Offensive cyber attacks. This is what several recent posts have been dealing with and now the Air Force is providing proof that it’s all realistic and relevant. A Breaking Defense website article discusses the Air Force’s use of a modified EC-130 Compass Call aircraft to conduct remote, wireless hacking (“manipulate” is the word used in the article) of enemy networks (1). If true, this kind of ability to get inside an enemy’s network is immensely valuable. Think about our own [over]dependence on networks and what successful attacks on them would do to our warfighting capability.
Let’s consider this capability from both an offensive and defensive perspective.
Offensively, the ability to remotely and wirelessly manipulate an enemy’s data and networks offers the opportunity to not only remove a great deal of command and control oversight but also to disrupt defensive AAW networks, radar and sensing networks, and general data transfer capabilities. This could, theoretically, push combat back to the local, manual level where any given weapon has only its own immediate sensor awareness, if even that.
Consider a hypothetical A2/AD zone. The zone is effective due in part to the number of enemy assets physically contained in the zone but also, perhaps more so, due to the networking of sensors and weapons such that the entire zone functions as a single defensive entity. If we can break that single entity functionality we can isolate and overwhelm select assets and areas to achieve specific objectives. The zone becomes transformed from a single entity to a collection of individual sensors and weapons operating on their own, largely unsupported in any coordinated way.
While the article was about the Air Force’s efforts to mount such a capability from an aircraft, it’s not hard to imagine the same capability being deployed from a submarine. A slow, defenseless aircraft is going to be limited as to how closely it can approach an enemy but a submarine is unlimited.
Of course, the size and weight of the required equipment is unknown. Does it require an entire large aircraft to house it or is it just an IPad hooked into a transmitter and could be mounted on any aircraft or individual soldier? How many people are required to operate the equipment or is the process totally automated? Could a small aerial or subsurface drone house and operate the equipment? Those are important questions and I doubt we’ll have any public information about this for quite some time. The fact that the Air Force chose to modify an EC-130 suggests that the required equipment, power, and manning is somewhat substantial.
Defensively, we need to recognize that what we can do, so too can our enemies do to us. We’ve touched on this in recent posts. We discussed EMCON concerns (see, “Combat in the Information Age”). We need to realize that EMCON is a two way street. Not only do we need to avoid electronic emissions as a means of avoiding detection but we need to shield our equipment from incoming signals to avoid the very remote, wireless cyber attacks that we’re talking about now. Currently, most of our equipment is not well shielded to prevent outgoing emissions but it is woefully unshielded against incoming signals. Every electronic device on a ship must be considered a potential portal through which an enemy can attack.
We also discussed the concept of networks as a critical center of gravity for the Navy and also as a critical vulnerability (see, "Center of Gravity"). Again, the remote, wireless attacks that we’re discussing are exactly why I specified the Navy’s networks as both a center of gravity and a vulnerability. We need to develop far more robust protections for our networks and consider the prospect of having to fight with significantly degraded networks.
Currently, our network capabilities and security are assumed to be a given. We train with fully operational networks. Just like we should be training in electromagnetically challenged environments, so too should we be training in degraded network environments. Has any training exercise started by shutting down all the networks and then saying, “fight”? Undoubtedly, the response would be, “How?”. We need to train to fight without absolute dependence on networks. In fact, we should be training to fight un-networked, if necessary.
Network vulnerability also suggests that we should be designing networks that can be segregated and isolated the moment cyber attacks are detected. In other words, we should be designing networks that can fail in an ordered and predictable manner rather than catastrophically.
This also suggests that we need to build redundancy into our networks. Just as we have (or used to have) redundant systems to mitigate battle damage, so too should we have redundant networks. While we have a degree of redundancy in our current networks (backup servers and so forth) the redundancy is aimed at mitigating physical damage not cyber damage. In order for a network to be redundant in the face of cyber attacks it must be completely isolated physically and electrically from its redundant self. Any cross connection (power, uninterruptible power supplies, surge protection, user terminals, etc.) offers a pathway for a cyber-damaged network to infect its redundant self.
Consider the glowing claims made for using AESA radars to not only find targets but to communicate with other platforms, transfer data, and perform a degree of ECM. Unfortunately, this also means that AESA radars are a potential portal for enemy cyber attack. I’m certain that these radars have no cyber attack protections built in. Think about the multitude of antennas on a modern aircraft. Each one is a potential portal. Think about what would happen if a cyber attack on aircraft radars could get each radar to strobe on. That would provide the enemy with instant locations of all our aircraft.
How realistic is any of this? I have no idea but the Air Force seems to think it can do something along these lines so I’m sure our enemy can, too. To the best of our public knowledge, Chinese, North Korean, and Russian cyber attack capabilities are well ahead of our own. Heck, they should be – they’ve been practicing them daily against our systems for years.
This remote, wireless cyber attack capability not only presents a powerful opportunity for offensive exploitation but it should serve as a frantic alarm concerning our new offset strategy which proposes, in part, to depend ever more heavily on information dominance, data, and networking in lieu of traditional explosive combat power. If we find our networks compromised, our entire offset strategy would be invalidated. Indeed, it seems as if that portion of the strategy is already seriously at risk. We need to re-evaluate just how much emphasis and reliance we want to put on networks. The Chinese and Russians are certainly putting a lot more emphasis and reliance on good old-fashioned explosives. Perhaps their cyber experience has demonstrated to them something about the future of warfare that we have not yet grasped?
(1)Breaking Defense, “Wireless Hacking In Flight: Air Force Demos Cyber EC-130”, Sydney J. Freedberg Jr.,