Category Archives: Cyber War

Threats, risks, and players in the cyber realm.

Cyber War

Disrupt the Info Dominance Corps Reserve

8 Comments

110203-N-5328N-140The U.S. Navy’s Information Dominance Corps (IDC) is comprised of four major communities: Information Professional, Information Warfare (including Cyber Warfare Engineers), Intelligence, and Meteorology/Oceanography. Its enlisted members are some of the most well trained members of the military. There have been some efforts made to grow the active duty community into a mature force since its inception in 2009, and as a Naval community it collectively has the greatest understanding of using social media and the internet-although that may be damning with faint praise.

IDC’s reserve component is more interesting. Unencumbered by active duty career paths, the reserve IDC has members with a phenomenal amount of knowledge about network administration, network security, coding, software development, and a lot more areas of expertise that are often missing in our active component.

The reserve IDC should be a lab for innovation and a tremendous opportunity to bring true experts in the industry in for targeted part-time work and help that could keep the Navy at the leading edge of network dominance. Unfortunately, we’ve handcuffed them with bureaucratic nonsense that is sure to drum out the best and leave us with the rest.

I spoke to LTjg Kevin Schmidt last week for the CNO’s Rapid Innovation Cell podcast, and I was both excited and disappointed to hear how the Navy handles this group of experts. Excited because we’re hiring some amazingly talented people in the reserve, disappointed because their drilling weekends comprise of death by powerpoint.

My interviewee is a subject matter expert in Simple Network Management Protocol (SNMP), a network protocol. He’s expert enough to have written a book on it (two if you count the 2nd edition update). He’s had officers with PhD’s in his drilling unit. This is a cadre with deep skills and talents we don’t normally see in the military.

Naturally, we’re feeding them the same admin garbage we feed our 18-year-old new-accession Sailors.

Let me ask the reader this: should we ensure this 37-year-old O-2 gets through his annually required general military training (GMT) on his drilling weekends, or should we be flying him somewhere and giving him the opportunity to put his talents to productive use for the Navy?

Yes, it’s a loaded question. And yet, the IDC is shackled by the same checks in the box required by every community of our military.

Would an expert want to serve our country by applying specialized skills to battlefield situations, or by completing an administrative checklist comprised by somebody who’s forgotten what the point of the military is? Is it any wonder we’re going to lose the best and brightest professionals in the field? It’s time to drop the one size fits all requirements.

Take a look, for a moment, at the CNO’s Sailing Directions. Please click through (pdf alert) and look them over. Warfighting first-it’s a motto a lot of Sailors love, because it’s why a lot of us joined. He also speaks of a force “diverse in experience, background and ideas.” Are we setting up our reserve to be diverse, or simply a mirror (and therefore shadow) of our current active force?

The difficulty happens because military training has historically been specialized in a way that civilian training could not offer. In some communities, this is still the case: an airline pilot’s time spent on a 737 is only going to go so far in training him to fly an F/A-18. The concepts are similar, but the details are very different.

In the internet realm, however, there is a much greater blur between the two areas. As we continue the move into asymmetric warfighting, often against small groups or lone actors, the military will continue to look at the civilian sector for security certifications such as Security +, CISSP and CCNA. An officer can join the IDC reserve and already know more as an ensign than many active lieutenant commanders.

It’s not a knock on active duty folks, but a recognition that specialized training has its place-and the day to day life of a Sailor does not allow for much specialized training. Allowing our reservists to fill that gap would be a tremendous opportunity.

Also, two days a month, two weeks a year may not be the appropriate amount of time for a reservist to work through a project. Are we allowing for flexibility in days/hours served? Would you commission Elon Musk as a Commander if he were willing to work only five days a year? I would-that would be an incredibly productive five days (#draftElon!). To say no to him would be lunacy! How about Gary Vaynerchuk? If you don’t know that name, you’re extremely late to the party on social media and branding-two very important aspects to growing a top notch community of experts. And yet, we insist the system in place should remain in place…because we’re either too lazy, too overworked or too unimaginative to consider an alternative.

