Archive for the 'Cyber' Category
By Mark Tempest
Please join us on Sunday, 6 Dec 2015 at 5pm EST (US) for Midrats Episode 309: Law and the Long War:
In a decade and a half of fighting terrorism, the laws that define our actions overseas and at home have morphed as the threat and strategy for dealing with it has.
From fighting ISIS, operating with and in failed states, dealing with the expanding “refugee crisis,” to keeping the balance between security and safety – what has the legal shop been up to?
Our guest for the full hour is returning guest Charles J. Dunlap, Jr., Major General, USAF (Ret.), Professor of the Practice of Law, and Executive Director, Center on Law, Ethics and National Security at Duke University.
General Dunlap’s teaching and scholarly writing focus on national security, international law, civil-military relations, cyberwar, airpower, counter-insurgency, military justice, and ethical issues related to the practice of national security law.
Join us live if you can (or pick the show up later) by clicking here.
You can also find the show later by visiting our iTunes page here.
The laws and norms surrounding the movement of economic goods across geopolitical boundaries are well-defined. By contrast, the ability to create and manipulate information has become ubiquitous and robust legal frameworks governing how state actors, individuals, and institutions interact with the information ecosystem do not yet exist. This creates risk and opportunity for state and non-state actors looking to devise new information manipulation tactics and make claims on this evolving space. Information control has always been a key component of strategy; however the current speed of evolution provides an advantage to potential disruptors, who do not have sunk costs in existing expensive processes and techniques. Whereas during the medieval period, a limited number of literate clergy had the ability to control the information space (which was explicitly linked to the capacity to wage war), today both state and non-state actors, no matter how marginal, have the ability to contribute to the information battlespace. Even a single, well-placed YouTube video, such as the beheading videos released by ISIL can influence military response.
Information is a non-rivalrous commodity, which should fundamentally change military investment profiles. In FY10, the United States spent $160B for the wars in Iraq and Afghanistan, compared to CIA estimates of Al Qaeda’s 2010 operating budget of $30M. Despite 5,000 times more investment by the US, Al Qaeda continued to expand its influence throughout the region with involvement in Yemen, Russia, Syria, and by facilitating the eventual destabilization of Iraq. In the information age, spending and traditional military definitions of success no longer correlate with stable end states. It is more difficult to characterize 21st century conflicts in terms of definitive winners and losers than traditional industrial conflicts. It follows that post-industrial, digital-age conflicts will be characterized by informational pluralism, and that single source-point information control is no longer viable for military organizations.
The Department of the Navy’s (DON’s) information construct is currently divided along two objectives. One objective is to disseminate propaganda about the DON’s agenda and operations to a small circle of military-industrial and congressional elites who can afford 4-digit subscriptions to defense publications. The approach is not only fundamentally undemocratic, but also flawed in its assumption that “authoritative information” flowing out of the Navy information channels actually holds value in the information economy. The Navy information organization relies on humans to do the searching, processing, and dissemination of information, while most private-sector organizations, rely on advanced algorithms to fulfill these functions. Relying on humans results in slower processing speeds, increased error rates, and the bias that occurs from having associative, rather than random access, memory. Humans are subject to confirmation bias and will continually reinforce existing hypotheses with new information, rather than allowing the data itself to guide conclusions. In a world where decisions are made based on multiple sources, curated by digital systems, human-centric, centralized information systems are decreasingly relevant.
The second objective is to manipulate the information space as it is perceived by our adversaries, via network operations and psychological operations, for example. However, the efficacy of this construct is challenged by adversaries, many of whom recognize that they can achieve strategic objectives at minimal cost by creating a multiplicity of equally viable perceptions within the information space. While the US Navy continues to rely on an outdated approach to information, countries such as Russia and China understand how to apply pressure to their adversaries by insidiously manipulating information through a broad range of channels. This is evident in Russia’s substantial investments not only in internal propaganda machines such as RussiaTV, but more disturbingly Washington D.C. think tanks and London banking. Similarly, China’s ability to map connections and place pressure on individuals through data gathered in the OPM breach clearly indicates how information is valued in the Chinese defense paradigm.
The primary goal of the current battlespace information agenda is to have real-time ‘perfect’ information that is consistent from the tactical to the strategic level—the battlefield equivalent of the Waze app for traffic or Uber for transportation services. These capabilities are being developed using today’s information paradigms and technology, although they are unlikely to be operational for several years. However, with minimal investment, unsophisticated actors have the ability to disrupt this approach by making it impossible to distinguish real from fabricated threats. This is comparable to populating the Uber app with fake cars, eliminating users’ ability to distinguish between real and avatar drivers and therefore efficiently travel between points. The Russians demonstrated this approach in 2014 when they flooded social media channels with false reports of a chemical spill in Centerville, Louisiana. Optimizing the battlefield information ecosystem for real-time, perfect information piped through singular channels creates tremendous vulnerabilities when the potential for information oversaturation by an adversary is high.
