Capability Analysis

Institute for Future Warfare Studies Wants Your Writing on Seabed Warfare Concepts

Leave a comment

By Bill Glenney

Articles Due: March 5, 2018
Week Dates: March 12–March 16, 2018
Article Length: 1000-3000 Words
Submit to: Nextwar@cimsec.org

The U.S. Naval War College’s Institute for Future Warfare Studies is partnering with CIMSEC to solicit articles putting forth concepts for warfare on and from the seabed as part of the larger maritime battle.

While the broad matter of economics and sea lines of communications should drive a national and Navy interest in securing the seabed, the transformative nature of warfare on and from the seabed should capture the imagination and be of concern to the Navy.

Systems operating from the ocean seabed – to include unmanned systems, mini-submersibles, smart mines, special forces, and others – will one day be deployed against surface, air, and land systems and not just traditional undersea forces – adding yet another dimension to cross- or multi-domain warfare. Navies will be forced to consider not only the role of the seabed and undersea forces in seabed combat, but also how effects from the seabed can shape the behavior of forces on the surface, in the air, and on land.

At its heart, the assumption of U. S. undersea supremacy based on owning the top 1,000 feet of the water column will become invalid, ineffective, and wrong, just as aviators once assumed air supremacy was assured from owning airspace above 30,000 feet. Similarly, the Submarine Force will have to abandon its traditional assumptions about how operating within the undersea domain enhances survivability. Seabed threats may mean the U.S. Navy could have to fight its way out of CONUS home waters before it could project power abroad, and allow adversaries to persistently threaten the U.S. Navy’s flanks and rear support areas. Warfare under the sea may come to look more like tunnel warfare of World War One or suppression of enemy air defenses in Syria than ASW of the Cold War.

The seabed has already long suffered from neglect by the U. S. Navy. For example, modern sea mines can already project power from the seabed with little to no warning, but since the end of the Cold War the Navy and the Submarine Force “whistled past the graveyard” and routinely dismissed the threat from sea mines out of hand. This neglect was reflected in continual lack of substantive funding related to USN mine warfare capabilities and associated tactical development. This trend continued even as more U.S. warships were sunk or damaged in the aftermath of WWII by sea mines than by any other weapon while potential adversaries have tens of thousands of mines. Weapons on the seabed exacerbate the problem even more.

Illustration of how a CAPTOR smart mine functions. (via U.S. Militaria forum)

Nations and commercial entities can be expected to routinely map seabed terrain to support their interests and activities. Available seafloor bathymetry may become comparable to a typical topographic map available in hard copy. This level of detail will facilitate planning for and the placement of systems on the ocean floor, especially with a focus on ensuring they could not be readily detected or attacked. Weapons and supplies could be hidden in seabed caves, trenches, and other geographical features within the complicated seabed landscape.

The threat posed by systems operating from this part of the maritime environment will only grow with technological change and proliferation. The impending proliferation of commercially-developed undersea and seabed systems will make these systems readily available to anyone with even a modest amount of funding. These systems had long ago departed being a resource only for a rich nation-state or billionaires intent on finding the resting place of sunken ships.

Authors are invited to write on the tactical and operational challenges, and potential solutions, that may emerge as maritime warfare expands onto the seabed. How can the Navy’s future force adapt to this coming reality? Authors should send their submissions to Nextwar@cimsec.org.

Professor William G. Glenney, IV, is a researcher in the Institute for Future Warfare Studies at the U. S. Naval War College.

The views presented here are personal and do not reflect official positions of the Naval War College, DON or DOD.

Featured Image: Undersea submersible (Brian Skerry, National Geographic Creative)

Space

The “Space Corps” is Dead…For Now

2 Comments

By M. Scott Lassiter

The last time Congress created a new military branch was in 1947 when they formed the Air Force out of the Army Air Corps. Now, several Congressmen want to create a new branch of the military: the Space Corps. However, when the House of Representatives passed the final version of this year’s National Defense Authorization Act (NDAA), now signed into law by President Trump, it addressed the controversial proposal in no uncertain terms:

“No funds authorized to be appropriated by this Act or otherwise available for fiscal year 2018 for the Department of Defense may be used to establish a military department or corps separate from or subordinate to the current military departments, including a Space Corps in the Department of the Air Force, or a similar such corps in any other military department.” ~H.R.2810 – National Defense Authorization Act for Fiscal Year 2018, Section 6605

Its proposer and strongest supporter, Representative Mike Rogers (R-AL), asserted that the Air Force has dropped the ball on space over the last two decades, allowing our adversaries to close the space technology gap with us. The only thing that could save us now was to create an entirely new branch of the military– The Space Corps– sharing a similar relationship with the Air Force as the Marine Corps has with the Navy.

