All posts by Guest Author

Capability Analysis, Cyber War

A Cyber Vulnerability Assessment of the U.S. Navy in the 21st Century

Leave a comment

By Travis Howard and José de Arimatéia da Cruz

Introduction

The United States Navy is a vast, worldwide organization with unique missions and challenges, with information security (and information warfare at large) a key priority within the Chief of Naval Operations’ strategic design. With over 320,000 active duty personnel, 274 ships with over 20 percent of them deployed across the world at any one time, the Navy’s ability to securely communicate across the globe to its forces is crucial to its mission. In this age of rapid technological growth and the ever expanding internet of things, information security is a primary consideration in the minds of senior leadership of every global organization. The Navy is no different, and success or failure impacts far more than a stock price.

Indeed, an entire sub-community of professional officers and enlisted personnel are dedicated to this domain of information warfare. The great warrior-philosopher Sun Tzu said “one who knows the enemy and knows himself will not be endangered in a hundred engagements.” The Navy must understand the enemy, but also understand its own limitations and vulnerabilities, and develop suitable strategies to combat them. Thankfully, strategy and policy are core competencies of military leadership, and although information warfare may be replete with new technology, it conceptually remains warfare and thus can be understood, adapted, and exploited by the military mind.

This paper presents a high-level, unclassified overview of threats and vulnerabilities surrounding the U.S. Navy’s network systems and operations in cyberspace. Several threats are identified to include nation states, non-state actors, and insider threats. Additionally, vulnerabilities are presented such as outdated network infrastructure, unique networking challenges present aboard ships at sea, and inadequate operating practices. Technical security measures that the Navy uses to thwart these threats and mitigate these vulnerabilities are also presented. Current U.S. Navy information security policies are analyzed, and a potential security strategy is presented that better protects the fleet from the before-mentioned cyber threats, mitigates vulnerabilities, and aligns with current federal government mandates.

Navy Network Threats and Vulnerabilities

There are several cyber threats that the Navy continues to face when conducting information operations in cyberspace. Attacks against DoD networks are relentless, with 30 million known malicious intrusions occurring on DoD networks over a ten-month period in 2015. Of principal importance to the U.S. intelligence apparatus are nation states that conduct espionage against U.S. interests. In cyberspace, the Navy contests with rival nations such as Russia, China, Iran, and North Korea, and all are developing their own information warfare capabilities and information dominance strategies. These nations, still in various stages of competency in the information warfare domain, continue to show interest in exploiting the Navy’s networks to conduct espionage operations, either by stealing information and technical data on fleet operations or preventing the Navy from taking advantage of information capabilities.

Non-state actors also threaten naval networks. Organized activist groups known collectively as “hacktivists,” with no centralized command and control structure and dubious, fickle motivations, present a threat to naval cyberspace operations if their goals are properly aligned. In 2012, Navy officials discovered hacktivists from the group “Team Digi7al” had infiltrated the Navy’s Smart Web Move website, extracting personal data from almost 220,000 service members, and has been accused of more than two dozen additional attacks on government systems from 2012 to 2013. The hactivist group boasted of their exploits over social media, citing political reasons but also indicated they did it for recreation as well. Individual hackers, criminal organizations, and terrorist groups are also non-state threat actors, seeking to probe naval networks for vulnerabilities that can be exploited to their own ends. All of these threats, state or non-state actors, follow what the Department of Defense (DoD) calls the “cyber kill chain,” depicted in figure 1. Once objectives are defined, the attacker follows the general framework from discovery to probing, penetrating then escalating user privileges, expanding their attack, persisting through defenses, finally executing their exploit to achieve their objective.

Figure 1. Navy depiction of the “cyber kill chain

One of the Navy’s most closely-watched threat sources is the insider threat. Liang and Biros, researchers at Oklahoma State University, define this threat as “an insider’s action that puts an organization or its resources at risk.” This is a broad definition but adequately captures the scope, as an insider could be either malicious (unlikely but possible, with recent examples) or unintentional (more likely and often overlooked).

The previously-mentioned Team Digi7al hactivist group’s leader was discovered to be a U.S. Navy enlisted Sailor, Petty Officer Nicholas Knight, a system administrator within the reactor department aboard USS HARRY S TRUMAN (CVN 75). Knight used his inside knowledge of Navy and government systems to his group’s benefit, and was apprehended in 2013 by the Navy Criminal Investigative Service and later sentenced to 24 months in prison and a dishonorable discharge from Naval service.

Presidential Executive Order 13587, signed in 2011 to improve federal classified network security, further defines an insider threat as “a person with authorized access who uses that access to harm national security.”  Malevolence aside, the insider threat is particularly perilous because these actors, by virtue of their position within the organization, have already bypassed many of the technical controls and cyber defenses that are designed to defeat external threats. These insiders can cause irreparable harm to national security and the Navy’s interests in cyberspace. This has been demonstrated by the Walker-Whitworth espionage case in the 1980s, Private Manning in the latter 2000s, or the very recent Edward Snowden/NSA disclosure incidents.

The Navy’s vulnerabilities, both inherent to its nature and as a result of its technological advances, are likewise troubling. In his 2016 strategic design, Chief of Naval Operations Admiral John M. Richardson stated that “the forces at play in the maritime system, the force of the information system, and the force of technology entering the environment – and the interplay between them have profound implications for the United States Navy.” Without going into classified details or technical errata, the Navy’s efforts to secure its networks are continuously hampered by a number of factors which allow these threats a broad attack surface from which to choose.

