Recommendations on Cyber Threats and Warfare - Part 1

This piece covers what I consider to be the five most important recommendations in dealing with cyber threats and cyberwarfare.  These five most important recommendations include the following:

1. Defense Also Involves Offense. There needs to be an understanding that defense also involves offense.
2. Tools for Offensive Online Warfare. It is unclear whether the tools for offensive online warfare exist, and extensive R&D efforts may be needed to improve them.
3. Central Organization in the DoD to Fight Cyberwarfare. There must be a clear central organization in the DoD that is trained and equipped to fight cyberwarfare and respond to large-scale foreign attacks by governments, terrorists, and extremists.
4. A Clear Response Doctrine. The U.S. government needs to develop a clear response doctrine.
5. Right to Respond Unilaterally. The United States should reserve the right to respond unilaterally to attacks against its infrastructure.

The ensuing sections detail each of my five most important recommendations for homeland defense.  The reason why I consider these five as the most important recommendations is because they are all tightly interrelated and work together as an integrated entity.

Defense Also Involves Offense

Recommendation No. 1. There needs to be an understanding that defense also involves offense.

A cyber war is a conflict that uses hostile, illegal transactions or attacks on computers and networks in an effort to disrupt communications and other pieces of infrastructure as a mechanism to inflict economic harm or upset defenses (Coleman, 2008).  This is one of the most important recommendations because if our enemies conduct a cyber war against us, we must be prepared to defend ourselves and also be capable of taking the offensive.  The best defense is a good offense.

Cyber War Games. To prepare for a cyber war, the U.S. government conducted a series of cyber war games to test its ability to recover from and respond to digital attacks.  Code-named ‘Cyber Storm II,’ this was the largest-ever exercise that evaluated the mettle of information technology (IT) experts and incident response teams from 18 federal agencies, which included the Central Intelligence Agency (CIA), Department of Defense (DoD), Federal Bureau of Investigation (FBI), and National Security Agency (NSA).  Additionally, it included officials from nine states including Delaware, Pennsylvania, and Virginia.  Furthermore, over 40 companies participated including Cisco Systems, Dow Chemical, McAfee, and Microsoft (Krebs, 2008).

In the inaugural Cyber Storm in 2006, planners simulated attacks against the communications and IT sector and the energy and airline industries.  This year’s exercise featured mock attacks by nation states, terrorists, and saboteurs against the IT and communications sector and the chemical, pipeline, and rail transportation industries (Krebs, 2008).

Jerry Dixon, a former director of the National Cyber Security Division at the Department of Homeland Security (DHS) who helped to plan both exercises, said Cyber Storm is designed to be a situational pressure-cooker for players.  Those who adopt the proper stance or response to a given incident are quickly rewarded by needing to respond to even more complex and potentially disastrous scenarios (Krebs, 2008).

Offensive Cyber War. Lt. Gen. Robert Elder Jr., USAF, has revealed that a U.S. Air Force Cyber Command is set to become operational in October 2008.  It is aimed at not only fighting off “cyber” attacks from foreign countries and terrorist groups but also to go on the offensive.  According to General Elder, offensive cyber-attacks in network warfare make conventional attacks more effective, e.g., if an adversary’s integrated defense systems or weapon systems can be disrupted using cyber attacks.  Modern armies that tend to be more and more dependent on computers and computer networks also become more vulnerable to network attacks (Anonymous, 2008).

U.S. Cyberwarfare on the Offensive. The United States, of course, is no innocent bystander.  William M. Arkin, a defense analyst who writes the Early Warning blog for the Washington Post, says, “Our ability to penetrate into enemy computer networks, our ability to exploit communication networks, to manipulate digital information, is real,” but little is known about the precise nature of Washington’s offensive capabilities.  Some details, however, have leaked.  For instance, in March 2004, the Pentagon announced the formation of an Information Operations team – the Network Attack Support Staff – to streamline the military’s cyber attack capabilities.  The aim, senior military officials said at the time, was to create an “interface between the combatant commanders and the intelligence community” (Bruno, 2008).

Offensive Information Warfare. The DoD maintains redundant systems in place to defend its network against cyber attacks.  However, in 2007, it has started to push development of offensive information warfare capabilities.  If “we apply the principle of warfare to the cyber domain, as we do to sea, air, and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests,” Marine Gen. James Cartwright, commander of the Strategic Command, told the House Armed Services Committee in March 2007 (Brewin, 2007).

Tools for Offensive Online Warfare

Recommendation No. 2. It is unclear whether the tools for offensive online warfare exist, and extensive R&D efforts may be needed to improve them.

This recommendation is most important because if we are to take the offensive, we must possess offensive tools. Additionally, if we do not possess sufficient offensive tools, then we must conduct the R&D to develop and improve them.

