Preparing for Cybergeddon.
In January 2009 FBI agents rated the possible consequences arising from cyber warfare attacks second only to those expected from weapons of mass destruction. The level of this electronic threat is illustrated by the recent attacks on Estonian and Georgian national networks by Russian hackers--combine this with the fact that the world's defence architectures and economies are linked and controlled by computers.
A cyber attack is normally understood to mean a malicious intrusion into a computer network, but some military services augment this definition by including wireless networks, radar systems or other electronic warfare (EW) invasion.
The US Air Force Cyber Command (AFCyber), which was scheduled to stand up in October 2008 but is as yet a provisional entity, defines cyberspace thus: << ... the cyber domain is characterized by use of electronic systems and the electromagnetic spectrum. This includes all energy that flows through the electromagnetic spectrum--radio waves, microwaves, x-rays, gamma rays and directed energy. If an electronic system emits, transmits or reflects, it is operating in cyberspace and we [AFCyber] are there to take military action.>>
Nato recognised the threat quite early on, according to Major General Georges d'Hollander of Nato's Consultation, Command and Control Staff. Almost as soon as the Internet became an established method of doing business, Nato elected to avoid having its 'Secret' network connected to it and at the same time began to develop responses at the headquarters and agency levels. Centralisation, in this case, undoubtedly helps to improve protection levels and at the Prague Summit in November 2002 ministers agreed that the alliance needed a formal response to the developing threat. This was the seed that gave birth to the Nato Computer Incident Response Centre (NCIRC), but the individual nations were not ready to agree on a policy until they were motivated by the Estonian incident in 2007, which gave concrete form to the fears expressed by many observers. Sweden's Emergency Management Agency was so concerned by the attack on Estonia's infrastructure that it issued a detailed public report, indicating that such an attack on Sweden might easily have crippled the state, given the higher degree of networking existing in Swedish governmental and commercial circles.
To cut a long story short, this has eventually led to the creation of the Cyberdefence Management Authority (CMA) to be headquartered in Estonia. The real challenge for this agency is that a response needs to be mounted in minutes--even seconds, in some cases--in order to prevent a cyber attack escalating to a potentially catastrophic point. A cyber threat propagates at the speed of light. There is thus little or no time in which to implement the multinational consultation process so familiar to observers of Nato's sometimes-ponderous machinations. The necessity will undoubtedly be to take immediate action without taking the time to seek the approval of the North Atlantic Council--a potential policy that will be extremely controversial in some quarters. This provides even more motivation for the involved nations to collaborate closely and for the CMA to develop standards, protocols and procedures agreed in advance that would be automatically triggered by a specific sequence of events. An added issue for the CMA is that--at this point in time there are very few people who have reached a sufficiently advanced level of competence that they can be regarded as experts in this field.
Cyber warfare is a part of the arsenal of asymmetric warfare and can provide a nation-destabilising effect for very little capital outlay. There is little public domain evidence for terrorists having espoused this method of attack as yet-but the threat is frighteningly real though difficult to grasp because it has no perceivable kinetic or destructive effect until it is far too late to identify it.
Another challenge facing the CMA and similar agencies elsewhere is both an operational and a technological one. Attacks will undoubtedly become more intelligently conceived and directed as perpetrators gain experience and technology provides more tools. There is therefore a requirement extant to be permanently improving defences. In addition, because a cyber attack is likely to be a cross-border event, if not worldwide, teamwork is the only viable response, according to General d'Hollander. That is why centralisation of experts and expertise is seen as the first step in evolving a credible solution, and why Nato sees the NCIRC as a central clearing house for information exchange and discussion.
Is Encryption Enough?
In light of the overcrowding in today's digitised battlespace, one wonders if password protection, voice scrambling, biometric controls or strong encryption algorithms are enough to thwart a cyber attack. Simple denial-of-service attacks-the overloading of a system or network with useless or repetitive traffic--have already proven effective, but what technologies the next major attack incorporate is open for conjecture.
French Rafale fighters were grounded in January 2009 due to a Microsoft Windows worm that had infected some of the ground support systems' software.
The Conflicker virus affected the French Army's ability to repel an attack. Although the situation was quickly remedied the damage was done. Both on a physical (software included) level and psychologically, proving that even high-level government systems can be vulnerable.
A great deal of intellectual capital has been invested in developing a layered approach to cyber defence and there are some fundamental steps that can be taken, although implementing some of them may require a great deal of effort to change current mindsets and impose new standards of personal and organisational behaviour. One senior observer of efforts now being launched in the United Kingdom opines that the entire process would take a huge step forward if individuals could be persuaded to be serious about using robust system passwords--and changing them regularly. It is a frighteningly real fact that a large percentage of passwords at the individual user or terminal level are still ... 'password'!