As the previous Chief of Naval Operations (CNO), Admiral Jon Greenert describes in 2012, Navy platforms depend on networked systems for command and control: “Practically all major systems on ships, aircraft, submarines, and unmanned vehicles are ‘networked’ to some degree.” The continual reliance on position, navigation, and timing (PNT) systems, such as the spoofing and jamming-vulnerable Global Positioning System (GPS) satellite constellation for navigation and precision weapons, is likewise a technical vulnerability. An internet search on this subject reveals multiple scholarly and journalist works on these vulnerabilities, and more than a few describe how to exploit them for very little financial investment, making them potentially cheap attack vectors.

Even the Navy’s vast size and scope of its networks present a vulnerability to its interests in cyberspace. As of 2006, the Navy and Marine Corps Intranet (NMCI), a Government Owned-Contractor Operated (GOCO) network that connects Navy and Marine Corps CONUS shore commands under a centralized architecture, is “the world’s largest, most secure private network serving more than 500,000 sailors and marines globally.” That number has likely grown in the 10 years since that statistic was published, and even though the name has been changed to the Navy’s Next Generation Network (NGEN), it is still the same large beast it was before, and remains one of the single largest network architectures operating worldwide. Such a network provides an enticing target.

Technical Security Measures and Controls

The Navy employs the full litany of technical cybersecurity controls across the naval network enterprise, afloat and ashore. Technical controls include host level protection through the use of McAfee’s Host Based Security System (HBSS), designed specifically for the Navy to provide technical controls at the host (workstation and server) level. Network controls include network firewalls, intrusion detection and prevention systems (IDS/IPS), security information and event management, continuous monitoring, boundary protection, and defense-in-depth functional implementation architecture. Anti-virus protection is enabled on all host systems through McAfee Anti-Virus, built into HBSS, and Symantec Anti-Virus for servers. Additionally, the Navy employs a robust vulnerability scanning and remediation program, requiring all Navy units to conduct a “scan-patch-scan” rhythm on a monthly basis, although many units conduct these scans weekly.

The Navy’s engineering organization for developing and implementing cybersecurity technical controls to combat the cyber kill chain in figure 1 is the Space and Naval Warfare Systems Command (SPAWAR), currently led by Rear Admiral David Lewis, and earlier this year SPAWAR released eight technical standards that define how the Navy will implement technical solutions such as firewalls, demilitarized zones (DMZs), and vulnerability scanners. RADM Lewis noted that 38 standards will eventually be developed by 2018, containing almost 1,000 different technical controls that must be implemented across the enterprise.

Of significance in this new technical control scheme is that no single control has priority over the others. All defensive measures work in tandem to defeat the adversary’s cyber kill chain, preventing them from moving “to the right” without the Navy’s ability to detect, localize, contain, and counter-attack. RADM Lewis notes that “the key is defining interfaces between systems and collections of systems called enclaves,” while also using “open architecture” systems moving forward to ensure all components speak the same language and can communicate throughout the enterprise.

The importance of open systems architecture (OSA) as a way to build a defendable network the size of the Navy’s cannot be understated. The DoD and the Navy, in particular, have mandated use of open systems specifications since 1994; systems that “employ modular design, use widely supported and consensus-based standards for their key interfaces, and have been subjected to successful validation and verification tests to ensure the openness of their key interfaces.” By using OSA as a means to build networked systems, the Navy can layer defensive capabilities on top of them and integrate existing cybersecurity controls more seamlessly. Proprietary systems, by comparison, lack such flexibility thereby making integration into existing architecture more difficult.

Technical controls for combating the insider threat become more difficult, often revolving around identity management software and access control measures. Liang and Biros note two organizational factors to influencing insider threats: security policy and organizational culture. Employment of the policy must be clearly and easily understood by the workforce, and the policy must be enforced (more importantly, the workforce must fully understand through example that the policies are enforced). Organizational culture centers around the acceptance of the policy throughout the workforce, management’s support of the policy, and security awareness by all personnel. Liang and Biros also note that access control and monitoring are two must-have technical security controls, and as previously discussed, the Navy clearly has both yet the insider threat remains a primary concern. Clearly, more must be done at the organizational level to combat this threat, rather than just technical implementation of access controls and activity monitoring systems.

Information Security Policy Needed to Address Threats and Vulnerabilities

The U.S. Navy has had an information security policy in place for many years, and the latest revision is outlined in Secretary of the Navy Instruction (SECNAVINST) 5510.36, signed June 2006. This instruction is severely out of date and does not keep pace with current technology or best practices; Apple released the first iPhone in 2007, kicking off the smart phone phenomenon that would reach the hands of 68% of all U.S. adults as of 2015, with 45% also owning tablets. Moreover, the policy has a number of inconsistencies and fallacies that can be avoided, such as a requirement that each individual Navy unit establish its own information security policy, which creates unnecessary administrative burden on commands that may not have the time nor expertise to do so. Additionally, the policy includes a number of outdated security controls under older programs such as the DoD Information Assurance Certification and Accreditation Process (DIACAP), which has since transitioned to the National Institute for Standards and Technology (NIST) Risk Management Framework (RMF).

Beginning in 2012, the DoD began transitioning away from DIACAP towards the NIST RMF, making full use of NIST Special Publications (SPs) for policy development and implementation of security controls. The NIST RMF as it applies to DoD, and thus the Navy, is illustrated in figure 2. The process involves using NIST standards (identified in various SPs) to first categorize systems, select appropriate security controls, implement the controls, assess their effectiveness, authorize systems to operate, then monitor their use for process improvement.

Figure 2. NIST Risk Management Framework

This policy is appropriate for military systems, and the Navy in particular, as it allows for a number of advantages for policymakers, warfighters, system owners, and developers alike. It standardizes cybersecurity language and controls across the federal government for DoD and Navy policymakers, and increases rapid implementation of security solutions to accommodate the fluidity of warfighting needs. Additionally, it drives more consistent standards and optimized workflow for risk management which benefits system developers and those responsible for implementation, such as SPAWAR.

