Category Archives: cyberwar

Tracking the Enemy: U.S. Space Force in Qatar

The newly formed U.S. Space Force is deploying troops to a vast new frontier: the Arabian Peninsula. Space Force now has a squadron of 20 airmen stationed at Qatar’s Al-Udeid Air Base in its first foreign deployment. The force, pushed by President Donald Trump, represents the sixth branch of the U.S. military and the first new military service since the creation of the Air Force in 1947.   Concerns over the weaponization of outer space are decades old. But as space becomes increasingly contested, military experts have cited the need for a space corps devoted to defending American interests…

In the spring of 2020, Iran’s paramilitary Revolutionary Guard launched its first satellite into space, revealing what experts describe as a secret military space program. The Trump administration has imposed sanctions on Iran’s space agency, accusing it of developing ballistic missiles under the cover of a civilian program to set satellites into orbit.

“The military is very reliant on satellite communications, navigation and global missile warning,” said Capt. Ryan Vickers, a newly inducted Space Force member at Al-Udeid. American troops, he added, use GPS coordinates to track ships passing through strategic Gulf passageways…

Isabel Debre, US Space Force deploys to vast new frontier: Arabian Desert, Associated Press, Sept. 21, 2020

A Perpetual State of Competition: US-China-Russia

The US Secretary of Defense stated in September 2020 that America’s air, space and cyber warriors “will be at the forefront of tomorrow’s high-end fight.” That means confronting near-peer competitors China and Russia. That means shifting the focus from defeating violent extremist groups to deterring great power competitors. It means fighting a high-intensity battle that combines all domains of warfare. “In this era of great power competition, we cannot take for granted the United States’ long-held advantages,” Esper said. 

The last time an enemy force dropped a bomb on American troops was in the Korean War. “China and Russia, seek to erode our longstanding dominance in air power through long-range fires, anti-access/area-denial systems and other asymmetric capabilities designed to counter our strengths,” he said. “Meanwhile, in space, Moscow and Beijing have turned a once peaceful arena into a warfighting domain.” China and Russia have placed weapons on satellites and are developing directed energy weapons to exploit U.S. systems “and chip away at our military advantage,” he said.

Russia, China, North Korea, Iran and some violent extremist groups also look to exploit cyberspace to undermine U.S. security without confronting American conventional overmatch. “They do this all in an increasingly ‘gray zone’ of engagement that keeps us in a perpetual state of competition,’ the secretary said…The fiscal 2020 Defense Department research and development budget is the largest in history, he said, and it concentrates on critical technologies such as hypersonic weapons, directed energy and autonomous systems. 

“In the Air Force, specifically, we are modernizing our force for the 21st century with aircraft such as the B-21, the X-37 and the Next Generation Air Dominance platform,” Esper said. “Equally important, we are transforming the way we fight through the implementation of novel concepts such as Dynamic Force Employment, which provides scalable options to employ the joint force while preserving our capabilities for major combat.”

To realize the full potential of new concepts the department must be able to exchange and synchronize information across systems, services and platforms, seamlessly across all domains, he said. “The Department of the Air Force is leading on this front with the advancement of Joint All-Domain Command and Control,” Esper said.  This concept is part of the development of a Joint Warfighting concept that will drive transition to all-domain operations, he said. “

For these breakthroughs to succeed in any future conflict … we must maintain superiority in the ultimate high ground — space,” Esper said…In collaboration with academia and industry, the Air Force’s AI Accelerator program is able to rapidly prototype cutting-edge innovation,” Esper said. One example of this was the AI technology used to speed-up the development of  F-15EX.


F-15EX

Excerpts from Esper: Air Force, Space Force Leading Charge to New Technologies, DOD News, Sept. 16, 2020

Under Zero Trust: the U.S. Chip Resurgence

The Defense Advanced Research Projects Agency launched its Electronic Resurgence Initiative (ERI)  to help reboot a domestic chip industry that has been moving steadily offshore for decades…. Program officials and chip industry executives foresee the emergence of a “5th generation of computing” based on current cloud infrastructure while combining AI, the Internet of Things (IoT) and 5G wireless networks to deliver big data.

“The U.S. microelectronics industry is at an inflection point,” Ellen Lord, undersecretary of defense for acquisition and sustainment, told the virtual ERI summit. After decades of offshoring of chip fabrication, packaging and testing capabilities, “How do we reverse this trend?”  The Defense Department is expanding its technology base efforts by implementing a “step-by-step process for reconstituting the microelectronics supply chain,” focusing on various segments of the semiconductor ecosystem, including memory devices, logic, ICs and advanced packaging along with testing and assembly.

“While DoD does not drive the electronics market,” constituting only about 1 percent of demand, “we can drive significant R&D,” ERI is advancing public-private partnerships that provide a framework for commercial innovation. The result would be “pathfinder projects” geared toward a renewal of U.S. chip manufacturing. As trade frictions with China grow, ERI is placing greater focus on ensuring the pedigree of U.S. electronics supply chain. “We need to find a path to domestic sources,” said Lord.

While nurturing government-industry partnerships as part of an emerging next-generation U.S. industrial policy, this year’s DARPA summit also emphasized chip standards and processes for securing fabs, foundry services, devices and foundational microelectronics. In that vein, U.S. officials stressed new chips metrics like “quantifiable assurance” to secure dual-use devices that could end up in weapons or an IoT device.

“Our interests to protect both the confidentiality and the integrity of our supply chain are aligned with commercial interests, and we will continue to work across government and industry to develop and implement our quantitative assurance strategy based on zero trust,” said Nicole Petta, principal director of DoD’s microelectronics office. The “zero trust” approach assumes no device is safe, and that all microelectronics components must be validated before deployment. The framework marks a philosophical departure from DoD’s “trusted foundry” approach instituted in the 1990s, largely because “perimeter defenses” failed to account for insider threats…

DARPA Chip Efforts Pivots to Securing US Supply Chain, https://www.hpcwire.com, Aug. 24, 2020

Our Cold War Roots: Weaponizing China’s One Child Policy

The elite US special operations forces are ill-equipped for high-tech warfare with China and Russia, experts warn, as the Trump administration pivots from the “war on terror” to a struggle with geopolitical rivals. Special operations, known for kicking down doors and eliminating high-value targets, number 70,000 personnel, cost $13bn a year and have carried much of the burden of the war on terror. But it is unclear what role they will play as the Pentagon moves to redeploy troops from Afghanistan to the Indo-Pacific to counter China’s regional ambitions.

General Richard Clarke, commander of special operations command (Socom), told an industry conference this week that the US needed to develop new capabilities to “compete and win” with Russia and China. He added that Socom must develop cyber skills and focus on influence campaigns rather than “the kill-capture missions” that characterised his own time in Afghanistan after the September 11 2001 attacks. Socom’s fighters include US Navy Seals, Army Green Berets and Marine Corps Raiders. Defence officials say China has raised military spending and research with the aim of exploiting American vulnerabilities, while Russia has tested out new technology during combat in Syria. “Maybe we are further behind than we know,” Colonel Michael McGuire told the annual Special Operations Industry Conference

McGuire highlighted US vulnerabilities in cyber security, and soft-power tactics by America’s enemies that could “drive fissures through some of our alliances”. He proposed shifting focus to defence over attack.   “You could have hundreds and thousands of engagements every single day in a fight against China. We are just not fast enough, dynamic enough or scaleable enough to handle that challenge,” said Chris Brose, chief strategy officer at Anduril…. He added “Most of the US-China competition is not going to be fighting world war three,” he said. “It’s going to be kicking each other under the table.”….

US special operators have for years had the run of the battlefield. But they face very different conditions in any fight against China, which has developed an arsenal of missiles, fighter jets, spy planes and other eavesdropping and jamming techniques that would make it hard for America to conceal troops, transport and communications. Special operations forces are not ready for operations against a near-peer foe, such as China, in a direct engagement… He called for a return to their cold war roots. “Vintage special operations forces is about stealth, cunning and being able to blend in — they were triathletes rather than muscle-bound infantrymen with tattoos,” said the former officer. 

David Maxwell, a former Green Beret and military analyst, is among those who favour a shift towards political warfare.One such idea of his would involve a popular writer being commissioned to pen fictionalised war stories based in Taiwan intended to discourage Beijing from invading the self-governing island. He told a gathering of Pacific special forces operators in February 2020 that fictional losses could “tell the stories of the demise of Chinese soldiers who are the end of their parents’ bloodline”. He argued that Beijing’s former one-child policy could be weaponised to convince China that war would be too costly. But Mr Maxwell said such ideas have yet to catch on. He added that psyops officers lamented to him that it was “easier to get permission to put a hellfire missile on the forehead of a terrorist than it is to get permission to put an idea between his ears”.

Excerpts from Katrina Manson , US elite forces ill-equipped for cold war with China, FT, May 16, 2020

A Nasty Divorce: US-China Internet Cables

United States officials granted Google permission to turn on a high-speed internet link to Taiwan but not to the Chinese territory of Hong Kong, citing national-security concerns in a ruling that underscores fraying ties between Washington and Beijing.“There is a significant risk that the grant of a direct cable connection between the United States and Hong Kong wouldpose an unacceptable risk to the national security and law enforcement interests of the United States,” the U.S. Department of Justice said in its decision, which was backed by the departments of Homeland Security and Defense. The agencies instead urged the Federal Communications Commission to grant Google owner Alphabet  permission to start using the portion of its 8,000-mile underwater Pacific Light cable that connects California to Taiwan. .

The decision threatens to end Hong Kong’s dominance as a top destination for U.S. internet cables and puts at risk several ongoing projects, including a Facebook backed fiber-optic line linking Los Angeles to Hong Kong and a Google-backed project linking Hong Kong to the U.S. territory of Guam.

Washington is turning to the self-ruling island of Taiwan, which the U.S. supports with arms sales and unofficial political ties despite Beijing’s claims that it is part of China. U.S. officials are also considering alternatives such as Indonesia, Philippines, Thailand, and Vietnam.

Google and Facebook originally teamed up to build Pacific Light to Hong Kong in 2016, continuing the Silicon Valley giants’ long-term strategy to take more control of the network pipes that connect their data centers. The web companies and their Chinese investment partners kept building the cable even as U.S. authorities withheld the regulatory approvals they needed to start using it.

Major international data projects are subject to review by Team Telecom, a coalition of federal agencies with national-security oversight. The panel has taken a hard line against China in recent years. Team Telecom in 2018 recommended for the first time the denial of a Chinese application—that of China Mobile —to provide telecom services through U.S. networks, citing national-security and law-enforcement concerns.

President Trump on April 4 2020 signed an executive order that puts the attorney general in charge of overseeing Team Telecom and gives the panel direct authority to review existing licenses to provide such services, including those issued earlier to Chinese state-owned operators China Telecom and China Unicom.

Excerpts from Drew FitzGerald and Kate O’Keeffe, U.S. Allows Google Internet Project to Advance Only if Hong Kong Is Cut Out, WSJ, Apr. 9, 2020

Algorithms as Weapons –Tracking,Targeting Nuclear Weapons

 
New and unproved technologies—this time computer systems capable of performing superhuman tasks using machine learning and other forms of artificial intelligence (AI)—threaten to destabilise the global “strategic balance”, by seeming to offer ways to launch a knockout blow against a nuclear-armed adversary, without triggering an all-out war.

A report issued in November by America’s National Security Commission on Artificial Intelligence, a body created by Congress and chaired by Eric Schmidt, a former boss of Google, and Robert Work, who was deputy defence secretary from 2014-17, ponders how AI systems may reshape global balances of power, as dramatically as electricity changed warfare and society in the 19th century. Notably, it focuses on the ability of AI to “find the needle in the haystack”, by spotting patterns and anomalies in vast pools of data…In a military context, it may one day find the stealthiest nuclear-armed submarines, wherever they lurk. The commission is blunt. Nuclear deterrence could be undermined if AI-equipped systems succeed in tracking and targeting previously invulnerable military assets. That in turn could increase incentives for states, in a crisis, to launch a devastating pre-emptive strike. China’s rise as an AI power represents the most complex strategic challenge that America faces, the commission adds, because the two rivals’ tech sectors are so entangled by commercial, academic and investment ties.

Some Chinese officials sound gung-ho about AI as a path to prosperity and development, with few qualms about privacy or lost jobs. Still, other Chinese fret about AI that might put winning a war ahead of global stability, like some game-playing doomsday machine. Chinese officials have studied initiatives such as the “Digital Geneva Convention” drafted by Microsoft, a technology giant. This would require states to forswear cyber-attacks on such critical infrastructure as power grids, hospitals and international financial systems.  AI would make it easier to locate and exploit vulnerabilities in these…

One obstacle is physical. Warheads or missile defences can be counted by weapons inspectors. In contrast, rival powers cannot safely show off their most potent algorithms, or even describe AI capabilities in a verifiable way….Westerners worry especially about so-called “black box” algorithms, powerful systems that generate seemingly accurate results but whose reasoning is a mystery even to their designers.

Excerpts from Chaguan: The Digital Divide, Economist, Jan 18, 2019

Cyber-Attacking Nuclear Plants: the 3 000 cyber bugs

In the first half of 2019 , no country endured more cyber-attacks on its Internet of Things—the web of internet-connected devices and infrastructure—than India did. So asserts Subex, an Indian telecommunications firm, which produces regular reports on cyber-security. Between April and June of 2019, it said, recorded cyber-attacks jumped by 22%, with 2,550 unique samples of malware discovered. Some of that malicious code is turning up in hair-raising places.

On October 28, 2019 reports indicated that malware had been found on the computer systems of Kudankulam Nuclear Power Plant in Tamil Nadu, the newest and largest such power station in India. Pukhraj Singh, a cybersecurity researcher who formerly worked for the National Technical Research Organisation (NTRO), India’s signals-intelligence agency, says he was informed of the malware by an undisclosed third party in September, and notified the government.The attackers, he said, had acquired high-level access and struck “extremely mission-critical targets”…. On October 30, 2019 the body that operates nuclear power plants acknowledged, sheepishly, that a computer had indeed been infected, but it was only an “administrative” one.

Sensitive sites such as power plants typically isolate the industrial-control systems (those that control the workings of a plant) from those connected to the wider internet. They do so using air-gaps (which involve disconnecting the system from the wider world), firewalls (which monitor data-flows for suspicious traffic) or data diodes (which allow information to flow out but not in).

But breaching a computer on the outside of these digital moats is nevertheless troubling. It could have given the attackers access to sensitive emails, personnel records and other details which would, in turn, make it easier to gain access to the more isolated operational part of the plant. America and Israel are thought to have sneaked the devastating Stuxnet virus into Iran’s air-gapped uranium-enrichment plant at Natanz around 2007 by planting a USB stick on a worker, who carried it inside and plugged it in.

The culprit behind the Kudankulam attack is unknown, but left some clues. The malware in question is from a family known as DTrack, which gives attackers an intimate look at what victims are doing—down to their keystrokes. It is typically used to monitor a target, making it easier to deliver further malware. DTrack was originally developed by a group of hackers known as the Lazarus Group, who are widely assumed to be controlled or directed by North Korea.

Excerpts from On the DTrack: A cyber-attack on an Indian nuclear plant raises worrying questions, Economist, Nov. 1, 2019

How to Fool your Enemy: Artificial Intelligence in Conflict

The contest between China and America, the world’s two superpowers, has many dimensions… One of the most alarming and least understood is the race towards artificial-intelligence-enabled warfare. Both countries are investing large sums in militarised artificial intelligence  (AI), from autonomous robots to software that gives generals rapid tactical advice in the heat of battle….As Jack Shanahan, a general who is the Pentagon’s point man for AI, put it last month, “What I don’t want to see is a future where our potential adversaries have a fully ai-enabled force and we do not.”

