8th

Cyberwar: Hints & Allegations

November 2011

Dots, dots, dots. Everyone likes to play connect the dots, especially after the fact when it is nice and safe. What is thought clear in hindsight is often not hidden at the present – it is there. Not as clear as the monday morning GOFO would have you believe – but it is there.

Some see it – or at least bits of it. The final form is rarely known by many – and even up to the time of unveiling; except for those who execute it, doubt remains for most.

It was all there; the Tondern Raid, to Billy Mitchell, to the Attack on TarantoLCDR Genda wasn’t the only one to see it.

Examples abound. Big issues and small. Little things like RPG cages forgotten at the end of the Vietnam War until the Iraqi occupation. The South African Army vets from the Apartheid Era would tell all you needed to know about IED if you asked. We knew the vulnerability of the Humvee after Somalia in the 1990s – no excuse really for hillbilly armor over a decade later.

The World Trade Center was attacked once before 11 SEP 01. New methods from the Tactical, Operational, to the Strategic rarely appear as a bolt out of the blue. They are tried out. They are exercised – heck they are even written about and mentioned in conferences sometimes for decades prior to their explosion on stage.

All you have to do is listen. It’s there.

What are we moving forward on – what are our “long poles.” Networks, navigation, communication. Drones, UAS, off-site analysis. Reach-back.

NIPR, SIPR, VTC, broadband, UHF, EHF, downlink. Take you pick. What is your offline backup? How long will you be down? C4ISR – really? Complacent? Content? Assumptions? Branch Plan?

What worries? What warnings whisper at us?

Chinese hackers are suspected of grabbing the reins of four US government satellites in 2008 potentially crashing them to Earth or stealing valuable information, more than once.

NASA admits one of the two satellites was temporarily accessed twice in the summer and fall that year, though would not comment on the other.

‘While we cannot discuss additional details regarding the attempted interference, our satellite operations and associated systems and information are safe and secure’ NASA Public Affairs Officer Trent J. Perrotto said in a statement sent to Talking Points Memo.

According to the draft report, however, two satellites were infiltrated four times in 2007 and 2008 for 12 or more minutes.

Of course – what would divisions of battleships ever have to worry about a few canvas string bags with small little bombs? Don’t be silly. We have the war winning technology, don’t ‘cha know.

The socially awkward and their fetish-toys are not where serious career minded professionals invest their time. Leave those playthings for others; maybe those university libraries full of Chinese students is a place to put those silly ideas. We own the electronic spectrum and space anyway, right? What danger is there to all our transformational, network centric concepts.


«
»


Posted by CDRSalamander in Uncategorized

You can leave a response, or trackback from your own site.

  • UltimaRatioReg

    Meanwhile, the “Cyber people” in all the services, are promising “offensive cyber operations” down to the tactical level. They even had it on Power Point, “OCO”, despite the fact that attribution remains impossible, the network breaches are often not discovered until months after the exploit (while the breach occurs in minutes or seconds), and the bad guys understand how to exploit through a “bot net” of half a million machines to get to their intended target(s). Additionally, the origin of the breach of a network or networks did not occur from any geographic location near the adversary.

    So… we have pseudo-nerds asking for money because “cyber” is sexy, and in turn offer nothing short of a deliberate misrepresentation of the capabilities of their technology. We will soon have Brigade and Regimental commanders believing we can find the enemy networks that are “attacking” us, as if one can see the tracers flying, and we will have the ability to destroy that network with some sort of “cyber” SMAW. Without undue collateral damage.

    In reality, though, the result of something so conceptually flawed would be the shutting down of some hospital mainframe in Kansas City, disrupting telemetry to the critical care ward, or the opening of flood control gates in Seoul because our “offensive cyber” disrupted the SCADA which controlled them.

    Much more to follow. Was a bit surprised to see this hit open source. Methinks it is far worse than we let on.