Rep. Mike Rogers (R-AL), chairman of the House Armed Services strategic forces sub-committee proposed creation of the Space Corps in 2017, believing that the USAF had not adequately performed its duties in regards to the space mission. (Image credit: C-SPAN)

To be fair, we do have a problem. Modern Air Force strategy has highly valued fighters and air attack. Accordingly, fighter pilots represent 31 percent of the Air Force General Officer leadership, to include six out of the fourteen top four-star officers (for comparison, Air Force Personnel Command reports pilots of ANY aircraft compose only 20 percent of officers). Officers in other fields (such as space) have historically not been promoted as frequently or highly. Additionally, sixteen years of combat operations under inadequate budgets have encouraged raiding the space funds of tomorrow to meet the mission requirements of today.

Most significantly, our adversaries have indeed enhanced many of their space capabilities to near-peer status. Recently, China tested quantum communication satellites, and Russia enthralled the Space community with maneuvering satellites that have unknown strategic intentions. Both countries, as well as the European Union, have launched their own navigation satellites to remove their reliance on the American GPS constellation.

However, Rep. Roger’s Space Corps plan ignored three important truths:

1. Our adversaries have a vote on what their space capabilities are. Even with more focus on space, on what grounds were we to protest or prevent Russia from launching satellites? They have just as much right to the peaceful use of space as we do, and embarrassingly, we depend on them for all of our own manned space flight since the shuttle retirement in 2011.

2. We already have Air Force Space Command (AFSPC) Headquartered in Colorado Springs, it is run by four-star General John “Jay” Raymond. What would a Space Corps realistically do that AFSPC is not capable of doing? If Congress aims to get him a seat on the Joint Chiefs of Staff, it would be easier to amend Title 10 of the United States Code to make him a required consultant on all issues related to space, or change who he ultimately reports to. There is a precedent: that was the initial role the Commandant of the Marine Corps played before he was given a permanent seat. Such an amendment would also be far easier to implement than forming an entirely new branch.

3. A new military department will only complicate appropriations. Fiscal year 2009 was the last time Congress passed an appropriations bill for the Department of Defense before the actual start of the fiscal year. This has led to numerous continuing resolutions that Army Chief of Staff General Mark Milley called “professional malpractice” when he testified to Congress in April. Approaching a decade of indiscriminate budget cuts from sequestration, our forces are stretched thin. Congress proved this point on January 19th when they failed to pass the third continuing resolution for the 2018 fiscal year. The first two passed only hours before yet another government shutdown. When the third failed, the entire federal government shut down for almost three days until they ended it on January 22, with only another three-week stopgap passed. A new military branch would incur more redundant overhead. What makes Congress think that if we can’t afford to adequately fund space now, or anything else, we can afford it after we spend billions on a whole new branch?

USSTRATCOM commander, General John Hyten (left), directed the current commander of Air Force Space Command, General Jay Raymond (right), to also assume duties as the Joint Force Space Component Commander in December 2017. The author believes this will improve DoD’s space posture without having to create an entirely new military department. (U.S. Air Force photo by Senior Airman Kyla Gifford)

The Space Corps idea received a cold reception from the Department of Defense from the start. Air Force Secretary Heather Wilson told Congress, “If I had more money, I would put it into lethality, not bureaucracy.” Her sentiments were seconded in separate testimonies by General John Hyten, the Commander of United States Strategic Command (USSTRATCOM), as well as General Raymond.

Secretary of Defense James Mattis also opposed it. While he has recognized that we need to update our approach to space, he believes no one has adequately argued that the Space Corps is the way to do it. It would only become another budget strain.

To the Air Force’s credit, they realized several years ago that they were dropping the ball on space. It is no accident that General Raymond, a man with a background in missiles and space, was put in charge of AFSPC. Backing him up as the Unified Combatant Commander over AFPSC, General Hyten also has significant space experience. He led AFSPC as its previous Commander and served as the deputy there before that.

Even though the final NDAA scrapped the Space Corps, Congress did make at least one critical change to benefit AFSPC. General Raymond’s job now comes with a minimum six-year term. This draws from the Naval Reactors model begun by Admiral Hymen G. Rickover, where the Admiral oversees the program for an eight-year term. This has contributed to the Navy’s consistently strong nuclear operational and safety record, and it will do worlds of good for the space program as well.

The Air Force has the right leadership cadre in place. It needs a chance for this reinvigorated command structure to succeed. Proposing the Space Corps did get the attention of all the right people, but it has more problems than solutions. The concept will likely keep reappearing every year for the foreseeable future, as several congressmen have alluded to. Will our military one day require a Space Corps? Possibly. But it is not today, and it is not next year. Killing the proposal now was the right call.

Scott Lassiter is a U.S. naval officer assigned to United States Strategic Command, and a member of the Navy’s Space Cadre.