AI-enabled weapons may offer superhuman speed and precision.  In order to gain a military advantage, the temptation for armies will be to allow them not only to recommend decisions but also to give orders. That could have worrying consequences. Able to think faster than humans, an AI-enabled command system might cue up missile strikes on aircraft carriers and airbases at a pace that leaves no time for diplomacy and in ways that are not fully understood by its operators. On top of that, ai systems can be hacked, and tricked with manipulated data.

AI in war might aid surprise attacks or confound them, and the death toll could range from none to millions.  Unlike missile silos, software cannot be spied on from satellites. And whereas warheads can be inspected by enemies without reducing their potency, showing the outside world an algorithm could compromise its effectiveness. The incentive may be for both sides to mislead the other. “Adversaries’ ignorance of AI-developed configurations will become a strategic advantage,” suggests Henry Kissinger, who led America’s cold-war arms-control efforts with the Soviet Union…Amid a confrontation between the world’s two big powers, the temptation will be to cut corners for temporary advantage. 

Excerpts from Mind control: Artificial intelligence and war, Economist,  Sept. 7, 2019

Example of the Use of AI in Warfare: The Real-time Adversarial Intelligence and Decision-making (RAID) program under the auspices of The Defense Advanced Research Projects Agency’s (DARPA) Information Exploitation Office (IXO)  focuses on the challenge of anticipating enemy actions in a military operation. In the US Air Force community, the term, predictive battlespace awareness, refers to capabilities that would help the commander and staff to characterize and predict likely enemy courses of action…Today’s practices of military intelligence and decision-making do include a number of processes specifically aimed at predicting enemy actions. Currently, these processes are largely manual as well as mental, and do not involve any significant use of technical means. Even when computerized wargaming is used (albeit rarely in field conditions), it relies either on human guidance of the simulated enemy units or on simple reactive behaviors of such simulated units; in neither case is there a computerized prediction of intelligent and forward-looking enemy actions….

[The deception reasoning of the adversary is very important in this context.]  Deception reasoning refers to an important aspect of predicting enemy actions: the fact that military operations are historically, crucially dependent on the ability to use various forms of concealment and deception for friendly purposes while detecting and counteracting the enemy’s concealment and deception. Therefore, adversarial reasoning must include deception reasoning.

The RAID Program will develop a real-time adversarial predictive analysis tool that operates as an automated enemy predictor providing a continuously updated picture of probable enemy actions in tactical ground operations. The RAID Program will strive to: prove that adversarial reasoning can be automated; prove that automated adversarial reasoning can include deception….

Excerpts from Real-time Adversarial Intelligence and Decision-making (RAID), US Federal Grants

Who Owns Your Voice? Grabbing Biometric Data

Increasingly sophisticated technology that detects nuances in sound inaudible to humans is capturing clues about people’s likely locations, medical conditions and even physical features.Law-enforcement agencies are turning to those clues from the human voice to help sketch the faces of suspects. Banks are using them to catch scammers trying to imitate their customers on the phone, and doctors are using such data to detect the onset of dementia or depression.  That has… raised fresh privacy concerns, as consumers’ biometric data is harnessed in novel ways.

“People have known that voice carries information for centuries,” said Rita Singh, a voice and machine-learning researcher at Carnegie Mellon University who receives funding from the Department of Homeland Security…Ms. Singh measures dozens of voice-quality features—such as raspiness or tremor—that relate to the inside of a person’s vocal tract and how an individual voice is produced. She detects so-called microvolumes of air that help create the sound waves that make up the human voice. The way they resonate in the vocal tract, along with other voice characteristics, provides clues on a person’s skull structure, height, weight and physical surroundings, she said.

Nuance’s voice-biometric and recognition software is designed to detect the gender, age and linguistic background of callers and whether a voice is synthetic or recorded. It helped one bank determine that a single person was responsible for tens of millions of dollars of theft, or 18% of the fraud the firm encountered in a year, said Brett Beranek, general manager of Nuance’s security and biometrics business.

Audio data from customer-service calls is also combined with information on how consumers typically interact with mobile apps and devices, said Howard Edelstein, chairman of behavioral biometric company Biocatch. The company can detect the cadence and pressure of swipes and taps on a smartphone.  How a person holds a smartphone gives clues about their age, for example, allowing a financial firm to compare the age of the normal account user to the age of the caller…

If such data collected by a company were improperly sold or hacked, some fear recovering from identity theft could be even harder because physical features are innate and irreplaceable.

Sarah Krouse, What Your Voice Reveals About You, WSJ, Aug. 13, 2019

Who is Afraid of Shamoon? How to Wipe a Country Off the Face of the Earth

Suspected Iranian hackers infiltrated critical infrastructure and government computers in the Persian Gulf nation of Bahrain in July-August  2019, raising fears among leaders in the region that Tehran is stepping up its cyberattacks amid growing tensions…Hackers broke into the systems of Bahrain’s National Security Agency—the country’s main criminal investigative authority—as well as the Ministry of Interior and the first deputy prime minister’s office, according to one of the people familiar with the matter.

On July 25, 2019 Bahrain authorities identified intrusions into its Electricity and Water Authority. The hackers shut down several systems in what the authorities believed was a test run of Iran’s capability to disrupt the country, the person said. “They had command and control of some of the systems,” the person said.  The breaches appeared broadly similar to two hacks in 2012 that knocked Qatar’s natural-gas firm RasGas offline and wiped data from computer hard drives belonging to Saudi Arabia’s Aramco national oil company, a devastating attack that relied on a powerful virus known as Shamoon.  Bahrain is the smallest country in the Persian Gulf, but it is strategically important because it’s the permanent home of the U.S. Navy’s Fifth Fleet and Navy Central Command. It is closely allied with its much larger neighbor, Saudi Arabia, a regional rival of Iran.

The Bahrain authorities haven’t definitively attributed the attack to Iran, but they have been provided intelligence by the U.S. and others suggesting Iran is behind it, the people familiar with the matter said….“In the first half of 2019, the Information & eGovernment Authority successfully intercepted over 6 million attacks and over 830,000 malicious emails. The attempted attacks did not result in downtime or disruption of government services,” 

Excerpt from High-Level Cyber Intrusions Hit Bahrain Amid Tensions With Iran, WSJ, Aug. 7, 2019

Why a Dumb Internet is Best

Functional splintering [of the internet] is already happening. When tech companies build “walled gardens”, they decide the rules for what happens inside the walls, and users outside the network are excluded…

Governments are playing catch-up but they will eventually reclaim the regulatory power that has slipped from their grasp. Dictatorships such as China retained control from the start; others, including Russia, are following Beijing. With democracies, too, asserting their jurisdiction over the digital economy, a fragmentation of the internet along national lines is more likely. …The prospect of a “splinternet” has not been lost on governments. To avoid it, Japan’s G20 presidency has pushed for a shared approach to internet governance. In January 2019, prime minister Shinzo Abe called for “data free flow with trust”. The 2019 Osaka summit pledged international co-operation to “encourage the interoperability of different frameworks”.

But Europe is most in the crosshairs of those who warn against fragmentation…US tech giants have not appreciated EU authorities challenging their business model through privacy laws or competition rulings. But more objective commentators, too, fear the EU may cut itself off from the global digital economy. The critics fail to recognise that fragmentation can be the best outcome if values and tastes fundamentally differ…

If Europeans collectively do not want micro-targeted advertising, or artificial intelligence-powered behaviour manipulation, or excessive data collection, then the absence on a European internet of services using such techniques is a gain, not a loss. The price could be to miss out on some services available elsewhere… More probably, non-EU providers will eventually find a way to charge EU users in lieu of monetising their data…Some fear EU rules make it hard to collect the big data sets needed for AI training. But the same point applies. EU consumers may not want AI trained to do intrusive things. In any case, Europe is a big enough market to generate stripped, non-personal data needed for dumber but more tolerable AI, though this may require more harmonised within-EU digital governance. Indeed, even if stricter EU rules splinter the global internet, they also create incentives for more investment into EU-tailored digital products. In the absence of global regulatory agreements, that is a good second best for Europe to aim for.

Excerpts from Martin Sandbu,  Europe Should Not be Afraid of Splinternet,  FT, July 2, 2019

If You Control Space, You Control Everything: Space as War Domain

The North Atlantic Treaty Organization (NATO) is looking to classify space as a domain for warfare in an attempt to deter China’s growing military power.  If NATO’s proposal succeeds, the international alliance could move forward with the development and use of space weapons.  According to NATO diplomats, the international organization is preparing to release an agreement that will officially declare space as a war domain. This means that aside from land, air and sea, space could also be used for military operations during times of war.

Although NATO’s partner countries currently own 65% of the satellites in space, China is reportedly preparing to launch a massive project that involves releasing constellations of satellites in low Earth orbit.  China Aerospace Science and Industry Corp (CASIC)  is planning to put in orbit 150 or more Hongyun satellites by 2023. Some of these satellites will provide commercial services like high-speed internet while others would be controlled by the Chinese military. These militarized satellites can be used to coordinate ground forces and to track approaching missiles.

“You can have warfare exclusively in space, but whoever controls space also controls what happens on land, on the sea and in the air,” according to Jamie Shea, a former NATO official. “If you don’t control space, you don’t control the other domains either.”

Excerpts from Inigo Monzon , NATO Prepares For Space Warfare By Militarizing Low Earth Orbit, International Business Times, June 24, 2019

US v. China: The Slow and Sure Conquest of Internet Infrastructure


A new front has opened in the battle between the U.S. and China over control of global networks that deliver the internet. This one is beneath the ocean. While the U.S. wages a high-profile campaign to exclude China’s Huawei Technologies Co. from next-generation mobile networks over fears of espionage, the company is embedding itself into undersea cable networks that ferry nearly all of the world’s internet data.

About 380 active submarine cables—bundles of fiber-optic lines that travel oceans on the seabed—carry about 95% of intercontinental voice and data traffic, making them critical for the economies and national security of most countries. 

The Huawei Marine’s Undersea Cable Network majority owned by Huawei Technologies, has worked on some 90 projects to build or upgrade submarine cables around the world…US o fficials say the company’s knowledge of and access to undersea cables could allow China to attach devices that divert or monitor data traffic—or, in a conflict, to sever links to entire nations.  Such interference could be done remotely, via Huawei network management software and other equipment at coastal landing stations, where submarine cables join land-based networks, these officials say.

Huawei Marine said in an email that no customer, industry player or government has directly raised security concerns about its products and operations.Joe Kelly, a Huawei spokesman, said the company is privately owned and has never been asked by any government to do anything that would jeopardize its customers or business. “If asked to do so,” he said, “we would refuse.”

The U.S. has sought to block Huawei from its own telecom infrastructure, including undersea cables, since at least 2012. American concerns about subsea links have since deepened—and spread to allies—as China moves to erode U.S. dominance of the world’s internet infrastructure…..Undersea cables are owned mainly by telecom operators and, in recent years, by such content providers as Facebook and Google. Smaller players rent bandwidth.Most users can’t control which cable systems carry their data between continents. A handful of switches typically route traffic along the path considered best, based on available capacity and agreements between cable operators.

In June 2017, Nick Warner, then head of Australia’s Secret Intelligence Service, traveled to the Solomon Islands, a strategically located South Pacific archipelago. His mission, according to people familiar with the visit, was to block a 2016 deal with Huawei Marine to build a 2,500-mile cable connecting Sydney to the Solomons.  Mr. Warner told the Solomons’ prime minister the deal would give China a connection to Australia’s internet grid through a Sydney landing point, creating a cyber risk, these people said. Australia later announced it would finance the cable link and steered the contract to an Australian company.  In another recent clash, the U.S., Australia and Japan tried unsuccessfully in September 2018 to quash an undersea-cable deal between Huawei Marine and Papua New Guinea.

U.S. and allied officials point to China’s record of cyber intrusions, growing Communist Party influence inside Chinese firms and a recent Chinese law requiring companies to assist intelligence operations. Landing stations are more exposed in poorer countries where cyber defenses tend to be weakest, U.S. and allied officials said. And network management systems are generally operated using computer servers at risk of cyber intrusion. Undersea cables are vulnerable, officials said, because large segments lie in international waters, where physical tampering can go undetected. At least one U.S. submarine can hack into seabed cables, defense experts said. In 2013, former National Security Agency contractor Edward Snowden alleged that Britain and the U.S. monitored submarine cable data. The U.S. and its allies now fear such tactics could be used against them. American and British military commanders warned recently that Russian submarines were operating near undersea cables. In 2018, the U.S. sanctioned a Russian company for supplying Russian spies with diving equipment to help tap seabed cables.


The Ionian Sea Submarine Cable Project (Greece) 

China seeks to build a Digital Silk Road, including undersea cables, terrestrial and satellite links, as part of its Belt and Road plan to finance a new global infrastructure network. Chinese government strategy papers on the Digital Silk Road cite the importance of undersea cables, as well as Huawei’s role in them. A research institute attached to China’s Ministry of Industry and Information Technology, in a paper published in September, praised Huawei’s technical prowess in undersea cable transmission and said China was poised to become “one of the world’s most important international submarine cable communication centers within a decade or two.” China’s foreign and technology ministries didn’t respond to requests for comment…

Huawei Marine Networks

Bjarni Thorvardarson, then chief executive of the cable’s Ireland-based operator, said U.S. authorities raised no objections until 2012, when a congressional report declared Huawei Technologies a national security threat. Mr. Thorvardarson wasn’t convinced. “It was camouflaged as a security risk, but it was mostly about a preference for using U.S. technology,” he said. Under pressure, Mr. Thorvardarson dropped Huawei Marine from Project Express in 2013. The older cable network continued to use Huawei equipment.

The company is now the fourth-biggest player in an industry long dominated by U.S.-based SubCom and Finnish-owned Alcatel Submarine Networks. Japan’s NEC Corp is in third place.Huawei Marine is expected to complete 28 cables between 2015 and 2020—nearly a quarter of all those built globally—and it has upgraded many more, according to TeleGeography, a research company.

Excerpts from America’s Undersea Battle With China for Control of the Global Internet Grid , WSJ, Mar. 12, 2019

The Space Rat Race

India, Japan and other space-faring countries are waking up to a harsh reality: Earth’s orbit is becoming a more dangerous place as the U.S., China and Russia compete for control of the final frontier…New Delhi is nervous because China has made no secret of its desire for influence in the Indian Ocean. China set up a naval base in Djibouti, a gateway to the ocean at the Horn of Africa. It secured a 99-year lease to the port of Hambantota in Sri Lanka. It is deeply involved in development projects in Maldives.

India has established itself as a player in the budget satellite business. It even put a probe into orbit around Mars in 2014, in a U.S.-assisted project that cost just $76 million. But it is scurrying to enhance its ability to monitor China’s activities, and the partnership with Japan is part of this.  Another sign that space is becoming a defense focus for India came on Dec. 19, when the country launched its third military communications satellite, the GSAT-7A. The satellite will connect with ground-based radar, bases and military aircraft, along with drone control networks.

China’s success in landing a craft on the far side of the moon on Jan. 3, 2019 came as a fresh reminder of its growing prowess. In late December, China also achieved global coverage with its BeiDou Navigation Satellite System. Only the U.S., Russia and the European Union had that capability.China aims to launch a Mars explorer in 2020 and complete its own Earth-orbiting space station around 2022.  In the back of Indian and Japanese officials’ minds is likely a stunning test China conducted in 2007. Beijing successfully destroyed one of its own weather satellites with a weapon, becoming only the third nation to pull off such a feat, after the Soviet Union and the U.S.

In December 2018, President Donald Trump ordered the Department of Defense to create a Space Command, widely seen as a precursor to a full-fledged Space Force.  There were 1,957 active satellites orbiting Earth as of Nov. 30, 2018 according to the Union of Concerned Scientists, a nonprofit U.S. advocacy group. America had the most by far, with 849, or 43% of the total. China was No. 2, with 284, followed by Russia with 152.  Japan and India had a combined 132 — 75 for the former and 57 for the latter.

