc…) with land-based facilities. Each step requires a series of exposures to a very particular type of EM-Cyber connection to operate effectively.

The old system, Retail Ordnance Logistics Management System (ROLMS) was a stand-alone database that would update parallel shore-side databases through message traffic. The old system, while potentially harder for a single entity to manage, didn’t open the whole system to multiple weaknesses by environmental interference, enemy interference both kinetic and cyber, and equipment errors shore-side that a ship cannot trouble-shoot. It might be easier to keep all your ordnance (admin) in a huge pile, but to require warfighters to make a run through the open plains of TRON to get it is not a good idea.

 

STAY ORGANIZED

 

The drive to create centralized databases is often driven by a lack of organization on the part of the end-user. Properly organized supplies (data) minimize loss and the need to reach back into the logistical chain for material already packed. If the networks on ships are any indication, the average sailor enters the EM battlefield with absolutely no organization whatsoever. Sign in to a ship’s NIPR network and one will likely find  decade old files, repeated, in over a dozen similarly named folders: Operations Department, Ops, Operations, Ops Dept, OS1’s Folder, etc… Perhaps, those folders will have subfolders of the same name down 20 deep in series. Poor organization leads to inefficiency; inefficiency requires time, bandwidth, and exposure that should go towards the survival of the force and the success of operations. Ships need to treat their networks as they do their home desktops, organizing their material in a sensible way and deleting wrong, obsolete, or useless files.

Organization becomes the key to minimizing the need to go off-ship: well organized tech pubs, updated instructions in intuitive places, and personnel willing to spend the minute to search . A badly organized NIPR network is a reflection of how the navy treats the rest of its data: sloppily. We have seventeen sources pinging a ship for the same information that is held in 8 PowerPoint trackers, 2 messages, at least one call over the voice circuits, and 30 emails. Today, we expect every sailor to be at least an LS1 of the data-GSK, without giving them the tools or support to be so. One could drastically decrease the need to go off-ship for information by teaching sailors how to do a proper “ctrl-f” search or assigning an IT2 to deleting the ¾ of the network dedicated to obsolete files, animated .gifs, and 12 years of sea-and-anchor PowerPoints. Better training must exist not only in how to use data and of what kind, but how to properly disseminate/find it as well.

The battlefield equivalent of how we treat our data is sending soldiers into combat with a dozen different weapons from over the past century, but hiding them, their magazines, and their ammunition randomly throughout the base in mis-labeled boxes.  Like a poorly organized supply system, perceived “lost items” that are merely hidden end up wasting bandwidth on downloads, emails, and voice traffic as sailors work to solve the problems whose answers are merely in the 20th sub-folder down or in the inbox of the department head who doesn’t read his email. We must worry almost as much about the organization of our data as we do our organization of physical objects.

 

DOMINATE THE OODA LOOP

 

Survival often depends on an ability to use the enemy’s expectations of your methods against them. Some have suggested the navy embrace a wider range of bandwidths for communication; while true, more drastic measures are necessary to navigate the EM-cyber commons. In 2002, LtGen Paul Van Riper became famous for sinking the American fleet in a day during the Millennium Challenge exercise; he did so by veiling his intentions in a variety of wireless communications. We assume wireless to mean the transfer of data through the air via radio signals, but lights, hand signals, motorcycle couriers, and the like are all equally wireless.  These paleo-wireless concepts are just what we need for flexibility and security in the EM environment.

Combot vulnerabilities to wireless hacks are of particular concern to warfighters. Data connections to operators or potential connections between combots and ships serve as a way for enemies to detect, destroy, or even hijack our assets.  While autonomy is the first step in solving the vulnerability of operator connections, combots in the future must work as communicating teams. Fewer opportunities should be provided for subversion by cutting the long link back to the operator while maintaining the versatility of a small internally-communicating team. However, data communication between combots could still be vulnerable. Therefore, combots must learn from LtGen Van Riper and move to the wireless communications of the past. Just as ships at sea communicate by flags and lights when running silent or soldiers might whisper or motion to one another before breaching a doorway, combots can communicate via light, movement, or sound.