If anybody can make the IDC do insanely awesome things, it's #draftElon
If anybody can make the IDC do insanely awesome things, it’s #draftElon

The Information Dominance Corps reserve component could be just as attractive a place to work as Google, Apple or Tesla Motors. And it should be-as its brand grows, the talent attracted to it can only grow and become more competitive. This would be a huge win for the taxpayers.

We don’t need cyber officers who can drive a ship-we’ve got plenty of those already. We need cyber officers who can think outside the box and share their wealth of talent with Uncle Sam…at a deep discount to the usual consulting fees-which generally go to the well connected.

The IDC reserve component has the capability to be an innovation and consultation powerhouse at a fraction of the cost of traditional military contracts, saving the Pentagon hundreds of millions. Maybe that’s why this idea will never happen.

This article appeared in its original form at disruptivethinkers.org

ET1(SW) Jeff Anderson is the host of the CNO’s Rapid Innovation Cell Podcast and military lead for Disruptive Thinkers San Diego. He also daylights as an Electronics Technician onboard USS Independence (LCS-2). 

Cyber War, Future War, Long Reads, Tactical Concepts

Not Like Yesterday: David Kilcullen’s Out of the Mountains

2 Comments

and into the Littorals

In a 1997 speech to the National Press Club that will be familiar to many Navy and Marine Officers, General Charles Krulak, 31st Commandant of the Marine Corps, told the story of Roman consul Publius Varus. Consul Varus was a once successful general whose legions were decimated by Germanic tribes using what we might refer to as asymmetric tactics that left the Roman’s flummoxed. Varus’ last words were recounted as “Ne Cras, Ne Cras,” or “Not like yesterday.” The story presents a challenge to military leaders in our own generation to refrain from getting complacent in their own capabilities, and to continue to adapt their organizations to meet new and unexpected threats.

General Krulak’s went on to introduce the concept of an urban “three block war,” in which combat forces would simultaneously conduct humanitarian relief, peacekeeping, and high intensity combat operations in the space of three contiguous blocks of a complex urban environment. In many ways General Krulak’s words were more prophetic than he could know, as within six years U.S. forces were engaged against an irregular enemy in complex, densely populated urban terrain in Iraq.

American combat troops out of Iraq and on the cusp of departing Afghanistan. This makes it the perfect opportunity to examine old ideas about urban warfare with fresh eyes and look for  both the continuities and the differences resulting from a globally connected world and the proliferation of advanced weapons and technologies down to the sub-state level.

Dr. David Kilcullen, an Australian soldier and counterinsurgency specialist who advised U.S. leadership on strategy in Iraq and Afghanistan, has taken a major step in this direction with his new book Out of the Mountains. Kilcullen’s new work analyses the major trends driving the future of conflict around the world. His findings will indeed have far reaching implications for the U.S. military, which has been focused for years on a rural insurgency based in the mountains and deserts of Afghanistan. Conflict will not be as it was yesterday. It will be fought in major coastal urban centers amidst tens of millions of people, and it will span all domains including land, sea, air, and cyber. These conflicts will be complex and will almost never have a purely or even primarily military solution, but their intensity will at the very least require military force to protect and enable other forms of power and influence as they are applied in support of U.S. strategic goals. The U.S. Navy and Marine Corps will need to be adaptable and flexible in order to remain mission-capable in such an environment.

This article will examine the major trends that Kilcullen identifies, and attempt to delve deploy into their military implications. Dr. Kilcullen identifies four “mega-trends” that are shaping the future of humanity, and with it the future of warfare as a human endeavor. These trends include:

  • Increasing Population – The U.N. estimates that the global population will continue to increase, especially in developing nations, before leveling off around 9 billion people sometime in the latter half of the century.
  • Urbanization – For the first time in human history, more than half of the population worldwide lives in cities.
  • Littoralization – Most cities, and certainly the largest ones, are in coastal zones that provide access to seaborne transportation and thus access to the global economy. Kilcullen usefully defines the littorals as the portion of land and air that can be targeted by weapons from the sea, and likewise that portion of sea and air that can be targeted from land.
  • Digital Connectedness – Internet and mobile phone access are beginning to saturate markets worldwide, and in some countries access to communications technology outstrips access to sanitation facilities.