Excerpts fromNUPUR SHAW India and Japan awaken to risks of superpower space race, Nikkei Asian Review, Jan. 8, 2019

Devil’s Idea for Tokyo’s End: Fukushima

By late March 2011… after tsunami struck the Fukushima Daiichi plant—it was far from obvious that the accident was under control and the worst was over. Chief Cabinet Secretary Yukio Edano feared that radioactive material releases from the Fukushima Daiichi plant and its sister plant (Fukushima Daini) located some 12 km south could threaten the entire population of eastern Japan: “That was the devil’s scenario that was on my mind. Common sense dictated that, if that came to pass, then it was the end of Tokyo.”

Prime Minister Naoto Kan asked Dr. Shunsuke Kondo, then-chairman of the Japanese Atomic Energy Commission, to prepare a report on worst-case scenarios from the accidenta .  Dr. Kondo led a 3-day study involving other Japanese experts and submitted his report (Kondo, 2011) to the prime minister on March 25, 2011. The existence of the report was initially kept secret because of the frightening nature of the scenarios it described. An article in the Japan Times quoted a senior government official as saying, “The content [of the report] was so shocking that we decided to treat it as if it didn’t exist.” …

One of the scenarios involved a self-sustaining zirconium cladding fire in the Unit 4 spent fuel pool. Radioactive material releases from the fire were estimated to cause extensive contamination of a 50- to 70-km region around the Fukushima Daiichi plant with hotspots significant enough to require evacuations up to 110 km from the plant. Voluntary evacuations were envisioned out to 200 km because of elevated dose levels. If release from other spent fuel pools occurred, then contamination could extend as far as Tokyo,…There was particular concern that the zirconium cladding fire could produce enough heat to melt the stored fuel, allowing it to flow to the bottom of the pool, melt through the pool liner and concrete bottom, and flow into the reactor building.

Lessons Learned from the Fukushima Daiichi Accident for Spent Fuel Storage: The U.S. nuclear industry and its regulator should give additional attention to improving the ability of plant operators to measure real-time conditions in spent fuel pools and maintain adequate cooling of stored spent fuel during severe accidents and terrorist attacks. These improvements should include hardened and redundant physical surveillance systems (e.g., cameras), radiation monitors, pool temperature monitors, pool water-level monitors, and means to deliver pool makeup water or sprays even when physical access to the pools is limited by facility damage or high radiation levels….

[At nuclear power plants there must be…adequate separation of plant safety and  security systems so that security systems can continue to function independently if safety systems are damaged. In particular, security systems need to have independent, redundant, and protected power sources…]

Excerpts from Lessons Learned from the Fukushima Accident for Improving
Safety and Security of U.S. Nuclear Plants: Phase 2, US National Academies, 2016

Overly Militarized Military: United States

Gray zone security challenges…that fall between the traditional war and peace duality, are characterized by ambiguity about the nature of the conflict, opacity of the parties involved, or uncertainty about the relevant policy and legal frameworks….

The U.S. already possesses the right mix of tools to prevail in the gray zone, but it must think, organize and act differently. Gray zone challenges are not new. Monikers such as irregular warfare, low-intensity conflict, asymmetric warfare, military operations other than war and small wars were employed to describe this phenomenon in the past. …

America spends roughly $600 billion every year on defense, and it is the dominant global power by every objective measure. Yet state and non-state actors (e.g., Russia and Daesh) are increasingly undeterred from acting in ways inimical to the global common good.
State actors like Russia and China reasonably believe we will not use nuclear or conventional military force to thwart their ambitions if they craft their aggressive actions to avoid clear-cut military triggers. Despite their inherent ambiguity, the United States should not be  frustrated by gray zone challenges. Rather, we should aim to achieve favorable outcomes by taking some practical steps to improve our ability to address them.

Our responses to gray zone challenges display several clear deficiencies. As separate U.S. government agencies strive to achieve their individual organizational goals, they seldom act in integrated ways to support wider government objectives….We also need to grow our non-military capabilities. Our gray zone actions are often overly militarized because the Department of Defense has the most capability and resources, and thus is often the default U.S. government answer…. Our counter-Daesh campaign is a perfect example. Thousands of airstrikes helped to check their rapid expansion, but the decisive effort against them will require discrediting their narrative and connecting the people to legitimate governing structures — areas where DoD should not have primacy.

Root Causes: Prudent strategies recognize root causes and address them. Daesh, for example, is merely symptomatic of the much larger problems of massive populations of disaffected Sunnis estranged from legitimate governance and a breakdown in the social order across much of Africa and the Middle East, which will worsen in coming years by economic and demographic trends. Daesh is also a prime example of gray zone challenges, since the legal and policy framework of how to attack a proto-state is highly ambiguous. Coalition aircraft started bombing Daesh in August of 2014, although the authorization for use of military force is still under debate a year later, highlighting the confusion on how to proceed.

[Develop and Nurture Surrogates to Fight China]

For example, China is both antagonistically asserting its questionable claims to specific islands  and atolls in the South China Sea while simultaneously expanding its import of raw materials from Africa. Instead of confronting China in the South China Sea directly, surrogates could, theoretically, be used to hold China’s African interests at risk in order to compel a more  favorable outcome of South China Sea disputes. Thus, the point of action (e.g., Africa) might be far removed from the point of effect (e.g., Asia), but the intent would be to alter the decision-making calculus regardless of geography. To be credible, such an approach requires  prep work every bit as important as the infrastructure behind our nuclear and conventional capabilities. Capable and trustworthy surrogates are the result of years of purposeful relationship nurturing,and the vast majority of the work should take place pre-crisis….

Changing our vocabulary could help yield better decisions in the gray zone. Adopting a business vocabulary and a “SWOT” model (strength, weakness, opportunity and threat) would open other opportunities not available in military decision-making models. Similar to the way businesses decide how to allocate capital, we would necessarily distinguish between opportunities and threats and have at least an estimate of our expected return on investment. Talking and thinking differently about national security in the gray zone would help us measure the oft-ignored opportunity costs and come up with some metric, however imperfect initially, to measure our expected return on investment for defense dollars.

Cost should be a significant up front consideration. For example, we famously refused to provide a cost estimate for Operation Iraqi Freedom, other than to know that $200 billion was ar too high. Assuming we established $200 billion as the top end to “invest” in
Iraq, it would at least force us to review our actions and evaluate our return on investment as we blew through initial estimates on our way to spending in excess of $2 trillion.

Excerpts from the Gray Zone, Special Warfare, Oct-Dec. 2015, Volume 28, Issue 4

The Right Way to Steal

Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare — including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials.   The breaches occurred in January and February  2018, the officials said… The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry.

Taken were 614 gigabytes of material relating to a closely held project known as Sea Dragon, as well as signals and sensor data, submarine radio room information relating to cryptographic systems, and the Navy submarine development unit’s electronic warfare library…This fact raises concerns about the Navy’s ability to oversee contractors tasked with developing ­cutting-edge weapons.

For years, Chinese government hackers have siphoned information on the U.S. military, underscoring the challenge the Pentagon faces in safeguarding details of its technological advances. Over the years, the Chinese have snatched designs for the F-35 Joint Strike Fighter; the advanced Patriot PAC-3 missile system; the Army system for shooting down ballistic missiles known as Terminal High Altitude Area Defense; and the Navy’s new Littoral Combat Ship, a small surface vessel designed for near-shore operations, according to previous reports prepared for the Pentagon.  In some cases, suspected Chinese breaches appear to have resulted in copycat technologies…

Investigators say the hack was carried out by the Chinese Ministry of State Security, a civilian spy agency responsible for counterintelligence, foreign intelligence and domestic political security. The hackers operated out of an MSS division in the province of Guangdong, which houses a major foreign hacking department….

In September 2015, in a bid to avert economic sanctions, Chinese President Xi Jinping pledged to President Barack Obama that China would refrain from conducting commercial cyberespionage against the United States. …Both China and the United States consider spying on military technology to fall outside the pact.

Excerpts from Ellen Nakashima and Paul Sonne, China hacked a Navy contractor and secured a trove of highly sensitive data on submarine warfare, Washington Post, June 8, 2018

Mosaic Warfare: how to fight like a network

DARPA’s Strategic Technology Office (STO) on August 4, 2017 unveiled its updated approach to winning or deterring future conflicts. The foundation of STO’s new strategy rests on the recognition that traditional U.S. asymmetric technology advantage—such as highly advanced satellites, stealth aircraft, or precision munitions—today offer a reduced strategic value because of growing global access to comparable high-tech systems and components, many of which are now commercially available. Additionally, the high cost and sometimes decades-long development timelines for new military systems can’t compete with the fast refresh rate of electronics component technology on the commercial market, which can make new military systems obsolete before they’re delivered.

STO’s updated strategy seeks a new asymmetric advantage—one that imposes complexity on adversaries by harnessing the power of dynamic, coordinated, and highly autonomous composable systems.

“We’ve developed a technology-based vision that would enable highly complex, strategic moves by composing multiple contributing systems to enable what might be thought of as ‘mosaic warfare,’ in which individual components can respond to needs in real time to create desired outcomes,” said Tom Burns, director of STO. “The goal is to fight as a network to create a chain of effects—or, more accurately because these effects are not linear, ‘effects webs’—to deter and defeat adversaries across multiple scales of conflict intensity. This could be anything from conventional force-on-force battles to more nebulous ‘Gray Zone’ conflicts, which don’t reach the threshold of traditional military engagements but can be equally disruptive and subversive.”

U.S. military power has traditionally relied upon monolithic military systems where one type of aircraft, for example, is designed to provide a single end-to-end capability tailored to a very specific warfighting context—and be a significant loss if shot down. In contrast, the composable effects webs concept seeks a mosaic-like flexibility in designing effects for any threat scenario. By using less expensive systems brought together on demand as the conflict unfolds, these effects webs would enable diverse, agile applications—from a kinetic engagement in a remote desert setting, to multiple small strike teams operating in a bustling megacity, or an information operation to counter an adversary spreading false information in a population threatening friendly forces and strategic objectives. Mosiacs can rapidly be tailored to accommodate available resources, adapt to dynamic threats, and be resilient to losses and attrition.

This means that even if an adversary can neutralize a number of pieces of the mosaic, the collective can instantly respond as needed to still achieve the desired, overall effect.”…The mosaic strategy is also anticipated to change the way the military thinks about designing and buying future systems. Instead of spending years or even decades building exquisite, monolithic systems to rigid requirements, future acquisition programs would be able to buy mosaic “tiles” at a rapid, continuous pace. The true power of the new capabilities will come from the composite mosaic effects.

The approach will draw in part on a number of existing DARPA programs that are developing enabling technologies to achieve the challenging mosaic warfare architecture, including: The Complex Adaptive System Composition And Design Environment (CASCADE) program is addressing composition of existing and new systems; the System of Systems Integration Technology and Experimentation (SoSITE) program is focused on integrating the various systems to work together; Distributed Battle Management (DBM) and Resilient Synchronized Planning and Assessment for the Contested Environment (RSPACE) are addressing battle management command and control; and Communications in Contested Environments (C2E) and Dynamic Network Adaptation for Mission Optimization (DyNAMO) are focused on seamless, adaptable communications and networking.

Excerpts from Strategic Technology Office Outlines Vision for “Mosaic Warfare”, DARPA Press Release, Aug. 4, 2017

The Brutal Kangaroos

On June 22nd 2017, WikiLeaks published documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives…

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as “primary host”) and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

Excerpts from Brutal Kangaroo Press Release Wikileaks, June 22, 2017

Firing Back with Vengeance: the NSA Weapons

The strike on IDT, a conglomerate,… was similar to WannaCry in one way: Hackers locked up IDT data and demanded a ransom to unlock it.  But the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines….Were it not for a digital black box that recorded everything on IDT’s network, …the attack might have gone unnoticed.

Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons. Mr. Ben-Oni and other security researchers worry that many of those other infected computers are connected to transportation networks, hospitals, water treatment plants and other utilities…

Both WannaCry and the IDT attack used a hacking tool the agency had code-named EternalBlue. The tool took advantage of unpatched Microsoft servers to automatically spread malware from one server to another, so that within 24 hours… hackers had spread their ransomware to more than 200,000 servers around the globe. The attack on IDT went a step further with another stolen N.S.A. cyberweapon, called DoublePulsar. The N.S.A. used DoublePulsar to penetrate computer systems without tripping security alarms. It allowed N.S.A. spies to inject their tools into the nerve center of a target’s computer system, called the kernel, which manages communications between a computer’s hardware and its software.

In the pecking order of a computer system, the kernel is at the very top, allowing anyone with secret access to it to take full control of a machine. It is also a dangerous blind spot for most security software, allowing attackers to do what they want and go unnoticed. In IDT’s case, attackers used DoublePulsar to steal an IDT contractor’s credentials. Then they deployed ransomware in what appears to be a cover for their real motive: broader access to IDT’s businesses…

But the attack struck Mr. Ben-Oni as unique. For one thing, it was timed perfectly to the Sabbath. Attackers entered IDT’s network at 6 p.m. on Saturday on the dot, two and a half hours before the Sabbath would end and when most of IDT’s employees — 40 percent of whom identify as Orthodox Jews — would be off the clock. For another, the attackers compromised the contractor’s computer through her home modem — strange.

The black box of sorts, a network recording device made by the Israeli security company Secdo, shows that the ransomware was installed after the attackers had made off with the contractor’s credentials. And they managed to bypass every major security detection mechanism along the way. Finally, before they left, they encrypted her computer with ransomware, demanding $130 to unlock it, to cover up the more invasive attack on her computer.

A month earlier, Microsoft had issued a software patch to defend against the N.S.A. hacking tools — suggesting that the agency tipped the company off to what was coming. Microsoft regularly credits those who point out vulnerabilities in its products, but in this case the company made no mention of the tipster. Later, when the WannaCry attack hit hundreds of thousands of Microsoft customers, Microsoft’s president, Brad Smith, slammed the government in a blog post for hoarding and stockpiling security vulnerabilities.  For his part, Mr. Ben-Oni said he had rolled out Microsoft’s patches as soon as they became available, but attackers still managed to get in through the IDT contractor’s home modem.

There are now YouTube videos showing criminals how to attack systems using the very same N.S.A. tools used against IDT, and Metasploit, an automated hacking tool, now allows anyone to carry out these attacks with the click of a button….

“Once DoublePulsar is on the machine, there’s nothing stopping anyone else from coming along and using the back door,” Mr. Dillon said.More distressing, Mr. Dillon tested all the major antivirus products against the DoublePulsar infection and a demoralizing 99 percent failed to detect it.  “We’ve seen the same computers infected with DoublePulsar for two months and there is no telling how much malware is on those systems,” Mr. Dillon said. “Right now we have no idea what’s gotten into these organizations.”..

Could that attack be coming? The Shadow Brokers resurfaced last month, promising a fresh load of N.S.A. attack tools, even offering to supply them for monthly paying subscribers — like a wine-of-the-month club for cyberweapon enthusiasts.

Excerpts from NICOLE PERLROTHJUNE, A Cyberattack ‘the World Isn’t Ready For’,  New York Times, June 20, 2017

Cyberwar: government hackers

The mysterious hacking group that supplied a critical component of the WannaCry “ransomware” software attack that spread across the globe in mid-May 2017 has been releasing alleged National Security Agency secrets for the past eight months.  Former intelligence officials now fear that the hackers, who go by the name Shadow Brokers, are taking a new tack: exposing the identities of the NSA’s computer-hacking team. That potentially could subject these government experts to charges when traveling abroad.

The Shadow Brokers on April 14, 2017 posted on a Russian computer file-sharing site what they said were NSA files containing previously unknown attack tools and details of an alleged NSA hack affecting Middle Eastern and Panamanian financial institutions.

