Tag Archives: cryptology

Apple believes it is protecting freedom. It’s wrong. Here’s why.

Ed. note: This is an expanded version of a previous article, “We Don’t Need Backdoors.”

By Dave Schroeder

Let me open by saying I’m not for backdoors in encryption. It’s a bad idea, and people who call for backdoors don’t understand how encryption fundamentally works.

Apple has been ordered by a court to assist the FBI in accessing data on an iPhone 5c belonging to the employer of one of the San Bernardino shooters, who planned and perpetrated an international terrorist attack against the United States. Apple has invested a lot in OS security and encryption, but Apple may be able comply with this order in this very specific set of circumstances.

Apple CEO Tim Cook penned a thoughtful open letter justifying Apple’s position that it shouldn’t have to comply with this order. However, what the letter essentially says is that any technical cooperation beyond the most superficial claims that there is “nothing that can be done” is tantamount to creating a “backdoor,” irrevocably weakening encryption, and faith in encryption, for everyone.

That is wrong on its face, and we don’t need “backdoors.”

What we do need is this:

A clear acknowledgment that what increasingly exists essentially amounts to virtual fortresses impenetrable by the legal and judicial mechanisms of free society, that many of those systems are developed and employed by US companies, within the US, and that US adversaries use those systems — sometimes specifically and deliberately because they are in the US — against the US and our allies, and for the discussion to start from that point.

The US has a clear and compelling interest in strong encryption, and especially in protecting US encryption systems used by our government, our citizens, and people around the world, from defeat. But the assumption that the only alternatives are either universal strong encryption, or wholesale and deliberate weakening of encryption systems and/or “backdoors,” is a false dichotomy.

How is that so?

Encrypted communication has to be decrypted somewhere, in order for it to be utilized by the recipient. That fact can be exploited in various ways. It is done now. It’s done by governments and cyber criminals and glorified script kiddies. US vendors like Apple, can be at least a partial aid in that process on a device-by-device, situation-by-situation basis, within clear and specific legal authorities, without doing things we don’t want, like key escrow, wholesale weakening of encryption, creating “backdoors,” or anything similar, with regard to software or devices themselves.

When Admiral Michael Rogers, Director of the National Security Agency and Commander, US Cyber Command, says:

“My position is — hey look, I think that we’re lying that this isn’t technically feasible. Now, it needs to be done within a framework. I’m the first to acknowledge that. You don’t want the FBI and you don’t want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn’t be for us. I just believe that this is achievable. We’ll have to work our way through it. And I’m the first to acknowledge there are international implications. I think we can work our way through this.”

…some believe that is code for, “We need backdoors.” No. He means precisely what he says.

When US adversaries use systems and services physically located in the US, designed and operated by US companies, existing under US law, there are many things — entirely compatible with both the letter and spirit of our law and Constitution — that could be explored, depending on the precise system, service, software, device, and circumstances. Pretending that there is absolutely nothing that can be done, and that it must be either unbreakable, universal encryption for all, or nothing, is a false choice.

To further pretend that it’s some kind of “people’s victory” when a technical system renders itself effectively impenetrable to the legitimate legal, judicial, and intelligence processes of democratic governments operating under the rule of law in free civil society is curious indeed. Would we say the same about a hypothetical physical structure that cannot be entered by law enforcement with a court order?

Many ask why terrorists wouldn’t just switch to something else.

That’s a really easy answer — terrorists use these simple, turnkey platforms for the same reason normal people do: because they’re easy to use. A lot of our techniques, capabilities, sources, and methods have unfortunately been laid bare, but people use things like WhatsApp, iMessage, and Telegram because they’re easy. It’s the same reason that ordinary people — and terrorists — don’t use Ello instead of Facebook, or ProtonMail instead of Gmail. And when people switch to more complicated, non-turnkey encryption solutions — no matter how “simple” the more tech-savvy may think them — they make mistakes that can render their communications security measures vulnerable to defeat.

And as long as the US and its fundamental freedoms engender the culture of innovation which allows companies like Apple to grow and thrive, we will always have the advantage.

