Tag Archives: Cyberwarfare

The Future of Warfare

 

Unknown-4

Ghost Fleet. P.W. Singer & August Cole, (2015). Houghton Mifflin Harcourt. New York, NY: 404 pp. $28.00.

Review by Brett J. Patron

If you’ve ever wondered what an operationalized version of Eisenhower’s “military industrial complex” might look like, noted national security analysts Peter W. Singer and August Cole have a book just for you.  A true triad of military, bureaucrats, and corporations overthrows a long-running government to form an uneasy alliance to run a rather large country. Singer and Cole throw us the first of many curves by teeing this up, not in the US, but China…or, as they now call themselves, “The Directorate.”

This first fiction effort by the duo delivers wide-ranging action at a frenetic pace.  The story begins in outer space and, in mere moments, the action plunges far below the Pacific Ocean’s surface. Throughout the  story, as venues change, the reader gasps for breath and delves back in as the action continues. This is a Tom Clancy-esque thriller with most of the pieces one would expect: people unexpectedly thrust into difficult situations; well-researched, accurate portrayals of current capabilities; imaginative exploration of new, emerging, or desired technology; as well as good old fashioned palace intrigue and political gamesmanship.

For those making the Clancy connection, you’ll find this book of the Red Storm Rising genre — a look at how a world war type scenario would likely go.  Ghost Fleet looks at how the “Pivot to Asia” could go – and it can go bad pretty fast. It also plays on many of the fears that serious analysts ponder regarding military procurements, military readiness and other economic tradeoffs.  Buoyed by the massive changes spurred by their recent revolution, the Directorate decides that it is time to achieve their “Manifest Destiny” in the Pacific. A major energy discovery gives them the opportunity to challenge US supremacy in the Pacific and even take on the US militarily, with the tacit assistance of Russia.

What ensues is a massive and coordinated sneak attack that cripples US capabilities throughout the Pacific Rim, most notably in Hawaii. The Directorate, now occupying US sovereign territory and positioned to prevent response either from space or across the vast ocean, looks to turn America into a third-rate client state. To counter this the US decides to reactivate ships (and some aircraft) mothballed by the significant  cuts that US politicians foisted upon itself. This is the rebirth of the Ghost Fleet that gives this story its name.  It also evokes a slightly different comparison: this is the Navy’s version of “Team Yankee.”  Team Yankee was a very popular “must read” in the late 1980s, especially popular with the mechanized/armor community of the Army. It is about warfare at its base level, but with existential impact. In this case, the crew of a one-of-a-kind ship, which was rejected by the Navy when cuts were made, is being brought back to life by a crew desperately trying to make it work in trying circumstances and fights the battle of its life for a noble cause.

Singer and Cole introduce a number of characters:  A navy officer whose transition to retirement is rather violently interrupted; a Marine thrust into the role of guerrilla; a Sun Tzu-quoting Chinese admiral; and a seductive assassin. The story explores the very tempestuous relationship between father and son bonded in a moment of crisis while wrestling with demons of the past. The duo’s style offers some nice bonuses. The reader gets a murder mystery. The idea of “privateers” in the 21st Century is presented.  For the geopolitical thinkers, Singer and Cole skewer a lot of the shibboleths of current alliances and ask “who will really ‘step up’ when the going gets tough?” The authors present some very interesting ideas of what could happen and what could emerge if all the geopolitical knowns were to suddenly change.  Rather than distract, these threads are woven into a complex but compelling story that is both provocative and frightening.

What this book does do well — and in a scary way — is show how pervasive a wired world could be and what would happen if a major actor were to severely upset the proverbial apple cart. Among the discoveries in the opening salvos of The Directorate’s aggression are the vulnerability of so much of the electronics used both in military equipment as well as the networks that course through the US.  Ghost Fleet explores the extent to which autonomous systems change life and warfare.  Can we trust the electronics we buy from overseas? Do we depend too much on automatic, autonomous and “linked” systems in our basic and daily lives? What if a major competitor played on those fears with ruthless precision and execution? This will confirm the worst fears of the Luddite or conspiracy theorist. Those that are on the fence about the impact of autonomous systems will likely find that this book tips them one way or the other.

Two things that one would expect to find in such styled books are not found in this one. One is probably the book’s only serious flaw. The story does not give time stamps and the reader may not realize that the scenario has advanced in time as it changes chapter. Without this context, the reader may become confused on why or how things changed so fast within the story.

The other creative difference is a positive: there is very little discussion of the machinations of the American politicians. Singer and Cole — in a choice very likely calculated to avoid the politics of the moment — do not really describe much, if anything about the moves, motives, or response of the President, or most of the national security apparatus. While the Secretary of Defense is omnipresent, no one else is — nor are there any real discussions on national politics at play. Some may be greatly disappointed by this while others may find it a welcome departure in the genre.  Although cyberspace capabilities are a significant aspect of the storyline, this is not a book about “cyber war.”