Unlike a tired Junior Officer of the Deck with a NATO code-book propped open, computers can almost instantly process simple data. If given the capability, a series of blinking lights, sounds, or even informative light data-transmissions  could allow combots of the future to coordinate their actions in the battlefield without significantly revealing their position. Combots would be able to detect and recognize the originator of signals, duly ignoring signals not coming from the combot group. With the speed and variation of their communications, compressed as allowed by their processing power, combots can move through the streets and skies with little more disruption than a cricket, lightening bug, or light breeze. High- and low-pitch sounds and infrared light would allow for communications undetectable to the average soldier or an enemy EW platform.

One must also accelerate faster than the enemy’s OODA loop can process. In the cyber realm, the enemy is often software long-ago released by its human creators. Like the missile warfare that inspired AEGIS, cyber warfare is both too vast and too fast for human reaction. Capital investment would concentrate more money in autonomous and innovative defensive programs: 10th Fleet’s AEGIS. Proactive patrol and detection can be done with greater advancements in adaptive self-modifying programs; programs that can learn or understand context are far more appropriate.  Recent developments in computing systems point to organic systems that could “live” in the systems they defend. Biological processors and organic computing allow for hardware that thinks and learns independently, potentially giving defensive networks the added advantage of an instinct and suspicion. Imagine the vast new horizons in the OODA loop of defensive cyber systems with hubs sporting the defensive animal instinct and the ability to re-wire their own hardwareQuantum computing also hovers over the horizon, with not only vast consequences for computing speed, but he whole cryptological offense-defense equation. The image painted is dramatic and far-off, but modest investment and staged introduction would serve as a better model than the dangerous possibility of a “human wave” mode of thinking. With fluid cyber-defense systems guarding more disciplined communicators, the US Navy can crush ambushes in the invisible commons.

 

ACTING LIKE IT

 

We will never be able to completely control the invisible commons; it is too heavily populated and easily influenced. Those conflicts held within vision are often confusing enough; the invisible becomes infinitely harder to master. However, if we minimize unnecessary exposure, organize ourselves well, and move with aggressive speed and unpredictability, our convoys of data will survive their long mili-second journey across the EM-cyber sea. ADM Greenert is right in saying the EM-Cyber world is a new field upon which battle must be done. However, while we may have realized it, we must start acting like it.

Matt Hipple is a surface warfare officer in the U.S. Navy.  The opinions and views expressed in this post are his alone and are presented in his personal capacity.  They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.

 

MFP 4: Emerging Technology and Naval Warfare

What emerging technology is going to most profoundly change the way naval warfare is conducted, and why?

This is the Fourth in our series of posts from our Maritime Futures Project.  For more information on the contributors, click here.  Note: The opinions and views expressed in these posts are those of the authors alone and are presented in their personal capacity.  They do not necessarily represent the views of their parent institution U.S. Department of Defense, the U.S. Navy, any other agency, or any other foreign government.

Unmanned aviation made many advances in 2012...but will it radically change naval warfare?
Unmanned aviation made many advances in 2012…but will it radically change naval warfare?

CDR Chris Rawley, USNR:

Most of CIMSEC’s readers are familiar with Moore’s Law as it relates to integrated circuits increasing in power while falling in cost. Some may have also heard of Kryder’s Law, which deals with shrinking costs for magnetic memory. Other related concepts include Koomey’s Law, which says that battery requirements for a fixed computer load continue to fall and the Shannon-Hartley Theorem, which impacts data transmission speeds. These laws have resulted in increased capability and falling prices for commercial and consumer tools reliant on computing power. It’s a given that military hardware is also becoming more high tech and miniaturized. So why does the cost of military technology continue to skyrocket? There are a number of reasons for this dichotomy, the primary being the U.S. military’s unresponsive and byzantine joint acquisition systems. Those problems aside, the Navy (and DoD) need to figure out how to leverage laws of technology to reduce inflation in new military hardware. One way to do this is with smaller, more numerous, and cheaper systems – many of them unmanned – which can operate distributed over large geographic areas. At Information Dissemination, I frequently discuss a concept for future naval warfare called distributed maritime operations (DMO).  DMO as I see it will use highly distributed, highly connected – but independently commanded – small footprint fighting elements. In the same way that special operations forces have used similar concepts to fight a global terrorist threat, I believe DMO will allow small naval forces to work together in a variety of scenarios to produce out-sized combat effects.

