Category Archives: Cyber War

Threats, risks, and players in the cyber realm.

Maritime Cryptology at the Crossroads

After more than a decade of land war and a desire to rebalance to Asia, America’s Navy finds itself smaller, and in many ways weaker in certain respects. One area that should be of great concern is the current practice and future of maritime cryptology.

Cryptology at sea was proven decisive during World War II, beginning with the battle at Midway and the breaking of the Japanese naval code “JN25.”[i] Equally important was the allied program that cracked the German Enigma machines, “Ultra,” especially those used by the German Navy. Winston Churchill famously remarked to King George VI that, “It was thanks to Ultra that we won the war.”[ii]

museum
(A selection of seven Enigma machines and paraphernalia exhibited at the USA’s National Cryptologic Museum. From left to right, the models are: 1) Commercial Enigma; 2) Enigma T; 3) Enigma G; 4) Unidentified; 5) Luftwaffe (Air Force) Enigma; 6) Heer (Army) Enigma; 7) Kriegsmarine (Naval) Enigma—M4.)[iii]
Throughout the ensuring Cold War until the fall of the Berlin Wall, naval cryptology played a vital role in meeting national and tactical intelligence requirements. America gained deep insight and understanding of Soviet and Warsaw Pact allied naval operations and was able to obtain priceless strategic intelligence through collection missions operated by the U.S. Navy. The end of the Cold War, ensuing strategic drift and drawdown was shattered by the terrorist attack of 9/11, yet even in the midst of a worldwide “Global War on Terror,” the pressure remained to cut the naval force. Today, the Navy is at its smallest point since World War I. For the Navy to conduct its maritime cryptology mission, it must have presence in the littorals, especially in key strategic areas of the Western Pacific, Indian Ocean and Arabian Gulf and the Mediterranean and elsewhere. A smaller Navy with fewer platforms means the Navy is not always where it needs to be and when it needs to be there.

The hope was that through force shaping, automation and remote operations, maritime cryptology could continue to thrive in an ever more complex electromagnetic (EM) environment. Adversarial communications have become far more challenging to detect, exploit and prosecute. The Radio Frequency (RF) environment of today is incredibly complex, with tactical, strategic and data communication links operating in all areas of the spectrum and often at frequencies with a very low probability to intercept. Modern encryption techniques have evolved from mechanical electronics to the use of quantum mechanics.[iv]

crypto

The effects of force shaping, automation and remote operations are beginning to take their toll on the tradecraft of maritime cryptology. Today’s junior Sailors and officers have had their training time cut in order to meet growing operational demands on a shrinking Navy. To be successful in the art of cryptology – and it is a practiced art – one must have a deep understanding of the fundamentals of radio signal transmission as well as more than a passing familiarity with the collection equipment. A junior cryptologic technician and junior officer should be able to draw a basic transmitter-receiver diagram and trace the origin of a signal from its original state, such as voice or data, through the transmitter, across a medium and into the collection gear and the operator’s ears. Foundational knowledge required that the basic operator have a working knowledge of the equipment and be able to perform diagnostic and troubleshooting tasks in the event of a malfunction. Finally, operators and junior officers must understand the process of signal intelligence reporting to the tactical unit at sea (indications and warning intelligence) as well as to the national signal intelligence system.

spectrum

At the same time, emerging cyberspace communication networks place entirely new pressures on maritime cryptology. Modern communication, command, control and information sharing are a “network of networks,” an “Internet of things” that require new skill sets and new acquisition and exploitation technologies. Yet the complexity of data systems and volume of data being passed is growing exponentially, outpacing our acquisition and procurement capability. The Navy has tried to mitigate this by relying on commercial off-the-shelf technology (COTS) but this entails its own set of problems. COTS technology must be compatible with legacy systems – some more than twenty years old and built on architecture and code from the late 1980s and early 1990s – and it relies on bandwidth levels that are not always available and reliable. We often find out the hard way that equipment which works well in the sterile lab environment is not up to the task of performing reliably at sea under arduous conditions.