Efforts are already underway to implement these policy measures in the Navy, spearheaded by SPAWAR as the Navy’s information technology engineering authority. The Navy also launched a new policy initiative to ensure its afloat units are being fitted with appropriate security controls, known as “CYBERSAFE.” This program will ensure the implementation of NIST security controls will be safe for use aboard ships, and will overall “focus on ship safety, ship combat systems, networked combat and logistics systems” similar to the Navy’s acclaimed SUBSAFE program for submarine systems but with some notable IT-specific differences. CYBERSAFE will categorize systems into three levels of protection, each requiring a different level of cybersecurity controls commensurate with how critical the system is to the Navy’s combat or maritime safety systems, with Grade A (mission critical) requiring the most tightly-controlled component acquisition plan and continuous evaluation throughout the systems’ service life.

Implementation of the NIST RMF and associated security policies is the right choice for the Navy, but it must accelerate its implementation to combat the ever-evolving threat. While the process is already well underway, at great cost and effort to system commands like SPAWAR, these controls cannot be delayed. Implementing the RMF across the Navy enterprise will reduce risk, increase security controls, and put its implementation in the right technical hands rather than a haphazard implementation of an outdated security policy that has, thus far, proven inadequate to meet the threats and reduce vulnerabilities inherent with operating such a large networked enterprise. With the adoption of these new NIST policies also comes a new strategy for combating foes in cyberspace, and the Navy has answered that in a few key strategy publications outlined in the next section.

Potential Security Strategy for Combating Threats and Minimizing Vulnerabilities

It is important to note that the Navy, like the other armed services of the DoD, was “originally founded to project U.S. interests into non-governed common spaces, and both have established organizations to deal with cybersecurity.” The Navy’s cyber policy and strategy arm is U.S. Fleet Cyber Command (FLTCYBERCOM, or FCC), co-located with the DoD’s unified cyber commander, U.S. Cyber Command (USCYBERCOM, or USCC). Additionally, its operational cyber arm, responsible for offensive and defensive operations in cyberspace, is U.S. 10th Fleet (C10F), which is also co-located with U.S. Fleet Cyber and shares the same commander, currently Vice Admiral Michael Gilday.

Prior to VADM Gilday’s assumption of command as FCC/C10F, a strategy document was published by the Chief of Naval Operations in 2013 known as Navy Cyber Power 2020, which outlines the Navy’s new strategy for cyberspace operations and combating the threats and vulnerabilities it faces in the information age. The strategic overview is illustrated in figure 3, and attempts to align Navy systems and cybersecurity efforts with four main focus areas: integrated operations, optimized cyber workforce, technology innovation, and acquisition reform. In short, the Navy intends to integrate its offensive and defensive operations with other agencies and federal departments to create a unity of effort (evident by its location at Ft. Meade, MD, along with the National Security Agency and USCC), better recruit and train its cyber workforce, rapidly provide new technological solutions to the fleet, and reform the acquisition process to be more streamlined for information technology and allow faster development of security systems.

Figure 3. Threats and Motivations, Strategic Focus of Navy Cybersecurity 

Alexander Vacca, in his recent published research into military culture as it applies to cybersecurity, noted that the Navy is heavily influenced by sea combat strategies theorized by Alfred Thayer Mahan, one of the great naval strategists of the 19th century. Indeed, the Navy continually turns to Mahan throughout an officer’s career from the junior midshipman at the Naval Academy to the senior officer at the Naval War College. Vacca noted that the Navy prefers Mahan’s “decisive battle” strategic approach, preferring to project power and dominance rather than pursue a passive, defensive strategy. This potentially indicates the Navy’s preference to adopt a strategy “designed to defeat enemy cyber operations” and that “the U.S. Navy will pay more attention to the defeat of specified threats” in cyberspace rather than embracing cyber deterrence wholesale. Former Secretary of the Navy Ray Mabus described the offensive preference for the Navy’s cyberspace operations in early 2015, stating that the Navy was increasing its cyber effects elements in war games and exercises, and developing alternative methods of operating during denial-of-service situations. It is clear, then, that the Navy’s strategy for dealing with its own vulnerabilities is to train to operate without its advanced networked capabilities, should the enemy deny its use. Continuity of operations (COOP) is a major component in any cybersecurity strategy, but for a military operation, COOP becomes essential to remaining flexible in the chaos of warfare.

A recent  article describing a recent training conference between top industry cybersecurity experts and DoD officials was critical of the military’s cybersecurity training programs. Chief amongst these criticisms was that the DoD’s training plan and existing policies are too rigid and inflexible to operate in cyberspace, stating that “cyber is all about breaking the rules… if you try to break cyber defense into a series of check-box requirements, you will fail.” The strategic challenge moving forward for the Navy and the DoD as a whole is how to make military cybersecurity policy (historically inflexible and absolute) and training methods more like special forces units: highly trained, specialized, lethal, shadowy, and with greater autonomy within their specialization.

Current training methods within the U.S. Cyber Command’s “Cyber Mission Force” are evolving rapidly, with construction of high-tech cyber warfare training facilities already underway. While not yet nearly as rigorous as special forces-like training (and certainly not focused on the physical fitness aspect of it), the training strategy is clearly moving in a direction that will develop a highly-specialized joint information warfare workforce. Naegele’s article concludes with a resounding thought: “The heart of cyber warfare…is offensive operations. These are essential military skills…which need to be developed and nurtured in order to ensure a sound cyber defense.

Conclusions

This paper outlined several threats against the U.S. Navy’s networked enterprise, to include nation state cyber-rivals like China, Russia, Iran, and North Korea, and non-state actors such as hactivists, individual hackers, terrorists, and criminal organizations. The insider threat is of particular concern due to this threat’s ability to circumvent established security measures, and requires organizational and cultural influences to counter it, as well as technical access controls and monitoring. Additionally, the Navy has inherent vulnerabilities in the PNT technology used in navigation and weapon systems throughout the fleet, as well as the vast scope of the ashore network known as NMCI, or NGEN.

