Offensive cyber
attacks. This is what several recent
posts have been dealing with and now the Air Force is providing proof that it’s
all realistic and relevant. A Breaking
Defense website article discusses the Air Force’s use of a modified EC-130
Compass Call aircraft to conduct remote, wireless hacking (“manipulate” is the
word used in the article) of enemy networks (1). If true, this kind of ability to get inside
an enemy’s network is immensely valuable.
Think about our own [over]dependence on networks and what successful
attacks on them would do to our warfighting capability.
Let’s consider this
capability from both an offensive and defensive perspective.
Offensively, the ability to
remotely and wirelessly manipulate an enemy’s data and networks offers the
opportunity to not only remove a great deal of command and control oversight
but also to disrupt defensive AAW networks, radar and sensing networks, and
general data transfer capabilities. This
could, theoretically, push combat back to the local, manual level where any
given weapon has only its own immediate sensor awareness, if even that.
Consider a hypothetical
A2/AD zone. The zone is effective due in
part to the number of enemy assets physically contained in the zone but also,
perhaps more so, due to the networking of sensors and weapons such that the
entire zone functions as a single defensive entity. If we can break that single entity
functionality we can isolate and overwhelm select assets and areas to achieve
specific objectives. The zone becomes
transformed from a single entity to a collection of individual sensors and
weapons operating on their own, largely unsupported in any coordinated way.
While the article was about
the Air Force’s efforts to mount such a capability from an aircraft, it’s not
hard to imagine the same capability being deployed from a submarine. A slow, defenseless aircraft is going to be
limited as to how closely it can approach an enemy but a submarine is
unlimited.
Of course, the size and
weight of the required equipment is unknown.
Does it require an entire large aircraft to house it or is it just an
IPad hooked into a transmitter and could be mounted on any aircraft or
individual soldier? How many people are
required to operate the equipment or is the process totally automated? Could a small aerial or subsurface drone
house and operate the equipment? Those
are important questions and I doubt we’ll have any public information about
this for quite some time. The fact that
the Air Force chose to modify an EC-130 suggests that the required equipment,
power, and manning is somewhat substantial.
Defensively, we need to
recognize that what we can do, so too can our enemies do to us. We’ve touched on this in recent posts. We discussed EMCON concerns (see, “Combat in the Information Age”). We need to realize that EMCON is a two way
street. Not only do we need to avoid
electronic emissions as a means of avoiding detection but we need to shield our
equipment from incoming signals to avoid the very remote, wireless cyber
attacks that we’re talking about now.
Currently, most of our equipment is not well shielded to prevent
outgoing emissions but it is woefully unshielded against incoming signals. Every electronic device on a ship must be
considered a potential portal through which an enemy can attack.
We also discussed
the concept of networks as a critical center of gravity for the Navy and also
as a critical vulnerability (see, "Center of Gravity"). Again, the remote, wireless attacks that
we’re discussing are exactly why I specified the Navy’s networks as both a
center of gravity and a vulnerability.
We need to develop far more robust protections for our networks and
consider the prospect of having to fight with significantly degraded networks.
Currently, our network
capabilities and security are assumed to be a given. We train with fully operational
networks. Just like we should be
training in electromagnetically challenged environments, so too should we be
training in degraded network environments.
Has any training exercise started by shutting down all the networks and
then saying, “fight”? Undoubtedly, the
response would be, “How?”. We need to
train to fight without absolute dependence on networks. In fact, we should be training to fight
un-networked, if necessary.
Network vulnerability also
suggests that we should be designing networks that can be segregated and
isolated the moment cyber attacks are detected.
In other words, we should be designing networks that can fail in an
ordered and predictable manner rather than catastrophically.
This also suggests that we
need to build redundancy into our networks.
Just as we have (or used to have) redundant systems to mitigate battle
damage, so too should we have redundant networks. While we have a degree of redundancy in our
current networks (backup servers and so forth) the redundancy is aimed at
mitigating physical damage not cyber damage.
In order for a network to be redundant in the face of cyber attacks it
must be completely isolated physically and electrically from its redundant
self. Any cross connection (power,
uninterruptible power supplies, surge protection, user terminals, etc.) offers
a pathway for a cyber-damaged network to infect its redundant self.