Maritime cryptology is at a cross roads. We must return to the fundamentals of signal intelligence at the same time we are trying to realize the potential of cyberspace operations at sea. This will require a renewed commitment to recruitment and training, and for many middle grade and senior enlisted cryptologic technicians and officers, it means new formal training. Right now, senior enlisted and officers are being asked to take leadership roles in an emerging cyberspace operations field for which they are receiving inadequate or no formal training. We must reconsider recruitment of new junior Sailors and officers who have the background skills, education and knowledge and provide them a career path that emphasizes cryptologic expertise across the spectrum, from “traditional” signals intelligence to modern wireless exploitation. This career path must be grounded in recognizing that maritime cryptology is more art than science, and to become proficient and experienced, one must practice.

The author would like to thank CDR Kevin Ernest who kindly provided his thoughts on the challenges of modern maritime cryptology.

LT Robert “Jake” Bebber is an information warfare officer assigned to the staff of U.S. Cyber Command. The views expressed here are his own and do not represent those of the Department of Defense, the Department of the Navy or U.S. Cyber Command. He welcomes your comments at jbebber@gmail.com.

[i] http://www.navy.mil/midway/how.html

[ii] http://www.history.co.uk/study-topics/history-of-ww2/code-breaking

[iii] http://en.wikipedia.org/wiki/Enigma_machine#cite_note-9

[iv] http://blogs.scientificamerican.com/guest-blog/2012/11/20/quantum-cryptography-at-the-end-of-your-road/

Time to Wake Up: Snowden’s Cost

THIS ARTICLE WAS ORIGINALLY PRINTED ON MAR 30, 2014 AND IS BEING RE-PRINTED FOR “CHALLENGES OF INTELLIGENCE COLLECTION WEEK.”

Regardless of how you feel about Edward Snowden’s domestic surveillance program revelations, it’s time to get real about the cost we are paying for Snowden’s leaks about America’s signals intelligence programs. In a conversation a few months ago with a very senior former US intelligence official, I was struck by their apocalyptic assessment of the damage Snowden’s leaks had caused America’s intelligence capabilities. While he naturally considered the domestic concerns overblown, he was even more upset at Snowden undoing of decades of groundbreaking American work securing our own communications and spying on foreign governments.

Success in signals intelligence relies almost entirely on the opponent not knowing where and how he is being spied upon. As soon as your methods are discovered, your opponent can evade your espionage or, even worse, spoof you with false intelligence. Be detailing the methods that the US uses to spy on other countries, Snowden’s revelations immediately and directly limited the NSA’s capabilities. We are just now beginning to see the fruit of that.

The Crimean crisis has revealed tremendous gaps in American SIGINT and comms against the very country in which Snowden happened to take asylum. Just over a year after Snowden’s releases, it is no coincidence. Now, I don’t mean to give Snowden all the credit – the Russians have maintained aggressive measures against American SIGINT since at least the mid 2000s. But it is not clear that, before the Snowden revelations, they were certain how effective their countermeasures were. By laying bare the sorts of measures the NSA has honed to break open world communications, Snowden has given the Russian military and IC exactly what it needs to craft communications in the American blindspot. Thus, the American intelligence community was blindsided by the Crimean invasion – while they observed the Russian military buildup, the lack of an increase in comms traffic lulled them into a false sense of optimism. Thanks to Snowden, the Russians could be confident that their countermeasures would be effective.

There is another piece of this puzzle that has been troubling me; Over the past year, there have been a number of alarming communications security breeches that have embarrassed US, EU, and Ukrainian officials in ways very convenient for the ongoing Russian information war. Now, I can’t speak to the sources of the EU and Ukrainian leaks (I wouldn’t want to deprive some poor GRU operative his due!), but I was very alarmed by the US breech. Senior (and even not-so-senior) US officials working in the Former Soviet Union are subject to very strict regulations around communications. Now, it’s possible of course that Victoria Nuland and Amb. Pyatt made some error. But this isn’t the first rodeo for either of them: Nuland is the former ambassador to NATO, and Amb. Pyatt is a career FSO with decades of experience working in sensitive areas, including at the IAEA. We know that Nuland was surprised by the leak, calling it “pretty impressive tradecraft.”