Often times, DON assessments of novel approaches to the legal uses of information and weaponization (notably the use of disinformation) devolve into rights-based arguments focused narrowly on injunctive norms and “ethical” applications of information within defined legal realms such as intellectual property and privacy. While important, these conversations amongst military and political leadership often contribute little in terms of practical solutions and tend to overlook evolving challenges within the information space. The DON has been efficient in developing sweeping statements about the “importance of information” that never get adopted locally, while our adversaries continue to experiment with novel approaches in the information space. The military is the catastrophic backstop for the United States, and as adversaries invest aggressively and disruptively to control this evolving space, the DON will undoubtedly have a role to play in informing future frameworks and tactics.
In order to influence the information space, the DON must make investments in global cultural understanding. Cultural proficiency within the information space is not only paramount to generating information that produces the desired effects, but also critical to the DON’s ability to effectively mine the data of our adversaries. Effective use of information requires first-hand knowledge and cannot be outsourced to the intelligence community or communicated through powerpoint briefs. It requires understanding consumption habits, means of ingestion, and technical and semantic characteristics of information in a particular context. Close collaboration and immersion is necessary to understand subtle cultural constructs and the DON must grow this expertise or develop partnerships to provide the depth and breadth of cultural understanding across the DON needed to function in the information age.
Secondly, perhaps the greatest threat the DON faces is having its information ecosystem saturated with disinformation, or false positives. This mandates the use of advanced algorithms to parse the information ecosystem efficiently. Complex models and algorithms are often more art than science and heavily influenced by their creators. This capability must be developed organically, allowed to grow, and continually adapted by experts and integrators. This is a way of thinking that has become a core capability in an information world that resides in a small subset of synthesizers. It is non-transferable, cannot be trained, and cannot be outsourced. The DON must invest in finding and cultivating this unique set of talents. The US Navy must acknowledge its role and invest accordingly or it will find itself increasingly unable to compete on the information battlefield.
For the better part of a quarter century we have become comfortable reigning over a domain we do not have title to. Many know and are preparing for it – but as we rack-n-stack priorities, mitigating this critical vulnerability often gets lost in the crunch.
We have comfortably placed a significant portion of our weaponeering, navigation and other essentials at the mercy of peacetime access to GPS, and entire CONOPS assuming the access, use, and utility of networks reliant on the electromagnetic commons.
The warnings about about this complacency show up on a regular basis, and we have another one via DefenseNews;
… the commander of US Army Europe says Ukrainian forces, who are fighting Russian-backed separatists, have much to teach their US trainers.
Ukrainian forces have grappled with formidable Russian electronic warfare capabilities that analysts say would prove withering even to the US ground forces.
“Our soldiers are doing the training with the Ukrainians and we’ve learned a lot from the Ukrainians,” said Lt. Gen. Ben Hodges. “A third of the [Ukrainian] soldiers have served in the … combat zone, and no Americans have been under Russian artillery or rocket fire, or significant Russian electronic warfare, jamming or collecting — and these Ukrainians have. It’s interesting to hear what they have learned.”
Hodges acknowledged that US troops are learning from Ukrainians about Russia’s jamming capability, its ranges, types and the ways it has been employed. He has previously described the quality and sophistication of Russian electronic warfare as “eye-watering.”
How is the Army doing on its rack-n-stack in keeping up with the evolving electronic threats?
… and it is developing a powerful arsenal of jamming systems, but these are not expected until 2023.
As we defined it awhile ago, that is over two worldwars from now. Hmmmm.
Maybe Ukraine will inform their priorities as they look at the challenge ashore with fresh eyes – and in a fashion – help us look again at the challenge at sea.
This past week, Navy leaders called for sailors, civilians, and researchers to commit themselves to emphasizing and adopting robotics and artificial intelligence (AI) to solve warfighting challenges. In a memo to service chiefs, Secretary of the Navy Ray Mabus called for the DON to consider “how to adapt recent private sector advances in fields such as machine learning, natural language processing, ontological engineering, and automated planning for naval applications.”
Why do commercially developed AI and robotics offer such promise to the sea service? Are these advances decades away? And how can sailors in the fleet help drive the change Secretary Mabus is calling for? Let’s examine these questions further.
The Virtuous Technological Cycle: Faster and Cheaper Computing
Pop culture is familiar with the concept of Moore’s Law of Integrated Circuits. Simply put, this maxim states that computing power has tended to double every 18 months for the last several decades. This leads to steady advances processing power and resulting technical advances.
But Moore’s Law is not the end of the story. As speed and computing power have increased, the cost of these capabilities has decreased rapidly. Consider the cost required to execute a gigaflop, a standard measure of computing power. In 1984, it cost $42,780,000 in hardware to complete this task. By the year 2000, this figure had dropped to $1,300. Today, it costs less than eight cents in hardware to complete this task.
These factors create a virtuous cycle. More advances in power lead to more applications where a technology might be adapted. More applications lead to more demand, which in turn lead to larger numbers of chips being manufactured. More investments in manufacturing lead to more investment in research and therefore quicker development. The cycle feeds on itself.
As computing power becomes faster and cheaper, it allows scientists to harness machines to complete new and more challenging tasks. Artificial intelligence programs can sift through massive repositories of data to learn patterns they can then recognize. Software can be programmed to observe situations and “learn,” just as a human does from experience.