LT Drew Hamblen, USN:

Anti-ship ballistic missiles and the implications of Unmanned Aerial System (UAS) proliferation will shake up carrier battle groups – specifically the ability of UASs to numerically overwhelm manned assets. How will a carrier air wing confront 3 air wings’ worth of unmanned aircraft that have twice the on-station time and no pilot-fatigue limitations?

Marc Handelman, WA, U.S.:

– Naval drones (Surface, Sub-surface, Aerial)
– Power-projection exploitation capabilities (battlespace control, sustainment, and attack via drones)
– Tiny sensors known as MEM (microelectromechnical) devices such as DARPA’s SmartDust project to facilitate ISR exploitation and communication.
– The ONR-funded Sea Jet Advanced Electric Ship (obvious efficiencies in power management, logistics, acoustic signature reduction, et cetera)

Felix Seidler, seidlers-sicherheitspolitik.net, Germany:

Cyber-warfare is going to change things soon. The world’s best warships are worth nothing if the IT systems supporting command, control, communications, intelligence, etc. are offline. Hence, navies will have to pay greater attention to safeguarding their IT. For example, malware intrusions into the targeting and control software for all kinds of sea-launched missiles could not only miss their target, but be redirected to strike their ship of origin instead. For the present and the future, the joint forces approach must also include a nation’s cyber warriors.

YN2(SW) Michael George, USN:

As we are still in the early ages of the internet and wireless technology, I believe that there will be an increasingly important role both play in our country’s defense.

Sebastian Bruns, Fellow, Institute for Security, University of Kiel, Germany:

I think cyber warfare, although more of a concept than a technology is providing the basis for the most profound change in naval warfare. The concept is diffuse, difficult to understand, and impossible to directly feel (cue Donald Rumsfeld’s “known knowns, known unknowns, and unknown unknowns”). In fact, cyber warfare’s challenges, opportunities, and limitations have not been fully grasped. If cyber is understood as a domain, I would compare our current state of mind (and understanding of the subject matter) to the early 1910’s perspective on air power: There has not been a full-fledged cyber war, much like there had not been an appreciation of airpower until World War I. At the same time, the generation of sailors and flag officers that is currently rising through the ranks has already been sensitized (largely by growing up with cyber technology) towards the subject matter; air power and space power did not provide a comparable perspective. It seems logical to quickly adopt cyber warfare concepts and embrace them as part of institutional and individual, strategic and tactical learning.

Rex Buddenberg, Naval Postgraduate School:

Before projecting forward, it may help to look back an equivalent amount of time to see what technologies changed maritime business (warfare included) in the past half-century – essentially since WWII. Some of these technologies, like radars and fathometers, are
gadgets. Others are information systems, such as radionav systems like Loran, GPS, digital GPS, and AIS and its work-alikes including USMER, AMVER, MOVREP, and those built around OTH-Gold, Link 14/11.

Still other technologies constitute the potential components of information systems, chiefly communications. The maritime VHF system has revolutionized the SAR business in the USCG in our lifetimes. And, integration with accurate navigation, has revolutionized it further. For instance, when I was stationed on the Oregon coast, a distressed mariner could give us a pair of Loran TD (time/difference data-points) and a fathometer reading (essentially as a checksum) and we could fly a helo right to him … regularly. This phenomenon has attracted the term ‘maritime domain awareness (MDA)’ albeit without a decent usable definition. Now look ahead a bit…

Can I get these in tablet form?
Can I get these in tablet form?