There are two likely scenarios of how these communication leaks happened; both of them alarming. The first possibility is that the conversation was had in the clear on an embassy line. Intercepting embassy communications still involves a level of tradecraft above merely intercepting something over Ukraine’s telecoms network, and embassy comms being intercepted indicates a dire but not surprising familiarity with our diplomatic communications system. Nonetheless, such a breech would indicate that our diplomats had not necessarily followed protocol. The more alarming possibility is that the secure line itself was compromised. Prior to Snowden, such a breach was nigh unthinkable. But, prior to his time at the NSA, Snowden worked for the CIA…securing their communications from foreign postings. Now, I’m not suggesting that Snowden is sitting in Lubyanka Square hacking American comms. But it should scare the hell out of us that someone so intimately involved in securing American communications in addition to building American SIGINT capacities now relies on the generosity of his Russian hosts for his breakfast, lunch, and dinner.

It is possible that Snowden could compromise American intelligence in ways he is not even aware; was Snowden really clever enough to completely prevent the Russians from peeking into his document archive? Is he really smart enough to detect whether some of the security problems he might work on for his Russian clients might not actually be FSB tricks to get him to divulge how an American cryptographer might approach security? What frightens me is not the possibility that Snowden is maliciously working against the US. But the Russian intelligence community has access to people who are smarter than he is, are better hackers than him, and are world-class manipulators. Snowden’s naïveté has already harmed the US, but his hubris is positioned to do even more damage, and damage that we will not know the extent of until it is too late.

I realize that this line of analysis has a certain Ian Fleming-ish feel to it; a US cryptanalyst absconds to Russia, and a year later, American SIGINT begins to experience unusual failures and breeches. But that is the reality we are living in, and we need to wake up to it. The damage Snowden has done to America’s information security and intelligence capabilities is not hypothetical and hypothesized. It is real, it is urgent, it is extensive, and it is just starting.

Jon is a 2013 Healy Scholar, a MPhil in International Relations candidate at University of Oxford, and a Research Assistant at Georgetown University. 

The Hacking of Rome

This is the second article of our “Sacking of Rome” week: red-teaming the global order and learning from history.

This is not a prediction for the future, simply a thought experiment to tell a story of what might be. Thinking about how American power and influence might decline is not a slight to the United States. It is a strength. We are not a people blinded by American hubris, but instead are willing to honestly analyze the negative what-ifs while working toward the positive ones.

When discussing the fall of the United States, the initial reaction is to think of a dramatic collapse. Things such as losing World War III in an enormous battle or an economic collapse making the Great Depression look like a little setback could make for an engaging movie, but reality does not have to entertain – it simply has to be.

This is fiction, not a prediction, but hopefully it makes us think.

And Now for our Story…

The United States is powerless. Though our economy is still intact for the moment, our ability to influence events on the world stage and protect our national interests is gone. We try to turn to our allies for help, but even our oldest friends recognize that the balance of power has shifted and begin to reshape their alliances to look out for their best interests. We are alone, afraid, and powerless in a very complicated world. How did we get here?

The Age of Austerity

As the War on Terror wound down, the Department of Defense entered what has now become known as “the age of austerity.” We began to heed the warnings of Admiral Mike Mullen that our national debt is the biggest threat to our national security. It started with sequestration in 2013. The writing was on the wall that we were no longer the post-Cold War hegemon of the 1990s and once again simply a strong player within a multipolar world.

Before we knew it, China was no longer just a developing power. Profits from energy exports enabled Russia to regain its seat as a major player on the global stage. If there was a time for more guns and less butter it was then. But America was tired and mostly broke from over a decade of war, so the Department of Defense was forced to confront more diverse global challenges with fewer resources.

The future emerged amongst a sea of buzzwords and lightning bolts connecting nodes on countless PowerPoint slides within the Pentagon. It was impossible to attend a Department of Defense brief without network-centric warfare, cross-domain synergy, asymmetric advantages, and autonomous unmanned systems being heralded as the solution to all problems.