The Navy implements a litany of cybersecurity technical controls to counter these threats, including firewalls, DMZs, and vulnerability scanning. One of the Navy’s primary anti-access and detection controls is host-based security through McAfee’s HBSS suite, anti-virus scanning, and use of open systems architecture to create additions to its network infrastructure. The Navy, and DoD as a whole, is adopting the NIST Risk Management Framework as its information security policy model, implementing almost 1000 controls adopted from NIST Special Publication 800-53, and employing the RMF process across the entire enterprise. The Navy’s four-pronged strategy for combating threats in cyberspace and reducing its vulnerability footprint involves partnering with other agencies and organizations, revamping its training programs, bringing new technological solutions to the fleet, and reforming its acquisition process. However, great challenges remain in evolving its training regimen and military culture to enable an agile and cyber-lethal warfighter to meet the growing threats.

In the end, the Navy and the entire U.S. military apparatus is designed for warfare and offensive operations. In this way, the military has a tactical advantage over many of its adversaries, as the U.S. military is the best trained and resourced force the world has ever known. General Carl von Clausewitz, in his great anthology on warfare, stated as much in chapter 3 of book 5 of On War (1984), describing relative strength through admission that “the principle of bringing the maximum possible strength to the decisive engagement must therefore rank higher than it did in the past.” The Navy must continue to exploit this strength, using its resources smartly by enacting smart risk management policies, a flexible strategy for combating cyber threats while reducing vulnerabilities, and training its workforce to be the best in the world.

Lieutenant Howard is an information warfare officer/information professional assigned to the staff of the Chief of Naval Operations in Washington D.C. He was previously the Director of Information Systems and Chief Information Security Officer on a WASP-class amphibious assault ship in San Diego.

Dr. da Cruz is a Professor of International Relations and Comparative Politics at Armstrong State University, Savannah, Georgia and Adjunct Research Professor at the U.S. Army War College, Carlisle, Pennsylvania.

The views expressed here are solely those of the authors and do not necessarily reflect those of the Department of the Navy, Department of the Army, Department of Defense or the United States Government.

Featured Image: At sea aboard USS San Jacinto (CG 56) Mar. 5, 2003 — Fire Controlman Joshua L. Tillman along with three other Fire Controlmen, man the shipÕs launch control watch station in the Combat Information Center (CIC) aboard the guided missile cruiser during a Tomahawk Land Attack Missile (TLAM) training exercise. (RELEASED)

Book Review

Lessons Encountered: Learning From the Long War

Leave a comment

Hooker, Richard D., and Joseph J. Collins. Lessons Encountered: Learning from the Long War. National Defense University Press 2015 473pp. 

lessonsencounted
Click to read.

By Ching Chang

Lessons Encountered: Learning from the Long War is a collection of research reports edited by Richard D. Hooker, Jr. and Joseph J. Collins published by the U.S. National Defense University Press in September 2015. It originated from a top-down request from the Chairman of the Joint Chiefs of Staff to respond to two inquiries: What were the costs and benefits of the campaigns in Iraq and Afghanistan, and what were the strategic lessons of these campaigns? The final product of this instruction may eventually benefit many military professionals, and possibly, certain politicians who may have ambitions to be the national or political leadership within the national security community of the United States.

Success could never be easily repeated by itself, yet, mistakes causing failures always repeatedly occur in different occasions in human history. When conducting a war, mistakes happen everywhere from the strategic level jointly formulated by the national leadership and their subordinated senior military commanders, to those operational and tactical decisions made by the military professionals in varying levels of command and authority. Certain tactical decisions may have some devastating consequences at the strategic level. Specific bias and selfishness in higher level decision making may increase the statistics of fatalities in the battlefield. To grasp the mistakes that have occurred in the history of war is more important, therefore, than understanding the rationales assuring victory, since all the theories of victory are fundamentally similar. Following previous tracks, however, is no guarantee of success. Such is the well-known truth for every military professional.

Of course, this publication is tailored for  senior military professionals who may attend the Joint Professional Military Education programs offered by war colleges or command and staff colleges in various services of the United States Armed Forces. Nonetheless, senior national security civilian executives who also join these courses may also enhance their understanding of coordination with military professionals. On the other hand, how the military professionals should serve their political masters by following the principle of civilian control of the military is another vital issue addressed by this publication. The best lesson of this masterpiece is to help the leadership of the national security community learn principles related to advocating armed conflict, as opposed to the opposite approach of gaining awareness only through battlefield experience and lost blood and treasure.

Many lessons encountered and learned during the campaigns in Afghanistan and Iraq are listed at the beginning of this text. The whole course of these two warfighting cases include high tier decision-making processes as well as very detailed situations of the battlefield, described and analyzed thoroughly.

Any war itself is essentially a dynamic process. Situation assessment and adaptations at the strategic, operational, and tactical levels are routines for warfighting. Likewise, the associated politics are also a dynamic progression. Criteria changes are necessary to reflect the concerns from the general public. Positions and arguments held by political leadership may also vary accordingly. From observing the developments of establishing the security in these two different battlefields and the exit strategy formulated by the U.S. political leadership for two different operational situations, we may notice the difficulties inherent in conducting two simultaneous campaigns.

The legal issues discussed in the final chapter may be the most striking content to readers whose concerns include the directives and moral cause for fighting the next war. However,  the sincerity of self-criticism is valid evidence that conscience remains a central element of military ethics. Likewise, the courage to face those mistakes is the fundamental indication of hegemony. Many people may question how long the United States may sustain its position as a superpower in the world. As long as the United States military produces such reports that honestly review all the mistakes, oversights, and downright stupidities that occur in their war efforts, no one should underestimate the capacity of the United States to amend those mistakes at some point. Particularly, many of the military professionals interviewed and pointed out those flaws may have the possibility to continue their careers in the political realm in the foreseeable future. We may discover how well they may perform after shifting their roles to be politically appointed features in Washington.