Consider the glowing claims
made for using AESA radars to not only find targets but to communicate with
other platforms, transfer data, and perform a degree of ECM. Unfortunately, this also means that AESA
radars are a potential portal for enemy cyber attack. I’m certain that these radars have no cyber
attack protections built in. Think about
the multitude of antennas on a modern aircraft.
Each one is a potential portal.
Think about what would happen if a cyber attack on aircraft radars could
get each radar to strobe on. That would
provide the enemy with instant locations of all our aircraft.
How realistic is any of
this? I have no idea but the Air Force
seems to think it can do something along these lines so I’m sure our enemy can,
too. To the best of our public knowledge,
Chinese, North Korean, and Russian cyber attack capabilities are well ahead of
our own. Heck, they should be – they’ve
been practicing them daily against our systems for years.
This remote, wireless cyber
attack capability not only presents a powerful opportunity for offensive
exploitation but it should serve as a frantic alarm concerning our new offset
strategy which proposes, in part, to depend ever more heavily on information
dominance, data, and networking in lieu of traditional explosive combat
power. If we find our networks
compromised, our entire offset strategy would be invalidated. Indeed, it seems as if that portion of the
strategy is already seriously at risk.
We need to re-evaluate just how much emphasis and reliance we want to
put on networks. The Chinese and
Russians are certainly putting a lot more emphasis and reliance on good
old-fashioned explosives. Perhaps their
cyber experience has demonstrated to them something about the future of warfare
that we have not yet grasped?
(1)Breaking Defense, “Wireless
Hacking In Flight: Air Force Demos Cyber EC-130”, Sydney J. Freedberg Jr., September 15,
2015 ,
My wife had a thought.
ReplyDeleteOn 12/18, the new Star Wars movie comes out. As most of the IT departments in the US get sucked into movie theaters doesn't that create an opportunity for cyber attacks?
(Just kidding..)
I cannot imagine it would be worse than any of the previous Star Wars films, the Lord of the Rings series, and similar geeky interests.
DeleteThat said, attacking on a specific day or time to achieve maximum surprise is a possible tactic.
A real world example was the 1973 Yom Kippur War.
This comment has been removed by the author.
ReplyDeleteA sub can beach on a Chinese shore (a little hyperbole there) for all practical purposes and do so undetected. To use your own statement, do you really think an EC-130 could penetrate the Chinese A2/AD zone to within 200 miles of the Chinese shore and survive???
DeletePlease don't turn this into a one-or-the-other discussion. I simply offered the thought that a sub might make a useful platform in addition to an aircraft. I could imagine a sub approaching harbor/base facilities and wreaking all kinds of network havoc with a very low risk of detection and a very high degree of survivability.
This comment has been removed by the author.
DeleteWait a minute. Back the EC-130 up! You credit the EC-130 with a 200 mile standoff effective range for this kind of network manipulation (a range that is totally unsupported by an fact, by the way - we have no idea what range we have to be at to do this) and you credit the sub with a 3 ft range (OK, you didn't actually say that but you suggest an incredibly short range. I see no reason why a sub couldn't stand 10-20 miles off (he said, having no idea how this capability actually works!). For a sub, that's total survivability.
DeleteYou seem to think a sub is at risk of detection but a giant non-stealthy aircraft is not?? How long do you think a non-stealthy, slow, HVU is going to survive deep inside a Chinese A2/AD zone? 200 miles is not much if an enemy has decided you're worth killing.
Now, if you want to postulate a stealthy UAV design dedicated to this mission, fine. Of course, we get back again to the unrealistic assumption that UAVs will be able to blithely penetrate thousands of miles of A2/AD zone and carry out all manner of missions with total impunity.
You also caught my note in the post about having no idea what level of power, antennas, computers, etc. are needed for this capability? We may need a sub or EC-130 just to house the equipment or we may need only a micro-miniature computer chip glued onto the back of a seagull. We have no idea. So, before you commit to a RQ-180, you might want to find out what the equipment requirements are. If you already know what they are, please share!
