Work is underway on weapons to keep high-tech hackers at bay
warfighters have for years been asking for a cybercombat policy, rules of engagement, funding and a less-fragmented chain of authority. But those needs remain unfulfilled as bureaucrats, lawmakers and top Defense Department civilian officials thrash about in a pit of indecision while an international complex of digital threats continues to emerge.
The initial approach of a perimeter defense to protect critical networks from penetration has failed over the past decade under a barrage of amateur and professional hacking. Most cyberintrusions avoid classification as attacks—which would justify a counterattack—but have proven devastating in commercial espionage, intellectual property theft and intelligence gathering.
A few pragmatic groups are sidestepping the morass by embracing the tactical use of cybertools for surveillance, advanced electronic attack and the creative use of stealthy, specialized algorithms. They contend that money is better spent developing offensive cybercapabilities that counterattack penetrations and batter enemy networks with stealth, guile and obfuscation.
The military appears to finally be accelerating its cyberoffensive capabilities in the fiscal 2013 budget, but congressional approval of the request is uncertain. The U.S. Navy, at least, says it is determined to repair vulnerabilities to the communications, sensors and networks supporting its ships and aircraft.
Navy officials tell DTI in written responses that the service will fund development of advanced communications and modification of existing systems to “restore a protected, anti-jam network.” Plans include investment to “defeat cyberattack and communications jamming through improvements in electronic warfare (EW), cyberoperations, networks and the alternative Joint Airborne Layer Network.”
As part of the Air-Sea Battle concept, the Navy and Air Force see cyberoperations—particularly those involving wireless attacks—as a continuum of EW techniques that began inserting false and misleading messages in communications and sensors in the 1970s.
“Cyberspace and the electromagnetic spectrum are inextricably linked, and in our fiscal 2013 budget submission, we fund a range of EW and electronic support [surveillance] systems,” says Naval Operations Chief Adm. Jonathan Greenert. These include theGrowler electronic attack aircraft, Next-Generation Jammer, early warning aircraft and shipboard prototype and demonstration systems such as Ship Signal Exploitation Equipment (SSEE), he says. SSEE uses information warfare and signals intelligence to identify and locate targets.
“We are developing the conceptual and doctrinal framework to fully exploit the electromagnetic spectrum as a warfighting domain,” Greenert contends.
The Navy and Air Force are also expanding their combined mission in the Asia-Pacific region, where planners expect to run into extensive and sophisticated efforts to foul the operations of the U.S. and its allies using high-tech military systems.
Notions that masses of Chinese hackers are simplistic and amateurish are often wrong and always irrelevant, says a senior U.S. official who has been involved in classified airborne electronic and cyberwarfare since the Vietnam War. “There are some really good [Chinese hackers] who fall into the category of advanced persistent threats (APT),” he says. “The others in that category are the Israelis and Russians, and I'm not just talking about the Russian mafia, which is good in the financial arena.”
U.S. analysts base their judgment on forensic analyses of such skills as getting through firewalls. They contend that in the APT upper category, the order of sophistication is Russia, Israel and in China, with the sheer number of penetrations by the Chinese overwhelming all others. However, the Russians put more focus on sophisticated exploitation schemes.
“If you look at the educational background of the Russian [cyber] mafia, most came out of the Russian Academy of Sciences,” the specialist says.
Russia also flooded Israel with scientists when the Soviet government lifted restrictions on Jewish emigration. They flocked to Israel and added engineering and scientific skills to the technology base. That generation of scientists and engineers is nearing retirement, however.
“Now China is putting a lot of resources into cyber,” the EW specialist says. “A lot of those [Chinese] amateurs that get caught and identified are probably students who will one day move up into the APT category.”
The U.S. retains a technical lead in cybercapability, but leaders have problems simply identifying where EW stops and cyberoperations begin. Those most immersed in the subject say there is no line, just a continuum that dates back to the 1970s when air-defense systems were spoofed by EW pods on fighters.
“Cyber is the message,” says a veteran electronic attack specialist who was involved in developing radars for the, and fighters. “Then you need a conveyance—an electromagnetic signal—to get it into the target system.”
An example is theEC-130 Compass Call electronic attack aircraft when it is “spoofing” enemy air-defense systems by offering false targets, sometimes in the thousands.
“I'm putting a cybersignal into the emission that makes the target [sensor] think the signal is something else—perhaps a group of approaching aircraft,” the specialist says. “Cyber is what happens when the spoofing signal gets to the receiver of the target network. That receiver may see false signals or may provide an access port that you can get information out of [with malware].”
EW has long used elements of cyberwarfare, “We have taken down networks by contaminating and flooding them until they are useless,” the specialist says. “Compass Call did it by using an emitted signal and accessing through an aperture [usually an antenna on the target system].”
The only thing new about cyberattack is the Internet venue, researchers say. The difference in the approach to penetration is that instead of using an emitted signal, it is through “some fool plugging in an infected thumb drive, using a contaminated disc or leaving an access port open,” the specialist says. “If a network on the Internet gets access to a network that is not on the Internet, you have a gateway” that can be exploited by hackers and malware.
Even the most sophisticated aircraft are threatened by cyberattack. Aerospace designers are following the engineering template of compartmentalizing and isolating functionalities such as flight control, weapons and mission systems from cyberweapons that can be delivered wirelessly to corrupt, destroy or exploit digitally controlled capabilities. The key is letting systems interact without providing a path for malware.
“We have to assume that adversaries might get into our systems, so we are looking at resilient systems that detect a problem—such as my radar operating out of parameters—and self-heal,” says Mark Maybury,'s chief scientist. “[The goal is] future systems being more self-aware of their capabilities and limitations while knowing when they should be doing certain tasks.”
One example is a “physically unalterable function” that offers inherent randomness because of the nature of the material it is made of. If a foe cannot reproduce its exact properties, he cannot exploit it, Maybury says. Attack projection allows the discovery and identification of a software vulnerability to be extrapolated across an organization's infrastructure to predict other places where software vulnerability exists.
“I can build a signature into the firewall that recognizes when that vulnerability is exploited,” Maybury says. “I see it in one and predict it in others, so I am ahead of the hackers.”
“Obfuscating data” is another tool that breaks a package of information into parts, distributes the pieces and encrypts each differently. The information can only be reassembled by someone who has the key and instructions about where to find each part.
Systems are being studied that allow no one absolute authority over a network.
“I'm the equivalent of a three-star general, but I can't install iTunes on my computer,” Maybury says. “Ultimately, there's an advantage to giving away some of our personal control. You use fractionated authority so that no one has absolute power.”
“Social radar” looks for social clues of threats on the Internet and allows network designers to build security up front.
“There's no question there are a lot of social indicators,” he says. “We have a world with imagery, communications and financial transactions that are all potential indicators of threats. There are technical means to get the indicators we need to protect against threats while maintaining privacy.”
“Anonymization” uses de-identification techniques to read traffic while deleting names and social security numbers before traffic is read. It protects privacy, but allows access to information within social media. It could monitor activity by people using the network for training to launch kinetic or cyberattacks.
Maybury also cites “Trusted Boot” as an example of Pentagon efforts to minimize new threats. It's a program on a small computer disc that contains an Air Force Research Laboratory-created Linux system that can be inserted in any computer. When rebooted, the computer becomes a trusted operating system, browser and Adobe reader even on an untrusted infrastructure. He describes the program as a way to wrap or isolate threats and untrusted elements on any machine in use.