Archive for the 'information assurance' Tag

2015-02-15-ALASAConceptImage2From hapless Norwegian coastal battleships in WWII to last decade’s unarmored HUMVEEs, there are things that look good on paper and are highly functional for a nation at peace, that in hindsight do not seem all that great once an enemy gets a crack at them.

There are a few reliable constants to war at; one is that the things you rely on the most, your critical vulnerabilities identified by the enemy will always be targeted first.

A competent commander is self-aware of his own critical vulnerabilities, and makes a reasonable effort to protect them. Understanding the chaotic and dynamic nature of war, no critical vulnerability can be fully protected and needs backups – you need redundancy, especially if you have a critical requirement that is also one of your critical vulnerabilities.

For so long we have assumed access to the electromagnetic spectrum as a given, and access to satellites – those gloriously exquisite linchpins of the modern navy – as a given, then perhaps we should consider how we can provide Carrier Strike Group Commanders and Maritime Component Commanders the ability to replace wartime losses and complicate the enemies targeting our satellites.

Satellite constellations set up in peace are the fixed coastal defenses of the modern age – easy to target and plan against – and most likely first on an enemy’s targeting priority list.

What if a local commander could re-establish capabilities or even create new ones using those units under his command, at his discretion?

What if that capability wasn’t just an idea, but close to making a shadow on a ramp? This is something I pondered while reading about DARPA’s Airborne Launch Assist Space Access program, or (ALASA);

If all goes according to plan, a series of 12 orbital flights would then commence in early 2016 and wrap up by the middle of the year, DARPA officials said.

“The plan right now is, we have 12 [orbital] launches. The first three are fundamentally engineering checkout payloads,” Bradford Tousley, director of DARPA’s Tactical Technology Office, said Feb. 5 during a presentation at the Federal Aviation Administration’s Commercial Space Transportation Conference in Washington, D.C. “The other nine will be various scientific and research development payloads that we’re after.”

The ALASA military space project consists of an F-15 fighter jet carrying an expendable launch vehicle underneath it. Once the F-15 gets up to a sufficient altitude, the rocket releases and ignites, carrying its payload to orbit. The F-15 would then return to Earth for a runway landing, after which it would be prepped for another mission.

Perhaps we are at the point that it is still too big for anything smaller than an F-15E … but … put the engineers on it. Platform or payload, one of them should be able to be modified at a reasonable cost.

Additional satellite communications, ISR, etc – all just a magazine elevator away. Ponder it a bit.

In war, few things are better than for your opponent to think you are blind and helpless and then they move in for the what they think is the quick and easy victory … or that they think that is what you want them to do … but if you don’t have that capability then, well … you don’t. You miss an opportunity to deceive your enemy, or to sow doubt and confusion in the mind of their commander – two things anyone would like to have in their quiver.

… and no, “Call the USAF and have them do it for you from CONUS.” is not the correct answer. To call the USAF from WESTPAC, you need … ahem … satellites – or still have low-baud HF TTY. Oh, and … well … priorities.


Kevin Mitnick, the infamous hacker and social engineer turned security consultant, gave a presentation at this year’s History Conference at the Naval Academy today. He gave numerous examples of extracting information from people and companies by using their own trust and knowledge against them. His demonstrations likely startled many of the audience members with the range of methodologies and, more importantly, the success rate.

Some may look at the seemingly endless list of ways attackers can obtain what they’re looking for and throw their hands up in despair. It’s important to take a step back and consider some important factors in responding to, and hopefully mitigating, attack vectors.

Technology alone won’t save you. If you fight technology with technology, you’ll lose. All the firewalls and intrusion detection systems in the world won’t be a guarantee that networks won’t be breached. There’s no such thing as an impenetrable system, and no such thing as bugless software. Kevin’s demonstration of exploiting vulnerabilities in widely used commercial software proves this. Moreover, this isn’t just software being used in the private sector. Many of the exploits he demonstrated take advantage of software that’s become an integral part of the way the military handles its information. As if this weren’t enough, the files used to carry out every successful exploit passed antivirus scanning without incident, and were run on fully patched, up-to-date systems.

That’s not to say technological security measures are pointless; far from it. Strong passwords, multi-factor authentication, limited access permissions, and strict data management are as important now as they’ve ever been. Placing full faith in their protection, however, is misguided.

Read the rest of this entry »