  • M. Ittleschmerz

    Some other thoughts…

    http://www.tandfonline.com/doi/pdf/10.1080/01402390.2011.608939

    and

    http://www.techdirt.com/articles/20111023/02413916479/non-existent-cyber-war-is-nothing-more-than-push-more-government-control.shtml

    The latter article makes a great point – it is more in how we handle the threat than the threat itself. And we, the USG, have a tremendously bad track record at finding the right way to handle the threat.

  • LCDR Black

    When we have everything run by computers and networked and they have billions of people performing super cheap labor with less networked, I hazard a guess that our efficacy will be far more reduced then their efficacy. To think that cyber is not an issue is to have already ignored Iran and STUXNET. It IS a weapon, and we MUST learn to counter, deny and launch offensives in this realm. From killing runners, shooting homing pigeons, tapping into telegraph wires to stealing GPS signals and repackaging them, comms have always been exploited. Once again, this whole “new warfare” ain’t new. The tools change, but the principles are not all that different. We should not approach strategic thinking like the hear no, see no, speak no chimps.

  • Surfcaster

    Yep. All of our “network” is out in the open. Sure, a few may even be able to access it but it is far more easy to deny it to someone. Especially when that someone is dependent on it. Almost all of those communications are open in the ether to access, and of the ones that are not, most are connected to others which are.

    One big difference between then and now. Then you had to travel hundreds to thousands of miles in secrecy to attack a distinct target. Now the targets and entry points are distributed globally and within reach of many. Some even travels across countries of questionable friendliness.

    Some may say there was a test run here…

    http://www.washingtontimes.com/news/2010/nov/15/internet-traffic-was-routed-via-chinese-servers/?page=all

  • UltimaRatioReg

    Surf,

    Yep, the Chinese executed what was essentially a gigantic “man in the middle” attack, which, when done, escaped notice of the major ISPs.

    Denial of information networks, while serious and even crippling at key times, is nowhere near the top of the list of bad things that an adversary with intent and institutional knowledge can do to you.

  • Surfcaster

    “Denial of information networks, while serious and even crippling at key times, is nowhere near the top of the list of bad things that an adversary with intent and institutional knowledge can do to you.”

    True. But when you build a significant part of your information and capability on the fragile base of an exposed network you will be blinded and unprepared to respond. Especially if that network is the only world you know.

    Elevate all that with hundreds of thousands of compromised network devices on your own soil able to reek various levels of havoc magnifies the digital Pearl Harbor.

  • UltimaRatioReg

    Surfcaster,

    Being blinded and knowing you are blinded is far preferable to being shown something that is not real. With the former, you can find other senses and means to relay information. With the latter, you don’t know you aren’t seeing reality. The point made above, that this is not the new paradigm everyone thinks it is, is a good one. We used to drill for MIJI on our voice networks. Meaconing, Intrusion, Jamming, and Interference. My problem becomes much worse when the reliability of functioning systems is compromised.

    With almost 90% of the network infrastructure in private hands, USG and especially DoD is uniquely unqualified and badly positioned to take the lead in defending networks. General Cartwright’s rather disturbing assertions to the contrary, M. Ittleschmertz is far closer to the bullseye. The techdirt article may not be entirely correct in placing deliberate bad intent on USG and DoD, but I will agree that their likely handling of something so out of their understanding and jurisdiction will yield many of the effects the article posits.

  • Surfcaster

    URR – I understand – completely – what I did not want to do was go down the entire rabbit hole and knock off that and 20 other major points and vulnerabilities. I was just picking off the top few.

    This is what I do for a living – though non DOD related.

  • James

    Wana have fun find some super supporters of F-35 and such and ask, “what happens if someone developes a technic to counter current stealth technologies?”

    “Well obviously that wont happen…after all WE are the most technologicaly advanced nation….”

    OR so what happens if the enemy blinds your satelites or takes them out rendering GPS worthless and you cant get troops in to lase the targets?