Consider the Berkeley Robot for the Elimination of Tedious Tasks, or BRETT, under development at UC Berkley. BRETT is programmed to utilize “deep learning” techniques to observe a problem, orient itself, and solve the issue. While it takes several hours to solve a simple task, with increases in computing power, its speed will grow. Just as a child’s simple brain grows into an elegant masterpiece, so too will such machine learning technology develop rapidly as computing power continues to race forward.
Adopting Rapid Technological Solutions: How to Outfit a Truck
In an article in Proceedings in 2012, CNO Jonathan Greenert wrote about budgetary and acquisitions challenges. Due to lengthy development of new platforms, Adm. Greenert suggested that rather than buying “luxury cars” with numerous built in features, the Navy ought to buy “trucks” that can carry modular payloads. Such open architecture systems can easily and rapidly adopt new sensors, weapons, and technology at relatively low cost.
This flexibility combined with rapidly advancing computing technologies makes the near future very bright. While DoD has been and remains at the forefront of research and development, there are many commercial entities building robots and AI products that have dual military uses. Tools like autonomous robots, facial recognition databases, and speech recognition and translation software have all been developed in the civilian sector and offer great promise in military applications. The speed of commercial innovation is regulated by market forces and Moore’s Law. The speed of our acquisitions system is regulated by a bloated process developed by legislators and implemented by managers with a vested interest in its perpetuation. Which system do you think is faster?
By adopting commercial technology in open architecture systems, the pace of adopting new capabilities can accelerate. Enhancements to ensure information assurance and security will be required. Acquisitions processes will have to be respected as well. But this will minimize costs as well as cut down on the multi-year interval between requirements for a weapons system being frozen, and initial operating capability milestones. Open architecture systems in the aviation, submarine, and surface forces that will enable these capabilities to quickly “plug and play,” with upgrades coming in months rather than years. This will bring new capabilities to match the pace of technological advances as closely as possible.
Imagining the (Not so Distant) Future
How realistic, though, is the introduction of machine learning and advanced artificial intelligence into military service? Certainly, the Navy has adopted systems like the X-47 Unmanned Combat Air System. But are these other technologies more pipedream than reality? Let’s conduct a thought experiment.
While writing, I imagined flying a mission in the near future in my most recent fleet aircraft, the P-8 maritime patrol aircraft. Such a jet would have an AI system that could analyze the ocean environment, predict the actions of a threat submarine, and recommend to its operators where to search. Acoustic operators using SSQ-125 multistatic sensors would be assisted by an AI system that used machine learning techniques to analyze reflections from underwater targets and provide its judgment whether the return was a submarine or a shipwreck. The aircraft would be equipped with an autonomous communications intelligence (COMINT) recording and translating system. This system would automatically record, translate, and transcribe chatter it received.
Sound like science fiction? If it does, the reader may be surprised to know that all these technologies either already exist in various forms, or are very close to reaching fruition. For over a decade, the MH-60R helicopter has boasted an advanced decision aid called the Acoustic Mission Planner (AMP). By analyzing the ocean, AMP can provide a crew with recommendations on where to employ sensors and search. Updated in real time, its algorithm provides a changing search plan as the hunt unfolds. Similar tools for fixed wing aircraft are being developed.
To detect quiet diesel submarines, the navy has turned to high-powered active sonars. These systems, in theory, are subject to high false alarm rates, and require operators to decipher the returns. The Naval Research Laboratory is developing machine learning software that observes how humans classify returns, and then mimics that behavior. Such “human mimetic” behavior can augment the performance of a less-experienced human operator or speed up classification by a seasoned aviator.
While automatic translation seems to be the realm of Star Trek, such technologies are becoming increasingly common, to the point where they are freely available through services such as Google Translate. Earlier this year, DARPA announced that speech identification and translation software could be available to intelligence analysts and combat troops as early as 2017. Such automated tech could remove the need to carry a linguist onboard, while providing the P-8 a new intelligence gathering capability with no additional manning.
Challenging the Warfighter
Adopting robots and AI systems will not just require warfighters and support personnel to consider how new technology can be employed. It will also require that we consider our relationship with these tools. Far from fearing this technology as a threat to us, or our eventual replacement, we should acknowledge that our role will shift and embrace that reality.
While machines increasingly take on monotonous or computationally intense tasks, we will take on the role of supervisor and analyst. For example, airline pilots frequently discuss their role as one of a “systems manager,” allowing the autopilot to conduct much of the physical task of flying while they observe system performance and make decisions regarding malfunctions, weather, and optimizing their route.
Joining the Conversation
New technologies and warfighting challenges will require solutions from all corners of the fleet. The Navy’s Office of Strategy and Innovation has recently launched a crowd-sourced website known as the Innovation Hatch. In the next month, leaders are challenging sailors fleet-wide to offer their ideas and thoughts on how advances in AI can solve problems they see every day on the deckplates.
The Naval Warfare Development Center has also recently launched a crowd-sourced website known as Navy Brightwork to harvest ideas from the fleet. Brightwork is more focused on warfighting applications and as such has both NIPRnet and SIPRnet portals.
It’s an exciting time both in the Navy as well as society at large as we watch technology grow and change around us. Tools that were rare just years ago are ubiquitous and cheap today. As advances in computing race forward, let us hope that sailors adopt the technology around us to seize the intellectual high ground and win the conflicts of tomorrow.
