Tag Archives: cyber

Piracy 2.0 : The Net-Centric Evolution

By Brian Evans

Network-Centric Warfare derives its power from the strong networking of a well-informed but geographically dispersed force. – VADM Arthur Cebrowski, Proceedings 1998

Almost twenty years ago the pages of Proceedings carried an article by RDML Cebrowski that introduced the concept of network-centric, or net-centric, warfare.[1] The concept transformed the manner in which the United States (U.S.) Navy operates and fights. The principles that defined net-centric warfare remain relevant as they support Navy’s current pillars of Information Dominance: Battlespace Awareness, Assured Command and Control (C2), and Integrated Fires. The success of net-centric warfare has not gone unnoticed. Navies around the world are working to develop their own net-centric solutions. As a result, the U.S. Navy should not be surprised when enterprising individuals around the world similarly take note and make the evolutionary leap from traditional piracy to net-centric piracy.

While piracy has been a scourge for the duration of human history, the technological advances of the 21st century provide potential pirates transformational means, methods and opportunities. While the world has yet to witness a case of net-centric piracy, the two scenarios below present possible piracy events leveraging today’s technology.

Basic Net-centric Piracy

Sixty-two nautical miles south east of Singapore – 17JUL15 1154C: An Indonesian pirate opens his laptop and logs onto the internet via satellite phone. His homepage is a commercial Automated Identification System (AIS) website providing real-time track data from coastal and satellite receivers.[2] The laptop, satellite phone and website subscription were all funded by his investors.[3] As he scans his homepage, he looks for AIS contacts that meet his desired vessel profile for cargo type, transportation firm, flag, and speed of advance. Today there are two AIS tracks of interest matching his profile and likely to pass through his preferred zone of operation, MV OCEAN HORIZONS and MW ORIENTAL DAWN. He then checks weather conditions and determining that they are favorable, he sends individual texts messages containing coordinate and track data for the AIS tracks of interest. The text recipients are two fishing boat captains, one located in Belawan, Indonesia and the other in Dungun, Malaysia.

Indonesian Pirates
From: The Maritime Executive – Indonesian Pirates

Forty-six nautical miles east of Belwan, Indonesia – 17JUL15 1646C: MV ORIENTAL DAWN passes a non-descript fishing boat 46 nautical miles off the coast of Indonesia. Unbeknownst to the crew of the MV ORIENTAL DAWN, this fishing boat is captained by the pirate’s associate from Belawan. The fishing boat’s captain discretely observes the passing vessel through a pair of high-powered binoculars. Seeing barbed wire along the railings and an individual on the ship’s deck that does not appear to be a member of the crew, the fishing boat captain utilizes a satellite phone to call and report his observations to his Indonesian pirate contact. Based on this information the Indonesian pirate determines that MV ORIENTAL DAWN is not a suitable target.

One-hundred seventeen nautical miles east of Singapore – 17JUL15 1707C: The Indonesian pirate receives a call. This time it is the fishing boat captain from Dungun. The captain reports that the MV OCEAN HORIZONS is loaded down creating a smaller freeboard and there does not appear to be any additional security measures present. Given this assessment, the Indonesian pirate decides that MV OCEAN HORIZONS is a target of opportunity. He immediately has the crew of his ship alter course.

Thirty-seven nautical miles east of Pekan, Malaysia – 18JUL15 0412C: The Indonesian pirate launches two high-speed skiffs from his ship, both carrying multiple armed personnel. The Indonesian pirate mothership remains over the horizon, but in radio contact while the skiffs conduct the remainder of the intercept.

Sixty-two nautical miles east of Pekan, Malaysia – 18JUL15 0642C: The armed personnel from the skiffs board MV OCEAN HORIZONS and catch the crew off guard. Once in control of the ship, they contact the Indonesian pirate via radio and report their success. The Indonesian pirate immediately opens his laptop and reports his success to his investors. He also lists the ship’s cargo for auction on a dark website and sends a ransom demand to the employer of the MV OCEAN HORIZON crew.

Sophisticated Net-centric Piracy     

Moscow, Russia – 17JUL15 0126D: After a series of all-nighters over the last week, a Russian hacker has gained access to a crewmember’s computer onboard the MV PACIFIC TREADER.[4] Using this access he maps the shipboard network. Discovering a diagnostic and maintenance laptop used for the ship’s automation and control system on the network, he quickly exploits the laptop’s outdated and unpatched operating system to install a tool on the automation and control system.[5] The tool enables a remote user to either trigger or disable a continual reboot condition. Once installed, the hacker posts the access information for the tool’s front end user interface in a private dark web chatroom.