The first three of these trends are not news. Kilcullen notes that sociologists have been writing about population and urbanization for decades, and urban conflict was a major focus of military thinking in the 1990s. However, the acceleration of these trends, combined with the burgeoning level of digital connectedness not widely foreseen in the 1990s, means that urban conflicts will take on a new level of violence and intensity that will be broadcast around the world instantaneously. This will provide our adversaries with powerful commercial tools to enable command and control  (C2) of independent networked cells in a dynamic battlespace.

Operation Iraqi FreedomAt the operational level, planners can expect warfare to range from the multiple-battalion level assault on Fallujah at the high-end to complex “urban seige” attacks such as Mumbai and Nairobi in the mid-range to the persistent urban violence of the drug wars in Rio de Janeiro’s favelas at the low-end. In each instance, the enemy will be a small, networked, and extremely well-armed group. It will reside in a sea of millions of civilians and be able to call upon commercial digital networks from cell phones to Twitter to collect intelligence, post propaganda, and act as ad hoc C2 nodes to coordinate operations. It will also be able to draw on a massive global transportation system to transport people, weapons, and finances around the world in short order.

1127-for-webMUMBAImapfIn order to flesh out the capabilities of modern networked urban terrorist groups, Kilcullen analyzes in detail the 2008 Lashkar-e-Taiba (LeT) Mumbai assault. LeT’s ground-breaking tactics, which displayed a level of free-flowing swarming ability that is at the very least rare for a sub-state actor, are worth examining. The attack was carried out by multiple cells of just a few individuals each who had conducted a thorough reconnaissance of their targets for nearly a year.  The attackers used maritime ratlines normally employed by smugglers to move from Karachi to the port of Mumbai, making landfall in a slum neighborhood with little police presence.  Once the assault began, their actions were coordinated via cell- and satellite-phone by a LeT command team operating their own combat operations center in Pakistan (likely with some support from Pakistani ISI). The team used broadcasts from CNN and other media networks to inform their battle tracking and develop an open-sourced understanding of the Indian police response. This allowed the LeT cells to remain several steps ahead of Indian security forces for several days, killing civilians at several high-profile public locations around Mumbai before they were finally surrounded and neutralized.

Digital connectedness is also allowing insurgent groups to expand their presence into the global information space that was once the sole purview of states and large corporations. Regular readers of this blog will likely remember that al-Shabaab live-tweeted the recent Navy SEAL raid in Barawe, and after the special operators withdrew, were able to claim victory before Western news outlets even knew the operation had taken place. The militants then followed up by posting pictures of equipment that the SEALs had left behind during their extraction from the firefight.  While seemingly trivial, this allowed al Shabaab to stake its claim to the information available on the attack, and perhaps shatter some of the aura of invincibility surrounding the SEALs since their assault on Osama bin Laden and rescue of Captain Richard Philips from Somali pirates.

It is beyond the scope of a single blog post to analyze all of the future trends that Kilcullen examines in detail. Indeed, the book itself is likely just the first of a great deal of research that still needs to be done on the future of urban conflict against evolved irregular or hybrid adversaries in mega-slums and other dense and highly complex urban environments. Much of that research will, of necessity, have to focus on non-military aspects of conflict prevention and mitigation, due to the unavoidable fact that future urban conflicts will be driven by sociological factors inherent to the urban systems where they are being fought. Under Kilcullen’s formulation, urban design and development will in many ways become as important to American policy as foreign aid, governance and economic development, and security sector reform.