Yet, despite a review of Power Transition Theory examining why these states might come to blows, Ghost Fleet’s expedition into the near future primarily focuses on how such a great power conflict might be fought. Singer and Cole are at their best in teasing out the interplay between potential advances in emerging technologies – backed by impressive end-noting – rather than isolating the implications of a single capability. These range from Big Data and unmanned systems to additive manufacturing and augmented reality. The authors’ depictions of cutting-edge Chinese developments picking apart current U.S. weapons systems might make for queasy reading among some in the military. In this way it effectively serves to warn against complacency in presuming American technological superiority in conflict. But it bears remembering that success in employing the new capabilities detailed in Ghost Fleet, as in life, requires a level of creativity available (and not guaranteed) to both sides.
Singer and Cole also explore how the supposed American Way of War of grinding attrition, popularized by the eponymous 1973 Russell Weigley book, might fare in an age of offensive space and cyber weapons. In doing so they create intriguing portraits of empowered individuals (both socio-economically and skills-wise), expats, and a globalized defense industrial base on a war footing. Some of the most memorable scenes come from the juxtaposition of new capabilities with old operational concepts (occasionally set to the strains of Alice Cooper). Singer and Cole also ably confront readers with a reversal in the traditional role of U.S. forces in an insurgency and the ethical decisions it demands of them.
Ghost Fleet may be the authors’ first novel, but it’s not their first foray into helping tell a story. Singer has consulted on such projects as Activision’s “Call of Duty” video game franchise and honed his prose in such works as Wired for War, an earlier book on the future of robotics warfare. Cole meanwhile has been engaged in the development of insights on warfare by facilitating near-future science fiction writing at the Atlantic Council’s “Art of Future Warfare Project” (full disclosure: I had the opportunity to publish a short story of my own there). These experiences have paid off in a very enjoyable page-turner.
This is not to say Ghost Fleet is without flaws. One of the novel’s driving emotional stories, an estranged father-son relationship, never quite rings true. With an expansive and fast-moving narrative, a character here and subplot there trail off without satisfactory conclusion. Lastly, while the authors investigate many impacts of a war’s fallout on the U.S. Navy, including the resurrection of the ships of the book’s title and a call-up of retirees, they missed an opportunity to look at the complications a mobilization of existing Navy Reservists might cause. But such a minor sin of omission doesn’t detract from the overall merits of the work. Whether on a commute to the Pentagon or relaxing on a beach in the Hawaii Special Administrative Zone, readers will find Ghost Fleet a highly enjoyable, at times uncomfortable, and always thought-provoking read.
*It should be noted Singer and Cole don’t tie those nation’s current regimes to their countries’ futures, and in doing so remind readers that what would follow a collapse of the Chinese Communist Party is not necessarily more amenable to U.S. or Western interests.
The American flags whip in the wind as the sun creeps over the grassy horizon. The charcoal sits in reused plastic grocery bags at the end of the driveway. The grass beneath them is soft with early-morning dew.
In parallel, across the country this morning, American flags fly, too. Flowers placed on hallowed graves flutter slightly in the breeze. Mementos of the lives of brave American servicemen and women who paid the ultimate price are still in place on headstones, surrounding the heroes, keeping them company.
Yesterday, as it does by law every year, enacted in the last century, on the last Monday in May, America celebrated Memorial Day. This recognition stems from the Civil War, when compassionate groups of citizens would decorate the graves of soldiers who had died fighting for their cause. It has grown into an annual recognition of all our honored war dead, and a federal holiday that gives many a reprieve from the workweek.
Many use the day for celebration of the freedoms we enjoy, especially as the holiday coincides with long-awaited warm weather in much of America’s broad latitude. They use it as a day to reflect on family and friends, to fill their lives with familiarity and warmth.
Few of us can comprehend, though, the silent heartbreak of those whose loved ones have felt the pain of ultimate sacrifice. Their experience on Memorial Day is markedly different, but it is right and genuine and pure. To love a warrior is the sweetest tragedy; to live their memory the highest privilege.
Yet the great, silent measure of a nation is its remembrance of its heroes on all the other days of the year; not as a boastful measure of bellicose pride, but as an eternal example of highest achievement. Selfless service has long been idealized in words and opinion polls, now manifest in Facebook posts and Instagram memes, but we must do the hard work of living that notion and encouraging our children to live it through our own actions.
To honor and to serve; both are active verbs.
To: Admiral X, CINCSTUFF
From: LTJG Kat Dransfield
BCC: North Korea, Iran, Google, Russia, Boris in Belarus
Fw: Fw: Fw: Fw: Subj: Decisions, Secrecy and Sclerosis: Why Email Is the Single Greatest Threat to National Security
Today, information is all around us. The proliferation of digital technologies and resultant data explosion does not simply affirm the efficacy of digital systems over their analog predecessors like letters, the telegraph, and carrier pigeons. Rather, the data revolution mandates a shift towards a world permeated and enabled by data in a whole new way. This requires a mindset shift that will have significant consequences, many of which are not readily apparent even to experts. From the emergence of digital currencies such as bitcoins, to personal technologies like Fit Bit, the intimate fusion of the digital with our physical and social experiences is an increasingly salient aspect of culture. We have a level of connection to data the like of which historically has been reserved for spouses and significant others.