Vendors and cloud providers may not always be able to provide assistance; but sometimes they can, given a particular target (person, device, platform, situation, etc.), and they can do so in a way that comports with the rule of law in free society, doesn’t require creating backdoors in encryption, doesn’t require “weakening” their products, does not constitute an undue burden, and doesn’t violate the legal and Constitutional rights of Americans, or the privacy of free peoples anywhere in the world.

Some privacy advocates look at this as a black-and-white, either-or situation, without consideration for national interests, borders, or policy, legal, and political realities. They look at the “law” of the US or UK as fundamentally on the same footing the “law” of China, Russia, Iran, or North Korea: they’re all “laws”, and people are subject to them. They warn that if Apple provides assistance, even just this once, then someone “bad” — by their own, arbitrary standards, whether in our own government or in a repressive regime — will abuse it.

The problem is that this simplistic line of reasoning ignores other key factors in the debate. The US is not China. Democracy is not the same as Communism. Free states are not repressive states. We don’t stand for, defend, or espouse the same principles. Apple is not a Chinese company. If Apple really believes it will set a precedent for nations like China by complying with a lawful US court order, it really should perform a little self-examination and ask why it would seek to operate in China, and thus be subject to such law.

The other argument seems to be that if Apple does this once, it would constitute a “backdoor” for “all” iPhones, and thus the abrogation of the rights of all. That is also categorically false. There are a number of factors here: The iPhone belongs to the deceased individual’s employer. The FBI may have a companion laptop that this specific iPhone considers a “trusted device”, and is thus potentially able to deploy an OS update without a passcode. The specific device and/or OS version may have other vulnerabilities or shortcomings that can be exploited with physical access.

This argument seems to be equivalent to saying that if government has any power or capability, it will be abused, and thus should be denied; and that encryption, or anything related to it, should somehow be considered sacrosanct. It’s like saying, if we grant the government the lawful to enter a door, they could enter any door — even yours. Some might be quick to say this is not the same. Oh, but it is. This is not an encryption backdoor, and does not apply to all iPhones, or even all iPhone 5c models, or even most. It applies to this specific set of circumstances — legally and technically.

It is puzzling indeed to assert that the government can try to break this device, or its crypto, on its own, but if the creator of the cryptosystem helps in any way, that is somehow “weakening” the crypto or creating a “backdoor.” It is puzzling, because it is false.

Specific sets of conditions happen to exist that allows Apple to unlock certain older devices. These conditions exist less and less, and in fewer forms, as devices and iOS versions get newer. Unlocking iOS 7 only works, for example, because Apple has the key. The methodology would only work in this case because it’s specifically a pre-iPhone 6 model with a 4-digit passcode and there is a paired laptop in the government’s possession. All of this is moot on iPhone 6 and newer.

Apple is welcome to use every legal mechanism possible to fight this court order — that is their absolute right. But to start and grow their company in the United States, to exist here because of the fundamental environment we create for freedom and innovation, and then to act as if Apple is somehow divorced from the US and owes it nothing, even when ordered by a court to do so, is a puzzling and worrisome position.  They can’t have it both ways.

If Apple wishes to argue against the application of the All Writs Act — which, while old, is precisely on-point — it needs to make the case that performing the technical steps necessary to comply with this court order creates an “undue burden.” It may be able to make just that argument.

ios

We exist not in an idealized world where the differences of people, groups, and nation-states are erased by the promise of the Internet and the perceived panacea of unbreakable encryption.

We exist in a messy and complicated reality. People seek to do us harm. They use our own laws, creations, and technologies against us. People attack the US and the West, and they use iPhones.

Apple says that breaking this device, even just this once, assuming it is even technically possible in this instance, sets a dangerous precedent.

Refusing to comply with a legitimate court order levied by a democratic society, because of a devotion to some perceived higher ideal of rendering data off-limits under all circumstances to the valid legal processes of that society, is the dangerous precedent.

The national security implications of this case cannot be overstated. By effectively thumbing its nose at the court’s order, Apple is not protecting freedom; it is subverting the protection of it for the sake of a misguided belief in an ideal that does not exist, and is not supported by reality.