In an effort to preserve America’s military advantage while reducing long-term spending, we invested in unmanned technologies and the ability to network unmanned and highly advanced manned systems together. The network enabled coordinated operations across all domains almost simultaneously. This would provide the quick and overwhelming response necessary to defeat any adversary, and the best part was it required minimal personnel. Unmanned systems might have a high upfront cost, but they do not require a salary, medical care for dependents, or a retirement plan. The extra savings from eliminating as many people as possible enabled the establishment of a network of unmanned undersea, surface, air, and even space systems providing continuous intelligence, surveillance, and reconnaissance on a global scale and immediate coordinated response in the event of hostilities. The global influence of the United States was secured at a fraction of the long-term costs.

The Unmanned Network Watches All
The Unmanned Network Watches All

The Bubble Bursts

The American drone network continuously patrols the Air Defense Identification Zones (ADIZs) which China has established encompassing the East and South China Seas. China has made repeated complaints to the United States and the United Nations, and there have been many close calls between American assets and the People’s Liberation Army (PLA) Navy and PLA Air Force resulting in the loss of some drones, but without loss of life. Relations are tense, but the global status quo is maintained. The strategic goal of the United States is to keep economic relations with China how they currently are.

Suddenly the handful of operators within the Joint Force Drone Operations Center necessary to monitor and operate the global unmanned network find themselves staring at blank screens. What happened? An unannounced drill? A power outage? A loss this extensive has never happened before. They wonder and begin to troubleshoot.

While the casualty to the network is being reported up the chain of command, drones begin disappearing from radar screens at monitoring stations around the world. A flight of drones scheduled to land at Kadena Air Base in Okinawa for routine maintenance and refueling never arrives. Reports even begin to arrive of flights taking off and immediately crash landing. U.S. Cyber Command is alerted and begins to investigate. Once they know what to look for, it does not take long to find the malicious code responsible and it is glaringly obvious where it originated. The PLA. Not only did they not try to cover their tracks, but it looks like they wanted us to know who was responsible.

The Overwhelming Opening Salvo of the Cyber War
The Overwhelming Opening Salvo of the Cyber War

The few remaining manned platforms – a mere shadow of the previous numbers during the Cold War – are ordered to sortie toward the western Pacific in a show of force. Everyone quickly makes a devastating discovery. They are receiving no signal from the Global Positioning System. Once they are out of sight from land, ships and aircraft have no idea where they are. The Fleet attempts to adapt. They pull out the old paper charts – which they luckily retained onboard. Utilizing their mechanical compass and dead-reckoning for navigation, they set sail and attempt to find the Chinese coast.

They might not be at 100% capability, but they can at least make a show of American power with presence. Luckily, satellite communications are still functioning so they can coordinate between each other and with their operational commander. As they cross the Pacific, one by one they drop out of communications. The failures are first noticed in the radio room, but they quickly spread to ship control, combat systems, and to engineering. Every U.S. platform is now blind, impotent, and dead in the water. Within a few short days the once-feared military power of the United States is defeated without any bloodshed. Not with a bang, but a whimper.

Jason H. Chuma is a U.S. Navy submarine officer who has deployed to the U.S. 4th Fleet and U.S. 6th Fleet areas of responsibility. He is a graduate of the Citadel, holds a master’s degree from Old Dominion University, and has completed the Intermediate Command and Staff Course from the U.S. Naval War College. He can be followed on Twitter @Jason_Chuma.

The opinions and views expressed in this post are his alone and are presented in his personal capacity. They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.

Sea Control 39 (Asia-Pacific): Pacific Cyber Security

seacontrol2This week, Sea Control Asia Pacific looks at cyber security in the region. Natalie Sambhi, of the Australian Strategic Policy Institute (ASPI), interviews her colleague Klée Aiken from ASPI’s International Cyber Policy Centre about the major cyber issues facing Australia, ICPC’s new report on cyber maturity in the Asia Pacific, what cyber maturity means and how it’s measured, China’s and India’s respective cyber capacities, and what this all means for the individual internet user.

DOWNLOAD: Sea Control 39 (Asia-Pacific)- Pacific Cyber Security

Remember, subscribe on iTunes or Stitcher Stream Radio. Leave a comment and rate five stars!