Prague, Czech Republic – 16JUL15 2348A: Sitting in his Prague apartment, a pirate receives a message on his cellphone via a private dark web chatroom. The message is from one of several hackers he contracted to gain access to control or navigation systems onboard vessels operated by the TRANS-PACIFIC SHIPPING LINE. With the posted access information, he logs onto his laptop and tests his access into the MV PACIFIC TREADER automation and control system. After successfully establishing a connection he closes out of the tool and electronically transfers half of a contracted payment due to his hired hacker. Next using a commercial AIS website providing real-time track data from coastal and satellite receivers, he determines that MV PACIFIC TREADER is likely headed into port in Hong Kong.[6] Posting a message in a different private dark web chatroom, the pirate provides the identifying information for MV PACIFIC TREADER.

Hong Kong, China – 19JUL15 0306H: On a rooftop in Hong Kong, a young college student pulls an aerial drone out of her backpack. She bought it online and it is reportedly one of the quietest drones on the market. She also pulls three box-shaped objects out of her backpack. Hooking one of the objects to the drone, she launches it and flies it across Hong Kong harbor in the direction of a ship she identified during the day as the MV PACIFIC TREADER. Using the cover of darkness she lands the drone on the top of the pilot house and releases the object. Repeating this process twice more, she places the box shaped objects on other inconspicuous locations on the ship. After bagging up her drone, she posts a message to a dark web chatroom simply stating that her task is complete. Almost immediately afterwards she receives a notification that a deposit was made into her online bank account.

Prague, Czech Republic – 25JUL15 1732A: After eating a home-cooked meal, the pirate sits down at his laptop and checks the position of MV PACIFIC TREADER via the commercial AIS website he subscribes to. Observing that the MV PACIFIC TREADER is relatively isolated in the middle of the Pacific Ocean, he opens the remote tool that provides him access to the ship’s automation and control system. He sends a text message and then clicks to activate the tool.

Two-thousand ninety-three nautical miles north east of Hong Kong – 26JUL15 0332K: Onboard MV PACIFIC TREADER an explosion engulfs the bow of the ships sending flames into the dark air. Immediately, the ship’s engines roll to a stop as the navigation and ship’s control system computers go into a reboot cycle. The lone watchstander on the bridge is paralyzed to inaction by the surprise and violence of the events unfolding around him. The Master immediately comes to the bridge, completely confused by the events occurring onboard his ship.

Prague, Czech Republic – 25JUL15 1736A: The pirate confirms via his remote tool that the ship’s automation and control system is in a continuous reboot cycle, then he re-checks the commercial AIS website and confirms that MV PACIFIC TREADER is dead in the water. He immediately sends an email to the TRANS-PACIFIC SHIPPING LINE demanding a ransom, stating MV PACIFIC TREADER will remain dead in the water and more explosive devices will be activated until he is paid.

New Means – Same Motive

These scenarios illustrate how the evolution of technology and the increased connectivity of systems and people potentially enable a fundamental shift in the nature of piracy. Despite the change in means and geographic distribution of actors, net-centric and traditional piracy both utilize physical force or violence, or the threat thereof, by a non-state actor to seize or detain a vessel operating on the high seas. The key enabler of net-centric piracy is the Internet.

Piracy Hot Spots

The Internet is the net-centric pirate’s “high-performance information grid that provides a backplane for computing and communications.”[7] Admiral Cebrowski argued that this information grid was the entry fee for those seeking net-centric capabilities.[8] What Admiral Cebrowski did not know was how rapidly the Internet would evolve and enable near-instantaneous global communications at relatively low costs, allowing anyone who desires access to a high-performance information grid.

As the net-centric pirate’s high-performance information grid, the Internet serves as a command and control network as well as the means for disseminating intelligence information, such as vessel location or the presence of physical security measures. The intelligence that is disseminated may also have resulted from collections performed via the Internet. One collection means is to leverage the vast area of private and commercial data sources available for public consumption, again at little or no cost, such as shipping schedules and AIS data. A second means of collection uses the Internet to conduct intelligence, surveillance and reconnaissance (ISR) via cyber techniques; however, only the most sophisticated net-centric pirates will possess this capability. Similarly, highly sophisticated net-centric pirates may be able to achieve global weapons reach by producing physical effects via cyber means over the Internet, eliminating the need for the pirate to be physically present in order to seize or detain a vessel.

