Tag Archives: cyber

Sea Control 36 (East Atlantic) – NATO Defense Spending

seacontrol2Your monthly East Atlantic edition of Sea Control brings you Alex Clarke with a panel on the state of NATO’s defense spending in the UK and Continental Europe, and whether this spending is sufficient to face our modern threats.

 

DOWNLOAD: Sea Control 36 (East Atlantic): NATO Defense Spending

Remember, subscribe on iTunes or Stitcher Stream Radio. Leave a comment and rate five stars!

Disrupt the Info Dominance Corps Reserve

110203-N-5328N-140The U.S. Navy’s Information Dominance Corps (IDC) is comprised of four major communities: Information Professional, Information Warfare (including Cyber Warfare Engineers), Intelligence, and Meteorology/Oceanography. Its enlisted members are some of the most well trained members of the military. There have been some efforts made to grow the active duty community into a mature force since its inception in 2009, and as a Naval community it collectively has the greatest understanding of using social media and the internet-although that may be damning with faint praise.

IDC’s reserve component is more interesting. Unencumbered by active duty career paths, the reserve IDC has members with a phenomenal amount of knowledge about network administration, network security, coding, software development, and a lot more areas of expertise that are often missing in our active component.

The reserve IDC should be a lab for innovation and a tremendous opportunity to bring true experts in the industry in for targeted part-time work and help that could keep the Navy at the leading edge of network dominance. Unfortunately, we’ve handcuffed them with bureaucratic nonsense that is sure to drum out the best and leave us with the rest.

I spoke to LTjg Kevin Schmidt last week for the CNO’s Rapid Innovation Cell podcast, and I was both excited and disappointed to hear how the Navy handles this group of experts. Excited because we’re hiring some amazingly talented people in the reserve, disappointed because their drilling weekends comprise of death by powerpoint.

My interviewee is a subject matter expert in Simple Network Management Protocol (SNMP), a network protocol. He’s expert enough to have written a book on it (two if you count the 2nd edition update). He’s had officers with PhD’s in his drilling unit. This is a cadre with deep skills and talents we don’t normally see in the military.

Naturally, we’re feeding them the same admin garbage we feed our 18-year-old new-accession Sailors.

Let me ask the reader this: should we ensure this 37-year-old O-2 gets through his annually required general military training (GMT) on his drilling weekends, or should we be flying him somewhere and giving him the opportunity to put his talents to productive use for the Navy?

Yes, it’s a loaded question. And yet, the IDC is shackled by the same checks in the box required by every community of our military.

Would an expert want to serve our country by applying specialized skills to battlefield situations, or by completing an administrative checklist comprised by somebody who’s forgotten what the point of the military is? Is it any wonder we’re going to lose the best and brightest professionals in the field? It’s time to drop the one size fits all requirements.

Take a look, for a moment, at the CNO’s Sailing Directions. Please click through (pdf alert) and look them over. Warfighting first-it’s a motto a lot of Sailors love, because it’s why a lot of us joined. He also speaks of a force “diverse in experience, background and ideas.” Are we setting up our reserve to be diverse, or simply a mirror (and therefore shadow) of our current active force?

The difficulty happens because military training has historically been specialized in a way that civilian training could not offer. In some communities, this is still the case: an airline pilot’s time spent on a 737 is only going to go so far in training him to fly an F/A-18. The concepts are similar, but the details are very different.

In the internet realm, however, there is a much greater blur between the two areas. As we continue the move into asymmetric warfighting, often against small groups or lone actors, the military will continue to look at the civilian sector for security certifications such as Security +, CISSP and CCNA. An officer can join the IDC reserve and already know more as an ensign than many active lieutenant commanders.

It’s not a knock on active duty folks, but a recognition that specialized training has its place-and the day to day life of a Sailor does not allow for much specialized training. Allowing our reservists to fill that gap would be a tremendous opportunity.

Also, two days a month, two weeks a year may not be the appropriate amount of time for a reservist to work through a project. Are we allowing for flexibility in days/hours served? Would you commission Elon Musk as a Commander if he were willing to work only five days a year? I would-that would be an incredibly productive five days (#draftElon!). To say no to him would be lunacy! How about Gary Vaynerchuk? If you don’t know that name, you’re extremely late to the party on social media and branding-two very important aspects to growing a top notch community of experts. And yet, we insist the system in place should remain in place…because we’re either too lazy, too overworked or too unimaginative to consider an alternative.

If anybody can make the IDC do insanely awesome things, it's #draftElon
If anybody can make the IDC do insanely awesome things, it’s #draftElon

The Information Dominance Corps reserve component could be just as attractive a place to work as Google, Apple or Tesla Motors. And it should be-as its brand grows, the talent attracted to it can only grow and become more competitive. This would be a huge win for the taxpayers.

We don’t need cyber officers who can drive a ship-we’ve got plenty of those already. We need cyber officers who can think outside the box and share their wealth of talent with Uncle Sam…at a deep discount to the usual consulting fees-which generally go to the well connected.