But something went largely unnoticed outside the intelligence community. Buried in the files’ “metadata”—a hidden area that typically lists a file’s creators and editors—were four names. It isn’t clear whether the names were published intentionally or whether the files were doctored. At least one person named in the metadata worked for the NSA, a person familiar with the matter said.  Additionally, the hacking group in April, 2017 sent several public tweets that seemingly threatened to expose the activities of a fifth person, former NSA employee Jake Williams, who had written a blog post speculating the group has ties to Russia… Security experts who have examined the documents believe they contain legitimate information, including code that can be used in hacks, as well as the names of the files’ creators and editors.

Because nation-state hackers might run afoul of other countries’ laws while discharging their duties, they could, if identified, face charges when outside their country. So, to keep their own people safe, governments for decades have abided by a “gentleman’s agreement” that allows government-backed hackers to operate in anonymity, former intelligence officials say….

Some former intelligence officials suggested the U.S. prompted the outing of state-sponsored hackers when it indicted five Chinese military hackers by name in 2014, and more recently brought charges against two officers with Russia’s Federal Security Service over a 2014 Yahoo Inc. breach.  By exposing cyberagents, the Shadow Brokers appear to be taking a page from the U.S. playbook, said Mr. Williams, who worked for the NSA’s Tailored Access Operations hacking group until 2013. An NSA spokesman said the agency doesn’t comment about “most individuals’ possible current, past or future employment with the agency.”  “We’ve fired first,” Mr. Williams said, referring to the U.S. charging the alleged Chinese hackers by name. “This is us taking flak.”…

The documents revealed jealously guarded tactics and techniques the NSA uses to access computer systems…For example, the files include source code for software designed to give its creators remote access to hacked machines, and to evade detection from antivirus software. If the code was created by the NSA, it now gives security professionals a digital fingerprint they can use to track the NSA’s activities prior to the leak.

That could prove disruptive to NSA activities, forcing the agency to consider pulling its software from others’ networks and taking other steps to erase its tracks. And while the information could help companies determine whether they have been hacked by the NSA, it could also be used to create more malicious software. The Shadow Brokers tools, for example, are now being used to install malicious software such as WannaCry on corporate networks.

Mr. Williams initially thought the Shadow Brokers had access only to a limited set of NSA tools. His assessment changed after three tweets directed at him April 9, 2017 included terms suggesting the group had “a lot of operational data or at least operational insight” into his work at the NSA, he said.  The tweets, which are public, are cryptic. They express displeasure over an article Mr. Williams wrote attempting to link the Shadow Brokers to Russia. They also mention apparent software code names, including “OddJob” and “Windows BITS persistence.”…..OddJob is a reference to software released by the Shadow Brokers five days after the tweets. “Windows BITS persistence” is a term whose meaning isn’t publicly known.

Excerpts from In Modern Cyber War, the Spies Can Become Targets, Too, Wall Street Journal, May 25, 2017

 

CIA Hacking Tools

On 7 March 2017, WikiLeaks began its new series of leaks on the U.S. Central Intelligence Agency…code-named “Vault 7” by WikiLeaks..

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones….

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA”…

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation)…. Malware called “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), infests smart TVs, transforming them into covert microphones…  The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.

Attacks against Internet infrastructure and webservers are developed by the CIA’s Network Devices Branch (NDB). The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools, which are described in the examples section below.

Cyber ‘weapons’ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.  Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons’. Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‘hacking’ services…

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa….

If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target’s territory including observation, infiltration, occupation and exploitation...

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity…The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.  With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

Excerpts from, Vault 7: CIA Hacking Tools Revealed, Wikileaks Press Release, Mar. 7, 2017

Power Grid: smart and sensitive

Raytheon Company  and Utilidata have formed a strategic alliance to help power utilities proactively detect, defend against and respond to cyber threats.  The effort will combine Utilidata’s experience in the use of real-time data from the electrical grid to detect and respond to cyber attacks and Raytheon’s expertise in proactive cyber threat hunting, automation and managed security services to provide world-class cybersecurity, analytics and other innovative technologies….

[According to] Scott DePasquale, chairman and CEO of Utilidata. “With more and more devices and systems connected to the internet, and all of them needing electrical power, these challenges are increasing exponentially. This new alliance will help define the future of cybersecurity in the power utilities sector.”  In December 2015, a cyber attack shut down a large section of the Ukrainian power grid – an incident that the Department of Energy identified in the 2017 installment of the Quadrennial Energy Review as an ‘indicator of what is possible.’

Excerpts from  Raytheon, Utilidata to deliver defense-grade cybersecurity for utilities, PRNewswire, Feb. 8, 2017

The Internet: from Subversive to Submissive

Free-Speech advocates were aghast—and data-privacy campaigners were delighted—when the European Court of Justice (ECJ) embraced the idea of a digital “right to be forgotten” in May 2014. It ruled that search engines such as Google must not display links to “inadequate, irrelevant or no longer relevant” information about people if they request that they be removed, even if the information is correct and was published legally.

The uproar will be even louder should France’s highest administrative court, the Conseil d’État, soon decide against Google. The firm currently removes search results only for users in the European Union. But France’s data-protection authority, CNIL, says this is not enough: it wants Google to delete search links everywhere. Europe’s much-contested right to be forgotten would thus be given global reach. The court… may hand down a verdict by January.

The spread of the right to be forgotten is part of a wider trend towards the fragmentation of the internet. Courts and governments have embarked on what some call a “legal arms race” to impose a maze of national or regional rules, often conflicting, in the digital realm
The internet has always been something of a subversive undertaking. As a ubiquitous, cross-border commons, it often defies notions of state sovereignty. A country might decide to outlaw a certain kind of service—a porn site or digital currency, say—only to see it continue to operate from other, more tolerant jurisdictions.

As long as cyberspace was a sideshow, governments did not much care. But as it has penetrated every facet of life, they feel compelled to control it. The internet—and even more so cloud computing, ie, the storage of vast amounts of data and the supply of myriad services online—has become the world’s über-infrastructure. It is creating great riches: according to the Boston Consulting Group, the internet economy (e-commerce, online services and data networks, among other things) will make up 5.3% of GDP this year in G20 countries. But it also comes with costs beyond the erosion of sovereignty. These include such evils as copyright infringement, cybercrime, the invasion of privacy, hate speech, espionage—and perhaps cyberwar.

IIn response, governments are trying to impose their laws across the whole of cyberspace. The virtual and real worlds are not entirely separate. The term “cloud computing” is misleading: at its core are data centres the size of football fields which have to be based somewhere….

New laws often include clauses with extraterritorial reach. The EU’s General Data Protection Regulation will apply from 2018 to all personal information on European citizens, even if the company holding it is based abroad.

In many cases, laws seek to keep data within, or without, national borders. China has pioneered the blocking of internet addresses with its Great Firewall, but the practice has spread to the likes of Iran and Russia. Another approach is “data localisation” requirements, which mandate that certain types of digital information must be stored locally or remain in the country. A new law in Russia, for instance, requires that the personal information of Russian citizens is kept in national databases…Elsewhere, though, data-localisation polices are meant to protect citizens from snooping by foreign powers. Germany has particularly stringent data-protection laws which hamper attempts by the European Commission, the EU’s civil service, to reduce regulatory barriers to the free flow of data between member-states.

Fragmentation caused by government action would be less of a concern if other factors were not also pushing in the same direction–new technologies, such as firewalls and a separate “dark web”, which is only accessible using a special browser. Commercial interests, too, are a dividing force. Apple, Facebook, Google and other tech giants try to keep users in their own “walled gardens”. Many online firms “geo-block” their services, so that they cannot be used abroad….

Internet experts distinguish between governance “of” the internet (all of the underlying technical rules that make it tick) and regulation “on” the internet (how it is used and by whom). The former has produced a collection of “multi-stakeholder” organisations, the best-known of which are ICANN, which oversees the internet’s address system, and the Internet Engineering Task Force, which comes up with technical standards…..

Finding consensus on technical problems, where one solution often is clearly better than another, is easier than on legal and political matters. One useful concept might be “interoperability”: the internet is a network of networks that follow the same communication protocols, even if the structure of each may differ markedly.

Excerpts from Online governance: Lost in the splinternet, Economist, Nov. 5, 2016

Nationalizing the Internet

Seeking to cut dependence on companies such as Google, Microsoft, and LinkedIn, Putin in recent years has urged the creation of domestic versions of everything from operating systems and e-mail to microchips and payment processing. Putin’s government says Russia needs protection from U.S. sanctions, bugs, and any backdoors built into hardware or software. “It’s a matter of national security,” says Andrey Chernogorov, executive secretary of the State Duma’s commission on strategic information systems. “Not replacing foreign IT would be equivalent to dismissing the army.”

Since last year, Russia has required foreign internet companies to store Russian clients’ data on servers in the country. In January 2016 the Kremlin ordered government agencies to use programs for office applications, database management, and cloud storage from an approved list of Russian suppliers or explain why they can’t—a blow to Microsoft, IBM, and Oracle. Google last year was ordered to allow Android phone makers to offer a Russian search engine. All four U.S. companies declined to comment.

And a state-backed group called the Institute of Internet Development is holding a public contest for a messenger service to compete with text and voice apps like WhatsApp and Viber. Russia’s Security Council has criticized the use of those services by state employees over concerns that U.S. spies could monitor the encrypted communications while Russian agencies can’t,,

On Nov. 10, 2016, Russia’s communications watchdog said LinkedIn would be blocked for not following the data-storage rules….. That same day, the Communications Ministry published draft legislation that would create a state-controlled body to monitor .ru domains and associated IP addresses. The proposal would also mandate that Russian internet infrastructure be owned by local companies and that cross-border communication lines be operated only by carriers subject to Russian regulation…

The biggest effect of the Kremlin’s internet campaign can be seen in the Moscow city administration, which is testing Russian-made e-mail and calendar software MyOffice Mail on 6,000 machines at City Hall. The city aims to replace Microsoft Outlook with the homegrown alternative, from Moscow-based New Cloud Technologies, on as many as 600,000 computers in schools, hospitals, and local agencies….“Money from Russian taxpayers and state-controlled companies should be spent primarily on domestic software,” Communications Minister Nikolay Nikiforov told reporters in September. “It’s a matter of jobs, of information security, and of our strategic leadership in IT.”

Excerpts from Microsoft Isn’t Feeling Any Russian Thaw, Bloomberg, Nov. 17, 2016

Drones Talk Like Wolves

From the DARPA website:

CODE intends to focus on developing and demonstrating improvements in collaborative autonomy—the capability of groups of UAS to work together under a single person’s supervisory control. The unmanned vehicles would continuously evaluate their own states and environments and present recommendations for coordinated UAS actions to a mission supervisor, who would approve or disapprove such team actions and direct any mission changes. Using collaborative autonomy,

CODE’s envisioned improvements to collaborative autonomy would help transform UAS operations from requiring multiple operators for each UAS to having one mission commander simultaneously directing all of the unmanned vehicles required for the mission. …

CODE’s prototype human-system interface (HSI) is designed to allow a single person to visualize, supervise, and command a team of unmanned systems in an intuitive manner. Mission commanders can know their team’s status and tactical situation, see pre-planned and alternative courses of action, and alter the UASs’ activities in real time.  For example, the mission commander could pick certain individual UASs from a team, circle them on the command station display, say “This is Group 1,” circle another part of the map, and say “Group 1 search this area.”

Companies involved Lockheed Martin Corporation (Orlando, Fla.) and the Raytheon Company (Tucson, Ariz.).  Also:

  • Daniel H. Wagner Associates (Hampton, Va.)
  • Smart Information Flow Technologies, LLC (Minneapolis, Minn.)
  • Soar Technology, Inc. (Ann Arbor, Mich.)
  • SRI International (Menlo Park, Calif.)
  • Vencore Labs dba Applied Communication Sciences (Basking Ridge, N.J.)

 

Excerpts from CODE Takes Next Steps toward More Sophisticated, Resilient, and Collaborative Unmanned Air Systems

Messaging Secrecy: US Military

The United States Department of Defense and DARPA [seek to establish] a secure messaging system that can provide repudiation or deniability, perfect forward and backward secrecy, time to live/self delete for messages, one time eyes only messages, a decentralized infrastructure to be resilient to cyber-attacks, and ease of use for individuals in less than ideal situations….The messaging platform will transfer messages via a secure decentralized protocol that will be secured across multiple channels, including but not limited to: 1) Transport protocol, 2) Encryption of messages via various application protocols, 3) Customized blockchain implementation of message deconstruction and reconstruction, and decentralized ledger implementation

Excerpts from SBIR.defense business. org

Unhackable GPS

South Korea has revived a project to build a backup ship navigation system that would be difficult to hack after a recent wave of GPS signal jamming attacks it blamed on North Korea disrupted fishing vessel operations, officials say.Global Positioning System (GPS) and other electronic navigation aids are vulnerable to signal loss from solar weather effects, radio and satellite interference and deliberate jamming.

South Korea, which says it has faced repeated attempts by the rival North to interfere with satellite signals, will award a 15 billion won ($13 million) contract this month to secure technology required to build an alternative land-based radio system called eLoran (enhanced LOng-RAnge Navigation), which it hopes will provide reliable alternative position and timing signals for navigation….

GPS vulnerability poses security and commercial risks, especially for ships whose crews are not familiar with traditional navigation techniques or using paper charts.The General Lighthouse Authorities of the UK and Ireland, which tried to pioneer an eLoran system in Europe, conducted simulated communications attacks on ships at sea and said the results “demonstrated the devastating effects of jamming on the ships’ electronic bridge systems”.The United States, Russia and India are all looking into deploying versions of eLoran, which sends a much stronger signal and is harder to jam, as backup.

Installing an eLoran receiver and antenna on a ship would cost thousands of dollars, although cheaper options could include incorporating eLoran systems into satnav devices, according to technical specialists.

Excerpts from South Korea Revives GPS Backup After Cyber Attack  , euters, May 1, 2016

Hacking German Nuclear Plants

A computer virus has been found in a nuclear power plant in Bavaria…The virus was found in Block B of the nuclear reactor at Gundremmingen in western Bavaria, a statement released by the power plant said.  The malware is well known to IT specialists and it attempts to create a connection to the internet without the user of the computer choosing to do so, the statement added…[T]he virus posed no danger to the public as all the computers which are responsible for controlling the plant are disconnected from one another and not connected to the internet. The virus is also not capable of manipulating the functions of the power plant, the statement claims. State authorities have been informed about the issues and specialists from the energy firm RWE are examining the computer system to asses how it became infected with the virus..

Germans are very sensitive to the dangers of nuclear technology… As recent as 2010, officials found traces of radioactivity connected to the 1986 Chernobyl catastrophe in German wildlife, like wild boar…Shortly after the Fukushima meltdown in 2011, Chancellor Angela Merkel announced that the country would phase out nuclear power by 2021…

Several newspapers reported that the terrorists behind the Paris attacks had the plans for a German nuclear facility, a claim later denied by German intelligence. Then, days later, it was found that inspectors responsible for carrying out safety checks at two nuclear plants had submitted fake reports.

Excerpts from Computer Virus in Bavarian Nuclear Plant, http://www.thelocal.de/, Apr. 26, 2016

Biometrics: Behavioral and Physical

From DARPA pdf document available at  FedBizOpps. Gov Enhanced Attribution
Solicitation Number: DARPA-BAA-16-34

Malicious actors in cyberspace currently operate with little fear of being caught due to the fact that it is extremely difficult, in some cases perhaps even impossible, to reliably and confidently attribute actions in cyberspace to individuals. The reason cyber attribution is difficult stems at least in part from a lack of end-to-end accountability in the current Internet infrastructure…..The identities of malicious cyber operators are largely obstructed by the use of multiple layers of indirection… The lack of detailed information about the actions and identities of the adversary cyber operators inhibits policymaker considerations and decisions for both cyber and non-cyber response options (e.g., economic sanctions under EO-13694).