The implications for military doctrine and organization will be significant as well. It will impact Naval doctrine, organization, and ship-building plans even as Navy leadership seeks to focus its efforts and budgetary priorities towards AirSea Battle. The same is true for the Marine Corps’ efforts to reposition itself as the nation’s amphibious crisis response force following a decade of warfare in landlocked environments. In following articles, we will examine these implications in depth, and attempt to achieve a better degree of resolution on the future of urban littoral combat and the steps that the Navy and Marine Corps will need to take to remain mission-capable in that environment.

Dan Dewit is a researcher with the Arleigh Burke Chair in Strategy at the Center for Strategic and International Studies in Washington. From 2009- September, 2013 he served as an officer in the U.S. Marine Corps.

Cyber War

The Full Cost of Remote Diagnostics

Leave a comment

Last week an article came out about state-sponsored hacking that had nothing to do Edward Snowden or the NSA. Bloomberg News detailed the ongoing hacking of U.S. defense contractor QinetiQ. Two paragraphs in the piece particularly struck me:

“The [China-based] spies also took an interest in engineers working on an innovative maintenance program for the Army’s combat helicopter fleet. They targeted at least 17 people working on what’s known as Condition Based Maintenance, which uses on-board sensors to collect data on Apache and Blackhawk helicopters deployed around the world, according to experts familiar with the program.

The CBM databases contain highly sensitive information including the aircrafts’ individual PIN numbers, and could have provided the hackers with a view of the deployment, performance, flight hours, durability and other critical information of every U.S. combat helicopter from Alaska to Afghanistan, according to Abdel Bayoumi, who heads the Condition Based Maintenance Center at the University of South Carolina.”

A remote diagnostic system: safe and secure...
        A remote diagnostic system: safe and secure…

While it’s unclear whether the hackers succeeded in accessing or exploiting the data, it is clear that they saw the information as valuable. And rightly so – systems such as condition based maintenance, remote diagnostics, and remote C2 systems are designed to reduce the workload burden on front-line “warfighters”, or the logistics burden on their platforms, by shifting the location of the work to be done elsewhere. This can also facilitate the use off-site processing power for more in-depth analysis of historical data sets and trends for such things as predicting part failures. The Army is not alone in pursuing CBM. The U.S. Navy has integrated CBM into its Arleigh Burke-class DDG engineering main spaces, meaning “ship and shore engineers have real maintenance data available, in real time, at their fingertips.”

However, the very information that enables this arrangement and the benefits it brings also creates risk. Every data link or information conduit created for the benefit of an operator means a point of vulnerability that can be targeted, and potentially exploited – whether revealing or corrupting potentially crucial information. This applies not only for CBM, but more dramatically for the C2 circuits for unmanned systems. I’m by no means the first to point out that CBM, et al, means tempting targets. UAV hacking has garnered a great deal of attention in the past year, but the Bloomberg article confirms an active interest exists in hijacking the enabling access of lower profile access points.

This raises several questions for CBM and remote diagnostics, not least of which is “is it worth it?” At what point does the benefit derived from the remote access become outweighed by the risks of that access being compromised? Given the sophistication of adversary hacking, should planners operate from the starting assumption that the data will be exploited and limit the extent of its use to non-critical systems? If operating under this assumption, should “cyber defense” attempts to protect this information be kept to a minimum so as not to incur unnecessary additional costs? Or should the resources be devoted to make the access as secure as the C2 systems allowing pilots to fly drones in Afghanistan from Nevada?

Scott is a former active duty U.S. Navy Surface Warfare Officer, and the former editor of Surface Warfare magazine. He now serves as an officer in the Navy Reserve and civilian writer/editor at the Pentagon. Scott is a graduate of Georgetown University and the U.S. Naval War College.

Note: The views expressed above are solely those of the authors and do not necessarily represent those of their governments, militaries, or the Center for International Maritime Security.