Dave Schroeder serves as an Information Warfare Officer in the US Navy. He is also is a tech geek at the University of Wisconsin—Madison. He holds a master’s degree in Information Warfare, is a graduate of the Naval Postgraduate School, and is currently in the Cybersecurity Policy graduate program at the University of Maryland University College. He also manages the Navy IWC Self Synchronization effort. Follow @daveschroeder and @IDCsync.

The views expressed in this article do not represent the views of the US Navy or the University of Wisconsin—Madison.

Naval Cryptology and the Cuban Missile Crisis

The following article series appeared on Station Hypo and is republished with permission.  

By David T. Spalding

The Vindication of Right: Battlespace Awareness in the Cuban Missile Crisis

1

“Our goal is not the victory of might but the vindication of right-not peace at the expense of freedom, but both peace and freedom, here in this Hemisphere and, we hope, around the world. God willing, that goal will be achieved.” — JFK

Such was the goal of President John F. Kennedy in the Cuban Missile Crisis on the eve of October 22, 1962 – “the vindication of right”.  In the preceding months and years, signals intelligence — provided in large part by cryptologists of the Naval Security Group — revealed that the Soviet Union had been building up troops, aircraft, and air defense and missile sites in Cuba under the guise of self-defense.  When intelligence indicated that the buildup was more than just defensive in nature, JFK put the Soviet Union on notice in front of a watching world.

On the brink of thermonuclear war, the President of the United States initiated a quarantine in the waters off of Cuba to intercept, search, and turn back USSR cargo vessels destined for Cuban ports.  Russia responded with rhetoric of open defiance.  The days that followed would prove that their bark was bigger than their bite.  As early as October 23rd, U.S. Navy listening posts and direction finding stations along the Atlantic periphery collected on, and geo-located, Soviet ship-ship and ship-shore communications, indicating that the Soviet vessels had stopped or reversed course prior to reaching the ring of surface ships forming the blockade.  Communications intelligence collected by naval cryptologists also provided insight into Soviet and Cuban commanders’ intentions, force alert posture and levels, and previously unidentified Soviet submarine activity.  Though tensions would remain high for some time, the potential for total war between the world’s two superpowers had been averted.

Fifty years ago, the short narrative above would have said nothing of the role of signals intelligence.  Today, we know more.  In 1998, 35 years after the crisis, the National Security Agency declassified many documents and reports that revealed the critical role that naval cryptology played not only in defusing the crisis, but in providing Battlespace Awareness to decision makers as early as 1960 and continuing on through the end of the crisis.

Fast-forward to present day — the Navy’s Strategy for Achieving Information Dominance 2013-2017 lists Battlespace Awareness as one of its three fundamental capabilities along with Assured Command and Control and Integrated Fires.  As described in the strategy, Battlespace Awareness “is the traditional mission of the Information Dominance Corps and the constituent components of meteorology, oceanography, intelligence, cryptology, communications, networks, space, and electronic warfare.” 

Though the Cold War would continue for nearly three more decades — Battlespace Awareness — providing commanders with persistent surveillance of the adversary’s activities, penetrating knowledge of the USSR’s capabilities and intentions, and expertise within the electromagnetic spectrum enabled those very commanders to make informed decisions ensuring that the war did not progress from cold to hot.

*In the pages below, are short vignettes and historical documents related to the signals intelligence and cryptologic efforts which provided Commanders with time-critical Battlespace Awareness — contributing significantly to the de-escalation of one of the potentially most dangerous stand-offs in history.

Thirteen Days? The Naval Security Group in the Cuban Missile Crisis

1

History has recorded the Cuban Missile Crisis as having occurred October 16, 1962 – October 28, 1962:  a total of thirteen days.  October 16th being the day after photographic intelligence confirmed the existence of Soviet medium-range ballistic missiles in Cuba and October 28th being the day Khrushchev directed the dismantling, and return, of offensive weapons in Cuba.   In reality, the story began long before October 1962.

Two years earlier in September 1960, communications intelligence, collected by the National Security Agency along with its three Service Cryptologic Agencies – to include the Naval Security Group, provided the first indications that Soviet arms were being transported to Cuba via multiple cargo ships.   Similar reports revealed high-level visits from a Soviet arms export chief to Havana as well as the purchase of Soviet helicopters by Cuba.