The DARPA’s Enhanced Attribution program aims to make currently opaque malicious cyber adversary actions and individual cyber operator attribution transparent by providing high-fidelity visibility into all aspects of malicious cyber operator actions and to increase the Government’s ability to publicly reveal the actions of individual malicious cyber operators without damaging sources and methods….

The program seeks to develop:

–technologies to extract behavioral and physical biometrics from a range of devices and
vantage points to consistently identify virtual personas and individual malicious cyber
operators over time and across different endpoint devices and C2 infrastructures;
–techniques to decompose the software tools and actions of malicious cyber operators into semantically rich and compressed knowledge representations;
–scalable techniques to fuse, manage, and project such ground-truth information over time,toward developing a full historical and current picture of malicious activity;

–algorithms for developing predictive behavioral profiles within the context of cyber campaigns; and
–technologies for validating and perhaps enriching this knowledge base with other sources of data, including public and commercial sources of information.

Excerpts from Enhanced Attribution, Solicitation Number: DARPA-BAA-16-34, April 22, 2016

Nuclear Power Crossing Borders: Belgium-Germany

Germany asked Belgium to take Engie SA’s Tihange-2 and Doel-3 atomic plants offline until the safety concerns can be addressed, Environment Minister Barbara Hendricks said on April 20, 2016 in an emailed statement. The two facilities, which were shut for investigations for 20 months, are safe to operate, Belgium’s nuclear regulator AFCN said in response to the request…

Engie’s Belgian unit Electrabel operates the two reactors. AFCN decided Nov. 17, 2015 that the reactors were safe to restart after investigations of the steel walls of the reactor vessels. With the approval, AFCN concluded the defects don’t affect safety. The two units account for about 14 percent of the nation’s installed power capacity…

Germany is phasing out nuclear energy in the wake of the Fukushima meltdowns in Japan in 2011, instead developing an energy market built on wind and solar power. The nation is set to close down its remaining eight reactors by 2022.

The plants resumed output by the end of last year. Germany wasn’t satisfied with AFCN’s assessment and called for a Belgium-German working group and for the national independent reactor safety commission, known as RSK, to examine the security issue. The commission concluded that in case of an incident it is unclear that safety provisions are adequate….Doel-3 has a capacity of 1,006 megawatts, while Tihange-2 has a capacity of 1,008 megawatts. The units have permission to operate until their retirement on Oct. 1, 2022, and Feb. 1, 2023, respectively, according to AFCN’s website

Excerpts In unprecedented move, Germany asks Belgium to halt two reactors over safety concerns, Bloomberg, Apr. 20, 2016

Hacking the Power Grid

In Ukraine on Dec. 23, 2015 the power suddenly went out for thousands of people in the capital, Kiev, and western parts of the country. While technicians struggled for several hours to turn the lights back on, frustrated customers got nothing but busy signals at their utilities’ call centers….Hackers had taken down almost a quarter of the country’s power grid, claimed Ukrainian officials.  Specifically, the officials blamed Russians for tampering with the utilities’ software, then jamming the power companies’ phone lines to keep customers from alerting anyone….Several of the firms researching the attack say signs point to Russians as the culprits. The malware found in the Ukrainian grid’s computers, BlackEnergy3, is a known weapon of only one hacking group—dubbed Sandworm by researcher ISight Partners—whose attacks closely align with the interests of the Russian government. The group carried out attacks against the Ukrainian government and NATO in 2014…

The more automated U.S. and European power grids are much tougher targets. To cloak Manhattan in darkness, hackers would likely need to discover flaws in the systems the utilities themselves don’t know exist before they could exploit them. In the Ukrainian attack, leading security experts believe the hackers simply located the grid controls and delivered a command that shut the power off. Older systems may be more vulnerable to such attacks, as modern industrial control software is better at recognizing and rejecting unauthorized commands, says IOActive’s Larsen.

That said, a successful hack of more advanced U.S. or European systems would be a lot harder to fix. Ukrainian utility workers restored power by rushing to each disabled substation and resetting circuit breakers manually. Hackers capable of scrambling New York’s power plant software would probably have to bypass safety mechanisms to run a generator or transformer hotter than normal, physically damaging the equipment. That could keep a substation offline for days or weeks, says Michael Assante, former chief security officer for the nonprofit North American Electric Reliability.

Hackers may have targeted Ukraine’s grid for the same reason NATO jets bombed Serbian power plants in 1999: to show the citizenry that its government was too weak to keep the lights on. The hackers may even have seen the attack as in-kind retaliation after sabotage left 1.2 million people in Kremlin-controlled Crimea without lights in November 2015. In that case, saboteurs blew up pylons with explosives, then attacked the repair crews that came to fix them, creating a blackout that lasted for days. Researchers will continue to study the cyber attack in Ukraine, but the lesson may be that when it comes to war, a bomb still beats a keyboard.

Excerpts How Hackers Took Down a Power Grid, Bloomberg Business Week, Jan. 14, 2016

United States Military Strategy: 2015 and beyond

The United States [is developing]  a “third offset strategy”… It is the third time since the second world war that America has sought technological breakthroughs to offset the advantages of potential foes and reassure its friends. The first offset strategy occurred in the early 1950s, when the Soviet Union was fielding far larger conventional forces in Europe than America and its allies could hope to repel. The answer was to extend America’s lead in nuclear weapons to counter the Soviet numerical advantage—a strategy known as the “New Look”.

A second offset strategy was conceived in the mid-1970s. American military planners, reeling from the psychological defeat of the Vietnam war, recognised that the Soviet Union had managed to build an equally terrifying nuclear arsenal. They had to find another way to restore credible deterrence in Europe. Daringly, America responded by investing in a family of untried technologies aimed at destroying enemy forces well behind the front line. Precision-guided missiles, the networked battlefield, reconnaissance satellites, the Global Positioning System (GPS) and radar-beating “stealth” aircraft were among the fruits of that research…The second offset strategy,  the so-called “revolution in military affairs” was hammered home in 1991 during the first Gulf war. Iraqi military bunkers were reduced to rubble and Soviet-style armoured formations became sitting ducks. Watchful Chinese strategists, who were as shocked as their Soviet counterparts had been, were determined to learn from it.

The large lead that America enjoyed then has dwindled. Although the Pentagon has greatly refined and improved the technologies that were used in the first Gulf war, these technologies have also proliferated and become far cheaper. Colossal computational power, rapid data processing, sophisticated sensors and bandwidth—some of the components of the second offset—are all now widely available.

And America has been distracted. During 13 years of counter-insurgency and stabilisation missions in Afghanistan and Iraq, the Pentagon was more focused on churning out mine-resistant armoured cars and surveillance drones than on the kind of game-changing innovation needed to keep well ahead of military competitors. America’s combat aircraft are 28 years old, on average. Only now is the fleet being recapitalised with the expensive and only semi-stealthy F-35 Joint Strike Fighter.  China, in particular, has seized the opportunity to catch up. With a defence budget that tends to grow by more than 10% a year, it has invested in an arsenal of precision short- to medium-range ballistic and cruise missiles, submarines equipped with wake-homing torpedoes and long-range anti-ship missiles, electronic warfare, anti-satellite weapons, modern fighter jets, integrated air defences and sophisticated command, control and communications systems.

The Chinese call their objective “winning a local war in high-tech conditions”. In effect, China aims to make it too dangerous for American aircraft-carriers to operate within the so-called first island chain (thus pushing them out beyond the combat range of their tactical aircraft) and to threaten American bases in Okinawa and South Korea. American strategists call it “anti-access/area denial”, or A2/AD.  The concern for America’s allies in the region is that, as China’s military clout grows, the risks entailed in defending them from bullying or a sudden aggressive act—a grab of disputed islands to claim mineral rights, say, or a threat to Taiwan’s sovereignty—will become greater than an American president could bear. Some countries might then decide to throw in their lot with the regional hegemon.

Although China is moving exceptionally quickly, Russia too is modernising its forces after more than a decade of neglect. Increasingly, it can deploy similar systems. Iran and North Korea are building A2/AD capabilities too, albeit on a smaller scale than China. Even non-state actors such as Hizbullah in Lebanon and Islamic State in Syria and Iraq are acquiring some of the capabilities that until recently were the preserve of military powers.

Hence the need to come up with a third offset strategy.….America needs to develop new military technologies that will impose large costs on its adversaries

The programme needs to overcome at least five critical vulnerabilities.

  • The first is that carriers and other surface vessels can now be tracked and hit by missiles at ranges from the enemy’s shore which could prevent the use of their cruise missiles or their tactical aircraft without in-flight refuelling by lumbering tankers that can be picked off by hostile fighters.
  • The second is that defending close-in regional air bases from a surprise attack in the opening stages of a conflict is increasingly hard.
  • Third, aircraft operating at the limits of their combat range would struggle to identify and target mobile missile launchers.
  • Fourth, modern air defences can shoot down non-stealthy aircraft at long distances.
  • Finally, the satellites America requires for surveillance and intelligence are no longer safe from attack.

It is an alarming list. Yet America has considerable advantages…. Those advantages include unmanned systems, stealthy aircraft, undersea warfare and the complex systems engineering that is required to make everything work together.

Over the next decade or so, America will aim to field unmanned combat aircraft that are stealthy enough to penetrate the best air defences and have the range and endurance to pursue mobile targets. Because they have no human pilots, fewer are needed for training. Since they do not need to rest, they can fly more missions back to back. And small, cheaper American drones might be used to swarm enemy air defences.

Drones are widespread these days, but America has nearly two decades of experience operating them. And the new ones will be nothing like the vulnerable Predators and Reapers that have been used to kill terrorists in Yemen and Waziristan. Evolving from prototypes like the navy’s “flying wing” X-47B and the air force’s RQ-180, they will be designed to survive in the most hostile environments. The more autonomous they are, the less they will have to rely on the control systems that enemies will try to disrupt—though autonomy also raises knotty ethical and legal issues.

Some of the same technologies could be introduced to unmanned underwater vehicles. These could be used to clear mines, hunt enemy submarines in shallow waters, for spying and for resupplying manned submarines, for example, with additional missiles. They can stay dormant for long periods before being activated for reconnaissance or strike missions. Big technical challenges will have to be overcome:.. [T]he vehicles will require high-density energy packs and deep undersea communications.

Contracts will be awarded this summer for a long-range strike bomber, the first new bomber since the exotic and expensive B-2 began service two decades ago. The B-3, of which about 100 are likely to be ordered, will also have a stealthy, flying-wing design…

If surface vessels, particularly aircraft-carriers, are to remain relevant, they will need to be able to defend themselves against sustained attack from precision-guided missiles. The navy’s Aegis anti-ballistic missile-defence system is capable but expensive: each one costs $20m or so. If several of them were fired to destroy an incoming Chinese DF-21D anti-ship ballistic missile, the cost for the defenders might be ten times as much as for the attackers.

If carriers are to stay in the game, the navy will have to reverse that ratio. Hopes are being placed in two technologies: electromagnetic rail guns, which fire projectiles using electricity instead of chemical propellants at 4,500mph to the edge of space, and so-called directed-energy weapons, most likely powerful lasers. The rail guns are being developed to counter ballistic missile warheads; the lasers could protect against hypersonic cruise missiles. In trials, shots from the lasers cost only a few cents. The navy has told defence contractors that it wants to have operational rail guns within ten years.

Defending against salvoes of incoming missiles will remain tricky and depend on other technological improvements, such as compact long-range radars that can track multiple targets. Finding ways to protect communications networks, including space-based ones, against attack is another priority. Satellites can be blinded by lasers or disabled by exploding missiles. One option would be to use more robust technologies to transmit data—such as chains of high-altitude, long-endurance drones operating in relays….

As Elbridge Colby of the Centre for a New American Security argues: “The more successful the offset strategy is in extending US conventional advantages, the more attractive US adversaries will find strategies of nuclear escalation.” The enemy always gets a vote.

Weapons Technology: Who’s Afraid of America, Economist, June 13, 2015, at 57.

Iran Wants to Be North Korea: nuclear weapons

The US tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons programme five years  (2010) ago but ultimately failed, according to people familiar with the covert campaign.  The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear programme in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uraniumc. Reuters and others have reported that the Iran attack was a joint effort by US and Israeli forces.

According to one US intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine…But the National Security Agency-led campaign was stymied by North Korea’s utter secrecy, as well as the extreme isolation of its communications systems...North Korea has some of the most isolated communications networks in the world. Just owning a computer requires police permission, and the open internet is unknown except to a tiny elite. The country has one main conduit for internet connections to the outside world, through China.  In contrast, Iranians surfed the net broadly and had interactions with companies from around the globe.

The US has launched many cyber espionage campaigns, but North Korea is only the second country, after Iran, that the NSA is now known to have targeted with software designed to destroy equipment.

Experts in nuclear programmes said there were similarities between North Korea and Iran’s operations, and the two countries continue to collaborate on military technology. Both countries use a system with P-2 centrifuges, obtained by Pakistani nuclear scientist AQ Khan, who is regarded as the father of Islamabad’s nuclear bomb, they said. Like Iran, North Korea probably directs its centrifuges with control software developed by Siemens AG that runs on Microsoft Corp’s Windows operating system, the experts said. Stuxnet took advantage of vulnerabilities in both the Siemens and Microsoft programmes…

Despite modest differences between the programmes, “Stuxnet can deal with both of them. But you still need to get it in,” said Olli Heinonen, senior fellow at Harvard University’s Belfer Center for Science and International Affairs and former deputy director general of the International Atomic Energy Agency…

The Stuxnet campaign against Iran, code-named Olympic Games, was discovered in 2010. It remains unclear how the virus was introduced to the Iranian nuclear facility in Natanz, which was not connected to the Internet.,,,According to cybersecurity experts, Stuxnet was found inside industrial companies in Iran that were tied to the nuclear effort. As for how Stuxnet got there, a leading theory is that it was deposited by a sophisticated espionage programme developed by a team closely allied to Stuxnet’s authors, dubbed the Equation Group by researchers at Kaspersky Lab…

In addition, North Korea likely has plutonium, which does not require a cumbersome enrichment process depending on the cascading centrifuges that were a fat target for Stuxnet, they said.

Excerpts from NSA tried Stuxnet cyber-attack on North Korea five years ago but failed, Reuters, May 29, 2015

The Cyber-Intelligence Ruling Class

[The] Intelligence National Security Alliance. INSA is a powerful but 
little-known coalition established in 2005 by companies working for the National Security Agency. In recent years, it has become the premier organization for the men and women who run the massive cyberintelligence-industrial complex that encircles Washington, DC…[One such company is founded by]  former Navy SEAL named Melchior Baltazar, the CEO of an up-and-coming company called SDL Government. Its niche, an eager young flack explained, is providing software that military agencies can use to translate hundreds of thousands of Twitter and Facebook postings into English and then search them rapidly for potential clues to terrorist plots or cybercrime.

It sounded like the ideal tool for the NSA. Just a few months earlier, Snowden had leaked documents revealing a secret program called PRISM, which gave the NSA direct access to the servers of tech firms, including Facebook and Google. He had also revealed that the NSA and its British counterpart, the GCHQ, had special units focused on cracking encryption codes for social media globally….

This small company, and INSA itself, are vivid examples of the rise of a new class in America: the cyberintelligence ruling class.  These are the people—often referred to as “intelligence professionals”—who do the actual analytical and targeting work of the NSA and other agencies in America’s secret government. Over the last 15 years, thousands of former high-ranking intelligence officials and operatives have left their government posts and taken up senior positions at military contractors, consultancies, law firms, and private-equity firms. In their new jobs, they replicate what they did in government—often for the same agencies they left. But this time, their mission is strictly for-profit.