The opinions expressed in this article do not necessarily represent the views of the United States Navy, Air Force, Strategic Command, or Department of Defense.

Featured image: US Air Force personnel examine the experimental orbital vehicle known as the X-37B after a successful landing at Vandenberg AFB in December 2010. (AP)

Capability Analysis

Cyberphysical Forensics: Lessons from the USS John S. McCain Collision

3 Comments

By Zachary Staples and Maura Sullivan

The 2017 back-to-back collisions of two Navy destroyers led to much speculation about the role of cyberphysical interference in the disasters. As the senior officer representing the U.S. Navy engineering community during the USS McCain cyber assessment, it is clear that we do not yet have the basic tools to definitively answer the question, “were we hacked or did we break it?”

Cyberphysical systems are the backbone of the global infrastructure we rely on for transportation, power, and clean water, and are growing at an exponential rate. The deep integration of physical and software components is not without risks and most industries are technically and organizationally unprepared to conduct forensic examinations. The ability to trust cyberphysical systems is dependent on our ability to definitively identify and remedy cyber interference, which is dependent on our understanding of how data flows impact the physical world.

There are broad lessons from the USS McCain cyber assessment that highlight the type of forensics needed to build and sustain cyberphysical infrastructure around the globe. In order to prevent and respond to future cyberphysical events, whether malicious or accidental, the Navy and organizations dependent on cyberphysical systems must establish post-event procedures for cyber forensic investigations, develop trusted images, and integrate threat intelligence with engineering teams.

Post-event Procedures

Post-incident shipboard forensic examination is a unique activity that is separate and distinct from cybersecurity evaluations or responses to network intrusion or malware. Typically, when cybersecurity operations centers observe malicious communications or indications of compromise within their operating network, they have a clear map of the network and key pieces of information, such as an initiating IP address or malware signatures, from which to begin the forensic mission. They start by identifying and classifying malware on the offending endpoint and can take immediate actions to observe the adversary in their system and identify what is being targeted, while simultaneously acting to clean and quarantine the network.

In stark contrast, post-incident cyberphysical assessment requires an undirected baseline on a variety of media, including hard drives from voyage management systems, machinery control stations, and IT network endpoints. Greatly complicating post-incident response is the fact that many segments of the network will likely be shut off by design or physically destroyed by the casualty itself. The task of cyber forensic teams is essentially the equivalent of trying to determine why a building collapsed without blueprints, physical access to the structure, or any data on what happened immediately prior to the collapse.

The technical understanding and research required to define standard operating procedures for shipboard cyber forensic investigations do not currently exist. While the task of developing a comprehensive approach to shipboard cyber forensics is daunting, the military has experience developing specialty training paradigms, such as submarine navigation and tactical aviation. Hunting a cyber adversary in industrial control systems is a complex task requiring unique operational and tactical expertise. An achievable near-term milestone would be to create procedures for an attack surface assessment for a routine pre-planned mission, which could provide a test-bed for developing more comprehensive procedures, as well as a better understanding of capabilities and gaps.

Trusted Images

All ships operate three main networks: the voyage network that supports the safe navigation of the vessel, the engineering network that controls propulsion along with material handling and auxiliary systems, and the administrative network that supports business operations and crew welfare needs. U.S. Navy vessels also have a combat systems network. The interconnectedness of operational and information technology networks means that traditional information technology tools and perimeter-based security solutions are inadequate for cyberphysical systems. For example, the addition of even simple PKI security can overwhelm the processing power of installed cyberphysical processors and cause a system crash instead of preventing unauthorized access. Additionally, in order for systems like GPS to function, the system must allow access to all properly formatted traffic, rendering perimeter defense insufficient. Security for complex cyberphysical systems requires capturing data flows and developing contextually aware algorithms to understand the dynamics during shipboard operations.

To generate network situational awareness sophisticated enough to do cyber forensics, the team will need to search for electronic anomalies across a wide range of interconnected systems. A key component of anomaly detection is the availability of normal baseline operating data, or trusted images, that can be used for comparison. These critical datasets of trusted images do not currently exist. Trusted images must be generated to include a catalog of datasets of network traffic, disk images, embedded firmware, and in-memory processes.

1. Network Traffic: A common attack vector is to find a computer that has communications access over an unauthenticated network, which issues commands to another system connected to the network (i.e. malware in a water purification system issuing rudder commands). Cyberphysical forensics require network traffic analysis tools to accurately identify known hosts on the network and highlight anomalous traffic. If the trusted images repository contained traffic signatures for every authorized talker on the network, it would allow forensic teams to efficiently identify unauthorized hosts issuing malicious commands.

2. Disk Images: Every console on the ship has a disk that contains its operating system and key programs. These disks must be compared against trusted images to determine if the software loaded onto the hard drives contains malicious code that was not deployed with the original systems.