The IDC reserve component has the capability to be an innovation and consultation powerhouse at a fraction of the cost of traditional military contracts, saving the Pentagon hundreds of millions. Maybe that’s why this idea will never happen.

This article appeared in its original form at disruptivethinkers.org

ET1(SW) Jeff Anderson is the host of the CNO’s Rapid Innovation Cell Podcast and military lead for Disruptive Thinkers San Diego. He also daylights as an Electronics Technician onboard USS Independence (LCS-2). 

A Post-Sequestration Blueprint for a Leaner and Smarter Military

Five months after the much-dreaded sequestration went into effect, many defense analysts and military officials alike are worried about the negative repercussions of the drastic budget cuts on military readiness. In his latest commentary, the rightwing commentator Alan Caruba declared that “The U.S. military is on life support.” Defense Secretary Chuck Hagel also argued in his Statement on Strategic Choices and Management Review (SCMR) that “sequester-level cuts would ‘break’ some parts of the strategy, no matter how the cuts were made [since] our military options and flexibility will be severely constrained.”

Secretary of Defense Chuck Hagel answers reporters' questions during a Pentagon press briefing on the recent Strategic Choices. Navy Adm. James A. Winnefeld Jr., right, vice chairman of the Joint Chiefs of Staff, joined Hagel for the briefing. (DOD photo by Glenn Fawcett)
Secretary of Defense Chuck Hagel answers reporters’ questions during a Pentagon press briefing on the recent Strategic Choices. Navy Adm. James A. Winnefeld Jr., right, vice chairman of the Joint Chiefs of Staff, joined Hagel for the briefing. (DOD photo by Glenn Fawcett)

To its credit, the SCMR seemed to hint at operational and structural adjustments underway by offering two options—trading “size for high-end capacity” versus trading modernization plans “for a larger force better able to project power.” Nevertheless, one important question which went unasked was whether or not the US Armed Forces alone should continue to play GloboCop.

The current geostrategic environment has become fluid and fraught with uncertainties. As Zhang Yunan avers, China as a “moderate revisionist” will not likely replace the United States as the undisputed global champion due to myriad factors. As for the United States, in the aftermath of a decade-long war on terror and the ongoing recession, we can no longer say with certainty that the United States will still retain its unipolar hegemony in the years or decades to come.

That said, Secretary Hagel is correct that the United States military may need to become leaner in the face of harsh fiscal realities. To this must be added another imperative: The US Armed Forces must fight smarter and must do so in ways that may further America’s strategic and commercial interests abroad.

So how can the United States military fight smarter and leaner?

COCOMs
Possible Combatant Command Realignments

First, given massive troop reductions whereby the Army personnel may be reduced to 380,000 and the Marine Corps “would bottom out at 150,000,” while at the same, the DoD is seriously considering restructuring existing Combatant Commands (COCOMs), it no longer makes sense to deploy or train troops for protracted counterinsurgency campaigns or foreign occupations. Instead, should another transnational terrorist group or a rogue state threaten homeland security, the United States could rely on SOF (Special Operations Forces) commandos and UAV (Unmanned Aerial Vehicles) to selectively target and neutralize potential threats. While the SOF and UAV surgical raids should not be viewed as substitutes for deft diplomacy, they can provide cheaper and selective power projection capabilities.

Second, since the United States Navy may be forced to “reduce the number of carrier strike groups from 11 to 8 or 9,” it can meet its power projection needs by encouraging cooperation among its sister navies and by bolstering their naval might. One example of such partnerships would be to form a combined fleet whereby America’s sister navies “may share their unique resources and cultures to develop flexible responses against future threats” posed by our adversaries.

Third, the United States may encounter more asymmetric threats in the form of cyber attacks, CBRN (Chemical, Biological, Radiation, Nuclear) attacks, and may also be subjected to attacks from within by homegrown terrorists and drug cartels—all of which may wreak havoc and may even cripple America’s domestic infrastructures. As retired Admiral James Stavridis argues, such asymmetric attacks may stem from convergence of the global community. Such threats require that the United States take the fight to its adversaries by cooperating with its allies to “upend threat financing” and by strengthening its cyber capabilities.

Fourth, where rogue states such as Iran, Syria and North Korea, are concerned, the United States could implement what General James Mattis refers to as the “proxy strategy.” Under this arrangement, while “America’s general visibility would decline,” its allies and proxies would police the trouble spots on its behalf.

Fifth, the United States must be prepared to defend homeland against potential missile attacks from afar. The United States may be vulnerable to hostile aggressions from afar following North Korea’s successful testing of its long-range rocket last December and Iran’s improved missile capabilities. Thus, improving its missile defense system will allow greater flexibility in America’s strategic responses both at home and abroad.