In 1961, persistent surveillance would further confirm suspicions of a significant Soviet military buildup in Cuba.  In February, signals intelligence indicated Cuban pilots were training in Czechoslovakia; in May, communications intelligence revealed Cuban air force personnel were learning Russian; in June, radars were being installed for possible use with artillery units…all the while Soviet cargo ships continued to dock in Cuban ports and unload their cargo under the cover of night. 

Continued collection efforts by the Naval Security Group, et. al., in 1962 would paint an even clearer picture of Soviet capability and intent in Cuba.  Of particular note were successes in the area of electronic intelligence.  In May of 1962, electronic intelligence provided the first evidence of the use of SCAN ODD, a Soviet airborne intercept radar associated with MiG-17 and MiG-19 aircraft, in Cuba.  Later in the year, electronic intelligence would provide another key development.  According to the Center for Cryptologic History’s NSA and the Cuban Missile Crisis:  “Human sources and photography could spot SA-2s, but signals intelligence would provide the first indicator of their operational status… NSA reported the first operation of a SPOON REST radar, associated with the SA-2.  The SA-2 was operational and could shoot down a U-2.  Subsequent overflights would be at risk.”  The Department of Defense was not going to sit idly by while Khrushchev continued to increase his footprint in the western hemisphere.  

On 16 July 1962, the Secretary of Defense, Robert McNamara, directed an increase in the signals intelligence program to combat the Cuban problem.  Three days later, in a Memorandum for the Secretary of the Navy, the Naval Security Group (OP-94G) was specifically directed to “realign its resources to provide greater coverage of Cuba in response to highest priority intelligence requirements.” 

The memorandum recognized that such realignment would have some degree of impact on naval intelligence collection and acknowledged that loss would occur in other collection efforts.  To try to mitigate this deficit, the Naval Security Group would coordinate with DIRNSA in utilizing personnel from her sister agencies — the Air Force Security Agency and the Army Security Agency – to man her stations.  The memorandum also discussed several other measures by which the Naval Security Group would meet the SECDEF’s requirements:

(1) Provide an additional 20 officers and men to two undisclosed locations.

(2) Extend the interim shipborne intercept capability (USS Oxford) through approximately Dec 1962.

(3) Arrange directly with Commander, Military Sea Transportation Service (MSTS) — now known as Military Sealift Command (MSC) — for an MSTS ship to relieve USS Oxford to continue the SIGINT effort off Havana no later than 1 Dec 1962.

What most label as a crisis is more accurately described as a persistent effort against a formidable adversary over the course of two years.  Such was the experience of the cryptologists of the Naval Security Group.  Their round-the-clock efforts helped to ensure that the crisis was not unnecessarily prolonged beyond what most remember as thirteen days. 

USS Oxford: The Largest Producer of SIGINT in the Cuban Missile Crisis

1

The USS Oxford (AG 159) was originally commissioned a Miscellaneous Auxiliary ship in July 1961 in New York.  She was immediately outfitted to participate in the National Security Agency’s Technical Research Ship (TRS) program — though she would not be redesignated an Auxiliary Technical Research Ship (AGTR-1) until years later in 1964. 

The Center for Cryptologic History’s Almanac 50th Anniversary Series article, “The TRS Program Part I:  The Beginning,” describes perfectly the Oxford’s significant contribution to the Cuban Missile Crisis.

The Oxford was officially known as a Technical Research Ship.  Its initial mission was a training cruise.  This gave the crew a chance to familiarize themselves with equipment on board and to identify any problems with the newly refurbished, redesigned ship before traveling to the Middle East.  Although several features were identified that required change or improvement, overall the test proved to be a great success.  For example, the Oxford recorded frequencies and collected a large number of other transmissions.  As the capabilities of the Oxford became clear, the list of potential targets for these ships quickly expanded to include countries all over the globe.