This comment has been removed by the author.
DeleteThis comment has been removed by the author.
DeleteThe article does not make it clear but I'm assuming that the locus of attack would not be a tower or other centralized point but, rather, a lesser "node" like an individual aircraft, ship, or computer. Thus, a sub or aircraft would not need to get near the heart of a network - any remote node would do. Pure speculation on my part but it ties in with some other pieces of information that have appeared recently along these lines.
DeleteThere seem to be a lot of assumptions:
ReplyDelete1. Assuming that the network is not compromised
2. That air superiority is a given
3. Western troops are always better armed, trained, and equipped
4. No jamming
5. No mines
6. The enemy won't respond in a creative asymmetric manner and will behave as predicted
7. In the case of many people, that American victory is always a given (despite past failures)
8. Western weapons will always work reliably or as the manufacturer advertises
We could make a longer list.
These are all very dangerous assumptions to be making.
Also assuming that EMP or microwave bursts do not shut down sensitive electronics .
DeleteFrom our defensive perspective, we have to realize that Software is a critical as nuclear weapons, Aegis Doctrine, submarine propellers, etc.
ReplyDeleteI make that argument because one virus inadvertently on a USB stick with family photos could make a carrier a giant boat anchor.
Yet we continue to ignore Information Assurance and to insist on using fielded systems that require large numbers of software upgrades.
Would we treat a nuclear weapon or missile this way?
So while we plan to do it to the other guys, take a look at our own systems also.
Well said.
DeleteRead how the F-35 program is foregoing IA tests on their MAINTENANCE SW so that they can keep flying.
DeleteI can't make this stuff up, I am NOT that creative.
http://www.pogo.org/our-work/straus-military-reform-project/weapons/2015/f-35-officials-prove-need-for-cyber-testing.html
Thanks for the heads up and the link. I hadn't seen that one. That's pretty discouraging although it falls in line with everything else we've seen.
DeleteSorry , unrelated news about another problem with LCS and it's drone.
ReplyDeletehttp://www.bloomberg.com/news/articles/2015-12-08/littoral-combat-ship-can-t-hunt-mines-due-to-unreliable-drone
NICO, thanks. That problem has been thoroughly documented by Mr. Gilmore at DOT&E. It's absolutely baffling why the Navy would continue to push ahead so aggressively with such a flawed system. The Navy has established an "independent" group to study the issue and make a recommendation which will, of course, be to continue production.
DeleteVery much like your point on AESA.
ReplyDeleteFirstly from the point of adding communications redundancy and protection.
AESA can theoretically run hundreds of LOw prob intercept data lines at once.
With prevalance of multi arrays and duel band. We need to utilise.
Its not going to be easy to hack. But theoretically of course possible.
Howerver with AESA the possibility of link 22 + mega encryption is very possible.
Only problem is as we see from the f22. Getting differing arrays to chat the each other.
One open question I have on this is the detectability of the radiating (AESA) platform. While the probability of intercept is low, the probability of detection may be high. So, having a F-35 radiating data may not be a good idea.
DeleteI'm nowhere near expert enough in radar, comms, electronics to offer a valid assessment of this particular issue. I can see the possibility of a problem but not the magnitude.
AESA is a very complex subject. The likely hood of detection is very low compared to traditional methods, but it all comes down to the number of frequencies each Transmit and receive module can put out, how often they are being used and of course each of their individual power output.
DeleteThe theory is that each individual pulse at differing frequencies should show up at range as little more than background radiation. It should look random with no discernible pattern and no single pulse strong enough to look coherent.
But we know from subs passive sonar that if you can run a time laps analysis you can pull defined frequency spikes in what look like white noise.
So basic detection of presence is theoretically possible.
I’m sure the technology will be perfected and increased to wider frequency bands and more and more modules per array making detection more and more difficult. ( longer and longer time required )
It’s not too much of an issue with an F35, because if you have to wait 30 minutes just to detect there is one about, its way to late.
Even on a fast moving surface action group it’s not tactically significant, as you can’t glean data, range or even a very good bearing, but as you say, ideally you would rather no-one has a clue your even there.