If anything, this is may be the first real exploration of Demchakian “cybered conflict” in story form. Cybered Conflict is a construct provided by  Naval War College professors Chris Demchak and Peter Dombrowski. The premise is that the nature of conflict remains the same but that cyberspace capabilities add a new dimension. They further purport that cyberspace is not a separate domain, per se, but is instead just another aspect of how humans interact and compete. Cyberspace is itself not decisive but can certainly tip the scale in an existential conflict. There are ample examples in this book on how this could occur. It is certain to ignite debate on the nature of “cyber war.”

Thriller readers will find this a welcome addition to their collections. Thinkers, advocates, policy wonks, geeks and nerds will all find something to chew on that will confirm or challenge their own biases. Scheduled for a June release, this highly recommended story is a daring look at the fusion of traditional and modern warfare, delivered at “machine speed.”

Brett Patron retired from the US Army after serving twenty-two years with Special Forces, Special Operations, Infantry, and Signal Corps units. After retirement, he’s worked as a defense analyst, supporting Navy, Army, Marine, Special Operations, Joint and Cyberspace organizations. He is now an independent consultant, focused on cyberspace capabilities integration, doctrine development, and policy/law. He makes his home in Yorktown, Virginia.

Readers interested in reviewing books for CIMSEC can e-mail the book review editor at books@cimsec.org.

The Specter of Stuxnet

 

Unknown-1

Kim Zetter. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital WeaponCrown/Archetype, Nov 11, 2014. Hardcover. 448 pages. $25.00.

Review by Shane Halton

Hollywood has been trying like hell to make cyber sexy. We’ve already had a Die Hard movie about cyber terrorism and soon we’ll have an international cyber thriller starring Thor, certainly the tannest hacker in film history. These types of movies have a long pedigree and all use the same basic template: there’s a group of heroes running around trying to catch a hacker before he uses his hacker skills to either blow something up (Live Free or Die Hard) or steal a lot of money (Goldeneye). This is the Cyber Warfare as Action Movie model.

The story of the Stuxnet Worm, as told by Kim Zetter in her fantastic book, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, could have continued this well-trodden path. The story has explosions (!) and the release of poisonous gas (!) but largely eschews the action movie format in favor of something of a cross between a more cerebral version of CSI and a 70s conspiracy thriller. Zetter wisely channels her narrative through the perspective of private sector forensic cyber researchers at Kaspersky Labs, Symantec, and VirusBlokAda, the Belarussian cyber security company that first detected Stuxnet in the wild and attempted to dissect it. These researchers worked the Stuxnet case (and the related ‘Flame’ Worm) on and off for years, always trying to tease out the answer to its central mystery– who created this thing and for what purpose?

Once the culprits and their nefarious intentions are ‘revealed’ (Zetter’s best guess is that Stuxnet was developed by the NSA and the Israelis, both of whom unsurprisingly failed to confirm or deny ownership), Ms. Zetter succinctly explains why releasing a Worm as powerful and potentially dangerous as Stuxnet might have been the least worst option available to the West when it was confronted with the looming threat of an Iranian nuclear weapons program. The author states that Stuxnet originally started out as a reconnaissance program designed to map the contours of the secret Iranian enrichment program. Later versions of the virus were more geared towards industrial sabotage- randomly altering the speed of centrifuges, opening and closing critical valves and reporting bad data back to the control system all in an effort to degrade the Iranians’ ability to enrich uranium. Though the required repairs to the program were costly and time-consuming, Iran was able to invest the time and resources necessary to overcome the damage caused by Stuxnet.

Once the big mystery is revealed, all that is left are the ramifications. Ms. Zetter spends the final third of the book expanding the aperture of her story in ways that are as compelling as they are unsettling. She delves into the ‘grey market’ of zero day vulnerabilities (software vulnerabilities that haven’t been publicized yet), in which individuals and hacker groups discover, catalogue and sell off software vulnerabilities to the highest bidder. Some of the buyers are software companies, others are security companies and some are hacker groups and nation states. Why would nation states be interested in software vulnerabilities? Ms. Zetter convincingly argues that organizations like the NSA, Mossad, and equivalent agencies in Russia and China use these vulnerabilities both to protect themselves from attacks and create offensive cyber weapons. Ms. Zetter describes how this process has likely increased exponentially since Stuxnet was first discovered in 2010.

The author goes on to describe the dilemma facing the NSA with regard to such vulnerabilities — to patch or not to patch? If you rigorously push out patches to software vulnerabilities you can help protect everyone. But if your goal is to gain access to and subvert enemy computer system the opposite logic is at least as compelling – patch nothing and exploit everything. Ms. Zetter quotes an analyst who describes this as akin to withholding a vaccine from everyone in order to ensure your enemy is infected with a disease. This discussion is extremely timely as well. During his May 2015 filibuster of the renewal of the Patriot Act, Senator Rand Paul (R-Ky.) cited documents leaked by the NSA contractor Edward Snowden discussing this dilemma and other instances where the NSA has been accused of deliberately watering down encryption standards in order to ensure it maintained its ability to access every computer system in the world.