In August 1962, as relations between the United States and the Soviet Union over Cuba grew increasingly tense, the Oxford was diverted to the Caribbean.  Its mission was to collect the communications coming out of Cuba, used by both Soviet and Cuban entities.  The Oxford proved to be the largest producer of SIGINT during the Cuban Missile Crisis [emphasis added].  The communications it collected provided a great quantity of information which, when combined with the photographs from the U2 overflights, provided a very good picture of what was happening in Cuba.

USS Oxford’s success in the Cuban Missile Crisis “demonstrated the value of the TRS program” and paved the way for naval cryptology aboard future Technical Research Ships:  Georgetown, Jamestown, Muller, Belmont, and Liberty.

Find and Fix: Direction Finding in the Cuban Missile Crisis

1

The high frequency direction finding (HFDF) fix in the above message was one of many prosecuted by dozens of U.S. Navy, British, and Canadian direction finding stations in the Atlantic periphery on the days following the President’s initiation of a naval blockade.  Matthew M. Aid, in his book, The Secret Sentry, writes:

“The two dozen or so U.S. Navy, British, and Canadian direction-finding stations ringing the Atlantic continuously monitored every radio transmission going to or from the twenty-two Soviet merchant ships approaching the Cuban quarantine line, in order to track the movements of the Russian ships…  The U.S. Navy’s direction-finding stations began reporting to NSA that their tracking data indicated that some of the Russian merchant ships had stopped dead in the water, and that it seemed that at least eight of the ships had reversed course and were headed back toward Russia.”

The value in such collection is not in the finding and fixing of the ships’ positions alone, but rather in the ability ofsuch information to indicate that the ships had either stopped or reversed course.  That is actionable intelligence.

Such knowledge affords key leadership the time and the ability to make informed decisions.  The message above, combined with many others like it, painted a clear picture of the Soviet’s intentions to not challenge the blockade in full force.

Such is one of the primary roles of a naval cryptologist — to find and fix the adversary.  The fix part of this equation is primarily accomplished via direction finding.  As demonstrated, direction finding provides specific actionable intelligence to warfighters on the ground, in the air, at sea, and on our networks.  It contributes directly to providing Battlespace Awareness to the operational commander.  Battlespace Awareness is, amongst other things, an understanding of when, where, and how our adversary operates.  This understanding, combined with persistent surveillance, penetrating knowledge, and expertise within the electromagnetic spectrum provides the commander with time and “the target acquisition and targeting solutions necessary to apply force, both kinetic and non-kinetic.”

17 November 1962: A Letter of Commendation and Thanks

Blake and Dennison

The following is an excerpt from a previously classified letter written by Admiral Robert Dennison (CINCLANTFLT, 1960-1963) to Lieutenant General Gordon A. Blake (DIRNSA, 1962-1965) on 17 November 1962 regarding the contribution of SIGINT during the Cuban Missile Crisis.

“I should like to take this opportunity to mention the very significant contribution which SIGINT in general – and the National Security Agency in particular – have made toward support of Atlantic Command.  The unique and vital intelligence made available as a result of the national SIGINT effort frequently finds its end use and final justification at the level of the Unified Commander.  In the present situation SIGINT has been one of the most important single factors in supporting our operations and improving our readiness.  Your fine support is much appreciated.” 

DIRNSA responded:  “While you mentioned NSA in particular…the Naval Security Group…deserve[s] a lion’s share of the credit for their work in the fields of collection and direct processing to our customers.  I have taken the liberty of passing on your kind remarks to both NSA personnel and the Service Cryptologic Agencies as kindred elements of our SIGINT team.”

*The letter can be read in full here.

V/r

David

LCDR David T. Spalding is a former Cryptologic Technician Interpretive.  He was commissioned in 2004 as a Special Duty Officer Cryptology (Information Warfare/1810) and currently serves as the Officer in Charge of Navy Information Operations Detachment Kaneohe Bay, Hawaii.