Chinese translation of the reviewed text. (Author photos)

As a foreign reader and translator reading this text, the author would like to mention that the Chinese translation of this book was recently published by the National Defense University, Republic of China, in December 2016. As many other civilizations pay their efforts to understand the United States by translating these texts, we hope that the United States should also pay the same scale of effort to understand other civilizations in order to avoid the many mistakes analyzed in this book. After all, si vis pacem, para bellum, is quite true, yet, the Chinese wisdom of “winning a war without fighting” can also be worthy of consideration after reading this text.

Ching Chang is a Research Fellow with the Society for Strategic Studies, Republic of China. The views expressed in this review are his own.

Featured Image: by Ron Haviv, April 9 2003, Reproduced as part of TIME’s series, A Decade of War in Iraq.

Interviews

A Conversation with Naval Fiction Writer David Poyer, Author of Onslaught

Leave a comment

By CIMSEC Book Review Team

CIMSEC sat down with author David Poyer, former naval officer and author of the ‘Tales of the Modern Navy’ series of novels, among other exciting modern and historical naval fiction titles. Poyer’s latest title, Onslaught, finds protagonist Dan Lenson in command of USS Savo Island during the opening salvo of the war with China. Poyer’s masterful character development, eye for technical details, and comprehensive understanding of life at sea have made him a favorite of fans of this genre. We asked him about his writing process, inspiration, and more.

CIMSEC: You do an excellent job of combining intrigue and drama with technical details and action. How do you do this and how do you begin the writing process?

DP: Thanks! I’m notoriously process-oriented, having been originally educated as a naval officer and engineer, and worked as a submarine systems designer before going into fiction. These days, though, I teach narrative structure at the Creative Writing Program at Wilkes University. So…here goes!

A quick overview: I begin with a general plot idea, then sketch out how each character will contribute to the overall story. Next, I construct the arcs for those characters. During this process, scenes will have started to come to me. Also, thoughts for more scenes and plot points occur as I do background reading and interviews and ship visits.

Eventually I generate a ten-to fifteen-page single-spaced outline of the action proper of the novel. This “blueprint,” plus the character studies, makes it possible for me to cruise through the first draft at a rate of about four pages a day without too much angst, and without excuses or writer’s block.

Author David Poyer

Of course, six months later, that only gives me the first draft! Lenore Hart, my better half who’s also a novelist, reads the second draft and makes extensive comments I revise. Then a varied stable of retired and active duty Navy, Marine, NCIS, State, physicians, and many other subject matter experts comment on their sections. After that I revise again. (I put a lot of time and effort into trying to make events and descriptions as authentic as possible, while still driving the action forward with drama and suspense). Four to five drafts later, after I’ve cut out every possible excess word, it’s time for my editor at St. Martin’s, George Witte, to see it!

CIMSEC: What do you think readers, especially readers in the naval profession like many of our readers here at CIMSEC, can derive from your narrative? What are you trying to convey?

DP: I started out as a writer simply wanting to recount and reflect on my own early experiences at sea. The Med, The Circle, and The Passage were based on specific cruises, events, and locales I saw during active duty. For example, The Circle was inspired when USS Bowen deployed north of the Arctic Circle in winter, with orders to find the biggest storm around and stay in it as long as we could. (This was to test a new sonar system). So I didn’t have to research what Arctic storms looked and felt like!

In terms of artistic intent, at first I was largely innocent. Mainly I wanted to craft an exciting story. If a deeper theme emerged, great. And over the years I’ve been blessed with some critical acclaim. But the reviews that warm my heart most are from the enlisted, chiefs, and officers who write to thank me for a realistic portrayal of the sacrifices they’ve made. If I can bring such stories to a general audience as well, I’ve met my basic requirements.

A few recurrent motifs or themes do underlay my work, but they’re not buried so deeply you need a PhD in literature or philosophy to winkle them out. After my first dozen or so novels, I realized that every work had been about the question, ‘What is the ultimate authority or guide we can depend on for ethical action?’ I don’t really concern myself much with “identity,” which much current fiction seems occupied with. I know who I am, and my characters, in general, know who they are. That doesn’t mean they aren’t conflicted and uncertain. I’m attracted to deeply-layered, multidimensional characters who act as well as think. But to act means to decide; to choose. As John Gardner, one of my early mentors and exemplars put it, every novel is, at its deepest heart, a morality play.

That, I think, is why some of my novels have been taught at the Naval Academy: they’re not simply thrillers; they’re about difficult choices made in short time frames under terrible stress. Exactly what sometimes happens at sea.

CIMSEC: Onslaught explores a hypothetical conflict with China. How much of what you include in your novels is inspired by current events and what other sources do you call on for inspiration?

DP: I started research and planning of the War with China series – The Cruiser, Tipping Point, Onslaught, and two more books now in progress – well before tensions with that country reached the current near-boiling point. You have to realize, a novel is written at least two years before you see it on the shelves; a year to write, and a year in production. Complex and research-intensive ones take even longer. So I can’t really tune too close an ear to current events. Nor am I psychic! The books are thus based on my own strategic calculations and a knowledge of history. (I did the same thing earlier with The Gulf). Around 2008 I asked myself, What if there were a new Pacific war? Everything downstream flowed from that initial “what if.”

CIMSEC: It seems as though your last two works bore some resemblance to the outbreak of the First World War and the geopolitical tensions that characterized that time in history. Was this intentional?