Take Olsen, who served as general counsel for the NSA and as a top lawyer for the Justice Department before joining the National Counter-Terrorism Center (NCTC). He is now the president for consulting services of IronNet Cybersecurity, the company founded last year by Army Gen. Keith Alexander, the longest-
serving director in the history of the NSA. The  firm is paid up to $1 million a month to consult with major banks and financial institutions in a “cyber war council” that will work with the NSA, the Treasury Department, and other agencies to deter cyberattacks that “could trigger financial panic,” Bloomberg reported last July 2014.

Some members of this unique class are household names. Most cable-news viewers, for example, are familiar with Michael Chertoff and Michael Hayden, two of the top national-security officials in the Bush administration. In 2009, they left their positions at the Justice Department and the NSA, respectively, and created the Chertoff Group, one of Washington’s largest consulting firms, with a major emphasis on security..

Well, enough, you might say: Isn’t this simply a continuation of Washington’s historic revolving door? The answer is no. As I see it, the cyberintelligence- industrial complex is qualitatively different from—and more dangerous than—the military-industrial complex identified by President Eisenhower in his famous farewell address. This is because its implications for democracy, inequality, and secrecy are far more insidious….To confront the surveillance state, we also have to confront the cyberintelligence ruling class and expose it for what it really is: a joint venture of government officials and private-sector opportunists with massive power and zero accountability.

Excerpts from Tim Shorrock, How Private Contractors Have Created a Shadow NSA, Nation, May  27, 2015.

Forecast a CyberAtttack: IARPA

From the website of IARPA (Intelligence Advanced Research Projects Activity (IARPA) — a US research agency under the Director of National Intelligence.

“Approaches to cyber defense typically focus on post-mortem analysis of the various attack vectors utilized by adversaries. As attacks have evolved and increased over the years, established approaches (e.g., signature-based detection, anomaly detection) have not adequately enabled cybersecurity practitioners to get ahead of these threats. This has led to an industry that has invested heavily in analyzing the effects of cyber-attacks instead of analyzing and mitigating the “cause” of cyber-attacks,

The CAUSE   (Cyber-attack Automated Unconventional Sensor Environment)Program seeks to develop cyber-attack forecasting methods and detect emerging cyber phenomena to assist cyber defenders with the earliest detection of a cyber-attack (e.g., Distributed Denial of Service (DDoS), successful spearphishing, successful drive-by, remote exploitation, unauthorized access, reconnaissance). T

he CAUSE Program aims to develop and validate unconventional multi-disciplined sensor technology (e.g., actor behavior models, black market sales) that will forecast cyber-attacks and complement existing advanced intrusion detection capabilities. Anticipated innovations include: methods to manage and extract huge amounts of streaming and batch data, the application and introduction of new and existing features from other disciplines to the cyber domain, and the development of models to generate probabilistic warnings for future cyber events. Successful proposers will combine cutting-edge research with the ability to develop robust forecasting capabilities from multiple sensors not typically used in the cyber domain…”

Excerpt from IARPA website

 

U.S. Military Spending 2015

U.S. Deputy Defense Secretary Robert Work on Wednesday, Jan. 28, 2015 urged NATO allies to develop and make more innovative weapons, and said bold action was needed to stay ahead of rapid weapons development by China, Russia and other countries.  Work said the Pentagon has a new plan called “Defense Innovation Initiative” and a separate effort targeting longer-term projects to ensure that the United States continues to have a decisive competitive advantage against potential foes.

Work said concerns about advances by other countries were a key reason that the Pentagon’s fiscal 2016 budget plan to be delivered to Congress will exceed budget caps set by Congress and reverse five years of declines in U.S. military spending.   He said the budget would include “significant” investments in nuclear weapons, space control capabilities, advanced sensors, missile defense and cyber, as well as unmanned undersea vehicles, high-speed strike weapons, a new jet engine, high-energy lasers and rail gun technology…..Lockheed Martin Corp  and Boeing  and other key weapons makers have repeatedly urged the Pentagon to step up investments in key technologies….

Kendall said the department would also earmark funds for development and prototyping of a new “next-generation X-plane” that would eventually succeed the F-35 fighter jet, and a new engine.

Excerpts, ANDREA SHALAL, Pentagon official urges NATO to focus on innovative weapons. Jan 28, 2015

Hacked to be Framed: N. Korea – Wapomi Worm

Foreign hackers could have broken into North Korean computers and used them to make the country look responsible for hacking Sony, experts have said.  Any attempt to blame North Korea for the attack because hackers used a North Korean IP address “must be treated as suspect”, security firm Cloudmark said. That is one of the reasons that the FBI has given for suspecting the country for the attack, which took down Sony Pictures’ systems for weeks.  Security experts have continued to be dubious of the claim, but FBI officials have continued to blame North Korea.

The country has a very small connection to the internet, run by its national telecom ministry and a Thai firm. As a demonstration of how few connections North Korea has to the internet, Cloudmark said that it has the same amount of IP addresses allocated to it as the entire country.  Cloudmark said that the North Korean addresses it traces tend to send out spam, which is usually the sign of an infected machine. It identified the Wapomi worm, which is transmitted by USB drives and file server shares, as the code that is allowing outside people to control the machine.

While there is no guarantee that the same worm is present on the computers that have carried out the attack, the prevalence of infected computers in the country shows how easy it could have been for Sony’s hackers to give the impression they were based on North Korea.  Cloud mark said that “unless the FBI releases more specific details of their case against North Korea, including email headers and mail server logs, some experts will continue to question if they are in fact correct”.

ANDREW GRIFFIN ,North Korea might have been hacked to frame it for Sony cyberattack, say experts, Independent, January 12, 2015

How to Manipulate People in War

“We have, in my view, exquisite capabilities to kill people,” said Lt. Gen. Charles Cleveland. “We need exquisite capabilities to manipulate them.”  Psychological subtlety and the US military don’t always go hand-in-hand. Worldwide, we’ve become better known for drone strikes and Special Operations raids to kill High Value Targets. But that wasn’t enough for the last 13 years of war, according to a RAND study …“We’ve built a great apparatus for terrorism and to some degree we’ve got to be careful that doesn’t create blind spots,” Cleveland said… during a panel discussion at RAND. “There’s a cottage industry that’s built up around it [counter-terrorism]. You run the risk of basically taking on an entrenched infrastructure” whenever you try to broaden the focus killing and capturing the bad guys, he said, but we have to try.

“I don’t think we understand completely the fight we’re in,” Cleveland said. …In the US, though, “we’re horrible at ‘influence operations,’” said Cleveland. The US approach is “fractured” among multiple specialties and organizations, he said. Some key elements are in Cleveland’s USASOC — civil affairs, for example, and Military Information Support Operations (MISO), formerly known as psychological operations — while others lie entirely outside — such as cyber and electronic warfare.

To the extent US forces address psychology, propaganda, and politics at all, we tend to do it as an afterthought. “We routinely write a plan for kinetic action, and buried in there is the information operations annex,” said William Wechsler, deputy assistant secretary of Defense for special operations and combating terrorism. “Many times, it should be the opposite…. When you’re dealing with these types of adversaries [e.g. ISIL], that is often the decisive line of operations.”

That’s just one example of how the US ties its own hands with organizations, processes, even laws — indeed, an entire national security culture — designed for a very different kind of warfare. All warfare is a clash of wills, Clausewitz famously said, but Americans tend to fixate on technology and targets, not winning — or intimidating — hearts and minds….” Even when unconditional surrender is the goal, victory always means convincing the enemy to stop fighting….

Likewise, local partners are rarely reliable allies, but they aren’t the enemy either. Commanders need to understand the good, bad, and ugly of partners who may be corrupt, inept, or grinding their own political axes on the heads of rival ethnic groups. US intelligence, however, is still geared to figuring out “the enemy,” defined as a clear-cut foe. “…Where combat advisors are allowed, their roles must be negotiated between the host government and the US country by country, case by case, and there are usually strict restrictions — often imposed by American political leaders fearful of putting US troops in harm’s way.  “Putting people on the ground to do this kind of work is inherently more risky than flying an Unmanned Aerial Vehicle and dropping a Hellfire, but we have to learn how to accept that risk, because this at the end of the day is much more often the decisive line of operation,” said Wechsler….

“We are shooting behind the target in almost every case,” said Hix, because we have to grind through our methodical, outdated planning process while adversaries innovate. A new Joint Concept does away with the traditional “Phase 0″ through “Phase 5″ system, which conceives the world in terms of before, during, and after major conflicts, Hix told me after the panel. In the new world disorder, “we need those resources and authorities in what we consider to be ‘peace,”” he said. If you don’t have them, he warned, “your enemy’s playing chess while you’re playing checkers.”

By SYDNEY J. FREEDBERG JR., Killing Is Not Enough: Special Operators, Breaking Defense, Dec. 16, 2014

DARPA for Transparent Computing

From the DARPA website
Modern computing systems act as black boxes in that they accept inputs and generate outputs but provide little to no visibility of their internal workings. This greatly limits the potential to understand...advanced persistent threats (APTs). APT adversaries act slowly and deliberately over a long period of time to expand their presence in an enterprise network and achieve their mission goals (e.g., information exfiltration, interference with decision making and denial of capability). Because modern computing systems are opaque, APTs can remain undetected for years if their individual activities can blend with the background “noise” inherent in any large, complex environment. ..

The Transparent Computing (TC) program aims to make currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction, while imposing minimal performance overhead. The program will develop technologies to record and preserve the provenance of all system elements/components (inputs, software modules, processes, etc.); dynamically track the interactions and causal dependencies among cyber system components; assemble these dependencies into end-to-end system behaviors; and reason over these behaviors, both forensically and in real-time. By automatically or semi-automatically “connecting the dots” across multiple activities that are individually legitimate but collectively indicate malice or abnormal behavior, TC has the potential to enable the prompt detection of APTs and other cyber threats, and allow complete root cause analysis and damage assessment once adversary activity is identified. In addition, the TC program will integrate its basic cyber reasoning functions in an enterprise-scale cyber monitoring and control construct that enforces security policies at key ingress/exit points, e.g., the firewall.

Excerpt from http://www.darpa.mil/Our_Work/I2O/Programs/Transparent_Computing.aspx

CyberWeapons: Regin Malware

An advanced piece of malware, newly uncovered, has been in use since as early as 2008 to spy on governments, companies and individuals, Symantec said in a report .  The Regin cyberespionage tool uses several stealth features to avoid detection, a characteristic that required a significant investment of time and resources and that suggests it’s the product of a nation-state, Symantec warned, without hazarding a guess about which country might be behind it. The malware’s design makes it highly suited for long-term mass surveillance, according to the maker of antivirus software…

The highly customizable nature of Regin, which Symantec labeled a “top-tier espionage tool,” allows for a wide range of remote access Trojan capabilities, including password and data theft, hijacking the mouse’s point-and-click functions, and capturing screenshots from infected computers. Other infections were identified monitoring network traffic and analyzing email from Exchange databases….

The malware’s targets are geographically diverse, Symantec said, observing more than half of the infections in Russia and Saudi Arabia. Among the other countries targeted are Ireland, Mexico and India. [ Regin have been identified also in Afghanistan, Algeria, Belgium, Brazil, Fiji, Germany,Indonesia, Iran, Kiribati, Malaysia, Pakistan, Syria]

Regin is composed of five attack stages that are hidden and encrypted, with the exception of the first stage, which begins a domino chain of decrypting and executing the next stage. Each individual stage contains little information about malware’s structure. All five stages had to be acquired to analyze the threat posed by the malware.  The multistage architecture of Regin, Symantec said, is reminiscent of Stuxnet, a sophisticated computer virus discovered attacking a nuclear enrichment facility in Iran in 2010, and Duqu, which has identical code to Stuxnet but which appeared designed for cyber espionage instead of sabotage.  Symantec said it believes that many components of Regin remain undiscovered and that additional functionality and versions may exist.  “Regin uses a modular approach,” Symantec said, “giving flexibility to the threat operators as they can load custom features tailored to individual targets when required.”

Excerpt from Steven Musil Stealthy Regin malware is a ‘top-tier espionage tool’, CNET, Nov. 23, 2014

Manipulation of Wireless Networks -Military

From the DARPA website and DARPA-BAA-14-44 WND Phases 2 and 3

The majority of work to develop and mature military wireless networks to date has focused on efficiency and stability in benign conditions…As the use of wireless systems expands, the likelihood of network compromise (whether maliciously or by unwitting misconfiguration) will increase. Beyond the conventional node-by-node security in use today, a set of network-based checks are needed to ensure that misinformation inserted into the control protocols does not disable the network functionality.

The Wireless Network Defense (WND) program is developing and demonstrating new technology to protect the control protocols of wireless networks from the effects of advanced attacks or other forms of compromise. The program focuses on the protocols at the network and medium access control (MAC) layers of the network stack with the goal of protecting those protocols that coordinate among the distributed devices’ management of resources such as spectrum, time, and power, and delivery of information.

The development of this technology will both improve the robustness of the class of wireless networks that are being procured and fielded in the near future, and also provide a reliable foundation on which to build the next generation of wireless systems. These new defenses will minimize the impact of attacks on network control and will force attacks to be observable and attributable in order to be effective.

Ideally…[one] should anticipate both passive listeners and active attackers; colluding attackers; dynamic attacks; and informed adversaries…[One]should assume that passive listeners and  active attackers will be able to collude. That is, the threat model is a real-world adversary.  Systems should be designed to mitigate attacks under all combinations of attackers and attacks…. [One]should further design mitigations and enhancements such that these mitigations and enhancements cannot themselves be leveraged by a knowledgeable adversary to attack the network.

See DARPA-BAA-14-44 WND Phases 2 and 3

Killing off Foreign Tech Firms – China

E-commerce companies and banks in China are scrapping hardware and uninstalling software for mainframe servers made by American suppliers in favor of homegrown brands said to be safe, advanced and a lot less expensive.  Domestic rivals of these companies such as Huawei Technology Co. and Inspur Co. are winning contracts from state company and bank IT departments at an accelerating rate.

Some companies, such as e-commerce giant Alibaba Group, have been building internal computer networks with open-source software and commonly available hardware.  The movement dates to 2008, when Alibaba’s computer-network department director Wang Jian proposed cutting back on foreign suppliers and replacing their wares with equipment and technology developed almost entirely in-house. What Wang wanted to get rid of most was the so-called IOE system, an acronym for an IT network based on the names of three suppliers: IBM, whose servers are packaged with the Unix operating system; Oracle, which supplies database-management systems; and EMC, the maker of data-storage hardware. Wang dubbed his campaign the “De-IOE Movement.”

Wang decided to revamp Alibaba’s network by replacing its Unix-based servers with less expensive, X86-based PC servers running on the open-source Linux operating system. In such a system, several PCs with X86 microprocessors inside can be linked in a chain to function as a server, replacing a mainframe server. The e-commerce company also built a database management-system of its own with an open-source structure, and started storing data on an internal cloud-storage system…

De-IOE Movement milestones were reached in May 2013 when Alibaba pulled the plug on its last IBM server, and two months later when Alibaba’s advertising department abandoned its Oracle database. The rest of the company’s databases are scheduled to switch to a homegrown system from Oracle’s by 2015.

IT departments at companies and banks across the country are now following Alibaba’s example — and hitting their longtime American suppliers in the pocketbook.  The switch to servers made at home has been a slow process for Chinese banks. Ultimately, the banks’ IT experts have been making these decisions, although they’re being encouraged by the government to choose Chinese suppliers, according to a source close to the China Banking Regulatory Commission.  [But]

“Getting rid of IOE means that all of the software must be moved and made compatible to domestic server systems, which seems to be a mission impossible,” said the consultant…And replacement costs can be astronomical. “The basic technology networks for an IOE system and a ‘De-IOE’ system are totally different,” said another source a state bank. “De-IOE will lead to transforming personnel and management. It’s hard to estimate how high the costs will be.”  Ultimately, said the IT consultant, Chinese banks will only manage to kill off IOE systems if products made by Chinese suppliers can provide comparable security and capacity levels, and if the new hardware and software are compatible.