Data and the digital world are nearly ubiquitous in the military and broader society. With so much data now readily available, data and the digital world have fundamentally altered and enhanced how humans arrive at evidence-based decisions. To adapt to this, conventional military decision-making models and technological practices should have been re-examined to leverage the untapped military potential hidden within our data stores. Although the growth in complexity and quantity of data analytic packages and modeling platforms HAS altered decision models in realms as disparate as weight management and finance, the Navy faces a glaring deficiency in this arena.
As large amounts of digital data have increasingly become the basis of decisions today (including those of potential military adversaries), many of our naval decision-making processes and framework have remained in the 19th century. For the most part, advanced Navy systems for managing, synthesizing, and sharing data have failed to materialize. This problem does not simply manifest itself in the realm of supercomputers and high-end weapons and analysis development. It is all-encompassing, the most corrosive example of which is the foundation of our military communication: email.
To: Admiral X, CINCSTUFF
From: LTJG Kat Dransfield
CC: North Korea, Iran, Google, Russia
Fw: Fw: Fw: Subj: Just Because it’s Digital Doesn’t Make It Better
Email simply took an ancient model of communication — the sending and receiving of written word–and digitized it. While the physical act of transmission is far more efficient, the human, cognitive limitations on reading and processing speed remain. We have failed to develop the technologies needed to augment the human brain and actually use email traffic in its totality. There is an easy analogy: imagine if you received 200 letters in your mailbox every day. In its current form, that is all email is. We have created an environment where millions of “letters” are generated without parallel capacity to make use of the information they contain. This doesn’t even begin to deal with the problems created by forwarding – imagine if those letters had stapled to the bottom a copy of every preceding letter, which you would need to read through in order to understand what the original letter was about!
Everyone with a .mil address knows the trials and tribulations of operating within the email construct, especially when utilizing an IT infrastructure that is inadequate, outdated, and scandalously overpriced due to the inherent deficiencies of our acquisition strategy. Many of us receive hundreds of emails a day, most of which we will frankly delete at the expense of some critical information they may contain. For the emails we do choose to read, the legibility of email traffic is compromised by the ratio of actionable information to extraneous routing data. We spend more time reading “looping in Tim’s” than tending to the “meat” of our emails.
As processors, human brains are poorly designed to collate and apply analytic rigor to the amount and format of information in our inboxes–this is why we can never quite seem to get caught up on email. The way the human psyche evolved renders humans attentive to environmental anomalies but very bad at focusing on environments that don’t stimulate the “threat detection” portions of our brains (ex. parsing emails that all look largely the same). In other words, we get distracted easily, like when we put this youtube video right in the middle of this article.
Fortunately, there are some examples of best practices we can turn to remedy our information dilemna. Financial statements used to be nearly meaningless to a broad set of the population. However, when free easy to use budgeting tools like Mint were developed, the ability to visually understand through graphs and trend summaries transformed the way many people think about saving and spending money. If Mint is an example of making large datasets meaningful and the catalyst for behavior change, then Microsoft Outlook is the opposite–equivalent to reading all of our financial statements and purchase transcripts without any frame of reference to understand what it all means.
The continued reliance on email as the cornerstone of our not only our business processes but many of our actual warfighting processes therefore renders the Navy organization hopelessly inefficient, vulnerable to security compromises, and frustrating to operate in. The time expenses, shortcomings in data presentation, and lack of analytic capacity in the email construct ensure blind, non-data-driven decision-making. The lack of enterprise-wide, algorithm-driven governance of data sharing and retrieval means protocol implementation is informed by culture rather than system design. As a result, information sharing etiquette is poorly enforced by end users who are expected to navigate the abject complexity of web traffic–locating, identifying, sharing, and safeguarding information without the assistance of modern tools. And ironically, when email fails to produce needed critical information, we naturally seek to correct the information deficit by sending more emails–adding noise to the already impossibly complex and overburdened data management construct. The over-cultivation of information makes information worthless.
To: Admiral X, CINCSTUFF
From: LTJG Kat Dransfield
CC: North Korea, Iran, Google
Fw: Fw: Subj: Some thoughts about thinking differently
While we tend to think of email as a business instrument and not a warfighting tool, every warfighting outcome refers back to this communication medium in various degrees. One alternative to the current email construct would be for the Navy to eliminate email entirely and introduce a cloud-based information retrieval system. Imagine a Navy where instead of having to ask Bob to ask Sally to ask Fred for a particular piece of information (who may ultimately opt not to share it), the data object of interest could simply be queried via a Navy-wide search engine, then integrated into a more meaningful picture. For example, current year equipment casualties could be instantaneously generated alongside relevant trend data. The time savings and decision enhancement acquired by installing such a system would be astronomical.
