IHS Jane’s International Defence Review Zeros and ones: tackling cyber at the tactical edge Publication: International Defence Review Last posted: 2013-Nov-05 The rise of network-enabled capabilities has been a two-edged sword, offering ever-swifter decision-making and action, but also raising the spectre of vulnerability through reliance. Anika Torruella reports on how those concerns threaten strategic and tactical capabilities Weapon systems, intelligence, surveillance and reconnaissance (ISR) equipment, communications infrastructure and assets such as aircraft and tanks, together with their respective command-and-control systems, are increasingly intrinsically dependent on sophisticated electronic componentry for datalinks and network connectivity. These building blocks of the modern information age enable cloud services, signal layering and fusion, real-time digital information sharing and analysis, access to graphic processing unit (GPU)- linked servers, geo-location targeting, high- throughput satellite communications architecture, blue-force tracking, stealth technology, remote detection and identification, and remotely controlled engagement and evasion, tools key to situational awareness superiority, operational supremacy and information dominance. However, while digital connectivity enables networked force multipliers, this reliance on systems and equipment has inherent exploitable vulnerabilities. Modern warfare, in many arenas, has eclipsed the need for the physical occupation of territory and access points to instigate battle strategies of disruption, confusion and delay, as they can now be accomplished in cyberspace. Francis Cianfrocca, founder, chairman and chief executive officer of Bayshore Networks told IHS Jane's that "cyber is now recognised as one of the [domains] of war so that means that [defence departments] are very eager and very focused in acquiring expertise to manage cyberspaces". State actors such as China, Iran, Russia, and the United States have the overt capability to control, spoof, circumvent or disrupt information systems that have strategic military value, largely anonymously. More recently, commercial off-the- shelf software has allowed nation states with even meagre conventional means of warfare, to wage theoretically bloodless offensive campaigns against well-established powers. Military deception (MILDEC), psychological operations (PSYOP), communications interception, signals analysis and decryption, theft and destruction of information and productivity corruption have a long-established history. Lessons learned from the 2007 Estonia and 2008 Georgia-Ossetian attacks, which caused widespread economic and psychological disruptions, and the more recent information system compromises inside QinetiQ North America (2007-10), NASA, the Pentagon (2011), and Lockheed Martin illustrate that cyber attacks such as spoofing, denial of service, ghosting, website defacement, misconfigured services, keylogging, brute-force password cracks and drive-by downloads are as viable a strategic military option as physical industrial sabotage and espionage. "That shows you the impetus for cyber war: to destabilise infrastructure. It's another [domain] of war, really, and an 1 objective that people have been pursuing that goes back to the early 1980s at least, if not even earlier. But the rise of Page Copyright © IHS 2013. All rights reserved. IHS Jane’s International Defence Review Reproduced with permission. computer networks - which everyone knows about - over the last 10 years has just opened the attack surface and created some tremendous vulnerabilities," said Cianfrocca. William Mabon, director of the Cyber Security Product Portfolio at BAE Systems told IHS Jane's that "it's the same kind of communication protection that people thought about in [the Second] World War. But with electronic networks, it's much more dense. The value of the information is much higher, because again, machine-to-machine communications enables much more rapid and fluid control over mission objectives and the actual battlespace environment," Cianfrocca agreed. Cyber warfare appears to offer the proponent specific advantages over conventional physical tactics. Attacks can be launched from a remote location. Physical damage to critical infrastructures, such as civilian and media communication facilities or cellular networks can be limited and industrial sabotage can be accomplished without local access. Additionally, attacks are largely unattributable and usually bloodless - however costly to reputations and balance sheets - mitigating a nation-state response. Military forces are still scrambling to understand and struggling to define the multi-dimensional and omni-directional nature of the information environment (IE) and cyberspace battlefield, as well as their own information-related capabilities (IRC) and the IRC of their asymmetrical and peer-to-peer adversaries (state and non-state). As a result, most current military doctrines are struggling to remain relevant with rapidly changing technology and cyber-warfare capabilities. The NATO Cooperative Cyber Defence Centre of Excellence located in Tallinn, Estonia, was established in 2008, and in 2011 NATO approved a revised Policy on Cyber Defence and an associated Action Plan. In 2012, a EUR58 million (USD80 million) contract was awarded to establish a NATO Computer Incident Response Capability (NCIRC) Technical Centre in Mons, Belgium. About 2,500 confirmed serious attacks on NATO computer systems installed at 55 global locations occurred in 2012 and attacks on NATO defence systems are only expected to grow more numerous, frequent and sophisticated. This year, a core network-defence management infrastructure and analytical capability was installed at the NCIRC. In the United States, the Obama administration classified cyberspace as strategically important to national security in 2009, and stood up the US Cyber Command (USCYBERCOM) in 2010. Then, in November 2012 the US Joint Armed Forces released a doctrine regarding Information Operations (IO) and the Information-Influence Relational Framework, which outlined key IO complementary capabilities such as Operations Security (OPSEC). It also covered: processes designed to mitigate "risks associated with specific vulnerabilities in order to deny adversaries critical information and observable indicators"; Information Assurance (IA) or protection of "infrastructure to ensure its availability, to position information for influence, and for delivery of information to the adversary"; counter-deception; physical security; electronic warfare (EW) or the use of the electromagnetic spectrum (EMS) to identify and locate threats and shape, disrupt or exploit the enemy's use of the EMS. In addition, it expanded to cover Cyberspace Operations (CO), which denies or manipulates adversarial decision-making through information mediums such as access points, the encrypted messages, or a cyber-persona; and Military Information Support Operations, which subsumes activities previously known as PSYOPS and MILDEC. The latter is defined as "actions executed to deliberately mislead adversary decision makers, creating conditions that will contribute to the accomplishment of the friendly mission". With increasing reliance on cyber technology, the confidentiality, integrity and availability of linked networks also increases in importance. Against this background, network resilience is key to safeguarding essential operational data and consequent information gathering and analysis. "So, what you really care more about is integrity ... protecting the integrity of the systems and protecting the availability," said Cianfrocca. 2 Traditional firewalls, next-generation firewalls and heavy encryption services build logical barriers around critical control system networks and monitor, shape or usurp suspect or unauthorised access. However, even if very little logical Page Copyright © IHS 2013. All rights reserved. IHS Jane’s International Defence Review Reproduced with permission. connectivity exists, malicious or unintentional misuse by an operator can compromise the systems. Or breaches may occur by an undetected piggyback through an "essential" connection. Previous attacks have largely targeted unclassified networks and systems, which nevertheless still contained sensitive information such as military maps, troop configurations, technological schematics, source code for proprietary software and detailed papers on scientific research, testing and development. Targeted systems typically also provide logistical support to armed forces. Recent interest in 'perimeterless' single security and data-centric architectures - designed to protect data rather than networks, improve command-and-control capabilities and encourage increased information sharing - has fuelled a desire to possibly eliminate firewalls altogether, as announced by the US Defense Information Systems Agency (DISA) in June 2013. The Idaho National Laboratory staged 'Operation Aurora' in 2007, a simulated cyber attack that demonstrated how control of a previously internally closed control system with access to rotating machinery, such as generators, pumps, turbines, valves, switches or circuit breakers, when shifted to a networked SCADA system that enables remote operation, could be usurped and exploited to self-destruct. Networked or digital weapons, equipment and vehicles may also be more directly susceptible to sabotage, foreign influence, and loss or corruption of command and control through the