Cyberwarfare Strategies. Technology experts and military strategists as well as city and urban planners are collaborating on cyberwarfare strategies design to disrupt and defend against critical offensive and defensive operations.  The Naval Postgraduate School (NPS) has defined the following three levels of offensive cyber capabilities (Coleman, 2008):

1. Simple-Unstructured: the capability to conduct basic hacks against individual systems using tools created by someone else.
2. Advanced-Structured: the capability to conduct more sophisticated attacks against multiple systems and possibly to modify or create basic tools.
3. Complex-Coordinated: the capability for coordinated attacks capable of causing mass-disruption against many defense systems.

Using a combination of the above levels of capabilities, cyber war plans are emerging and driving the need for a wide range of cyber weapons (Coleman, 2008).

Offensive Technologies. William M. Arkin, a defense analyst who has reported on cyber security issues for over two decades, says the U.S. military also has technologies capable of penetrating and jamming enemy networks including the classified “Suter” system of airborne technology.  According to Aviation Week, the military has integrated Suter into unmanned aircraft and “allows users to invade communications networks, see what enemy sensors see, and even take over as systems administrator so sensors can be manipulated into positions so that approaching aircraft can’t be seen.”  Some speculate the Israeli military used the capability during its air raid on a Syrian construction site in September 2007.  The United States made use of nascent capabilities in the 1999 Kosovo War and built on those lessons in Iraq (Bruno, 2008).

Cyber Weapons. In the mid-1990s, a study by the RAND Corporation illustrated the costs of developing the cyber weapons needed for conducting cyber war are extremely modest.  That being the case, almost every country can afford these efforts.  Lani Kass, a senior adviser to USAF Chief of Staff Gen. T. Michael Moseley, emphasized the need for the United States to develop an offensive cyber capacity.  Cyber arms are seen as first-strike weapons used to disrupt the enemy’s command, control, and operational infrastructure and possibly create civil unrest through interrupting basic infrastructure and services.  In a report developed by Spy-Ops in the fall of 2007, they estimated that about 140 countries possess in-place and operational-active cyber weapons development programs (Coleman, 2008).

Examples of Offensive Cyber Weapons. Some of the most common types of offensive cyber weapons include the following: (1) wireless network disruptors, (2) computer viruses, (3) transient electromagnetic devices, (4) malware, (5) transaction generators, (6) contaminated software, (7) Trojan horse software applications, (8) hacker kits/root kits, (9) worms, (10) key loggers, (11) spyware, (12) password crackers, (13) encryption crackers, (14) logic bombs, (15) back doors, (16) spoofing.  We should note that exploitation kits have been developed for cell phones and game stations to use these devices in distributed denial of service attacks and to steal data (Coleman, 2008).

Cyber War. Offensive cyber weapons have been developed by multiple countries that could create havoc and damage to our information infrastructure.  Cyber arms have become easier to obtain, easier to use, and much more powerful.  These weapons are a fraction of the cost of traditional weapons such as a tank.  Therefore, state-sponsored or group-sponsored attacks against our information systems using computer viruses and other techniques should be considered an act of war.  As such, governments must be proactive and establish parameters, definitions, and regulations around cyber war (Coleman, 2007).

Research and Development. The Army and Air Force started pushing to acquire technology to go on the offense in cyberspace in 2007.  In May 2007, Army officials released a solicitation for a wide range of offensive information tools, saying, “technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use.”  In a similar solicitation in April 2007, the Air Force’s 950th Electronic Systems Group said it wanted industry help to define technologies to “disrupt, deny, degrade, or deceive an adversary’s information system.”  The service also seeks tools that will help it map and access data and voice networks, conduct denial-of-service (DoS) attacks, and manipulate data on enemy networks (Brewin, 2007).

References

Anonymous (2008, April 13). Cyber war. The Sunday Times Online, 42(46). Retrieved from http://www.sundaytimes.lk/080413/Mirror/mirrorTechnoPage.html.

Brewin, B. (2007, October 24). Management matters: Cyber wars. GovernmentExecutive.com. Retrieved from http://www.govexec.com/story_page_pf.cfm?articleid=38352&printerfriendlyvers=1.

Bruno, G. (2008, February 27). The evolution of cyberwarfare. Council on Foreign Relations. Retrieved from http://www.cfr.org/publication/15577/evolution_of_cyber_warfare.html.

Coleman, K. (2007, November). Department of Cyber Defense: An organization whose time has come! The Technolytics Institute, 7 pp.

Coleman, K. (2008, January 28). Coleman: The cyber arms race has begun. Csoonline.com. Retrieved from http://www.csoonline.com/article/print/216991.

Krebs, B. (2008, March 19). White House taps tech entrepreneur for cyber defense post. Washingtonpost.com. Retrieved from http://homelandsecurity.osu.edu/focusareas/cyberterrorism.html.

To be continued….

###