Sources:

https://www.nsa.gov/public_info/_files/crypto_almanac_50th/The_TRS_Program_Part_I.pdf

http://www.public.navy.mil/fcc-c10f/Strategies/Navy_Strategy_for_Achieving_Information_Dominance.pdf

The Secret Sentry:  The Untold Story of the National Security Agency, Matthew M. Aid (pp. 74-77)

https://www.nsa.gov/public_info/_files/cuban_missile_crisis/11_december_cover_letter.pdf

AFRICOM’s Chinese Satellites: How To Lose At Mastermind

THIS ARTICLE WAS ORIGINALLY PRINTED ON MAY 3, 2013 AND IS BEING RE-PRINTED FOR “CHALLENGES OF INTELLIGENCE COLLECTION WEEK.”

Easy to learn. Easy to play. Now, much easier to win.
                                   It gets easier with practice.

For many, the game Mastermind is their first adolescent introduction to cryptology.  A code-breaker is given limited turns to discover the encrypted signal of the code-maker.  By choosing to put AFRICOM bandwidth over state-controlled Chinese satellites in 2012, the U.S. Defense Department decided to extend their PRC opponents exponentially more “rounds” to win the game.  The U.S> has won a tactical convenience at the cost of strategic peril.

Defense Department representatives claim the use of the satellites was secure due to the encrypted nature of the transmissions.  However, as in Mastermind, more exposure reveals more information, with which the code-maker can be beaten.  With an unrestricted treasure-trove of data, the cyber-battle proven Dirty Data Dozen of Chinese cyber-warfare will have plenty of material to compare and contrast until base patterns are found and exploited.  This vulnerability is especially worrisome in an area of responsibility rife with corruption issues and general penetration by state-associated Chinese assets.  That access to the satellite transmissions might be doubly useful because of the potential access to the pre-transmitted data, further easing decryption efforts.  This undermines force-wide communications, providing information that will end up not only in the hands of the Chinese, but the actors with whom their intelligence services cooperate.  The U.S. stands not only to lose one game of Mastermind, but most of the tourney.

You must accept that you won’t always have attractive alternatives. The Big Picture may demand tactical sacrifice.

It was only last month that the CNO, ADM Greenert, said that the cyber-EM environment isso critical to our national interests, that we must treat it on par with our traditional domains of land, sea, air, and space…”  The EM-cyber spectrum may be invisible, but they have the same space constraints as those traditional domains.  During the Cold War, if the berths at Bremerton were full, the U.S. Navy would never have requested berthing space in Vladivostok; if the U.S. Army found itself under-equipped, they would never request use of radio towers in East Germany to communicate with West German patrols.  Resources are limited and must be rationed; put simply by Raymond Pritchett, “If this wasn’t the point to tell someone ‘no’ when they ‘needed’ bandwidth, what point is?”  Refusing to prioritize the strategic long-term viability of U.S. communications security over temporary tactical comfort is the laxity alluded to by the CNO when he highlighted the need for a new attitude.  We can start with the lessons learned from a 1970’s board game.

Matt Hipple is a surface warfare officer in the U.S. Navy.  The opinions and views expressed in this post are his alone and are presented in his personal capacity.  They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.

Maritime Cryptology at the Crossroads

After more than a decade of land war and a desire to rebalance to Asia, America’s Navy finds itself smaller, and in many ways weaker in certain respects. One area that should be of great concern is the current practice and future of maritime cryptology.

Cryptology at sea was proven decisive during World War II, beginning with the battle at Midway and the breaking of the Japanese naval code “JN25.”[i] Equally important was the allied program that cracked the German Enigma machines, “Ultra,” especially those used by the German Navy. Winston Churchill famously remarked to King George VI that, “It was thanks to Ultra that we won the war.”[ii]

museum
(A selection of seven Enigma machines and paraphernalia exhibited at the USA’s National Cryptologic Museum. From left to right, the models are: 1) Commercial Enigma; 2) Enigma T; 3) Enigma G; 4) Unidentified; 5) Luftwaffe (Air Force) Enigma; 6) Heer (Army) Enigma; 7) Kriegsmarine (Naval) Enigma—M4.)[iii]
Throughout the ensuring Cold War until the fall of the Berlin Wall, naval cryptology played a vital role in meeting national and tactical intelligence requirements. America gained deep insight and understanding of Soviet and Warsaw Pact allied naval operations and was able to obtain priceless strategic intelligence through collection missions operated by the U.S. Navy. The end of the Cold War, ensuing strategic drift and drawdown was shattered by the terrorist attack of 9/11, yet even in the midst of a worldwide “Global War on Terror,” the pressure remained to cut the naval force. Today, the Navy is at its smallest point since World War I. For the Navy to conduct its maritime cryptology mission, it must have presence in the littorals, especially in key strategic areas of the Western Pacific, Indian Ocean and Arabian Gulf and the Mediterranean and elsewhere. A smaller Navy with fewer platforms means the Navy is not always where it needs to be and when it needs to be there.