China pulling the plug on IBM, Oracle, others, MarketWatch June 26, 2014

Cyber-Warriors: US and China

On May 19th, 2014 the Justice Department unveiled 31 charges against five members of China’s People’s Liberation Army (PLA), involving breaking six laws, from relatively minor counts of identity theft to economic espionage, which carries a maximum sentence of 15 years. This is the first time the government has charged employees of a foreign government with cybercrime. The accused are unlikely ever to stand trial. Even so, the Justice Department produced posters with mugshots of the men beneath the legend “wanted by the FBI”. They may never be punished, but that is not the point. Google any of their names and the mugshots now appear, the online equivalent of a perp walk.

That China’s government spies on the commercial activities of companies in America is not news in itself. Last year Mandiant, a cyber-security firm based in Virginia, released a report that identified Unit 61398 of the PLA as the source of cyber-attacks against 140 companies since 2006. But the indictment does reveal more details about what sorts of things the Chinese cybersnoops have been snaffling.

Hackers stole designs for pipes from Westinghouse, an American firm, when it was building four nuclear power stations in China, and also took e-mails from executives who were negotiating with a state-owned company. They took financial information from SolarWorld, a maker of solar panels; gained access to computers owned by US Steel while it was in a trade dispute with a state-owned company; and took files from Alcoa, an aluminium producer, while it was in a joint venture with another Chinese government-backed firm. ATI, another metal firm, and the United Steelworkers union were hacked, too.

American firms that do business in China have long lobbied behind closed doors for Uncle Sam to do something about Chinese hackers. America’s government has hitherto followed a similar logic, pressing China in private. The decision to make a fuss reflects the failure of that approach. When the existence of Unit 61398 became public its troops paused for a while, then continued as before.

Confronting the PLA’s hackers comes at a cost. China has pulled out of a bilateral working group on cyber-security in response to the indictments. Global Times, a Chinese English-language daily, denounced America as: “a mincing rascal”. But doing nothing has a cost, too. Companies like Westinghouse and US Steel have a hard enough time competing with Chinese firms, without having their business plans and designs pinched by thieves in uniform. Nor is the spying limited to manufacturers: tech companies have been targeted by the same group…

Second, America’s spying on Huawei, a Chinese maker of telecoms and networking equipment, makes China’s government doubt that America follows its own rules.

Chinese spying: Cybersnoops and mincing rascals,  Economist, May 24, at 28

Cyberwar: USA Official Doctrine

 

In his first major speech [March 28, 2014] on cyber policy, Defense Secretary Chuck Hagel sough to project strength but also to tame perceptions of the United States as an aggressor in computer warfare, stressing that the government “does not seek to militarize cyberspace.”…

Hagel said that the fighting force at U.S. Cyber Command will number more than 6,000 people by 2016, making it one of the largest such ­forces in the world. The force will help expand the president’s options for responding to a crisis with “full-spectrum cyber capabilities,” Hagel said, a reference to cyber operations that can include destroying, damaging or sabotaging an adversary’s computer systems and that can complement other military operations.

But, Hagel said, the military’s first purpose is “to prevent and de-escalate conflict.” The Pentagon will maintain “an approach of restraint to any cyber operations outside of U.S. government networks.”  Although some U.S. adversaries, notably China and Russia, which also have formidable cyber capabilities, may view his remarks with skepticism, Hagel said the Pentagon is making an effort to be “open and transparent” about its cyber­forces and doctrine. The hope, senior officials said, is that transparency will lead to greater stability in cyberspace.  To underscore the point, Hagel’s speech was broadcast live from NSA headquarters at Fort Meade, the first such broadcast from the agency…

Tensions over U.S. cyber operations intensified again last weekend after a report that the NSA had penetrated the networks of a Chinese telecommunications giant, Huawei Technologies, in search of evidence that it was involved in espionage operations for Beijing and to use its equipment to spy on adversaries such as Iran. After the disclosure, first reported by the New York Times and Der Spiegel, China demanded a halt to any such activity and called for an explanation…

Analysts said that China and Russia were unlikely to be convinced by Hagel’s remarks. Revelations about the NSA’s activities, based on documents provided by former contractor Edward Snowden, make U.S. assertions that it is focused on protecting U.S. national security — and not actively infiltrating others’ networks — that much harder to accept, they said.

Excerpts from: Ellen Nakashima, U.S. cyberwarfare force to grow significantly, defense secretary says, Washington Post, Mar. 28, 2014

See also http://www.defense.gov/news/newsarticle.aspx?id=121928

 

What is Stratobus: a drone + satellite

StratoBus, a surprising vehicle halfway between a drone and a satellite, will be able to carry out a wide range of missions, including observation, security, telecommunications, broadcasting and navigation… and it offers a lifespan of five years.   The StratoBus project is led by Thales Alenia Space, along with partners Airbus Defence & Space, Zodiac Marine and CEA-Liten. It embodies a new concept for an autonomous airship, operating at an altitude of about 20 kilometers. This is in the lower reaches of the stratosphere, but well above air traffic and jet streams. StratoBus will be able to carry payloads up to 200 kg. The project is part of the creation of an airship company by the Pégase competitiveness cluster in southern France…

The platform itself is a high-altitude airship measuring 70 to 100 meters long and 20 to 30 meters in diameter. It will feature a number of technological innovations, in particular to make sure it captures the Sun’s rays in all seasons: a power generation system (coupling the solar panels to a solar power amplification system patented by Thales), an ultra-light reversible fuel cell for energy storage, etc.  The StratoBus platform will require continuous significant energy input to offset the wind: two electric motors will automatically adjust their output power depending on wind speed (up to 90 km/h).

STRATOBUS – HALFWAY BETWEEN A DRONE AND A SATELLITE, Thalesgroup.com, Mar. 10, 2014

The Nationalization of Internet

The Swiss government has ordered tighter security for its own computer and telephone systems that could block foreign companies from key technology and communications contracts.  The governing Federal Council’s decision Wednesday cited concerns about foreign spies targeting Switzerland.

National Security Agency leaker Edward Snowden, who worked for the CIA at the U.S. mission to the U.N. in Geneva from 2007 to 2009, has released documents indicating that large American and British IT companies cooperated with those countries’ intelligence services.According to a Swiss government statement, contracts for critical IT infrastructure will “where possible, only be given to companies that act exclusively according to Swiss law, where a majority of the ownership is in Switzerland and which provides all of its services from within Switzerland’s borders.”

Swiss govt tightens tech security over NSA spying, Associated Press, Feb. 5, 2014

Getting Rid of Hacktivists: US Approach

Thirteen members of a hacking collective that calls itself Anonymous were indicted on Thursday (October 3, 2013) on charges that they conspired to coordinate attacks against prominent Web sites.The 13 are accused of bringing down at least six Web sites, including those belonging to the Recording Industry Association of America, Visa and MasterCard.  The attacks caused “significant damage to the victims,” the indictment said.

The attacks, carried out from September 2010 to January 2011, were part of campaign called Operation Payback, which started as an effort to support file-sharing sites but later rallied around WikiLeaks and its founder, Julian Assange.  Hackers took down the sites by inflicting a denial of service, or DDoS, attack, in which they fired Web traffic at a site until it collapsed under the load. Though the indictment mentions 13 hackers, thousands more participated in the attack by clicking on Web links that temporarily turned their computers into a digital fire hose aimed [at the websites of the companies].

According to the indictment, which was handed up at Federal District Court in Alexandria, Va., the hackers’ tool of choice was a simple open-source application known as Low Orbit Ion Cannon, which requires very little technical know-how.  Hackers simply posted a Web link online that allowed volunteers to download an application that turned their computer into a “botnet,” or network of computers, that flooded targets like Visa.com and MasterCard.com with traffic until they crashed…

By BRIAN X. CHEN and NICOLE PERLROT, U.S. Accuses 13 Hackers in Web Attacks, New York Times, October 3, 2013

Excerpt from indictment

“In connection with planning various DDoS cyber-attacks, members of the conspiracy posted fliers captioned “OPERATION PAYBACK” and claimed that: “We sick and tired of these corporations seeking to control the internet in their pursuit of profit. Anonymous cannot sit by and do nothing while these organizations stifle the spread of ideas and attack those who wish to exercise their rights to share with others.”

PDF of Indictment on Scribd

Space – the Wild West

Space is a current and future battleground without terrain, where invisible enemies conceivably could mount undetectable attacks to devastating effect if the right deterrent and defensive plans aren’t pursued now, the assistant defense secretary for global strategic affairs told a think tank audience on Sept. 17, 2013  Madelyn R. Creedon spoke to a Stimson Center gathering whose audience included analysts focused on the question of deterrence in space. The center released a publication this week titled “Anti-satellite Weapons, Deterrence and Sino-American Space Relations,” presenting a number of essays examining various perspectives on space deterrence.

Creedon noted that in Defense Department parlance, deterrence is “the prevention of action by the existence of a credible threat of unacceptable counteraction and/or the belief that the cost of action outweighs the perceived benefits.” In other words, she said, if deterrence is effective, an adversary has or believes he has more to lose than to gain by attacking.  Deterrence remains a core defense strategy for the United States, she added, and the nation’s nuclear deterrent is “still alive and well.”  Creedon acknowledged that one classic approach to considering space deterrence — that is, preventing potential enemies from attacking U.S. or partner satellites and other military or economic assets in space — is to try to apply lessons learned during the Cold War. Then, the United States and the Soviet Union kept an uneasy diplomatic truce and piled up enough nuclear weapons to guarantee mutually assured destruction.

But one flaw to comparing the two deterrent challenges, she said, is that an attack that disables a satellite, unlike one from a nuclear warhead that flattens a major city, doesn’t threaten a nation’s existence. Another is that the two superpowers spent decades constructing an elaborate, mirrored, deterrent Cold War architecture and protocols, while space is still, comparatively, “the Wild West.” A third is that an attack in space or cyberspace may rely on digital rather than conventional weapons, and so could occur without warning or even detection.

“If there is an attack against a space asset, it isn’t visible,” she said. “You can’t watch it on CNN, and unless you’re directly affected by the capability that the space assets provide, you’re probably completely oblivious that the attack happened.”

She said DOD is developing and implementing what safeguards it can implement in space using four mutually supportive elements to deter others from taking action against U.S. assets:

— Working to internationalize norms and establish a code of conduct to enhance stability;

— Building coalitions to enhance security;

— Adding resilience to U.S. space architectures; and

— Preparing for an attack on U.S. and allied space assets using defenses “not necessarily in space.”

“We believe this four-element approach … will bolster deterrence,” Creedon said.

The department is working with the State Department and international partners to define elements of good behavior in space, she said. “States must remain committed to enhance the welfare of humankind by cooperating with others to maintain the long-term sustainability, safety, security and stability of the outer-space environment,” she added.  Creedon said work is underway to build deterrent coalitions and increase space awareness. She said the “Five Eyes” nations, which include the United States, United Kingdom, Canada, Australia and New Zealand, are extending their intelligence cooperation to expand their collective space situational awareness…

The United States is meanwhile working to lower the benefit to potential attackers by employing more satellites, participating in satellite constellations with other countries and purchasing payload space on commercial satellites when feasible.  Creedon said the U.S. approach to space deterrence is similar to its strategy in any domain: take “prudent preparations to survive, and to operate through, and, hopefully, prevail in any conflict.”

By Karen Parrish, Official Describes Evolution of Space Deterrence, American Forces Press Service, Sept. 19, 2013

Space Weapons and Space Law

“Policy, law and understanding of the threat to space is lagging behind the reality of what is out there,” warned Mark Roberts, a former Ministry of Defence official who was in charge of government space policy and the UK’s “offensive cyber portfolio”.….

The disabling of satellites would have a disastrous impact on society, knocking out GPS navigation systems and time signals. Banks, telecommunications, power and many infrastructures could fail, Roberts told the conference….Agreements such as the 1967 Outer Space treaty and the 1979 Moon treaty are supposed to control the arms race in space. Some states have signed but not ratified them, said Maria Pozza, research fellow at the Lauterpacht Centre for International Law at Cambridge University.  Existing treaties do not specify where air space ends and outer space begins – although 100km (62 miles) above the Earth is becoming the accepted limit.

The Navstar constellation of satellites was used to provide surveillance of Iraq during the Gulf war in 1991. Was that, asked Pozza, an aggressive use of space, a “force-multiplier”? Satellites may have also been used to photograph and locate al-Qaida bases, Osama bin Laden or even assess future strikes against Syria.

The Chinese government has recently moved to support a 2012 EU code of conduct for space development, which, Pozza said, was a softer law. The draft Prevention of the Placement of Weapons in Outer Space treaty has not yet been agreed. “Are we dismissing the possibility of a hard law or giving it a good chance?” Pozza asked.

The Chinese tested an anti-satellite weapon in 2007 that destroyed a defunct orbiting vehicle and showered debris across near Earth orbits. Other satellites have been jammed by strong radio signals. BBC transmissions to Iran were disrupted during this year’s elections through ground signals ostensibly sent from Syria.

In 2011, hackers gained control of the Terra Eos and Landsat satellites, Roberts said. The orbiting stations were not damaged. “The threat can now be from a laptop in someone’s bedroom,” he added.

Professor Richard Crowther, chief engineer at the UK Space Agency, said scientists were now exploring the possibility of robotic systems that grapple with and bring down disused satellites or laser weapons to clear away debris in orbit.  Both technologies, he pointed out, had a potential dual use as military weapons. 3D printing technologies would, furthermore, allow satellite operators to develop new hardware remotely in space.

The UK is formulating its space security policy, group captain Martin Johnson, deputy head of space policy at the MoD, said. Fylingdales, the Yorkshire monitoring station, has been cooperating for 50 years with the USA to enhance “space awareness” and early warning systems. The UK, Johnson said, was now working with the EU to develop a complementary space monitoring system.

Excerpt, Owen Bowcott, legal affairs correspondent, The Guardian, Sept. 11, 2013

Digital Bombs: Plan X

The U.S. Defense Advanced Research Projects Agency DARPA has chosen six companies so far to define ways of understanding, planning, and managing military cyber warfare operations in real-time, large-scale, and dynamic networks.  DARPA has awarded six contracts collectively worth nearly $74 million for the Foundational Cyberwarfare (Plan X) project to conduct research into the nature of cyber warfare, and to develop strategies to seize and maintain U.S. cyber security and cyber attack dominance.

The contracts awarded are to Data Tactics, Intific, Raytheon SI Government Solutions,  Aptima, Apogee Research,  and the Northrop Grumman…

Today’s understanding of the cyber domain poses integration challenges with existing military capabilities, and connects computers using traceroute, packet analysis, and other techniques. In fact, current research is just beginning to answer questions about the cyber domain, DARPA officials say.

The Plan X program contractors will define a cyber battlespace as three main concepts: network map, operational units, and capability set.  The network map is a collection of nodes and edges, and shows how computers are connected; the network map is where military planners and operators interact. Operational units are platforms such as ships, aircraft, and armored combat vehicles that are part of the network topology. There are two primary types of operational units: entry nodes and support platforms.  An entry node gives direct physical access into a network, while support platforms control different aspects of an operation — similarly to how military fighters, bombers, and unmanned aircraft control different aspects of air campaigns.

The capability set involves technologies the military uses to control the cyber battlespace, and are divided into three categories: access, functional, and communication.  Access enables a user to run programs or payloads. Functional involves other types of technology that affect computers and networks, such as network scanners, denial-of-service, defense evasion, network and host reconnaissance, and operating system control. Communication helps entry nodes, support platforms, and system capabilities to exchange information.

The Plan X program seeks to integrate the cyber battlespace concepts of the network map, operational unit, and capability set in military cyber operations, and will be developed as an open platform architecture for integration with government and industry technologies.

