WarTV: A Future Vision for a Common Operating Picture

1 MAY 2011 – ABBOTTABAD, PAKISTAN – Abbottabad, Pakistan is less than a two-hour drive from the capital city of Islamabad and 3.1 miles from the Pakistan Military Academy to the southwest. In relative terms, Abbottabad is a much less busy place than Karachi, Pakistan, and is very attractive to tourists and those seeking higher education for their children. Despite Abbottabad’s relative inactivity compared to the bustling Karachi, there were signs of digital life in 2011.     Figure 1 @ReallyVirtual, AKA Sohaib Athar, a resident of Abbottabad accidentally live tweets the Navy SEAL raid on the Bin Laden Compound.  All timestamps from the tweets are US Eastern Time.   Unwittingly, Sohaib Athar, or @ReallyVirtual live-tweeted the Navy SEAL raid on the compound that housed Osama bin Laden and his family 0.8 miles southwest of the Pakistan Military Academy from the hours of 3:58 pm Eastern Standard Time through 6:39 pm Eastern Standard Time on 1 May 2011.[i] This is just months after The Arab Spring protesters began utilizing social media, Facebook and Twitter in particular, to influence large swaths of populations into a movement of collective activism, operating outside of the purview of state-owned media platforms. At this point, the Internet had begun to grow at an accelerated rate with massive impacts traversing the virtual sphere into the physical world. At the time, most members of the military did not understand the implications social media had on the geopolitical stage. However, the military should understand social media as a magnifying glass into the human domain, and should integrate these computer-mediated technologies into operations. Fast forward to today, where...

The Increasing Necessity for a United States Cyber Service

Conducting cyber warfare is cheap and easy.[1] It affords anyone from individual hackers to nation-state actors the ability to wage destructive acts against the United States.[2] In 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish a sub-unified command, U.S. Cyber Command (USCYBERCOM), to prepare the Department of Defense (DoD) for the integration of offensive and defensive cyberspace operations.[3] Due to the constant rate of change in cyberspace, USCYBERCOM has experienced challenges integrating joint force cyber components. A quick examination of the US cyber force organizational chart demonstrates how complex the relationships are between service components and outside agencies. These organizational intricacies have led Admiral Michael Rogers, National Security Agency (NSA) Director and Commander of USCYBERCOM, to ask “is cyber so different, so specialized, so unique, so not well understood that it requires a very centralized, focused, unique construct to how we generate capacity and knowledge?”[4] While still heavily debated, many US government officials believe the existing organizational structure best meets current DoD requirements. However, there is an increasing necessity to transform the joint cyber construct into a stand-alone military service branch or similar entity that is separate from, yet integrated into the other military service branches. This necessity is based on cyberspace operations occurring in a separate operational domain, requiring a different organizational composition than traditional service branches, and hampered by the current joint cyber construct. The most compelling reason for creating a separate, standalone cyber service is its distinct “global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunication networks,...

There Is No “Cyber”

At the recent Joint Service Academy (JSA) Cyber Security Summit at West Point (20-21 April, 2016), the word “cyber” was used in multiple different facets. As a noun, cyberspace is the “Domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data…” [COL11]. This is perhaps the broadest definition possible, proposed as the Cyberspace Operations Lexicon by the Joint Chiefs of Staff. While the ambiguity with the meaning of the proper noun “Cyber” provides a difficult framework to focus meaningful actions, our use of the words “Cyber”, “Digital” and their like as adjectives serves only to create artificial divisions among researchers, practitioners, and decision-makers in the area. The term “Cyber Security” is of course ubiquitous, being the focus of the JSA Cyber Security Summit and one of the main foci of the Army Cyber Institute (ACI) at West Point; that is unavoidable. Cyber Security can be many things: at the JSA Summit it was identified as the agglomeration of practicing good hardware and software manufacturing and implementation, sourcing trusted components (again, from both a hardware and software side) and providing training and education for workers to avoid naively poking holes in those standards [CON16]. The term operational security (OPSEC) is used to describe our behaviors while conducting the mission. For those whose jobs have security considerations, OPSEC refers to not discussing their work in public places, even in an unclassified way. The phrase “Digital OPSEC” or even “Cyber OPSEC” is frequently used to discuss our behaviors on the internet, such as not connecting to public WiFi, using discretion with location services on our...