Somali Pirates
From: OCEANUSLive – Somali Pirates

The attractiveness of net-centric piracy is the low barrier to entry, both in risk and cost. Since the Internet is the key enabler of net-centric piracy, its low cost and ease of use vastly expand the potential pirate population. The anonymity of the Internet also allows potential net-centric pirates to meet, organize, coordinate and transfer monetary funds with a great degree of anonymity. As a result, the risks of arrest or capture are significantly reduced, especially since a net-centric pirate may not be able to identify any of their co-conspirators. Similarly, the ability of net-centric piracy to enable remote intelligence gathering or even produce physical effects via cyber techniques removes a significant element of physical risk associated with traditional piracy. The monetary gain from the successful capture of a vessel compared to the low cost and risk currently associated with net-centric piracy make it an attractive criminal enterprise.

Countering Net-centric Piracy

The United Nations Convention of the Law of the Sea (UNCLOS) Article 101 defines piracy as:

  1. any illegal acts of violence or detention, or any act of depredation, committed for private ends by the crew or the passengers of a private ship or a private aircraft, and directed:
    • on the high seas, against another ship or aircraft, or against persons or property on board such ship or aircraft;
    • against a ship, aircraft, persons or property in a place outside the jurisdiction of any State;
  2. any act of voluntary participation in the operation of a ship or of an aircraft with knowledge of facts making it a pirate ship or aircraft;
  3. any act of inciting or of intentionally facilitating an act described in subparagraph (1) or (2).[9]

Under this internationally recognized legal definition of piracy, net-centric piracy clearly results in violence against or detention of vessels on the high seas for private ends. It is also clear from this definition that any activities associated with facilitating a piracy event, such as intelligence collection or compromising a vessel’s computerized control systems, are also considered piracy under international law. International law also states that “All States shall cooperate to the fullest possible extent in the repression of piracy on the high seas or in any other place outside the jurisdiction of any State.”[10] As a result, the international community must resolve how it will counter net-centric piracy, where pirates need not operate on the high seas and may be located thousands of miles from the target vessel.

The challenge facing the international community from net-centric piracy is compounded by immaturity of international cyber law. Currently the authorities and responsibilities of international organizations, governments and law enforcement agencies with regards to the use of the Internet to commit piracy are undetermined. This challenge is further complicated by the fact that the Internet is a manmade domain where all potions are essentially within the territory of one state or another. As a result, disrupting net-centric piracy operations will require a significant degree of international coordination and information sharing. Extensive international cooperation will also be required to identify, locate, and apprehend individuals involved in net-centric piracy.

Pirates
From: Encyclopedia Britannica – Pirates utilize a range of weapons and technology

While an occurrence of net-centric piracy has yet to occur, the opportunity and capabilities required for such an event exist today. The U.S. Navy should not be caught off guard. Instead, the Navy should take the following actions:

  • Raise awareness within the international maritime community regarding the risks and realities of net-centric piracy
  • Provide best practice and limited cybersecurity threat information to transnational maritime shipping companies
  • Work with partner Navies to develop means and methods for disrupting net-centric piracy, including developing an appropriate framework for information sharing and coordination
  • Work with Coast Guard, law enforcement and international partners to develop a cooperative construct for identifying, locating and apprehending net-centric pirates
  • Engage with the State Department to advance international dialog on net-centric piracy, including the need for consensus on international law and processes for prosecution of net-centric pirates

An enduring lesson of human history is that opportunity for profit, regardless of difficulty or brevity, will be exploited by someone somewhere. Net-centric piracy represents an opportunity to generate revenue without requiring the physical risks of traditional piracy. The anonymity and distributed nature of the cyber domain also creates new counter-piracy challenges. Add to this the low cost and availability of unmanned system components coupled with the low barrier of entry for cyber, and the question becomes not whether net-centric piracy will occur but when. With a global interest in maintaining the international maritime order and ensuring the uninterrupted flow of commerce on the high seas, the U.S. Navy must be ready to meet the challenges of net-centric piracy.

LCDR Brian Evans is a U.S. Navy Information Dominance Warfare Officer, a member of the Information Professional community, and a former Submarine Officer. He is a graduate of the U.S. Naval Academy and holds advanced degrees from Johns Hopkins University, Carnegie Mellon University, and the Naval War College. 

The views expressed in this article are those of the author and do not reflect the official policy or position of the United States Navy, Department of Defense or Government.

[1] VADM Arthur K. Cebrowski and John H. Garstka, “Network-Centric Warfare – Its Origin and Future,” U.S. Naval Institute Proceedings, Volume 124/1/1,139 (January 1998).