Very much so; in fact I refer in the narrative to Dan Lenson’s reading of Barbara Tuchman’s The Guns of August. The problem the U.S. faces in accommodating a previously stable international structure to the rise of a peer competitor is much like that which the British Empire faced in dealing with Imperial Germany, or Rome with Carthage, or even farther back, Sparta vs. Athens. Other influences are Sallust, Gibbon, Thucydides, the battles of Savo Island and Guadalcanal, Korean medieval history, the tactics of Ulysses S. Grant, and Allied op plans (both executed and not) for the latter stages of WWII, among many others.

I loved the comparison between the skills of ancient mariners and modern high-end war; specifically I am thinking of the instance in which your Chief Quartermaster takes a celestial fix – I pictured him doing so on the port bridge wing above the SPY faces. That really conjured an image for me of the juxtaposition of ancient naval practices and modern technology.

I think one of the distinguishing themes of sea fiction, what Professor Herb Gilliland of the Naval Academy calls “techné,” the machinery that’s mastered (or at least used) in sea tales.

The most complicated device existing in the 18th century was a full-rigged warship, and its present-day successors are among the most complex devices today. Think of The Sand Pebbles; if you took the machinery out there wouldn’t be much book left. Or Delilah by Marcus Goodrich, the crew manhandling and shoveling all that coal from the bulkhead bunkers into the boilers. Under technique also falls seamanship, and the skills and even artistry involved in steering safely through changing weather and sea conditions.

And you’re right, at sea today we have to be masters of both an ancient set of skills and comfortable at the very cutting edge of 21st-century technology. Both the fascination and the challenge for me lies in making the advanced technology involved in, say, intercepting an incoming ballistic missile terminal body with an Aegis-steered Standard missile comprehensible to the general or lay audience. Sometimes I fail in that regard; I remember one reviewer wrote, “I learned more about the Navy than I really wanted to know.” Not the impression I wanted to leave!

In general, if I hear equal numbers of readers complaining that I didn’t go deeply enough into the techné, and others that I got too technical and acronymophilic, I should be roughly in the middle of the channel. Complicating that further in the later books in this series will be that war inevitably accelerates technology…which means I may have to go beyond anything currently used in the Fleet.

CIMSEC: Crime aboard ships is a common thread throughout the series – why is that? Is this intentional and is this something you have personal experience with, or is it just a storytelling device?

Well, crime isn’t as prevalent in the USN as it is in my series, that’s for sure. On the other hand, we’ve all read about service-related cases of bribery, sexual abuse, rape, theft, counterfeit parts, murder. Every crime ashore has its cousin at sea. It would actually be unrealistic to pretend it doesn’t happen.

War and crime seem analogous in certain ways. They force choices and actions, and sometimes very difficult ones, on both the participants and those who must find the perpetrator and administer justice. Remember your high school lit classes, where they talked about the various forms of antagonists: human, animal, natural, corporate, governmental, enemy, etc? The more of these conflicts I can layer into the story, the more complex and punishing it becomes for the characters, the greater the forward velocity and the more strongly the reader becomes involved.

CIMSEC: Your story features very competent but very diverse female characters, which is a rarity in this genre of fiction. Is this an important message to you as an author and former naval officer or a reflection of the makeup of a modern crew at sea?

I don’t think it’s as much some kind of “message” as a reflection or realization that this is how things are now, both at sea and ashore. Still, it took me a few novels to feel comfortable with portraying a female voice or point of view. My first two or three novels weren’t that effective in portraying black, female, or gay characters. But as I moved out of the all-white environment I grew up in, and as the rather homogeneous and all-male Navy of the 1970s and 80s changed, my views widened. My first book with a female central intelligence was The Whiteness of the Whale, with Dr. Sara Pollard. I’m happy with the way that turned out and it got some very pleasant reviews.

To take it a step farther, I don’t believe a writer should or can be limited to drawing characters that reflect only his or her own ethnicity and gender. Providing access to the interior thoughts and feelings of what the reader considers the “other” is one of the primary functions of fiction. But with that freedom also comes a responsibility: to portray every character as truly and complex as possible, without defaulting to clichés or cardboard villains. One of the most difficult characters I ever had to inhabit was the treacherous, fanatical Al-Maahdi in The Crisis. But eventually I understood why he became what he became. That’s not the same as sympathizing with his actions, of course.

CIMSEC: Your characters are drawn in a way that is so sophisticated and complex – are they based in any way on individuals you’ve served with?

DP: Sometimes!!

CIMSEC: Onslaught features a total breakdown of the international system and diplomacy, as we know it. Is this something you feel we are moving toward?

DP: Unfortunately, nations do seem to be demolishing or abandoning, one by one, the international structures and norms that promoted accommodation, protected human rights, and acted to prevent war. China dismisses the rulings of international courts. The U.S. behaves more and more cavalierly toward long-time allies. The president of the Philippines brags about his extrajudicial killings. Russia subverts any democracy it can. Combine these with a decline in the former relative preponderance of U.S. power in the western Pacific, and the events in Tipping Point and Onslaught begin to seem not just possible, but all too likely.

CIMSEC: What message do you hope junior officers and sailors reading your novels can take away and apply to their profession?

Nothing unique or new, I fear. Merely this:

Know your job.

Care for your troops.

And always try to do the right thing, even if it may hurt your career.

CIMSEC: Where does the series go from here and what’s next for Daniel Lenson?

DP: After the opening of the Pacific war in Tipping Point, and its first battles in Onslaught, the next strategic question will be: can the Allies hold the central Pacific? IF we can’t, then no recovery and new offensive farther west is possible. Of course Dan, Blair, Obie, and Cheryl will all be in the thick of the action. So look for Hunter Killer in December of 2017…and thanks for the interview!

David Poyer was born in DuBois, Pennsylvania in 1949. He grew up in Brockway, Emlenton, and Bradford, in western Pennsylvania, and graduated from Bradford Area High School in 1967. He graduated from the U.S. Naval Academy at Annapolis in 1971, and later received a master’s degree from George Washington University.