To: Admiral X, CINCSTUFF
From: LTJG Kat Dransfield
CC: North Korea, Iran
Fw: Subj: Secrecy and Sclerosis: Maybe we like it this way
However, even if the shortcomings of the acquisition system could be overcome to make such a cloud solution a reality, it is unlikely to be implemented. To start, the fact that naval personnel have continued to tolerate the email construct this long belies reason. Imagine if you didn’t empty your physical mailbox in over a year. After a series of notices from your post office and a few angry neighbors, legal action might be warranted owing to the growing piles of (sensitive) information. Yet it is also exposed to the elements, degrading and disappearing. Juxtapose this example with the email environment, where the descriptive and injunctive norms of our Navy validate this behavior. We must ask ourselves why.
The fact that we as an institution continue the use an email system that is openly acknowledged to be terribly designed and marginally effective is underpinned by a more deeply rooted problem that email has continued to facilitate; secrets remain the organization’s authoritative currency. From our budgeting process to our conversations with detailers, power in the Navy organization is extracted from our capacity to control the dissemination and transparency of information. Enacting a cloud-based system that allowed users to query for any piece of information would threaten this culture of secrecy calcified by our continued use of 19th and 20th century information exchange models. For example, making information related to a program-of-record readily available would completely dismantle the Navy’s current methods of defending its budget. . The current method is stating in a unified manner across the leadership that that every program is equally vital and equally successful becomes impossible if information on those programs is readily available. Similarly, the military’s rank structure is reinforced by a practice of knowledge hoarding (“I out-rank you, therefore I get to be the exclusive owner of this information and you have to beg for it”) that breaks down if access in a cloud-based system is relatively free and open. These are just two of many ways in which the precession of secrecy would be fundamentally disrupted by efficient communication mechanisms.
To: Admiral X, CINCSTUFF
From: LTJG Kat Dransfield
CC: North Korea
Subj: Secrecy and Sclerosis: Why Email is the Single Greatest Threat to National Security
Therefore, ensuring our information management practices allow the Navy to remain a relevant instrument of national power depends on more than the adoption of new hard and software–it requires coming to terms with the very real socio-cultural barriers that prevent us from using information appropriately and effectively. Email as a communication medium is no longer relevant given the growth and availability of powerful analytic and collaboration tools. And if we do not find ways of making our culture and business models more receptive to the use of these tools, we will quickly find ourselves outmatched by our most agile and innovative adversaries. These adversaries will outpace us in decision-making and have better situational awareness. They will also have the tools and analytic capacity to exploit the currently untapped data flowing over our own relatively insecure networks (the more data we produce in the form of useless emails, the more opportunities there are for exploitation). If the US Navy is to remain the preeminent naval force in the future, it must restructure its processes and identity around something other than secrecy. Until we can effectively exploit our own data, we will lag our adversaries in the information space.
Today, understanding national security means understanding the ‘cyber’ dimension of warfare. For the last twenty years we have lived in a world where every day more people gain access to the global online commons and benefit financially, politically and educationally from that access. The concept of cyber warfare, taken to its logical extreme, will threaten the very nature of the global commons and force policy makers to improvise strategies to defend it.
The tools, tactics and strategies of cyber warfare are rapidly evolving in complex ways – a process that will be greatly accelerated in the event of conflict between two or more nation-states with mature cyber capabilities. While it is impossible to predict exactly how cyber warfare will shape the future battlespace, a sustained cyber conflict will likely pose an existential threat to the global, lightly regulated internet most liberal democracies know today. The Chinese model of the internet (a tightly regulated national network with few connections to the global system) will likely seem increasingly attractive to policymakers under intense political pressure to stop the constant barrage of foreign cyber-attacks. The global consequences of a shift to such a system would be devastating to the current paradigm of free-flowing information upon which much of the global economy is based.
War As Geopolitical Phase Change: Chaotic Systems and Phase Changes
Imagine a straight line composed of individual dots on a piece of graph paper. The line moves left to right. At a certain point along the line the dots begin to jump around and the line breaks up. Eventually the points are drawn together and reform a line. If you draw a box around the points between the two smooth segments of your line, the points inside that box will be scattered, without any rhyme or reason. In this example, the line is an orderly system, moving in a way that is understandable and predictable. The box that bounds the sporadic points is the outline of a chaotic system. The activity within the box seems strange and erratic.
The graph can be used as a model of human experience. Typically, events proceed in a way we can understand and plan for – a linear progression – but sometimes the nature of events becomes chaotic and we find ourselves unable to make sense of the world around us. War is the ‘phase change’ period of geopolitics, an inherently chaotic state during which unlikely or seemly insignificant events can play outsized roles in shaping the course of events. Once a person or a civilization is affected by war, the effects can be almost impossible to model. Who in early 2001 envisioned a major American deployment to Afghanistan by the end of the year? Importantly, the effect of war on technology can be also nonlinear and impossible to model.
Cyber at the Threshold of Phase Change
Highly specialized weapons of cyber warfare already exist in the form of STUXNET-class worms. Those weapons have already demonstrated an ability to inflict massive damage on targeted industrial systems. Clearly, cyber weapons will play a role in future conflicts, but it may be impossible to model the extent to which they will reshape the battlefield.
We are likely standing at the end of the first ‘linear’ period of the history of cyber warfare. Over the last two decades, crude denial of service attacks have evolved into more sophisticated distributed denial of service attacks. Vulnerabilities in operating systems have been used to exploit industrial control systems previously thought to be safe from manipulation due to the ‘air gap’ separating these control systems from the internet (in the case of STUXNET, the virus was introduced via a USB thumb drive). Cyber tactics are being developed, tested, combined, and retested on a daily basis.