Perhaps the most disturbing part of the story is the uncertain fate of Stuxnet itself. It is important to think of Stuxnet as being composed of two parts: the missile and the warhead. Zetter says Stuxnet’s designers spent a lot of time developing a ‘missile’ that could exploit vulnerabilities and avoid detection long enough to get its ‘warhead’ to the part of the system it’s targeting. When Stuxnet was released into the world it accidentally ended up on tens of thousands of computers across the globe. When the private sector researchers discovered and dissected it they published their findings (including the Stuxnet source code) online. Remember, every copy of Stuxnet contains the plans to build another Stuxnet, with the option to modify the missile or warhead portions as required. This means that since 2010 the plans to build your own copy of the most dangerous cyber weapon in history have been available for free online. One cyber security expert interviewed in the book likens the release of Stuxnet to following up the bombing of Hiroshima with an air drop of leaflets describing how to build an atomic bomb.

This book does two important things well. First, it tells the origin story of a dangerous new class of weapon in a way that is accessible to the educated lay reader. PW Singer, in his book on cyber security, describes ‘the glaze’ which is ‘the unmistakable look of profound confusion and disinterest that takes hold whenever conversation turns to workings of a computer.’ By keeping the focus on the human drama of the researchers unpacking the mystery of Stuxnet, Ms. Zetter never lets readers fall victim to the glaze. Second, the book serves as an excellent practical guide to the language and concepts of the cyber world; language and concepts that will undoubtedly play an ever larger role in our national dialogue as time goes by. 

Lieutenant Junior Grade Shane Halton is a naval intelligence officer currently stationed at the Joint IED Defeat Organization. He served as an enlisted intelligence specialist before commissioning through the STA-21 program. He has written about global air defense modernization trends and the effects of big data on intelligence analysis for Proceedings magazine. The views above are the author’s and do not represent those of the US Navy or the US Department of Defense.

AFRICOM’s Chinese Satellites: How To Lose At Mastermind

THIS ARTICLE WAS ORIGINALLY PRINTED ON MAY 3, 2013 AND IS BEING RE-PRINTED FOR “CHALLENGES OF INTELLIGENCE COLLECTION WEEK.”

Easy to learn. Easy to play. Now, much easier to win.
                                   It gets easier with practice.

For many, the game Mastermind is their first adolescent introduction to cryptology.  A code-breaker is given limited turns to discover the encrypted signal of the code-maker.  By choosing to put AFRICOM bandwidth over state-controlled Chinese satellites in 2012, the U.S. Defense Department decided to extend their PRC opponents exponentially more “rounds” to win the game.  The U.S> has won a tactical convenience at the cost of strategic peril.

Defense Department representatives claim the use of the satellites was secure due to the encrypted nature of the transmissions.  However, as in Mastermind, more exposure reveals more information, with which the code-maker can be beaten.  With an unrestricted treasure-trove of data, the cyber-battle proven Dirty Data Dozen of Chinese cyber-warfare will have plenty of material to compare and contrast until base patterns are found and exploited.  This vulnerability is especially worrisome in an area of responsibility rife with corruption issues and general penetration by state-associated Chinese assets.  That access to the satellite transmissions might be doubly useful because of the potential access to the pre-transmitted data, further easing decryption efforts.  This undermines force-wide communications, providing information that will end up not only in the hands of the Chinese, but the actors with whom their intelligence services cooperate.  The U.S. stands not only to lose one game of Mastermind, but most of the tourney.

You must accept that you won’t always have attractive alternatives. The Big Picture may demand tactical sacrifice.

It was only last month that the CNO, ADM Greenert, said that the cyber-EM environment isso critical to our national interests, that we must treat it on par with our traditional domains of land, sea, air, and space…”  The EM-cyber spectrum may be invisible, but they have the same space constraints as those traditional domains.  During the Cold War, if the berths at Bremerton were full, the U.S. Navy would never have requested berthing space in Vladivostok; if the U.S. Army found itself under-equipped, they would never request use of radio towers in East Germany to communicate with West German patrols.  Resources are limited and must be rationed; put simply by Raymond Pritchett, “If this wasn’t the point to tell someone ‘no’ when they ‘needed’ bandwidth, what point is?”  Refusing to prioritize the strategic long-term viability of U.S. communications security over temporary tactical comfort is the laxity alluded to by the CNO when he highlighted the need for a new attitude.  We can start with the lessons learned from a 1970’s board game.

Matt Hipple is a surface warfare officer in the U.S. Navy.  The opinions and views expressed in this post are his alone and are presented in his personal capacity.  They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.

Sea Control 25 – Crimean Crisis

seacontrolemblemSea Control discusses the Crimean Crisis, with three CIMSEC writers: Dave Blair, Viribus Unitis, and Robert Rasmussen. We discuss Russia’s aims and tactics, the Maidan movement, Ukrainian governance and passive resistance, and what this crisis means for Russia and the EU/NATO.

DOWNLOAD: Sea Control 25 – Crimean Crisis

We are available on Itunes, Stitcher Stream Radio, etc… Remeber to subscribe, leave a comment and a 5-star rating.