Gadgets: The march of new gadgets will, of course, proceed. The change here will be that the gadget will increasingly export the data rather than only provide a local display. To do that, the gadget will have an internet interface (like webcams). Example: remember PDAs … like Palm Pilots? They had no comms ability to speak of, other than a serial line to sync with local computer. But once the PDA functionality was integrated with the cellphone infrastructure, PDAs morphed into smartphones. I’ve got a PDA … its sitting up on a high shelf.

Systems: The implementation of new systems will also proceed. But there is a sea change in the offing, one that has already occurred elsewhere and is about to occur here: integration and interoperability.  Most of the systems above are ‘stovepipe’. The chief characteristic of stovepipe is the locking of a single application (e.g. position reporting) to a single comms system (channels 87B and 88B) to yield something like AIS. The comms channels cannot be used for anything else, such as distress or weather comms, and the systems are usually hard to maintain throughout their life-cycle because you can’t form-fit swap in new components without changes cascading through the system. To get a whiff of the future, look in your office or your residence – we have ‘internet plumbing’ which is application-agnostic. It supports a myriad of applications (messaging, video, scrabble (my wife’s current fixation), … the list is long and ever-changing. The appearance of a new application does not require changes in the underlying comms plumbing. This has partially emerged in the maritime world, but will become ubiquitous, perhaps in the next decade (the technology exists, the problems have to do with infrastructure and mentalities).

The telltale here will be rise of the internet … in this case in the internet’s extension to platforms at sea. We see the harbingers of that now, such as ADNS in Navy. This is the single biggest enabler of integration of the rest.

The operational effect of the increase and integration of information systems is more intelligent application of industrial capability. In slang, less turning circles in the ocean. And in slogan, we might be able to “take the search out of SAR”.

CDR Chuck Hill, USCG (Ret.):

For the Coast Guard’s operations, in both peace and war, the most important aspect is likely to be processed vessel track information. Given the ability to track every vessel in the EEZ, identify it, and correlate it to its past history including the cargoes it has received, would be the ultimate goal. Over-the-Horizon radar/Satellite/AIS (Automatic Identification System)-derived information may eliminate the search in search and rescue (SAR), allow us to know where all the fishing vessels are, and allow us to recognize anomalous voyages that might be smugglers. To do this effectively we need to be able to track small vessels as well as the large.

In wartime this will also make blockade enforcement more effective, and permit prompt response when vessels are attacked.

Dr. Robert Farley, Professor, University of Kentucky:

The expansion of unmanned vehicles (air, surface, and sub-surface) has the potential to work tremendous changes in how we think about naval warfare. We’re already seeing this in littoral projection, and beginning to see it in ASW (anti-submarine warfare). As navies work through the theoretical implications of unmanned vehicles, they’ll begin to develop platforms capable of taking greatest advantage of the technologies, extending both eyes/ears and reach.

Pew-Pew-Pew!
Pew-Pew-Pew!

LCDR Mark Munson, USN:

Earlier this year, Admiral Greenert, the US Navy’s Chief of Naval Operations, declared that “Payloads were more important than Platforms.” I’m interested in how this plays out in terms of Intelligence, Surveillance, and Reconnaissance (ISR). Traditionally the mission of sensors onboard planes, ships, and subs has been subordinated to the operation of those platforms. Is the Navy’s BAMS (Broad Area Maritime Surveillance) UAV going to be just a P-3 without an aircrew onboard, or will it represent a new approach to collecting the information needed to generate actionable intelligence?

It’s been a long time since the U.S. Navy has fought a sustained war at sea, and no one has actual experience in how our current and future sensors need to be used to generate the intelligence required to engage capable enemy at sea. Unfortunately, the model successfully developed by our counterparts ashore during the last decade was in a permissive air environment. It allowed lots of UAVs to provide Full Motion Video (FMV) to intel analysts, developing a pattern of life for terrorist targets that could be fused with other data in order to generate actionable targeting data, but this most likely would not apply to a fight at sea against a capable enemy.