[2]https://www.vesseltracker.com/en/ProductDetails.html

[3] “Somali Piracy: More sophisticated than you thought,” The Economist (November 2nd, 2013), http://www.economist.com/news/middle-east-and-africa/21588942-new-study-reveals-how-somali-piracy-financed-more-sophisticated-you

[4] Jeremy Wagstaff, “All at sea: global shipping fleet exposed to hacking threat,” Reuters (April 23rd, 2014), http://www.reuters.com/article/2014/04/24/us-cybersecurity-shipping-idUSBREA3M20820140424

[5] Mate J. Csorba, Nicolai Husteli and Stig O. Johnsen, “Securing Your Control Systems,” U.S. Coast Guard Journal of Safety & Security at Sea: Proceedings of the Marine Safety & Security Council, Volume 71 Number 4 (Winter 2014-2015).

[6]https://www.vesseltracker.com/en/ProductDetails.html

[7] VADM Arthur K. Cebrowski and John H. Garstka, “Network-Centric Warfare – Its Origin and Future,” U.S. Naval Institute Proceedings, Volume 124/1/1,139 (January 1998).

[8] Ibid.

[9] United Nations, United Nations Convention on the Law of the Sea (New York: United Nations, Article 101, 1994).

[10] United Nations, United Nations Convention on the Law of the Sea (New York: United Nations, Article 100, 1994).

 

China’s Evolving Perspectives on Network Warfare: Lessons from the Science of Military Strategy

This article by Joe McReynolds originally appeared in the Jamestown Foundation’s China Brief and can be found in its original form here

When tracking the development of China’s military capabilities, Western People’s Liberation Army (PLA) watchers encounter frequent challenges in determining which data sources they should draw upon for their analysis. Purely quantitative measurements of the PLA’s nominal force strength, though often valuable, may not provide insights into challenges the PLA faces in the real-world execution of its missions, while writings on Chinese military strategy by any given PLA author may not reflect the PLA’s broader institutional stance or limitations imposed by inadequate material capabilities.

If one analyzes China’s approach to network warfare in particular, these challenges are multiplied. [1] “Cyber weapons” are not publicly viewable and quantifiable in the same sense as submarines or aircraft, and often the PLA will not admit even their existence. And just as in U.S. discussions of “cyber war,” charlatans and self-promoters abound; although it is easy to find writings by PLA officers theorizing loosely and grandiosely about information warfare, they are often speaking only for themselves rather than for their respective military institutions.

Roughly once every 15 years or so, however, the PLA’s influential Academy of Military Sciences (AMS) issues a new edition of The Science of Military Strategy (SMS), a comprehensive, generally authoritative study of the PLA’s evolving strategic thought that escapes much (though not all) of the shortcomings of other PLA original sources. The AMS plays a much more central role in the formation of China’s military strategic thought than its academic counterparts in the United States, and the SMS is its flagship external product. It is the result of dozens of high-level PLA authors working together over a period of years to produce a heavily vetted consensus document.

As a result, each new edition of the SMS is closely scrutinized by China hands in the West for the valuable insights it provides into the evolving thinking of the PLA on a range of strategically important topics. The newest edition of the Science of Military Strategy has recently been released, with Western PLA analysts beginning to obtain copies since summer 2014. Although no English translation is currently available, a book forthcoming this year from The Jamestown Foundation, China’s Evolving Military Strategy, will aim to convey the central insights contained within this important new document to Western policy and analysis audiences.

The SMS is a particularly valuable resource for understanding China’s evolving strategic approach to network warfare. A study that aims to be as comprehensive as the SMS cannot afford to ignore network warfare due to the centrality of information warfare to modern war-fighting, and the process by which the SMS is written ensures that the information analysts receive on network warfare represents something approaching an authoritative consensus within the PLA. The following are the most important revelations from the new SMS on the PLA’s approach to network warfare:

The Fig Leaf is Gone: China’s Network Warfare Forces Are Now Explicitly Acknowledged

In recent years, official PLA publications have repeatedly issued blanket denials of offensive activities in the network domain, such as that “the Chinese military has never supported any hacker attack or hacking activities” (China Armed Forces / 中国军队, No. 20, 2013) even as the evidence conclusively attributing various large-scale cyber intrusions to China has continued to mount. The release of the new SMSremoves that barest fig leaf of plausible deniability. The SMS not only explicitly acknowledges that China has built up network attack forces, but divides them into three types:

  • The PLA’s “specialized military network warfare forces” (军队专业网络战力量), which are military operational units specially employed for carrying out network attack and defense
  • “PLA-authorized forces” (授权力量), which are teams of network warfare specialists in civilian organizations such as the Ministry of State Security (MSS), the Ministry of Public Security (MPS) and others that have been authorized by the military to carry out network warfare operations
  • “Non-governmental forces” (民间力量), which are external entities that spontaneously engage in network attack and defense, but can be organized and mobilized for network warfare operations

This is the first time an explicit acknowledgement was made of the existence of China’s secretive network attack forces from the Chinese side, and it is particularly noteworthy that this acknowledgement extends beyond the military domain and into the network warfare capabilities of civilian government agencies. The AMS’s statement that China’s civilian network attack forces operate under the PLA’s “authorization” may speak to an ongoing power struggle within the Chinese system between the PLA’s leadership and the aforementioned civilian government organs to determine who truly oversees Chinese actions in cyberspace; as unprecedented as it is to have the Chinese military acknowledge the existence of its network attack forces, having a PLA publication be the first to announce the existence of such secretive forces inside the civilian government is particularly unusual, and may represent an attempt to “plant the flag” for the PLA.