If this already seems like a hopelessly complex problem to solve, I’ve got bad news for you. Kim Zetter, in her novel Countdown to Zero Day, states that, to date, the total volume of cyber-attacks conducted by nation states still only numbers in the hundreds, and those attacks largely have been conducted independent of conventional military actions. A notable exception, the ‘cyber salvo’ that Russia launched against Georgia immediately before Russia’s 2008 invasion, made headlines, but was only the beginning. Several hundred attacks sounds like a lot, but it’s still a small enough number that each attack can be studied and understood. Sustained conflict between any of the mature cyber powers (US, Israel, China, Russia, France, and Iran) will exponentially increase the number and complexity of attacks. Such a conflict will herald the beginning of the phase change.
At the Other End of the Chaotic Interval (The Example of Border Controls)
Though it’s impossible to model the way that cyber warfare will evolve once the phase change begins, we can still speculate, as many security experts have, about how a sustained cyber campaign might affect our world. The doomsday scenarios trotted out repeatedly over the last decade have become depressingly familiar: the banks will crash, satellites will fall out of the sky, and the dams will be blown open, flooding everything. Each of these scenarios imagines a particular cyber tactic being violently directed against a defenseless target. These scenarios contain two problematic misconceptions. The first problem with all these scenarios is that they presume to know which tactic (targeting banks, satellites, and dams) will be adopted by cyber actors. It’s impossible to know for sure which tactic will be adopted because that decision will likely made during wartime and hence occur during the chaotic interval when nothing can be safely predicted. The second problem is that these scenarios fail to appreciate the ways in which systems under attack will evolve to defend themselves. Warfare is a struggle between forces. Even if targeted nations are slow to understand what’s occurring, they will eventually develop strategies to counter cyber threats.
To use an analogy from the early 1900s, before World War I it was possible for a French citizen to travel from France to China with little or no documentation. The pre-World War I era was one of globalization – the states of Europe had not yet developed the mechanisms of border control we now associate with the inter-war and Cold War periods (imagine the fortified checkpoints surrounded by concertina wire and frowning soldiers crouched in machine gun nests).
After World War I, the surviving states all implemented strict border controls. They did this despite the cost and the detrimental effects that checkpoints have on trade and commerce. The risk of uncontrolled borders was just too great. In many cases these control measures lasted until the early 1990s when the European Union made a concerted effort to remove those barriers and expand the freedom of movement of goods and people throughout Europe.
The Fate of the Global Internet
Today’s internet is a truly global phenomenon. Users in the United States can easily access websites hosted in Russia, Poland, France, Kenya or Iran. These connections are lightly regulated by most nation states, though China is a major exception. These connections are also highly lucrative. The global internet has allowed financial institutions to quickly and efficiently synchronize operations around the world. Without the internet, there would be no online ordering or ‘just in time’ manufacturing chains. The social and economic benefits of a direct, unpoliced US – Russia internet connection outweigh the risk of, say, a concerted effort by Russian cyber actors to infiltrate the US banking networks. That may not always be the case.
The response of European states to the violent chaos released by World War I was to severely restrict inter-state economic traffic and the movement of people across borders. A similar phenomenon may occur following the first sustained conflict by major cyber actors. While countries may not completely choke off their citizens’ access to web addresses hosted in hostile nation states, it may be incumbent upon those countries to severely restrict that access in the name of network security. China has already moved in this direction by creating the Great Firewall, a system that strictly regulates the points where China’s internet connects to the rest of the global commons. President Putin recently called on Russia to build its own internet, calling the existing global internet a ‘CIA project.’
The movement away from a global Internet and toward a system of national or regional networks (North Atlantic, EU or North American for example) is one possible outcome of a future cyber conflict. While there is no guarantee that such segmentation will occur, it follows from the way that nations typically react to security crises for which they are unprepared. In a word; they ‘overreact,’ and tend to put heavy-handed structures in place that can take generations to remove (see also, post-9/11 airport security in the US). For the reasons outlined above, it is likely impossible to know exactly how a cyber-conflict will change our world… but human nature doesn’t change much. If we fail, as a nation, to appreciate the degree to which cyber conflict will change our world, we will likely make short-sighted decisions in the heat of the moment that may take a long time to fix. We should start grappling with the implications now, while we’re still in the linear phase and have some control over events.
Congress is in the process of reviewing the President’s Budget proposal for 2016. The services are in the process of defending that budget proposal by answering questions and providing briefings to Congressional Staffers and even, on occasion, to principal members. One of the fundamental questions we hear repeatedly is, “What if the Department of Defense is sourced at the fiscal limits of the Budget Control Act?” A more recent follow-on question is, “What if the fiscal monies provided are at the Budget Control Act level with supplemental funding provided via Overseas Contingency Operations funds?” The answers to both questions are fraught with long term risks that must be balanced very carefully.