Cyber War

Surviving the Invisible Commons

3 Comments

This article originally featured at the USNI Blog

In his piece, “Imminent Domain,” ADM Greenert suggests that the EM and Cyber spectrums need now be considered a stand-alone domain of conflict. Respectfully, we’re already there. The electronic environment, wired and unwired, is an obsession for defense planners. In CYBERCOM, the EM-Cyber spectrum practically has its own unified command. The navy’s component of CYBERCOM, the “10th Fleet,” in name harkens back to ADM Greenert’s example of the rise of sub-surface warfare. From the military’s fears over an assassin’s mace style EMP attack to the public’s obsession in movies like Live Free, Die Hard and games like Black Ops 2, the awareness is more than there. While we may have recognized this new environment, ADM Greenert is right in that we have not taken this challenge to heart.  If forces are going to operate as if the EM-Cyber spectrum is a domain of warfare, they must act as they would in the physical battlefield on the tactical level, not just the strategic: take cover, stay organized, and interrupt the enemy’s OODA loop.

 

TAKE COVER

 

In a battlefield, soldiers take cover to avoid detection and enemy fire. In the EM-cyber realm, we’ve made a habit of unnecessarily exposing ourselves to vulnerability. The US Navy has created an entire web of centralized databases that require not just mere control of the EM environment, but also a stability that often doesn’t exist at sea.

The Ordnance Information System-Retail (OIS-R) is the perfect example of unnecessary exposure to EM spectrum weakness. The system, designed to manage all ordnance administration, accounting, and inventory, requires a command to sign in to a shore-side database requiring uninterrupted connection through a Java interface. To access a ship’s ordnance data, one MUST have a functional internet connection either hard-wired or satellite. If account problems exist, troubleshooting must be done through other wireless means (phone, email, etc…) with land-based facilities. Each step requires a series of exposures to a very particular type of EM-Cyber connection to operate effectively.

The old system, Retail Ordnance Logistics Management System (ROLMS) was a stand-alone database that would update parallel shore-side databases through message traffic. The old system, while potentially harder for a single entity to manage, didn’t open the whole system to multiple weaknesses by environmental interference, enemy interference both kinetic and cyber, and equipment errors shore-side that a ship cannot trouble-shoot. It might be easier to keep all your ordnance (admin) in a huge pile, but to require warfighters to make a run through the open plains of TRON to get it is not a good idea.

 

STAY ORGANIZED

 

The drive to create centralized databases is often driven by a lack of organization on the part of the end-user. Properly organized supplies (data) minimize loss and the need to reach back into the logistical chain for material already packed. If the networks on ships are any indication, the average sailor enters the EM battlefield with absolutely no organization whatsoever. Sign in to a ship’s NIPR network and one will likely find  decade old files, repeated, in over a dozen similarly named folders: Operations Department, Ops, Operations, Ops Dept, OS1’s Folder, etc… Perhaps, those folders will have subfolders of the same name down 20 deep in series. Poor organization leads to inefficiency; inefficiency requires time, bandwidth, and exposure that should go towards the survival of the force and the success of operations. Ships need to treat their networks as they do their home desktops, organizing their material in a sensible way and deleting wrong, obsolete, or useless files.

Organization becomes the key to minimizing the need to go off-ship: well organized tech pubs, updated instructions in intuitive places, and personnel willing to spend the minute to search . A badly organized NIPR network is a reflection of how the navy treats the rest of its data: sloppily. We have seventeen sources pinging a ship for the same information that is held in 8 PowerPoint trackers, 2 messages, at least one call over the voice circuits, and 30 emails. Today, we expect every sailor to be at least an LS1 of the data-GSK, without giving them the tools or support to be so. One could drastically decrease the need to go off-ship for information by teaching sailors how to do a proper “ctrl-f” search or assigning an IT2 to deleting the ¾ of the network dedicated to obsolete files, animated .gifs, and 12 years of sea-and-anchor PowerPoints. Better training must exist not only in how to use data and of what kind, but how to properly disseminate/find it as well.

The battlefield equivalent of how we treat our data is sending soldiers into combat with a dozen different weapons from over the past century, but hiding them, their magazines, and their ammunition randomly throughout the base in mis-labeled boxes.  Like a poorly organized supply system, perceived “lost items” that are merely hidden end up wasting bandwidth on downloads, emails, and voice traffic as sailors work to solve the problems whose answers are merely in the 20th sub-folder down or in the inbox of the department head who doesn’t read his email. We must worry almost as much about the organization of our data as we do our organization of physical objects.