Bryan McGrath, Director, Delex Consulting, Studies and Analysis:

Although it is hardly an “emerging” technology, electric drives will profoundly change naval warfare. They will make submarines even quieter than they currently are, and they will serve to reverse the precision-guided munitions (PGM) imbalance with China by enabling future generations of electric weapons.

LT Alan Tweedie, USNR:

Directed energy and rail guns, while requiring massive up-front R&D costs will produce fantastic combat capability. The ability to have nearly unlimited ammunition without replenishment will make our fleet more capable of conducting sustained operations against enemies.

LT Chris Peters, USN:

I think one of the bigger upcoming changes will come from the installment of rail guns on DDG-1000 and beyond. These could be game-changers in power projection when you combine TLAM (Tomahawk Land Attack Missile)-like range with the cost per round of 5” (NGFS) Naval Gun Fire Support shells.

LT Scott Cheney-Peters, USNR:

3D printed drone
Drones from desktop 3D printers are quickly becoming reality.

I mentioned the general trend of increasing data integration in MFP 3 – essentially the Navy capitalizing on the spread of what’s possible with the information revolution.  On the logistics and design side, we’ve waxed on about the effects 3D printing will have.  But as far as actual naval warfare, I’m going to have to agree with those thinking about directed energy weapons and rail guns as the most likely to have a nearer-term impact on the tactical level.  Both have technical hurdles to overcome, but when they do, they’ll shake up the modern calculus of naval engagements – giving surface vessels a much greater ability to hold their own in a fight, and greatly increasing the potential of drones once component miniaturization and energy reductions have sufficiently advanced reduced to allow their outfit aboard.  Bryan McGrath has a good run down over at Information Dissemination on directed energy and electric weapon systems (DEEWS). Finally, the greatest potential for disruption in naval warfare comes from the use of unmanned systems in myriad combinations that are hard to predict but fascinating to think about – for example the combined cyber warfare assisted by drones.

LTJG Matt Hipple, USN:

Perhaps Scott Cheney-Peters and I are beating a dead horse here, but 3D printing in a big way. I know I’m beating an extra-dead horse when I include automation. 3D printing drastically changes the required logistical chain for both ground and naval forces. It changes the way the entire supply system would work, the kinds of people it would employ, and the navy’s relationship with industry. With an influx of business partners that consider themselves problem “hackers”, the Navy will hopefully get a fresh new perspective on life.

I say automation in the smaller big way because, rather than revolutionizing warfare, it is merely a ramping up of speed and density with a decrease in size. Now, my one caveat is that if laser technology becomes sufficiently powerful, fast, and accurate enough to end missile and aircraft threats at great enough range, we potentially have a game-changer with the return of naval gunnery and a real emphasis on submarine warfare as the counter.

LT Jake Bebber, USN:

While much will undoubtedly be written about advances in computer network operations, A2AD systems and space systems, the most profound impact in naval warfare will be the navy that best adapts to operating and fighting in a communications-denied environment. When satellites are shot down, when internet communications are blocked, and when radar emissions are masked or jammed, which navy will still be able to pull out the paper charts to get to where they need to be, fight, and win? So it won’t be an emerging technology that wins the next war. It will be the navy that best adapts to fighting much as we did during World War II, and before.

Highlighting Catastrophic Threats

 

Catastrophic Threats

Earlier this month the Federation of American Scientists held its annual Symposium on Catastrophic Threats and Awards Ceremony at the National Press Club in Washington, D.C.  The date – November 9th – was chosen to coincide with the November U.S. presidential election and provide a forum for policy recommendations to a newly elected administration.  The symposium provided a wonderful venue for the discussion of the most-pressing threats facing the U.S.  Panelists called for steps to prevent catastrophic events, and increase response planning and preparation to those possible dangers.  These recommendations were published in a booklet, available electronically.