This could also seriously complicate China’s international efforts at law enforcement cooperation on cybercrime. The MPS, which is more or less “China’s FBI,” has assisted more than 50 countries in investigating over a thousand cases of cyber-crime in the past decade, and China has established bilateral law enforcement cooperation with over 30 countries (including the United States, the United Kingdom, Germany and Russia), often including a cyber-crime component (China Armed Forces, 2013). With the Chinese now explicitly acknowledging that the MPS has network warfare forces stationed within it, the United States and other targets of Chinese state-sponsored hacking will have to weigh carefully whether cooperation with the MPS on cyber-crime is worth the risks.

Blurring the Divide Between the Military and Civilian Realms

In keeping with Chinese President Xi Jinping’s recent statements that “without network security there is no national security” (PLA Daily, October 7, 2014), the authors of the new SMS break from the previous edition’s vague talk of overall information warfare objectives to concretely assert the centrality of cyberspace power to China’s overall ability to project national power, engage in strategic deterrence, and defend itself in a conflict. However, this “network domain,” which has become so central to the PLA’s warfighting, exists primarily as civilian infrastructure and is used globally for civilian purposes. As a result, although development of elite network warfare personnel remains central to the PLA’s ongoing cyber mission, the authors of the SMS focus an unusual amount of their energies examining the importance of civilian information technology and the civilian Internet to network warfare.

First and foremost, the authors believe that civilian infrastructure in foreign countries can be targeted more freely with network warfare than with conventional weapons, without provoking the degree of conflict escalation that a conventional attack on civilian targets would. This echoes an idea known as “unrestricted network warfare” long advocated by some of the PLA’s more hawkish network warfare theorists, and its presence in an authoritative work such as the SMS suggests that more aggressive voices may be gaining ground in the PLA’s internal deliberations on network warfare strategy (See Dong Qingling and Dai Changzheng, “Deterrence in the Network Space: Is Retaliation Feasible?”). To put it simply, they believe that the old playground sports adage of “no blood, no foul” applies to network warfare, even if the attack in question has debilitating effects on civilian infrastructure, and in a conflict scenario they may advocate that the PLA chooses its targets accordingly.

Second, the authors of the SMS acknowledge that China’s civilian information technology (IT) industry functions as a core component of China’s overall power in cyberspace. Since the development of China’s network warfare capabilities relies heavily on human talent and the civilian IT industry is where the bulk of China’s IT talent is found, PLA analysts believe that civilian industry will continue to serve as an important source of technical talent and human capital for the PLA’s network warfare operations to a degree that is disproportionate to the PLA’s reliance on civilian industry in other realms of warfare. The authors also emphasize the fact that despite recent advances in Chinese IT, key state-of-the-art networking technologies are still advanced primarily in the West, and the bulk of the Internet’s core architecture is controlled by the United States and its allies. Thus, what the West views as the neutral “status quo” of the network domain is, to China, an intolerable “network hegemony” (????) imposed by the United States and others. Based on the increasing prominence of these sentiments within the PLA, the prediction one sometimes hears in the West—that China’s IT development will one day transform it into a “mature” partner interested primarily in cyberspace cooperation to preserve our “mutual” interests—appears likely be overly optimistic. The PLA’s stated intentions to mobilize its civilian IT industry as a component of national power in both peacetime and wartime must be accounted for in the calculus of determining whether any given Sino-U.S. information security cooperation is in the United States’ national interest.

“Salami-Slicing” in Cyberspace and Planning for Resilience in the Face of the Inevitable

The SMS authors also focus heavily on the central role of peacetime “network reconnaissance”—that is, the technical penetration and monitoring of an adversary’s networks—in developing the PLA’s ability to engage in wartime network operations. As the SMS puts it, since the technical principles underlying successful penetrations of an adversary’s systems are essentially the same whether the objective is reconnaissance or active disruption, at the appropriate moment “one need only press a button” to switch from reconnaissance to attack.