 

DOMINATE THE OODA LOOP

 

Survival often depends on an ability to use the enemy’s expectations of your methods against them. Some have suggested the navy embrace a wider range of bandwidths for communication; while true, more drastic measures are necessary to navigate the EM-cyber commons. In 2002, LtGen Paul Van Riper became famous for sinking the American fleet in a day during the Millennium Challenge exercise; he did so by veiling his intentions in a variety of wireless communications. We assume wireless to mean the transfer of data through the air via radio signals, but lights, hand signals, motorcycle couriers, and the like are all equally wireless.  These paleo-wireless concepts are just what we need for flexibility and security in the EM environment.

Combot vulnerabilities to wireless hacks are of particular concern to warfighters. Data connections to operators or potential connections between combots and ships serve as a way for enemies to detect, destroy, or even hijack our assets.  While autonomy is the first step in solving the vulnerability of operator connections, combots in the future must work as communicating teams. Fewer opportunities should be provided for subversion by cutting the long link back to the operator while maintaining the versatility of a small internally-communicating team. However, data communication between combots could still be vulnerable. Therefore, combots must learn from LtGen Van Riper and move to the wireless communications of the past. Just as ships at sea communicate by flags and lights when running silent or soldiers might whisper or motion to one another before breaching a doorway, combots can communicate via light, movement, or sound.

Unlike a tired Junior Officer of the Deck with a NATO code-book propped open, computers can almost instantly process simple data. If given the capability, a series of blinking lights, sounds, or even informative light data-transmissions  could allow combots of the future to coordinate their actions in the battlefield without significantly revealing their position. Combots would be able to detect and recognize the originator of signals, duly ignoring signals not coming from the combot group. With the speed and variation of their communications, compressed as allowed by their processing power, combots can move through the streets and skies with little more disruption than a cricket, lightening bug, or light breeze. High- and low-pitch sounds and infrared light would allow for communications undetectable to the average soldier or an enemy EW platform.

One must also accelerate faster than the enemy’s OODA loop can process. In the cyber realm, the enemy is often software long-ago released by its human creators. Like the missile warfare that inspired AEGIS, cyber warfare is both too vast and too fast for human reaction. Capital investment would concentrate more money in autonomous and innovative defensive programs: 10th Fleet’s AEGIS. Proactive patrol and detection can be done with greater advancements in adaptive self-modifying programs; programs that can learn or understand context are far more appropriate.  Recent developments in computing systems point to organic systems that could “live” in the systems they defend. Biological processors and organic computing allow for hardware that thinks and learns independently, potentially giving defensive networks the added advantage of an instinct and suspicion. Imagine the vast new horizons in the OODA loop of defensive cyber systems with hubs sporting the defensive animal instinct and the ability to re-wire their own hardwareQuantum computing also hovers over the horizon, with not only vast consequences for computing speed, but he whole cryptological offense-defense equation. The image painted is dramatic and far-off, but modest investment and staged introduction would serve as a better model than the dangerous possibility of a “human wave” mode of thinking. With fluid cyber-defense systems guarding more disciplined communicators, the US Navy can crush ambushes in the invisible commons.

 

ACTING LIKE IT

 

We will never be able to completely control the invisible commons; it is too heavily populated and easily influenced. Those conflicts held within vision are often confusing enough; the invisible becomes infinitely harder to master. However, if we minimize unnecessary exposure, organize ourselves well, and move with aggressive speed and unpredictability, our convoys of data will survive their long mili-second journey across the EM-cyber sea. ADM Greenert is right in saying the EM-Cyber world is a new field upon which battle must be done. However, while we may have realized it, we must start acting like it.

Matt Hipple is a surface warfare officer in the U.S. Navy.  The opinions and views expressed in this post are his alone and are presented in his personal capacity.  They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.