Fundamentally, all four service Chiefs have gone on record saying that their service could not meet the strategic requirements of the nation – as detailed in the Defense Strategic Guidance – at any sourcing level below the President’s Budget proposal for 2016. They went further to say that the funding needs to be in the base account, vice Overseas Contingency Operations funds, to provide the stability and flexibility required for both short and long term investments. I’d like to address the imperative and basis for that concern.
Think of our Navy’s budget as a bowl of water placed atop a three legged stool. The water represents the warfighting capability of the Navy – both today and in the future. This warfighting capability is the core of our Navy’s ability to operate “where it matters – when it matters” all across the world. We’ve seen the need for this operational flexibility throughout our country’s great history – including as recently as last week when a Carrier Strike Group was quickly deployed off Yemen to prevent the sale of highly technical weapons that could result in a new, potentially catastrophic Sunni-Shiite war in the Middle East. That Strike Group has been successful because it had the ability to get to its required position quickly, with the appropriate weapons and fuel to stay and fight, and it maintains the ability to win in battle with another maritime force.
The stool that provides the foundational stability for the Navy’s warfighting capability is supported by three equally critical legs. The first leg is platforms – the correct number of ships, submarines, and airplanes required today and in the future. The second leg is modernization – equipment in those ships, submarines, and airplanes that enables them to fight successfully today and years from now. The third leg is people – skilled Sailors in the right places with the right training to operate those platforms now and in the future. As long as all three of those legs are adequately funded, we maintain balanced warfighting capability and our Navy can do its job.
When the overall Navy budget is reduced, however, the strength of one (or sometimes more than one) of those legs is reduced. That would equate to shorter leg(s) of the stool in my example. To keep the warfighting capability balanced, the legs must be reduced equally. The problem that we face in doing so is this: in an uncertain budget period like we face today, there is always an imperative to continue procuring the platforms we know we need in the future even as our budget is reduced in the near term. Fundamentally this is because of the long term planning (many years and even up to a decade) required to design and build a new ship, submarine or airplane. Based on history’s lessons we are relatively sure that the budget will come back up, but the question is when? When it does come back up we must be able to quickly and adequately invest in the other two legs to continue to have the warfighting capability our country needs. This potential near term imbalance is often discussed and the term most often used is “hollow”, as in a “Hollow Force.” We work hard across the spectrum of budget decisions to ensure we don’t allow that to happen. A Hollow Force is the last thing we need or want. As a result we continually adjust, year to year, the length of the three critical legs of the stool. The undesirable alternative which results from this delicate balancing act, and which requires much greater caution on our part, is the potential for a “Hollow Strategy.”
It is worth reiterating a couple of points that don’t often arise when either our Strategy or our Budget is under review. First, our Strategy (by definition) must serve as the guide for allocating our investments in current and future capabilities. A noteworthy corollary to this point is that the Strategy must also play a substantive role in determining the overall size of the budget (i.e. ensuring we have the resources necessary to make the strategy achievable). Secondly, our Budget investments today will ultimately determine our Strategy in the future. This point is clear if we consider the case of a strategy that calls upon non-existent capabilities; such an approach is clearly doomed to failure. These points together illustrate a crucial principle underpinning all considerations of Strategy and Budget – they are interlocked. With this in mind, it has been troubling that the discussion on BCA-level funding has included little consideration of the Strategic Impacts. Rather, the debate is always about whether or not we need the BCA cuts. As discussed above, our current approach will continue causing predictable harm to our Armed Forces’ ability to execute the Strategy – and defend our nation. Success in both Strategy and Budget means that the status quo of budget conversations must change.
The Defense Strategic Guidance (DSG) has ten core missions that the services must be able to execute to fulfill the overarching “DSG Strategy.” As the Navy’s total obligational authority reduces we continue to strive to be able to meet all ten missions. The truth is that base budget reductions below the level articulated in the President’s budget request – lead to an inability for the services to execute the DSG as written. This a slippery slope on which we need to be careful. We can’t ‘balance the stool’ (so to speak) during lean fiscal years and expect to have the capability that our strategic direction requires. This scenario illustrates how concerns over the National Debt can drive us, eventually, to a Hollow Strategy. Within the services we largely control how we spend the money Congress appropriates us. I believe the lessons we learned in the last three decades have taught us we cannot allow a Hollow Force to be the result of those investment decisions. When we consider the possibility of a Hollow Strategy, however, the services exercise much less direct control to avoid it because our strategic direction is provided from above. We do not want a “Hollow Strategy” and need to remain vigilant that we don’t inadvertently create one as we move forward. The specter of a Hollow Strategy looms ever closer, however, as we continue the conversations about Budget Control Act-level funding or even the related scenario in which some portion of the budget is provided in Overseas Contingency Operations funding. Absent a revised Defense Strategy, which accounts for funding which would be reasonably available in the base budget, the only real solution to this quandary is budget funding at the level in the President’s Budget request for 2016.
This Sunday join us for our 5th Anniversary Show. No guests, no agendas – just us talking about what 2014 had to teach us, and looking towards what 2015 may have in store for everyone in the national security arena. This is a great time if you ever wanted to call in to ask either one of us a question on a topic you wish we would address … or just to say “hi.” Just be warned, we might ask you a question back. It’s what we do.
5pm EST. 4 Jan 14.