Despite this ambiguity of intent, since network reconnaissance is both non-destructive (at least initially) and widely engaged in by all nations for the purposes of espionage, the SMS authors believe it has been clearly demonstrated that the act of network reconnaissance alone is unlikely to lead to escalation or the outbreak of war. As a result, PLA strategists appear to have arrived at a strategic understanding of peacetime network operations similar to China’s “salami slicing” tactics for asserting control of disputed islands in the South China Sea: a pattern of taking actions during peacetime that incrementally put China into a superior tactical position should conflict ever break out but that, which while provocative and unwelcomed by China’s neighbors, are unlikely to lead to direct conflict in and of themselves. If conflict eventually does break out, China will be in a better position than they otherwise would; if it does not, they will have incrementally gained much of what they desire without a fight.

PLA analysts understand, however, that network reconnaissance is not by any means one-sided, and believe that just as they are actively attempting to penetrate the networks of their adversaries, the PLA’s networks are likely being repeatedly breached as well. Furthermore, they argue that since China’s “main strategic opponent” (their euphemistic way of referring to the United States) has superior network warfare capabilities, the strict balance of power in a network-domain conflict would not necessarily tilt in China’s favor. As a result, the SMS emphasizes that the PLA must plan for a future of network warfare in which its defenses will inevitably be breached, military networks will at times be taken down by hostile adversaries, and China’s modernized C4ISR systems cannot be fully relied upon. [2] Although they do call for a major effort to strengthen China’s network defenses, this is undertaken in the hope that those defenses will not catastrophically fail, without any expectation that they will fully withstand outside attacks.

For Western military analysts, this line of thinking should trigger particular attention and concern. With China preparing for conflict in the network domain under the assumption that from the outset their information networks will quickly be heavily degraded and only partially functional, there will be a strong incentive in a conflict for the PLA to push the envelope of what is globally considered legitimate in areas such as anti-satellite warfare. The intersection of U.S. technological reliance on space-based C4ISR systems with its distance from East Asia will multiply this incentive, as China will (all other things equal) be able to do “more with less” in its immediate backyard.

Much of the focus by Western analysts when examining China’s approach to anti-access/area-denial (A2/AD), also known as “counter-intervention,” has centered on the physical realm of warfare, including the use of precision-guided munitions reliant on C4ISR. However, as the insights contained in the newSMS demonstrate, this discussion is fundamentally incomplete if it does not take into account China’s evolving approach to network and information warfare. Rightly or wrongly, many Chinese analysts believe that the United States currently possesses what they term a “no satellites, no fight” military force, and in a major conflict scenario they appear increasingly likely to put that presumption to the test.

Notes

  1. Rather than mirroring the United States’ ‘cyber’ concept, PLA writing speaks at the broadest level of the ‘information domain’ and ‘information warfare,’ with network, electromagnetic, psychological, and intelligence warfare each taking place as distinct components of that broader concept. The PLA concept of “network warfare” is roughly analogous to the current United States cyber concept, though not always identical in its details.
  2. C4ISR stands for command, control, computers, communication, intelligence, reconnaissance and surveillance.

Joe McReynolds is a Research Analyst at Defense Group Inc.’s Center for Intelligence Research and Analysis. His research interests primarily center on China’s approach to computer network warfare and defense science & technology development. Mr. McReynolds has previously worked with the Council on Foreign Relations and the Pacific Council for International Policy, and is a graduate of Georgetown University’s School of Foreign Service and Graduate Security Studies programs. He speaks and reads Chinese and Japanese, and has lived and studied in Nagoya, Guilin and Beijing.

Members’ Roundup Part 8

Welcome back to another edition of the Member Round-Up and the first for 2015. It has been two weeks since I last posted and CIMSECians have been busy across various blogs, journals and websites discussing all manner of topics. Whether it is a review of upcoming technology or discussion of hacking, there is an array of articles available to be enjoyed by all.

INTERNATIONAL RELATIONS & STRATEGY

With 2014 marking some positive steps to normalizing US-Cuban relations, the trade embargo still persists. Maryland-based CIMSECian, David Wise, writes that there are two key reasons why opportunities to speed up its removal were missed. Firstly, due to the influence of interest groups who benefit from the embargo and secondly, that an opportunity was lost in 1998 when the Pope’s visit to Cuba was overshadowed by the Lewinsky scandal. You can access his post on the London School of Economics and Political Science blog here.

As always, The National Interest’s Zachary Keck returns this edition with three articles, the third one will feature in a later section of this post. The first, assesses China and India’s pursuit to deploy multiple independent reentry vehicles (MIRV) on their ballistic missiles. The second article comes in the wake of the Sony hacking scandal and aims to clarify some reports by media outlets suggesting that the DPRK threatened to blow up the White House.