    OR so what happens if while the US has only a few 12bil dollar carriers left the enemy attacks several different points at once while its allies do the same?

    ??????

  • James

    LCS, F-35, DDG-1000, and every other new Multi-dimensional, diaphram shifting, soldier uneasing buzzword and idea we have is based on one thing.

    WE WILL KNOW EVERYTHING. So what happens when half of what you know is suspect and the other half is just not there?

    Meanwhile you no longer have the forces to take a hit or react fast enough???

  • ArkadyRenko

    You’re missing the really scary situation:

    What happens when an unspoken assumption is broken…

  • AT1 (AW) Charles H. Berlemann Jr

    Reading all the comments here it is amazing how short sighted some of the posters appear to be here. We have been talking about Cyberwar in the military for at least the last 70 years. The name has just changed over those years, from EW to Cyberwar and all inbetween. The community that has been on the fore-front of that has been the EW community in the US DoD. Cyberwarfare is just EW operations carried on over to the computer networks. If we even roll back some of the defense journals such as Proceedings, Journal of Electronic Defense, JFQ, and even Aviation Spy or Jane’s have all taked about computer network protections. The EW community hasn’t always talked about every tool and combat tactic they have developed or developing; until that development is used in an operation.
    Just because we are talking about satellites today doesn’t mean we might now be talking about erronus data inserted into a business computer system (such as was initially suspected in the stock market drop in May of 2010) or if your able to crash the scheduling software of an airline so that they don’t know what flights are supposed to be leaving from where and who had tickets. Business interests are having some of the same issues with regards to cyber combat, see the PSN attacks and how Sony’s bottom line was affected and those jokers from the 4chan forum with their attacks on networks for grins or precieved greviances. We need to look at our IT departments with how we acquire the tools that we used and if we need to streamline the acquistion programs within the IT world so that our networks infrastructure is ready than that is something which leadership in the government needs to persue.

    Finally, I would suggest a revoultion with regards to security of the systems needs to be done. How many times have we heard in the past few years of “spillage” to use the offical term has occured in US Governmental networks as it just relates to PII data. How many times have we heard of an VetAdmin worker taking a laptop home only to forget it in the car and have it stolen? What about a DoD pay supervisor who has millions of pay records on a portable HD and “misplaced it? Then just take a look at your local levels of government as well. As the CONINTEL folks can tell you, just putting a few pieces of the puzzle together through this spillage can lead to serious issues. Whether that is via the ability to spoof your way into the network to test it or out right knowing how the network is put together and testing how to exploit it for further access. We should treat these events in the same manner as if someone releases FOUO/SECRET/TS-SCI data.

  • Rich B.

    The truth of the matter is the enemy does not have to down our satellites; they do not have to render GPS ineffective. They simply have to upload a virus to powerpoint and watch all operations and technical development cease.

    We are really good at concepts but look where our ability to field systems has detiorated to.

  • James

    Rich,

    The chinese already block our satelites with ground based lasors. Thats one down plus they can just use our R&D and develope really really powerful ones to permanently knock them out.

  • LT Brine

    There are a few points that deserve deep dives to provide something of a path ahead:

    1. Tactical offensive network operations: what ROE do you see coming? What is the lawfare on using, co-opting, or deactivating a bot-net? The precedent has been established, by commercial providers, for shutting down bot nets, but the commercial gurus were still having trouble breaking into the 4th generation bot nets when I last read up on them. Yes there are ways other than bot-nets to attack a network, just ask the red team, but this is the un-attributable one: should we use it? Think twice, your talking about logically stealing many many civilians computers, though they may have already been stolen.