Critical Infrastructure Exercise 16.2 – A Transformative Cybersecurity Learning Experience

With an increased national awareness that the critical infrastructure which keeps our country running is surprisingly vulnerable—not just to physical attacks, but also to cyberattacks that can be initiated from anywhere in the world—the State of Indiana executed CRIT-EX 16.2 on the 18th and 19th of May, 2016, at the Muscatatuck Urban Training Center. This cyberattack readiness exercise focused on improving Indiana’s overall security and responsiveness of its critical infrastructure to face advanced cyber disruption of essential water utility services – presenting an extreme public safety threat. Indiana, like the rest of the country, understands it has a short window of opportunity to prepare for a major cybersecurity event that, if successful, could be as devastating as a major earthquake or tornado. In order to effectively prepare for such a scenario, Indiana’s cybersecurity stakeholders realized they had to build high-functioning, collaborative networks that span the public and private sector. By working to collaborate on high-risk cyber issues, organizations throughout Indiana are elevating their response postures, and preparing to ratchet up their ability to confront the threats of tomorrow [1]. CRIT-EX 16.2 attendees tourthe FBI’s national Mobile Command Center (photo by Ernest Wong) “This exercise explored the intersection between critical infrastructure and cyber security,” explained Jennifer De Medeiros, Emergency Services Program Manager for the Indiana Department of Homeland Security [2]. The Indiana Department of Homeland Security (DHS) in conjunction with the Indiana National Guard, Indiana Office of Technology, Cyber Leadership Alliance, and over 16 other public and private partners developed this controlled functional cyberattack exercise allowing participants to deploy resources and communicate with response partners to mitigate adverse effects and...

The Number One Vulnerability in the Future of Cyber Security: A Critical Lesson for all Organizations

Since 1958, NASA has been the foremost symbol of American excellence in science and exploration, inspiring generations of engineers around the globe to achieve the impossible through advanced technology. With each of its defining events, NASA pushes humanity further into the future, bringing scientists more information about our universe than ever dreamt possible. But while NASA was reaching for the stars, other forces were secretly at work. In the dark recesses of the agency’s computers and network servers, intruders were lurking. After months of covert access, a hacktivist group called AnonSec obtained 276GB of sensitive data including flight logs, videos, and personal information from thousands of employees (Thalen 2016). This post examines how such an established institution of advanced technology could fall prey to cyber hacking, the glaring warning signs, and the one key lesson all organizations should learn from this historical event. The Back Story What sets the 2014 NASA data breach apart from other hacking events is the unprecedented insight provided by the hackers themselves. AnonSec, a hacktivist group claiming responsibility for compromising over 720 websites and networks, claimed the NASA breach. To support their claim they posted large quantities of supporting evidence. AnonSec also publically-posted paper called “Zine”, detailing on how they gained access to NASA’s networks and computer systems, the content they obtained, and why. Although their writings appear to focus on exposing drone and “chemtrail” technology, this was not their primary objective. When AnonSec initially hacked NASA they were looking for “interesting/profitable” data on the NASA networks (AnonSec 2015). But as they dug deeper into the systems, they discovered more than they were originally...