Although the Canadian government unveiled its National Shipbuilding Procurement Strategy (NSPS) to the public in October 2011, the exact capabilities of Canada’s future maritime forces have been largely a mystery. Over at the NATO Council of Canada, Paul Pryce gives some indications of possible contenders to build the ships. The long-term issue, however, is whether the first of the class will be ready by 2018.

Chinese sailors take a picture together in front of guided missile destroyer Haikou (171)
Chinese sailors take a picture together in front of guided missile destroyer Haikou (171)

Military diplomacy has been graining traction in the IR and strategy debate recently. Over at Offiziere, Patrick Truffer writes that greater transparency in US-China military relationship may be one-sided. ‘whether greater transparency of the US armed forces towards the Chinese armed forces is really profitable for the US must be critically examined,’ writes Truffer.

Moving into the new year a common feature preceding the changing of calendars is, of course, the ubiquitous ‘new year resolutions.’ This rationale can be applied in the professional realm; debating reform within any organisation is an enduring aspect of being a professional. Before becoming a naysayer and condemning any reform into the ‘too hard’ basket, consider reading BJ Armstrong’s article on innovation within the US military and its pursuit in amphibious warfare. The article can be accessed here at War on the Rocks.

TECHNOLOGY & HARDWARE

In the wake of the tragic AirAsia Flight 8501 accident many families, commentators and the general public have been raising questions such as: ‘how could we lose an aircraft when Apple can find my iPhone?’ Emotions run high during times of crisis and it is important during these times that information is delivered in a timely and accurate manner. On the MIT Technology Review, CIMSECian Dave Majumdar, explains the issues behind aircraft tracking.

Continuing with the aviation trend, Dave reports that Russia is developing a new strategic bomber called the PAK-DA as part of its post-Soviet military modernization plan. The article can be accessed here at The National Interest.

MQ-8C Fire Scout
MQ-8C Fire Scout

For the hardware fanatics a round-up of unmanned naval systems can be found over at Naval Drones and Zachary Keck is reporting that Iran has recently tested its first ‘kamikaze drone.’

ENTERTAINMENT

Over at War on the Rocks we have our NextWar blog Director, Matthew Hipple, with a review of Sony’s latest movie release: The Interview. ‘No one promised Hitchcock,’ writes Hipple, and the recent hacking affair may have actually increased interest in the movie. So if you were slightly skeptical of this film before forking out a few dollars to view it at an independent cinema then perhaps a quick peruse of this review will provide some assistance for your own expectation management.

IN REVIEW

One of our newest members, CNAS’ Jacob Stokes, will have his essay ‘Strategies of Competition’ published in the next issue of Orbis (Volume 59 Issue 1). In it, Jacob reviews the following books:

  • Strategic Reassurance and Resolve, by Jim Steinberg and Mike O’Hanlon
  • The Contest of the Century, by Geoff Dyer
  •  Maximalist, by Stephen Sestanovich

Jacob’s essay can be accessed here.

Jason Camlic provides his own round-up after attending the Chicago Maritime Museum Christmas party. You can find his post and some photos taken at the venue, here.

Finally, we also have two articles by CIMSEC members featured in Strategic Insights. Scott Cheney-Peters provides an analysis of the risks in the Taiwan Strait. Louis Bergeron analyses the chokepoint in the Mozambique Channel. They have been posted here and here on the NextWar blog.

As we begin a new year I wish to thank all of the contributions to this segment in 2014. As always please continue emailing dmp@cimsec.org so that we can all share and promote the great work that CIMSECians are producing. As a final note, if you are not yet a member and wish to be featured then simply apply to become one! Until next time.

Nam is a Maritime Warfare Officer in the Royal Australian Navy. He holds a Bachelor of Business and is currently completing a Master of Philosophy in International Security Studies at the University of New South Wales. Nam is the current Director of Member Publicity at CIMSEC.

Maritime Cryptology at the Crossroads

After more than a decade of land war and a desire to rebalance to Asia, America’s Navy finds itself smaller, and in many ways weaker in certain respects. One area that should be of great concern is the current practice and future of maritime cryptology.