Because science plays such a critical role in underlying U.S. policies, from disaster preparation to farm subsidies, leaders must be armed with a science-based knowledge of the risks and opportunities policy choices present.  To this end, the symposium featured moderated discussions of four-to-five distinguished experts, grouped into related threat-areas: Nuclear Weapons; Biological, Chemical, Conventional, and Cyber Threats; and Energy and Infrastructure.

The session devoted to nuclear threats reiterated the group’s long-held goals of stockpile reduction and eventual total disarmament.  Senior FAS Fellow Charles Blair emphasized that the U.S. must start differentiating violent non-state actors in terms of their ability to pose a bona fide radiological or nuclear (R/N) threat, rather than treating all threats as possessing equal capabilities.  Proper identification of the threat will allow targeted policies and avoid wasteful expenditures of time and resources on groups that do not pose significant R/N threats.  Another FAS Fellow, Dr. Robert Norris, proposed that a fundamental alteration of Cold-War era nuclear doctrine is a prerequisite for arms reduction, with a minimal deterrence mission the only necessary use for the U.S. nuclear arsenal.

Lengthy discussions of biological-, chemical-, and conventional-weapons threats highlighted the need for increased accountability and controls, which are scarcer outside the United States.  Perhaps the most significant threat in the chemical and biological weapons fields stems from the fact that there is a growing dearth of technical experts in the former Soviet Union to handle existing stockpiles of agents. Without the incentives of prestige and financial rewards available during the years of the thriving Soviet weapons programs, even fewer personnel with the requisite training will be available to handle and safeguard stockpiles in the future. 

Those barrels full of chemicals looks safe to me!

The energy and infrastructure panel spoke in favor of nuclear energy with reminders that natural gas does not eliminate greenhouse gas production.  They also reminded attendees that the U.S. will likely import oil from Canada long after it frees itself of overseas imports.  Dr. Steven Koonin, of NYU, called for increased funding for alternative energy research and a reorganization of the Department of Energy to enable better understanding of markets and business policies.  Notably absent from the discussion was an in-depth assessment of the impact that the Fukushima Daiichi incident will generally have on nuclear power endeavors in the future, and in Japan specifically.

One subject that stood out for immediate attention is developing a framework for rules and definitions in cyber security and warfare.  The United States is ill-prepared to respond to a major denial of service attack aimed at critical infrastructure, especially in the cyber realm.  Dr. Kennette Benedict, from the Bulletin of Atomic Scientists, explained that the field lacks clarity on responsibilities and acceptable scope for security.  Increasingly sophisticated attacks on private and public networks demand a robust effort to ensure reliability and freedom from interference.  While the private sector has tremendous incentives to shore up defenses against intrusion and would benefit from federal support in defending network architecture, transparency and trust are in short supply at this time.

As an illustration, were a major electrical grid or other critical infrastructure component attacked, resulting in losses of life and industrial output, how would the United States respond?  Would this be defined an act of terror an act of war?  Would the response be treated like a natural disaster?  No clearly defined roles have been established for preventing and/or prosecuting major acts of cybercrime.  No public forum exists to discuss the norms associated with cyber warfare, define acceptable measures that may be taken against individual or state-sponsored actors, or set limits to intrusion that occurs under the guise of security.

We can’t be hacked if we unplug it from the grid, right?

Not only will clarifying these issues benefit the private sector, but transparency will also pay major dividends in foreign policy negotiations.  As with any new weapon, uncertainty will lead to mistrust and fear, which often precipitate wasteful arms races.  U.S. leaders must come to the table with candor in order to develop policies that promote security with minimal interference for all.  A massive blackout or disruption of services would be devastating for everyone; CIMSEC could be the group that suggests a way forward.

More information about the event can be found at the Federation of American Scientists’ website: www.fas.org

LT Drew Hamblen is a naval aviator in the U.S. Navy and graduate of Georgetown University. The opinions and views expressed in this post are his alone and are presented in his personal capacity. They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.