His active and reserve naval service included sea duty in the Atlantic, Mediterranean, Arctic, Caribbean, and Pacific, and shore duty at the Pentagon, Surface Warfare Development Group, Joint Forces Command, and in Saudi Arabia and Bahrain. 

Poyer began writing in 1976, and is the author of over forty books, including THE MED, THE GULF, THE CIRCLE, THE PASSAGE, TOMAHAWK,  CHINA SEA, BLACK STORM, THE COMMAND, THE THREAT, KOREA STRAIT, THE WEAPON, THE CRISIS, THE TOWERS, THE CRUISER and TIPPING POINT, best-selling Navy novels; THE DEAD OF WINTER, WINTER IN THE HEART, AS THE WOLF LOVES WINTER, and THUNDER ON THE MOUNTAIN, set in the Pennsylvania hills; and HATTERAS BLUE, BAHAMAS BLUE, LOUISIANA BLUE, and DOWN TO A SUNLESS SEA, underwater adventure. Other noteworthy books are THE ONLY THING TO FEAR, a historical thriller, THE RETURN OF PHILO T. McGIFFIN, a comic novel of Annapolis, and the three volumes of The Civil War at Sea, FIRE ON THE WATERS,  A COUNTRY OF OUR OWN, and THAT ANVIL OF OUR SOULS.  He’s also done two well-reviewed sailing novels, GHOSTING and THE WHITENESS OF THE WHALE, and several nonfiction books.  Two books will appear later this year: ONSLAUGHT, another Modern Navy novel, and ON POLITICS AND WAR, co-authored with Arnold Punaro.

Poyer’s work has been  translated into Japanese, Dutch, Italian, and Serbo-Croatian, recorded for audiobooks, published as ebooks, selected by the Literary Guild and Doubleday Book Club, etc. Rights to several properties have been sold or optioned for films. 

Poyer has taught or lectured at Annapolis, Flagler College, University of Pittsburgh, Old Dominion University, the Armed Forces Staff College, the University of North Florida, Christopher Newport University, and other institutions. He has been a guest on PBS’s “Writer to Writer” series and on Voice of America, and has appeared at the Southern Festival of Books and many other literary events. He currently a fellow at the Virginia Center of Creative Arts, and teaches in the MA/MFA in Creative Writing program at Wilkes University in Wilkes-Barre and at the Ossawbaw Island Writers’ Retreat.  He lives on Virginia’s Eastern Shore with his wife, novelist Lenore Hart.

Featured Image: PACIFIC OCEAN (June 16, 2009) – Nimitz-class aircraft carrier USS George Washington (CVN 73), Ticonderoga-class guided-missile cruiser USS Cowpens (CG 63) and Arleigh Burke-class guided missile destroyer USS Fitzgerald (DDG 62) steam in formation during a photo exercise June 16. (U.S. Navy photo by Mass Communication Specialist 2nd Class Bryan Reckard)

Current Operations

Thoughts on Grand Strategy

Leave a comment

This article originally featured on The Navalist and is republished with permission. Read it in its original form here

By LT Robert “Jake” Bebber USN and Professor Richard J. Harknett

The United States has been operating without a Grand Strategy for nearly 25 years. First, it was essentially on auto-pilot in the immediate aftermath of the collapse of the Soviet Union (the grand strategic endstate of containment) and then post-9/11 it became tactically oriented in reacting to global terrorism. Over the past 16 years, a flux in the distribution of power internationally has begun as the United States has relied on coercive force in an attempt to manage terrorist capacity and its gap in power is not guaranteed to be sustained without a strategy to do so. Great powers rise and fall because, over time, they tend to choose policies which accelerate the balancing dynamic of other competing states. Today, while the United States remains the leading state in an imbalanced global system, traditional realist theory suggests that international systems tend toward balance and we should expect a turn to a multipolar world. The National Intelligence Council’s January 9th released quadrennial Global Trends Report suggests a similar conclusion.

This is not preordained, however, if U.S. policymakers were to return to leveraging true American strength. The United States is still a relatively young Great Power and can choose policies that can stretch its advantages. Thus, while actors will balance against it, the United States can remain preponderant for some period of time. This is because it enjoys its position as a foundational power, rather than a coercive power. The majority of the world benefits from the foundations that have been laid in the aftermath of the Second World War and, therefore, there is significant incentive to buy-in and work within the current American-led incentive structure–most states are rewarded by the imbalance and thus it is not the driving force that traditional analysis suggests. This gap in power is tolerable to a majority of state and non-state actors because it is leveragable by them.

However, perpetuating an imbalanced system where the U.S. remains the foundational power will not sit well with actors like China, Russia, Iran and a few other revisionist actors. Indeed they are all working hard to challenge the current system to make their own rules and pursue their own interests. 

Yet the incoming administration may have an opportunity to fundamentally reorient the pieces on the grand strategic chessboard, and perhaps retain a position of strength that has been ebbing over the past few years. It appears that the President and his team are open to a different view of Russia as a great power. They seem amenable to Mr. Putin’s realist view of the world, and his naked pursuit of Russian interests.

At the same time, Mr. Trump’s comments about Communist China, and his apparent willingness to rethink America’s “one-China” policy seem to indicate that on some instinctual level, Mr. Trump considers the PRC to be a greater threat than Russia. On that matter, he is probably correct. Russia is essentially a vulnerable great power heading in the wrong direction. Communist China, on the other hand, while facing its own internal inconsistencies, has the capacity to challenge the United States in terms of economic, military and political power.