Cryptology at sea was proven decisive during World War II, beginning with the battle at Midway and the breaking of the Japanese naval code “JN25.”[i] Equally important was the allied program that cracked the German Enigma machines, “Ultra,” especially those used by the German Navy. Winston Churchill famously remarked to King George VI that, “It was thanks to Ultra that we won the war.”[ii]

museum
(A selection of seven Enigma machines and paraphernalia exhibited at the USA’s National Cryptologic Museum. From left to right, the models are: 1) Commercial Enigma; 2) Enigma T; 3) Enigma G; 4) Unidentified; 5) Luftwaffe (Air Force) Enigma; 6) Heer (Army) Enigma; 7) Kriegsmarine (Naval) Enigma—M4.)[iii]
Throughout the ensuring Cold War until the fall of the Berlin Wall, naval cryptology played a vital role in meeting national and tactical intelligence requirements. America gained deep insight and understanding of Soviet and Warsaw Pact allied naval operations and was able to obtain priceless strategic intelligence through collection missions operated by the U.S. Navy. The end of the Cold War, ensuing strategic drift and drawdown was shattered by the terrorist attack of 9/11, yet even in the midst of a worldwide “Global War on Terror,” the pressure remained to cut the naval force. Today, the Navy is at its smallest point since World War I. For the Navy to conduct its maritime cryptology mission, it must have presence in the littorals, especially in key strategic areas of the Western Pacific, Indian Ocean and Arabian Gulf and the Mediterranean and elsewhere. A smaller Navy with fewer platforms means the Navy is not always where it needs to be and when it needs to be there.

The hope was that through force shaping, automation and remote operations, maritime cryptology could continue to thrive in an ever more complex electromagnetic (EM) environment. Adversarial communications have become far more challenging to detect, exploit and prosecute. The Radio Frequency (RF) environment of today is incredibly complex, with tactical, strategic and data communication links operating in all areas of the spectrum and often at frequencies with a very low probability to intercept. Modern encryption techniques have evolved from mechanical electronics to the use of quantum mechanics.[iv]

crypto

The effects of force shaping, automation and remote operations are beginning to take their toll on the tradecraft of maritime cryptology. Today’s junior Sailors and officers have had their training time cut in order to meet growing operational demands on a shrinking Navy. To be successful in the art of cryptology – and it is a practiced art – one must have a deep understanding of the fundamentals of radio signal transmission as well as more than a passing familiarity with the collection equipment. A junior cryptologic technician and junior officer should be able to draw a basic transmitter-receiver diagram and trace the origin of a signal from its original state, such as voice or data, through the transmitter, across a medium and into the collection gear and the operator’s ears. Foundational knowledge required that the basic operator have a working knowledge of the equipment and be able to perform diagnostic and troubleshooting tasks in the event of a malfunction. Finally, operators and junior officers must understand the process of signal intelligence reporting to the tactical unit at sea (indications and warning intelligence) as well as to the national signal intelligence system.

spectrum

At the same time, emerging cyberspace communication networks place entirely new pressures on maritime cryptology. Modern communication, command, control and information sharing are a “network of networks,” an “Internet of things” that require new skill sets and new acquisition and exploitation technologies. Yet the complexity of data systems and volume of data being passed is growing exponentially, outpacing our acquisition and procurement capability. The Navy has tried to mitigate this by relying on commercial off-the-shelf technology (COTS) but this entails its own set of problems. COTS technology must be compatible with legacy systems – some more than twenty years old and built on architecture and code from the late 1980s and early 1990s – and it relies on bandwidth levels that are not always available and reliable. We often find out the hard way that equipment which works well in the sterile lab environment is not up to the task of performing reliably at sea under arduous conditions.

Maritime cryptology is at a cross roads. We must return to the fundamentals of signal intelligence at the same time we are trying to realize the potential of cyberspace operations at sea. This will require a renewed commitment to recruitment and training, and for many middle grade and senior enlisted cryptologic technicians and officers, it means new formal training. Right now, senior enlisted and officers are being asked to take leadership roles in an emerging cyberspace operations field for which they are receiving inadequate or no formal training. We must reconsider recruitment of new junior Sailors and officers who have the background skills, education and knowledge and provide them a career path that emphasizes cryptologic expertise across the spectrum, from “traditional” signals intelligence to modern wireless exploitation. This career path must be grounded in recognizing that maritime cryptology is more art than science, and to become proficient and experienced, one must practice.

The author would like to thank CDR Kevin Ernest who kindly provided his thoughts on the challenges of modern maritime cryptology.

LT Robert “Jake” Bebber is an information warfare officer assigned to the staff of U.S. Cyber Command. The views expressed here are his own and do not represent those of the Department of Defense, the Department of the Navy or U.S. Cyber Command. He welcomes your comments at jbebber@gmail.com.

[i] http://www.navy.mil/midway/how.html

[ii] http://www.history.co.uk/study-topics/history-of-ww2/code-breaking

[iii] http://en.wikipedia.org/wiki/Enigma_machine#cite_note-9

[iv] http://blogs.scientificamerican.com/guest-blog/2012/11/20/quantum-cryptography-at-the-end-of-your-road/