Last but not least, the United States Armed Forces needs to produce within its ranks officers who are quick to grasp and adapt to fluid geostrategic environments. One solution, as Thomas E. Ricks proposes, would be to resort to a wholesale firing of incompetent generals and admirals. However, it should be noted that rather than addressing the problem, such dismissals would ultimately breed resentment towards not only the senior brass but civilian overseers, which will no doubt exacerbate civil-military relations that has already soured to a considerable degree. Instead, a better alternative would be reform America’s officer training systems so that they may produce commanders who possess not only professional depth but breadth needed to adapt to fluid tactical, operational, and strategic tempos.

ohmanmarchjpg-4e06c3b3e4dd8566
“The US Military Establishment’s Greatest Foes” By Jack Ohman/Tribune Media Services

Despite the hysteric outcries from the service chiefs and many defense analysts, in the end, the sequestration may not be as dire as it sounds. In fact, Gordon Adams argues that after several years of reductions, “the defense budget…creeps upward about half a percentage point every year from FY (Fiscal Year) 2015 to FY 2021.” Simply stated, one way or the other, the US Armed Forces may eventually get what it asks for–as it always has been the case. Nonetheless, the sequestration “ordeal”—if we should call it as such—offers the US military object lessons on frugality and flexibility. Indeed, American generals and admirals would do well to listen to General Mattis who recently admonished them to “stop sucking their thumbs and whining about sequestration, telling the world we’re weak,” and get on with the program.

Note: This article was originally published in its original form in the Naval Institute’s blog and was cross-posted by permission.

Jeong Lee is a freelance writer and is also a Contributing Analyst for Wikistrat’s Asia-Pacific Desk. Lee’s writings on US defense and foreign policy issues and inter-Korean affairs have appeared on various online publications including East Asia Forum, the Georgetown Journal of International Affairs, the World Outline and CIMSEC’s NextWar blog.

The Full Cost of Remote Diagnostics

Last week an article came out about state-sponsored hacking that had nothing to do Edward Snowden or the NSA. Bloomberg News detailed the ongoing hacking of U.S. defense contractor QinetiQ. Two paragraphs in the piece particularly struck me:

“The [China-based] spies also took an interest in engineers working on an innovative maintenance program for the Army’s combat helicopter fleet. They targeted at least 17 people working on what’s known as Condition Based Maintenance, which uses on-board sensors to collect data on Apache and Blackhawk helicopters deployed around the world, according to experts familiar with the program.

The CBM databases contain highly sensitive information including the aircrafts’ individual PIN numbers, and could have provided the hackers with a view of the deployment, performance, flight hours, durability and other critical information of every U.S. combat helicopter from Alaska to Afghanistan, according to Abdel Bayoumi, who heads the Condition Based Maintenance Center at the University of South Carolina.”

A remote diagnostic system: safe and secure...
        A remote diagnostic system: safe and secure…

While it’s unclear whether the hackers succeeded in accessing or exploiting the data, it is clear that they saw the information as valuable. And rightly so – systems such as condition based maintenance, remote diagnostics, and remote C2 systems are designed to reduce the workload burden on front-line “warfighters”, or the logistics burden on their platforms, by shifting the location of the work to be done elsewhere. This can also facilitate the use off-site processing power for more in-depth analysis of historical data sets and trends for such things as predicting part failures. The Army is not alone in pursuing CBM. The U.S. Navy has integrated CBM into its Arleigh Burke-class DDG engineering main spaces, meaning “ship and shore engineers have real maintenance data available, in real time, at their fingertips.”

However, the very information that enables this arrangement and the benefits it brings also creates risk. Every data link or information conduit created for the benefit of an operator means a point of vulnerability that can be targeted, and potentially exploited – whether revealing or corrupting potentially crucial information. This applies not only for CBM, but more dramatically for the C2 circuits for unmanned systems. I’m by no means the first to point out that CBM, et al, means tempting targets. UAV hacking has garnered a great deal of attention in the past year, but the Bloomberg article confirms an active interest exists in hijacking the enabling access of lower profile access points.

This raises several questions for CBM and remote diagnostics, not least of which is “is it worth it?” At what point does the benefit derived from the remote access become outweighed by the risks of that access being compromised? Given the sophistication of adversary hacking, should planners operate from the starting assumption that the data will be exploited and limit the extent of its use to non-critical systems? If operating under this assumption, should “cyber defense” attempts to protect this information be kept to a minimum so as not to incur unnecessary additional costs? Or should the resources be devoted to make the access as secure as the C2 systems allowing pilots to fly drones in Afghanistan from Nevada?

Scott is a former active duty U.S. Navy Surface Warfare Officer, and the former editor of Surface Warfare magazine. He now serves as an officer in the Navy Reserve and civilian writer/editor at the Pentagon. Scott is a graduate of Georgetown University and the U.S. Naval War College.

Note: The views expressed above are solely those of the authors and do not necessarily represent those of their governments, militaries, or the Center for International Maritime Security.