Quite simply then, the new Administration may be in a position to reverse the realignment of the Nixon era (but in Nixonian fashion) and enter into a tacit alignment with Russia as a geopolitical balance against Communist China, thereby sustaining the imbalanced system. There are a number of reasons why this might be advantageous to both the United States and Russia, but we should acknowledge up front that it will not come without significant cost. And this is not the mere “reset” that was recently attempted. In geopolitical terms, this is effectively bringing Russia into the western orbit.

The core unknown is whether Russia can be a satisfied great power in an imbalanced system? The answer is possibly yes, if its status is based on seats at the table of global governance, it is convinced that it is not susceptible to outside aggression or collapse, and that its particular form of domestic governance can persist.

Russia is a weakening great power on its current course demographically and economically. A new relationship would have to emphasize that there is a fundamental benefit to Russia of leveraging U.S. foundational power, rather than risking the cost of opposing U.S. coercive power. Russia should understand that challenging that coercive power would lead to its swifter demise. It lost the first Cold War and the U.S. can actively isolate it again and turn the energy (oil price) weapon against it if the Russians want to challenge the U.S. This is not a containment for containment sake argument, but rather an invitation to Russia to become a western power coupled with a hard power argument of the consequences that would follow from not accepting the invitation. What needs to be made clear is that the Russian hope of undermining western institutional legitimacy will not be tolerated anymore, but that there is an alternative to competition. This is a “tough love” message, but one in which Mr. Trump and his Secretary of State designee Rex Tillerson may be uniquely qualified to deliver.

In order for this to happen, Mr. Trump will have to convince Mr. Putin that Russia has a “losing hand” as it were, and that Communist China is a greater long term threat to Russia than the United States or the west. Russia is currently under severe economic sanctions from the west due to its invasion of Ukraine and seizure of Crimea, and while Mr. Putin remains popular for now, even he knows that the Russian people will not tolerate for long growing economic depravity. Mr. Trump can effectively say, “I can get you out of this mess.”

And indeed there is growing concern even within Russia of China’s overt interest in the sparsely populated, but resource rich Siberian expanse. The Russian people are intimately familiar with several thousand years of history, to include numerous invasions from the Asian steppe hordes. Of course in recent history, Communist China attacked the Soviet Union in 1969. Russia is beginning to note the frequency with which Communist China now talks of reclaiming the territory lost during its “Century of Humiliation” – much of that territory being taken by Imperial Russia. (This includes the city of Vladivostok which was ceded to Russia by Imperial China in 1858.)

Can a Trump Administration conduct a strategic realignment with Russia? While the West will be under pressure to “negotiate a deal” likely involving forswearing further NATO expansion or the integration of former Soviet states into the EU, it should resist this temptation. Remember, Russia has a losing hand in this relationship, and is contracting both demographically and economically. Rather, Mr. Trump has to convince Mr. Putin that any lifting of sanctions will be followed by American investment which would effectively “stop the bleeding” in Russia. However, there would be no rollback on NATO – the Baltics and Eastern Europe are not going to be discarded. One clear question is the motivations of Mr. Putin: does he want Russia to retain global recognition as a great power and will cut a deal to do so, or is he too much a product of his KGB legacy and sees the “West” as an unremitting enemy with which no deal is safe? He will recall promises of the 1990s that were not kept, so trust building will be essential. The choice of Mr. Tillerson as Secretary of State could be critical in establishing that trust. 

For the United States, bringing Russia into a Western orbit could provide significant advantages. First, it diverts the PRC’s attention back to its 2,600 mile long border with Russia. This will require the PRC to reconsider its reorganization of the People’s Liberation Army (PLA), perhaps away from building a power projection force back to a land-oriented border protection. And the PLA still relies largely upon Russian designed and supplied military equipment, which would hopefully be curtailed or stopped.

Second, it advances the goals of the United States relative to India and Vietnam, who also maintain a friendly relationship with Russia and heavily relies on Russia as a military supplier. India has historically been non-aligned, though friendly to the former Soviet Union/Russia. A rapprochement between the U.S. and Russia relieves a source of tension with Vietnam and India, and opens the door for an alignment between the world’s two most populous democracies and a former war enemy of China.

Third, it does permit the U.S. and Russia to resume and enhance counter-terrorism relationships. It may even open opportunities for the United States and Russia to conduct joint operations in the Middle East against ISIS. To be clear, Russian insistence that the Assad regime remain in power would have to be dropped. However, the U.S. and Russia can probably find a mutually acceptable third party to rule in Syria over time

As of yet, there is no evidence that the incoming Administration is thinking along these lines. It would require a deft bit of diplomacy and “deal making” to convince Russia to throw its lot in with the United States as opposed to remaining the junior partner to the PRC (whether or not Russia realizes it is the junior partner is an open question). However, the warm words exchanged between the incoming Trump team and the Kremlin may be an opportunity. How unsubstantiated reports of deeper campaign Trump-Kremlin ties will impact moving forward is unknown, but in a world in which perception is reality, a President Trump would now have to pursue such a realignment strategy more openly than Nixon did with China. If they could pull it off, future relations with Communist China could look very different than the current trajectory it is on right now.

To quote Star Trek VI, there is an old Vulcan proverb that “Only Nixon could go to China.” Well, perhaps “only Trump could go to Russia.” We shall see if he can seize this opportunity.

LT Robert “Jake” Bebber USN is a Cryptologic Warfare Officer assigned to the staff of U.S. Cyber Command. He holds a Ph.D. in public policy from the University of Central Florida and welcomes your comments at jbebber@gmail.com.

Professor Richard J. Harknett is the former Scholar-in-Residence at U.S. Cyber Command and currently an inaugural Fulbright Scholar in Cyber studies at University of Oxford, United Kingdom. He can be reached at richard.harknett@uc.edu.

The opinions expressed here do not reflect those of the Department of Defense or U.S. Cyber Command. The authors offer an academic-based explanation for possible policy change, rather than personal advocacy or rejection of any possible policies.