Chinese hackers have obtained designs for more than two dozen U.S. weapon systems — including the Aegis Ballistic Missile Defense System, the F-35 Lighting II Joint Strike Fighter, the Littoral Combat Ship and electromagnetic railguns — according to a Monday report from The Washington Post. Read More
The Pentagon is cancelling a controversial medal designed to recognize contributions of unmanned aerial vehicle pilots and cyber troops, according to a Monday memorandum signed by Secretary of Defense Chuck Hagel obtained by USNI News. Read More
Adm. Jonathan Greenert, Chief of Naval Operations, is pushing for the Navy to pay more attention to threats in the Electromagnetic (EM) spectrum. Read More
A unit of the Chinese People’s Liberation Army is one the most persistent Chinese security threats responsible for stealing, “hundreds of terabytes of data from at least 141 organizations,” a Tuesday white paper from Virginia-based Mandiant claims and first reported by The New York Times. Read More
The following was excerpted from the U.S. Naval Institute’s 2012 annual history conference “The History and Future Challenges of Cyber Power” at Alumni Hall on the grounds of the U.S. Naval Academy on Oct. 16.
The panel discussion focused on the cooperation between the public sector (the intelligence and military for the sake of this discussion) and a private sector that is often vulnerable to cyber warfare.
The segment was moderated by University of Maryland School of Public Policy Research Professor Dr. William Nolte, who reminded the audience just how much people are touched by computers and by extension potentially cyber warfare on a daily basis.
“I used to ask audiences like this, ‘How many of you have used a computer today?’” Nolte said. “And people caught on. The easier question is, ‘How many have not used a computer today,’ meaning how many of you have not driven a car, or in some cases turning on your stove? You use your iPhone certainly. And this event I think has really taken us all by storm.”
Participating in Nolte’s panel was Dr. Michael Warner, the command historian for U.S. Cyber Command of the U.S. Department of Defense. Warner’s claimed that he is the only practicing “trained historian” in this field and explained his role a historian.
“Federal historians are those people who have to say to the boss, ‘Sir, ma’am — the problem is actually much harder than you realize and it’s much more complicated, too,’” Warner said. “So on that cheery note, that may be why there are so few federal historians because that is our job to bring this unwelcomed news to people.”
Proceedings, Oct. 2012
How likely is it that a conflict between two combatants involving both kinetic and cyber operations would be an asymmetric one? And does the answer to that question depend on who the combatants are? In a kinetic scenario, the creation and “massing” of forces is often possible to observe. Whether it is the number of troops, warheads, or aircraft, one can physically monitor the activity. The buildup can be measured in days or weeks. Such a scenario involving state-of-the-art kinetic weaponry also needs a high level of expertise that only comes from years of education and training. One needs a well-funded organization to support this kind of activity.You can trace the kinetic matériel fairly accurately to its source, and the effects of a kinetic attack unfold over an observable period of time. You can watch and react to it. Defense is possible as long as you are sufficiently diligent and prepared with a response.
The cyber battlefield is different. First, you don’t need a factory or a military base or physical materials. You don’t need the same sort of education, training, and expertise. All you need is a computer, Internet connection, and the time and patience to learn about software, hardware, and network vulnerabilities. Anyone can learn about and create effective cyber weapons. That’s why non-nation-state combatants are the most common potential adversaries. The development of offensive cyber weapons is very hard to actually “see.” It might be occurring in the room next to you, and you’ll be unlikely to know it.
Proceedings, September 2012
Savvy adversaries are more capable than ever of using high-tech gadgets and social media against the United States.
From Tunisia to Cairo, Sanaa, Bahrain, Benghazi, Damascus, London, Wall Street, Berkeley, and the University of California, Davis, 2011 was the year of the social-media revolution. Smartphones and social media have enabled groups of like-minded individuals to share information, spread their messages, and upend traditional relationships between the public and authorities. These developments are part of a continuing trend in the democratization of information: the empowerment of groups and individuals by information technology. Combined with the democratization of destruction, or the expansion of access to destructive technology and tactics, small groups and individuals will have greater ability to counter traditional security forces in hybrid and irregular conflicts, where force-on-force military engagements may be blended with other operations aimed at influencing key populations.1
The future operating environment will be one of contested domains—air, land, sea, space, cyber, the electromagnetic spectrum, and increasingly, the influence domain, where individuals and groups compete to spread their messages. U.S. military forces must be prepared for future challenges within these domains from nation-states as well as non-state groups or individuals. While the Department of Defense (DOD) is generally good at estimating and preparing for challenges from organized military forces, threats from non-state groups tend to be more diffuse and decentralized, more organic, and less predictable in nature.2 The continued diffusion of power to non-state groups will increase the challenges associated with irregular and hybrid warfare, with significant implications for U.S. forces.3
The Democratization of Information
The widespread availability of social media and Internet-capable smartphones has transformed relationships between the public and traditional authority. In the past few years, these technologies have helped non-state groups record and broadcast abuses of power, organize to form ad hoc collectives, and counter messages from authorities. In many cases, authorities have been slow to realize the implications of these changes. Even U.S. domestic agencies have repeatedly been embarrassed by incidents in which officials have been recorded using heavy-handed tactics. Images and video of peaceful protesters being pepper-sprayed, abused, or intimidated by law-enforcement officials in New York, Berkeley, UC Davis, the University of Maryland, and Washington, D.C., have led to outrage, suspension of offending officials, and in at least one case felony criminal charges.4
States are increasingly standing up military and intelligence organizations for computer network operations. While countries everywhere perceive a need to attack and defend in cyberspace, cyber forces are of particular interest to security in Asia because they coincide with a regional investment in naval, air, and command, control and communications systems. And although American society may be vulnerable to disruption, highly technical and increasingly informatized Asian societies also face complex security challenges.
For years, most understood Asian cyber issues through the prism of China. Since the early 1990s, the Chinese have evinced an intense doctrinal and practical interest in information warfare. The Chinese simultaneously desired to “informatize “their conventional forces in imitation of the United States while developing command and control warfare tools as part of a larger asymmetric warfare strategy.
India is centralizing network defense around the National Critical Infrastructure Protection Centre, with the Intelligence Bureau in charge of patrolling government networks. The Indian Defense Intelligence Agency may be vested with power to conduct offensive attack. While India has not developed a cyber strategy like the United States, it is taking cyber seriously. As in the United States, India’s cyber efforts are split between civilian cybersecurity and the offensive tools of the state. Symantec recently decried a lack of security knowledge.