    2. Capability:

    A. Patches: We are currently dependent on commercial providers (OS developers) for patches and antivirus solutions; this is part of why we have intrusions that we find after the fact. There is a good college try working to fix delayed identification of penetration (HBSS though that’s a fun discussion too: is yours still in learn mode?), but the big picture is the corporations find a hole and then we patch it with their fix. Stuxnet used multiple 0 day vulnerabilities, i.e. those not yet found or not yet published by the corporations. Is this a tenable situation and how do we fix it? An aspect of HBSS that doesn’t follow the hole, patch pattern is likely part of the answer to this, but not all of it.

    B. SMEs: We use commercial grade software for networks: COTS and the solutions are commercial solutions at commercial pace, which honestly is faster than ours, but how many of your ITs can explain what a given patch does? How many of your civilian admins? I mean other than that geeky kid who had to ask the security manager about the new hacking question in the background interview. Oh yeah, can we please keep him as an IT when we do network attacks? Can you hold a conversation with them; say enough to make a risk based decision?

    3. Risk: Take a hard look in the mirror and ask yourself if you MAY make a risk based network decision, other than in a tactical situation? The answer is generally no, and it frees a lot of technical brain space for our COs, but this leads back to AT1s points about spillages. How did you treat the last guy you knew who made a spillage?

    Just food for thought. . .

  • http://www.warisboring.com/category/steve-weintz/ Moe DeLaun

    As always, the Commander drives “the little grey cells” into real action…

    First, for another perspective:

    http://the-diplomat.com/2011/11/09/china%E2%80%99s-cyber-moves-hurt-beijing/

    We swim within networks and social media, it’s only very recently that we’ve been able to instrumentalize them outside our heads into nifty gadgets. There are studies showing that humans may be hard-wired for gossip, and ISR is really a grown-up, deadly serious version of the social intelligence needed to navigate human societies. Newton’s 1st law holds in social affairs, too.

    Second, to field a true varsity team something needs to be done about the trust issues between the Feds and the hackers. If the defense of data and networks could be operationally balanced against valid privacy and prosecution concerns, that would go a long way towards recruiting the real cyber-aces.

    Third, since we DON’T KNOW EVERYTHING, it would be wise to study what worked in the past, before RF, aviation, GPS, etc., etc. A fabulous reference site is Low Tech Magazine; here’s a sample of articles:

    Computing Without Electricity
    http://www.lowtechmagazine.com/2008/05/computers-antiq.html

    Satellite Navigation in the 18th Century
    http://www.lowtechmagazine.com/2008/01/satellite-nav-1.html

    Email in the 18th Century
    http://www.lowtechmagazine.com/2007/12/email-in-the-18.html

    And, because this is a naval blog, there should be a link about Ropes and Knots:
    http://www.lowtechmagazine.com/2010/06/lost-knowledge-ropes-and-knots.html

  • http://www.warisboring.com/category/steve-weintz/ Moe DeLaun

    OT, but from the same Low Tech Magazine; the Ictineo II may well have been the first true submarine, using a woodne hull and Victorian AIP:

    http://www.lowtechmagazine.com/2008/08/submarines-1.html

  • Derrick

    I am rather disappointed that Chinese hackers were able to hack an US satellite. Was this satellite US government or commercial? If it’s a military satellite, I expect it to be using proprietary software and communications, not Windows and SOAP/JSON. Makes it harder for people to hack unless they know the proprietary software interfaces. Also, communications should be encrypted with private key so they would have to have the encryption key before being able to hijack the satellite. I also suggest communications all be digital so they can be encrypted properly.

    Finally, I must ask: since we seem to detect a lot of cyber attacks from China, why doesn’t anyone just install region blockers and block signals/network requests from China? It’s not hard…

  • UltimaRatioReg

    Derrick,

    How many multinational companies with HQs in the US do business in China every day?

    Also, I am not sure we have “detected” much of anything directly from China. Attribution is not possible at the present, nor for the foreseeable future.

Subscribe

Get blog posts delivered to your inbox
* = required field

video title


© 2008 - 2013 U.S. NAVAL INSTITUTE
Contact: blog@usni.org
Powered By Unleashed Technologies