3. Embedded Firmware: Many local control units contain permanent software programmed into read-only memory that acts as the device’s complete software system, performing the full complement of control functions. These devices are typically part of larger mechanical systems and manufactured for specific real-time computing requirements with limited security controls. Firmware hacks give attackers control of systems that persist through updates. Forensic teams will need data about the firmware in the trusted image repository for comparison.

4. In-memory Processes: Finally, advanced malware can load itself into the memory of a computer and erase the artifacts of its existence from a drive. Identifying and isolating malware of this nature will require in-memory tools, training, and trusted images.

In addition to the known trusted images, future forensic analysis would benefit from representative datasets for malicious behavior. Similar to acoustic intelligence databases that allow the classification of adversary submarines, a database of malicious cyber patterns would allow categorization of anomalies that do not match the trusted images. This is a substantial task that will require constant updating as configurations change. However, there are near-term milestones, such as the development of shipboard network monitoring tools and the generation of reference datasets that would substantively improve shipboard cybersecurity.

Organizational Integration

As future shipboard assessment teams work to confirm or refute the presence of cyber interference, they will need the assistance of a cyber intel support team to validate assumptions about their findings aboard the vessel. The basic flow established in the USS McCain investigation was to look at the physical systems involved in causing the collision (i.e. propulsion, steering) and then begin looking for cyberattack vectors to those systems.

Ruling out cyber interference requires evidence of absence, which can be uniquely challenging. In order to refute a particular attack vector, coordination with a cyber intel support detachment is essential to understanding the range of possible cyberattack scenarios for a particular physical effect. For example, advanced cyber effects could be delivered over a radiofrequency pathway. Therefore, cyber investigators will need to understand the electromagnetic environment the ship is operating within, as recorded in national systems, and give access to analysts capable of identifying anomalies in the signal pathway.

Shipboard assessment and cyber intel support teams each have specific sets of expertise necessary to understand the full suite of cyberattack vectors and their potential impacts on shipboard systems. Cyberattack tactics are constantly changing and the highest levels of technical expertise and security clearance are required to keep abreast of the potential methods to penetrate networks and attack industrial control systems. Cyber intel teams will never have the engineering expertise to understand the full range of potential physical impacts on shipboard systems. As was demonstrated with Stuxnet and the attack on the Ukrainian power grid, the most successful cyberphysical attacks exploit the organizational gap between engineering and cyber teams.

Organizational constructs for cyberphysical systems will never be straightforward because cyber risk cuts horizontally across engineering systems and traditional intelligence activities. Organizational integration between the cyber and engineering communities must be practiced and continually refined in order to prevent and respond to cyberphysical interference. A near-term milestone would be to execute joint training exercises between the cyber intel and engineering communities in order to promote cross-disciplinary understanding and begin to build out the template for future organizational integration.

Conclusion

Network connectivity in industrial control systems has revolutionized the way humans interact with physical systems and ushered in a new era of capabilities from energy generation to manufacturing to warfighting. These advancements are not without risks, and to avoid cyberphysical catastrophe, the development of tools to ensure resilience, security, and safety must keep pace. Shipboard forensics provide a prime example of the current gaps in our ability to understand, monitor, and protect cyberphysical systems. The lessons learned from the forensic examination of the USS McCain can provide the foundation for the procedures, data, and organizational constructs required to create modern tools to monitor and protect cyberphysical systems.

Zac Staples had a 22-year career in the United States Navy as a surface warfare officer specializing in electronic warfare. His final tour was as the Director of the Center for Cyber Warfare at the Naval Postgraduate School, where he led inter-disciplinary research and development teams exploring cyber capability development. Zac holds a B.S. in engineering from the U.S. Naval Academy, a Masters in National Security Affairs from the Naval Postgraduate School, and is a distinguished graduate of the Naval War College.

Maura Sullivan specializes in systemic risks and data-driven emerging technologies. Maura was the Chief of Strategy and Innovation at the U.S. Department of the Navy, where she developed and implemented the strategic roadmap for emerging cyberphysical technologies. Previously, Maura led a start-up within the global catastrophe risk company, RMS, developing software and consulting solutions for managing systemic risks for financial and insurance markets. She was a White House Fellow, has a Ph.D. in epidemiology from Emory University and a B.S and M.S. in earth systems from Stanford University.

Zachary Staples (USN, Retired) and Maura Sullivan, PhD are the co-founders of Fathom5, a maritime cybersecurity company.

Featured Image: Operations Specialist 3rd Class Daniel Godwin, from Milton, Fla., stands watch in the Combat Information Center aboard the aircraft carrier USS Enterprise (CVN 65). (U.S. Navy photo)

Fostering the Discussion on Securing the Seas.