Indiana Exercising Plans to Combat Cyber Threats: Preparing for CRIT-EX 2016

On the 21st and 22nd of March, 2016, Indiana hosted its inaugural Defense Cyber Summit (DCS), which aimed to advance the state’s cyber readiness and preparations against a cyberwarfare attack. Spurred on by Admiral Michael Rogers, the Commander of the U.S. Cyber Command, who in 2014 called cybersecurity “the ultimate team sport,” Indiana has purposefully adopted a culture of collaboration between government organizations, private firms, non-profits, and academia to improve the state’s response and resiliency to a significant cyber incident. This team approach will counter cyberattacks intent on degrading Indiana’s economic capacity and threating the critical services of its citizens [1]. Under the umbrella of the Applied Research Institute (ARI), organizations such as Purdue University, Indiana University, Crane Naval Surface Warfare Center, the Cyber Leadership Alliance, the Indiana National Guard, and the Indiana Department of Homeland Security have partnered together to address and propose solutions to Indiana’s cyber security challenges. This effort is boosted by the Indianapolis-based Lilly Endowment support of nearly $16.3 million that is funded through a grant from the Central Indiana Corporate Partnership Foundation. The ARI is working to foster collaboration, research, and problem solving on cyber threats to Indiana’s critical infrastructure [2]. Purdue University Professor Joe Pekny welcomes attendees to the Inaugural Defense Cyber Summit (photo by Tony Chase)   The DCS concept was conceived during visits to US service academies by an Indiana delegation. Representatives from Purdue’s Burton D. Morgan Center for Entrepreneurship, the Purdue Research Foundation, and the Cyber Leadership Alliance, had originally concentrated on partnering Purdue University with the service academies in order to provide the most cutting-edge knowledge and technology to...

In Cyber, Time is of the Essence

Cyber is becoming increasing driven by automated process while humans are still operating at human speed. In my view, one of the major weaknesses in larger-scale cyber defense planning is the perception there is time to lead a cyber defense during attack. It is likely that a major attack is automated and premeditated. If it is automated, the systems will execute the attacks at computational speed. In that case no political or military leadership would be able to lead an effective defense for one simple reason – it has already happened before they react. A premeditated attack is planned maybe years in advance, and if automated, the execution of a massive number of exploits will be limited to minutes. Therefore, future cyber defense would rely on components of artificial intelligence that can assess, act, and mitigate at computational speed. Naturally, this is a development that does not happen overnight. In an environment where the actual digital interchange occur at computational speed, the only thing the government can do is to prepare, give guidelines, set rules of engagement, disseminate knowledge to ensure a cyber resilient society, and let the coders prepare the systems to survive in a degraded environment. Another important factor is how these cyber defense measures can be reversed engineered and how visible they are in a pre-conflict probing wave of cyber-attacks. If the preset cyber defense measures can be “measured up” early in a probing phase of a cyber conflict it is likely  the defense measures can through reverse engineering become force multipliers for the future attacks – instead of bulwarks against the attacks. So we enter...

Cybercrime and State-sponsored Cyber Operations

Adversarial countries’ cybercrime and state sponsored cyber operations could easily be the same coin – just different views. The reason is very simple. Cyber criminals are specialists in luring people to disclose their secrets and open doors to user accounts to allow the perpetrator to use the access for their purposes. If a country adversarial to the US house cyber-criminal activity that targets the US -meanwhile the country itself pursued innovative ways to gather intelligence about the US it is likely that someone sees an opportunity. Most countries adversarial to the US, if not all, are flavors of totalitarian regimes. Rules, laws, and international agreements are all arbitrary as long it fits the ruling elite. Totalitarian states tend to see the state interest as the overruling interest. It is more logical for a totalitarian state to use cyber-criminal activity as a tool to acquire knowledge about social-engineering methods and use the aggregated knowledge from the criminal syndicates instead of suppressing their activity by law enforcement. As long as the cybercrime activity is not targeting the adversarial country’s own population, it is likely accepted as a “business endeavor” as long as they support the state with information. We tend to assume that other countries follow our code of ethics, legal reasoning, and separation of legal and illegal activity, but not every state complies with these standards. The usage of cybercriminal aggregated information gives not only knowledge about US account holders, but is also a major knowledge transfer from the criminal sector to the agencies that operate state-sponsored cyber operations. From totalitarian state perspective it makes sense – as long as...