The hope was that through force shaping, automation and remote operations, maritime cryptology could continue to thrive in an ever more complex electromagnetic (EM) environment. Adversarial communications have become far more challenging to detect, exploit and prosecute. The Radio Frequency (RF) environment of today is incredibly complex, with tactical, strategic and data communication links operating in all areas of the spectrum and often at frequencies with a very low probability to intercept. Modern encryption techniques have evolved from mechanical electronics to the use of quantum mechanics.[iv]

crypto

The effects of force shaping, automation and remote operations are beginning to take their toll on the tradecraft of maritime cryptology. Today’s junior Sailors and officers have had their training time cut in order to meet growing operational demands on a shrinking Navy. To be successful in the art of cryptology – and it is a practiced art – one must have a deep understanding of the fundamentals of radio signal transmission as well as more than a passing familiarity with the collection equipment. A junior cryptologic technician and junior officer should be able to draw a basic transmitter-receiver diagram and trace the origin of a signal from its original state, such as voice or data, through the transmitter, across a medium and into the collection gear and the operator’s ears. Foundational knowledge required that the basic operator have a working knowledge of the equipment and be able to perform diagnostic and troubleshooting tasks in the event of a malfunction. Finally, operators and junior officers must understand the process of signal intelligence reporting to the tactical unit at sea (indications and warning intelligence) as well as to the national signal intelligence system.

spectrum

At the same time, emerging cyberspace communication networks place entirely new pressures on maritime cryptology. Modern communication, command, control and information sharing are a “network of networks,” an “Internet of things” that require new skill sets and new acquisition and exploitation technologies. Yet the complexity of data systems and volume of data being passed is growing exponentially, outpacing our acquisition and procurement capability. The Navy has tried to mitigate this by relying on commercial off-the-shelf technology (COTS) but this entails its own set of problems. COTS technology must be compatible with legacy systems – some more than twenty years old and built on architecture and code from the late 1980s and early 1990s – and it relies on bandwidth levels that are not always available and reliable. We often find out the hard way that equipment which works well in the sterile lab environment is not up to the task of performing reliably at sea under arduous conditions.

Maritime cryptology is at a cross roads. We must return to the fundamentals of signal intelligence at the same time we are trying to realize the potential of cyberspace operations at sea. This will require a renewed commitment to recruitment and training, and for many middle grade and senior enlisted cryptologic technicians and officers, it means new formal training. Right now, senior enlisted and officers are being asked to take leadership roles in an emerging cyberspace operations field for which they are receiving inadequate or no formal training. We must reconsider recruitment of new junior Sailors and officers who have the background skills, education and knowledge and provide them a career path that emphasizes cryptologic expertise across the spectrum, from “traditional” signals intelligence to modern wireless exploitation. This career path must be grounded in recognizing that maritime cryptology is more art than science, and to become proficient and experienced, one must practice.

The author would like to thank CDR Kevin Ernest who kindly provided his thoughts on the challenges of modern maritime cryptology.

LT Robert “Jake” Bebber is an information warfare officer assigned to the staff of U.S. Cyber Command. The views expressed here are his own and do not represent those of the Department of Defense, the Department of the Navy or U.S. Cyber Command. He welcomes your comments at [email protected].

[i] http://www.navy.mil/midway/how.html

[ii] http://www.history.co.uk/study-topics/history-of-ww2/code-breaking

[iii] http://en.wikipedia.org/wiki/Enigma_machine#cite_note-9

[iv] http://blogs.scientificamerican.com/guest-blog/2012/11/20/quantum-cryptography-at-the-end-of-your-road/