The Sat Threat
Thrane & Thrane has recently released its Explorer 727 Broadband Global Area Network terminal and antenna for on-the-move satcom-equipped vehicular units. The 727 unit uses spot beam handover technology to maintain a continuous signal as it switches between satellite beams. Such developments bring an enhanced level of operation and protection to mobile satellite systems, but considering the intelligence level of cyber terrorists, their motivation and their financial rewards (and backing), any system emitting or receiving data via airborne or hardwired propagation is at risk.
Boeing recently built a software program for the US Department of Defense's Transformational Satellite Communications System--one that will allow all Tsat space and ground-based systems to work together, thereby eliminating the requirement for multiple programs to run different operations. The Tsat (as seen in our title photo) is an integral part of the US military's global communication network. Along with such prominence comes a note of (possible) vulnerability, as those searching for a substantial target could eventually realise that one well-placed worm or Trojan horse activated at the optimum juncture could, in fact, bring such a system to its knees.
In January 2009 the US Army Biometrics Task Force awarded Raytheon's Intelligence and Information Systems a $ 497 million contract under the Biometrics Operations and Support Services--Unrestricted (Boss-U) programme to enhance the US Department of Defense's infrastructure, architecture and standards for biometric defence capabilities.
In November 2008 Visiongain released a report titled Cyberwarfare Market 2008-2018, which is an analysis of both defensive and offensive cyber warfare capabilities. The publication details the growth of the market and how the lion's share of spending is devoted to cyber defence, and the increasing attention of nations to focus their security assets in developing cyber warfare capabilities as <<a natural progression in defence>>.
To illustrate the above mention, in October 2008 Lockheed Martin established a new Center for Cyber Security Innovation (CCSI) as an evolution of the company's cyber security capabilities. The centre will integrate present and developing cyber security technologies for designing, analysing and employing real-time protection and 'attack management' to its internal communication network, and this service will be extended to the centre's customers.
Northrop Grumman, through a Darpa contract awarded in January 2009, will provide the use of its High-fidelity Test Range as a platform for the Defense Advanced Research Projects Agency's National Cyber Range; a part of the US National Cybersecurity Initiative designed to improve the nation's defence against electronic attacks through evaluating a variety of cyber scenarios. The project is designed to test and analyse new concepts and technologies to recognise and counter a host of cyber warfare threats. The range will consist of a closed laboratory with which to duplicate a full-scale telecommunications infrastructure with hundreds of computers running a variety of operating systems in a highly controlled environment. These networks are then hacked from other computers, with the results analysed and recorded.
For the research and development sector of the National Cyber Range, Darpa has awarded an $ 8.6 million contract to Cobham to provide cutting-edge solutions for the protection of cyber resources. Included in this award are L-3 Communications, Juniper Networks, Breakaway, Sandpiper Software and Skaion.
The definition of cyber warfare extends to protection from external to internal threats from compromised applications and hackers. Defence applications and networks are exposed to daily risks on an unprecedented level due in part to inexperienced users and those who can capitalise on those openings.
Qinetiq and Secerno have created a partnership to offer database control and managed security to government departments and industry through the use of Secerno's Datawall product coupled to Qinetiq's Managed Intrusion Detection Service. Datawall uses micro-perimeter security that places a security barrier next to the database. The Datawall creates a model of user behaviour to 'understand' normal database intent and allows only operations within these parameters.
With the Datawall, Qinetiq hopes to offer enhanced database policy enforcement and auditing services by logging, alerting, blocking or substituting every suspect query to the database without blocking legitimate activities.
Cyber defence will improve at all levels, as it must. The replacement of existing network cabling with fibre optic links will be an enormous boon, since the latter medium is far less vulnerable--though by no means impervious--to attack. At the communications level, more robust cryptography can be used to protect system integrity and at the information level better password security and the introduction of such mechanisms as biometric security will have a beneficial effect. At the network levels--local, wide area and Internet--better conceived authentication and identification procedures--some of which will incorporate security hardware as well as middleware and software--will bolster other efforts to retain an adequate degree of control over networks in times of crisis. And perhaps the ultimate defence will be the ability--and the intestinal fortitude--to 'pull the plug' on the network and take it out of the system at the first signs of attack.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Cyber warfare|
|Author:||Keggler, Johnny; Mahon, Tim|
|Date:||Apr 1, 2009|
|Previous Article:||Bon (con)voyage: since the first post-Cold War operations, escorting convoys has become a routine for the military. However, because units are now...|
|Next Article:||Command on light wheels: historically, successful commanders have always chosen a powerful mount to carry them onto the battlefield, and insisted...|