The Plan X program is structured around an on-site collaborative research space (CRS) in Arlington, Va., where the program contractors will be organized as a virtual technology startup. Several contract awards are expected, and the program will run in four one-year phases.

Excerpt, John Keller, DARPA picks six companies to define enabling technologies for U.S. cyber warfare strategy, Military and Aerospace,  July 11, 2013

Cyber-Attacks on South Korea 2009-2013

The massive cyber attacks on South Korean banks and broadcasters earlier this year were part of a broad campaign of cyber espionage which dates back at least to 2009, a US security firm has concluded. The study by the firm McAfee  (Dissecting Operation Troy: Cyberespionage in South Korea) stopped short of blaming specific entities for the March 20 onslaught but said it found a pattern of sophisticated attacks, including efforts to wipe away traces that could lead to detection.  “The level of sophistication would indicate it is above and beyond your average individual or run-of-the mill hacktivism group,” said James Walter, a McAfee researcher and co-author of the study.

An official South Korean investigation in April determined North Korea’s military intelligence agency was responsible for the attacks which shut down the networks of TV broadcasters KBS, MBC and YTN, halted financial services and crippled operations at three banks….

But McAfee said the attacks represented only a small portion of the cyber campaign being carried out since 2009.  “One of the primary activities going on here is theft of intellectual property, data exfiltration, essentially stealing of secrets,” Walter said.  The report said the attacks, known first as Dark Seoul and now as Operation Troy were “more than cybervandalism… South Korean targets were actually the conclusion of a covert espionage campaign.”  McAfee concluded that two groups claiming responsibility for the attack were not credible.  “The clues left behind confirm that the two groups claiming responsibility were a fabrication to throw investigators off the trail and to mask the true source,” the report said.

Walter said that it is possible that with the campaign nearing detection, the hackers launched these attacks to distract the public and then sought to blame them on little-known entities, the NewRomanic Cyber Army Team, and the Whois Hacking Team.  He added that up to now, the cyber espionage effort “has been very successful in being under the radar” and that “what we see now was a more visible activity that is coupled with a distraction campaign.”

McAfee concluded that the remote-access Trojan was compiled January 26, and a component to wipe the records of numerous systems was compiled January 31.”The attackers who conducted the operation remained hidden for a number of years prior to the March 20 incident by using a variety of custom tools,” the report said.  “Our investigation into Dark Seoul has found a long-term domestic spying operation underway since at least 2009… We call this Operation Troy, based on the frequent use of the word ‘Troy’ in the compile path strings in the malware.”  McAfee carried out the study as part of its research into cybersecurity issues, Walter said.

The attack came days after North Korea had accused South Korea and the United States of being behind a “persistent and intensive” hacking assault that temporarily took a number of its official websites offline.  It also coincided with heightened military tensions on the Korean peninsula, following Pyongyang’s nuclear test in February.

South Korean cyber attacks tip of the iceberg: McAfee, Associated Press, Agence France Press, July 10, 2013

Covert Operations in Iran

Washington believed that covert action against Iran’s nuclear facilities would be more effective and less risky than an all-out war… In fact, Mark Fitzpatrick, former deputy assistant secretary of state for non-proliferation said: “Industrial sabotage is a way to stop the programme, without military action, without fingerprints on the operation, and really, it is ideal, if it works.”The US has a long history of covert operations in Iran, beginning in 1953 with the CIA orchestrated coup d’état that toppled the popularly elected Iranian prime minister Mohammad Mossadegh and installed a dictator, Reza Shah. The US has reorganised its covert operations after the collapse of the shah in 1979…

In January 2011, it was revealed that the Stuxnet cyber-attack, an American-Israeli project to sabotage the Iranian nuclear programme, has been accelerated since President Barack Obama first took office. Referring to comments made by the head of Mossad, then US secretary of state Hillary Clinton confirmed the damages inflicted on Iran’s nuclear programme have been achieved through a combination of “sabotage and sanctions”.

Meanwhile, several Iranian nuclear scientists were assassinated. The New York Times reported that Mossad orchestrated the killings while Iran claimed the attacks were part of a covert campaign by the US, UK and Israel to sabotage its nuclear programme….

There are at least 10 major repercussions arising from the US, West and Israeli policy of launching covert war and cyber-attacks against Iranian nuclear facilities and scientists.

First, cyber war is a violation of international law. According to the UN Charter, the use of force is allowed only with the approval of the UN Security Council in self-defence and in response to an attack by another country. A Nato-commissioned international group of researchers, concluded that the 2009 Stuxnet attack on Iran’s nuclear facilities constituted “an act of force”, noting that the cyber-attack has been a violation of international law.Second, the US covert operations are a serious violation of the Algiers Accord. The 1981 Algiers Accords agreed upon between Iran and the US clearly stated that “it is and from now on will be the policy of the US not to intervene, directly or indirectly, politically or militarily, in Iran’s internal affairs”.

Third, the cyber war has propelled Tehran to become more determined in its nuclear efforts and has made major advancement. According to reports by the International Atomic Energy Agency (IAEA), prior to covert operations targeting the nuclear programme, Iran had one uranium enrichment site, a pilot plant of 164 centrifuges enriching uranium at a level of 3.5 per cent, first generation of centrifuges and approximately 100 kg stockpile of enriched uranium.Today, it has two enrichment sites with roughly 12,000 centrifuges, can enrich uranium up to 20 per cent, possesses a new generation of centrifuges and has amassed a stockpile of more than 8,000kg of enriched uranium.

Fourth, the strategy pursued has constituted a declaration of war on Iran, and a first strike. Stuxnet cyber-attack did cause harm to Iran’s nuclear programme, therefore it can be considered the first unattributed act of war against Iran, a dangerous prelude toward a broader war.

Fifth… [s]uch short-sighted policies thicken the wall of mistrust, further complicating US-Iran rapprochement and confidence-building measures.

Sixth, Iran would consider taking retaliatory measures by launching cyber-counter-attacks against facilities in Israel, the West and specifically the US…

Seventh, Iran is building a formidable domestic capacity countering and responding to western cyber-warfare. Following the Stuxnet attack, Iran’s Supreme Leader issued a directive to establish Iran’s cyber army that is both offensive and defensive. Today, the Islamic Revolutionary Guards Corps (IRGC) has the fourth biggest cyber army in the world. Israel’s Institute for National Security Studies (INSS) acknowledged that IRGC is one of the most advanced nations in the field of cyberspace warfare.

Eighth, Iran now has concluded that information gathered by IAEA inspectors has been used to create computer viruses, facilitate sabotage against its nuclear programme and the assassinations of nuclear scientists. Iranian nuclear energy chief stated that the UN nuclear watchdog [IAEA] has been infiltrated by “terrorists and saboteurs.” Such conclusions have not only discredited the UN Nuclear Watchdog but have pushed Iran to limit its technical and legal cooperation with the IAEA to address outstanding concerns and questions.

Ninth, worsening Iranians siege mentality by covert actions and violations of the country’s territorial sovereignty could strengthen the radicals in Tehran to double down on acquiring nuclear weapons. Iran could be pondering now the reality that the US is not waging a covert war on North Korea (because it possesses a nuclear bomb), Muammar Gaddafi lost his grip on power in Libya after ceding his nuclear programme, and Iraq and Afghanistan were invaded (because they had no nuclear weapon).

Tenth, the combination of cyber-attacks, industrial sabotage and assassination of scientists has turned public opinion within Iran against western interference within the country…[P]rovocative western measures have convinced the Iranian government that the main issue is not the nuclear programme but rather regime change.

Excerpts from  Seyed Hossein Mousavian, Ten consequences of US covert war against Iran, Gulf News, May 11, 2013

The Secret Bugs: Exploits

Packets of computer code, known as “exploits”, allow hackers to infiltrate or even control computers running software in which a design flaw, called a “vulnerability”, has been discovered. Criminal and, to a lesser extent, terror groups purchase exploits on more than two dozen illicit online forums or through at least a dozen clandestine brokers, says Venkatramana Subrahmanian, a University of Maryland expert in these black markets. He likens the transactions to “selling a gun to a criminal”.

Just a dozen years ago the buying and selling of illicit exploits was so rare that India’s Central Bureau of Investigation had not yet identified any criminal syndicates involved in the trade, says R.K. Raghavan, a former director of the bureau. Underground markets are now widespread, he says. Exploits empower criminals to steal data and money. Worse still, they provide cyber-firepower to hostile governments that would otherwise lack the expertise to attack an advanced country’s computer systems, worries Colonel John Adams, head of the Marine Corps’ Intelligence Integration Division in Quantico, Virginia.

Exploits themselves are generally legal. Several legitimate businesses sell them. A Massachusetts firm called Netragard last year sold more than 50 exploits to businesses and government agencies in America for prices ranging from $20,000 to more than $250,000. Adriel Desautels, Netragard’s founder, describes some of the exploits sold as “weaponised”. The firm buys a lot from three dozen independent hackers who, like clients, are carefully screened to make sure they are not selling code to anyone else, and especially not to a criminal group or unfriendly government.

More than half of exploits sold are now bought from bona fide firms rather than from freelance hackers, says Roy Lindelauf, a researcher at the Netherlands Defence Academy. He declines to say if Dutch army or intelligence agencies buy exploits, noting that his government is still figuring out “what we’re allowed to do offensively”.Laws to ban the trade in exploits are being mooted. Marietje Schaake, a Dutch member of the European Parliament, is spearheading an effort to pass export-control laws for exploits. It is gathering support, she says, because they can be used as “digital weapons” by despotic regimes. For example, they could be used to monitor traffic on a dissident’s smartphone. However, for a handful of reasons, new laws are unlikely to be effective.

Exploits are a form of knowledge, expressed in computer code. Attempting to stop people from generating and spreading knowledge is futile, says Dave Aitel, a former computer scientist at America’s National Security Agency (NSA) who went on to found Immunity, a computer-security firm in Florida. He says that legal systems would not even agree on which code is good and which is bad. Many legal experts say code should be protected by free-speech laws—it is, after all, language expressed as strings of zeros and ones.

Moreover, tracking down exploits is hard. Hackers keep them secret so that the intended victim doesn’t identify and fix the vulnerability, thereby rendering the exploit worthless. As a French exploit developer puts it, those liable to be rapidly detected are about as useful as a “disposable gun” that can be fired just once. Secrecy surrounding the design, sale and use of exploits makes protecting computer networks from them akin to finding “unknown unknowns”, says Kenneth Geers, a cyber-security specialist at America’s Naval Criminal Investigative Service.

Several governments want firms to develop exploits. In 2010 a computer worm called Stuxnet was revealed to have attacked Iran’s nuclear kit. It used four main exploits to get in; at least one appears to have been bought rather than developed in-house by the government that launched the attack (presumably America or Israel), says David Lindahl, an IT expert at the Swedish Defence Research Agency, a government body in Stockholm. An unprecedented weapon, Stuxnet remained undetected for years by quietly erasing its tracks after “planting sabotage charges at exactly the right place” in Iran’s uranium-enrichment centrifuges, Mr Lindahl says.

Nearly all well-financed intelligence agencies buy exploits, says Eric Filiol, a lieutenant-colonel in computer intelligence for France’s army until 2009. Computer experts who years ago would reveal software vulnerabilities for mere prestige have realised that they were treating “diamonds as pebbles”, says Mr Filiol, now head of the Operational Cryptography and Computer Virology Lab in Laval. His lab is partly financed by France’s defence ministry to provide it with exploits.

The price of exploits has risen more than fivefold since 2004, Mr Filiol says, referring to a confidential document. They vary greatly, depending on three main factors: how hard the exploit is to develop; the number of computers to which it provides access; and the value of those computers. An exploit that can stealthily provide administrator privileges to a distant computer running Windows XP, a no-longer-fashionable operating system, costs only about $40,000. An exploit for Internet Explorer, a popular browser, can cost as much as $500,000 (see chart).

Software firms also buy exploits to identify and repair vulnerabilities in their products before others take advantage of them. A small Vancouver firm called Tarsnap, for example, has paid 30 people who pointed out flaws in its encryption software for online PC backups. To develop better defences for its clients’ computer systems, HP, an American giant, has spent more than $7m since 2005 buying hundreds of “zero days”, as undiscovered exploits are also known in hacker slang. (Once discovered, an exploit’s days are numbered, literally: it becomes a “one day”, then a “two day”, and so on until the vulnerability it exploits is patched.)

Such “bug bounty” schemes, however, will struggle to compete with buyers who want to exploit rather than seal vulnerabilities. Tarsnap’s biggest payout was just $500. Last year Google offered Vupen, a French firm, $60,000 for an exploit that burrowed into its Chrome browser. Vupen’s boss, Chaouki Bekrar, balked, noting that he could get more elsewhere.

Other reputable customers, such as Western intelligence agencies, often pay higher prices. Mr Lindelauf reckons that America’s spies spend the most on exploits. Vupen and other exploit vendors decline to name their clients. However, brisk sales are partly driven by demand from defence contractors that see cyberspace as a “new battle domain”, says Matt Georgy, head of technology at Endgame, a Maryland firm that sells most of its best exploits for between $100,000 and $200,000. He laments a rise in sales by unscrupulous vendors to dangerous groups.

On March 12th the head of the Pentagon’s Cyber Command, General Keith Alexander, warned the Senate Armed Services Committee that state-sponsored groups are stepping up efforts to steal and destroy data using “cybertools” purchased in illicit online markets. As an American military-intelligence official points out, governments that buy exploits are “building the black market”, thereby bankrolling dangerous R&D. For this reason, governments appear increasingly keen to develop exploits in-house. Paulo Shakarian, a cyberwar expert at West Point, an American military academy, says China appears to be moving in this direction.

Developing exploits in-house reduces the risk that a double-dealing vendor will resell code meant to be exclusive. Even so, the trade isn’t likely to fade away. When developers work out a trick that gives them control over the targeted software, they like to yell out a celebratory “who’s your daddy?” notes Pierre Roberge, boss of Arc4dia, a Quebec firm that sells exploits to spy agencies. Exploit trading will continue as long as people pay big money for the opportunity to utter the same joke—this time at the expense of a victim who has been hacked.

Cyber-security: The digital arms trade, Economist, Mar. 30, 2013, at 65.

Cyberwar: Attacking the Pipelines

The vast U.S. network of natural gas and hazardous liquid pipelines is integral to U.S. energy supply and has vital links to other critical infrastructure. While an efficient and fundamentally safe means of transport, this network is vulnerable to cyber attacks. In particular, cyberinfiltration of supervisory control and data acquisition (SCADA) systems could allow successful “hackers” to disrupt pipeline service and cause spills, explosions, or fires—all from remote locations.

In March 2012, the Department of Homeland Security (DHS) reported ongoing cyber intrusions among U.S. natural gas pipeline operators. These intrusions have heightened congressional concern about cybersecurity in the U.S. pipelines sector. The Transportation Security Administration (TSA) is authorized by federal statute to promulgate pipeline physical security and cybersecurity regulations, if necessary, but the agency has not issued such regulations. TSA officials assert that security regulations could be counterproductive because they could establish a general standard below the level of security already in place for many pipelines…. While the pipelines sector has many cybersecurity issues in common with other critical infrastructure sectors, it is somewhat distinct in several ways:

• Pipelines in the United States have been the target of several confirmed terrorist plots and attempted physical attacks since September 11, 2001.

• Changes to pipeline computer networks over the past 20 years, more sophisticated hackers, and the emergence of specialized malicious software have made pipeline SCADA operations increasingly vulnerable to cyber attacks.

• There recently has been a coordinated series of cyber intrusions specifically targeting U.S. pipeline computer systems.

• TSA already has statutory authority to issue cybersecurity regulations for pipelines if the agency chooses to do so, but it may not have the resources to develop, implement, and enforce such regulations if they are mandated….

In March 2012, the Department of Homeland Security (DHS) reported ongoing cyber intrusions among U.S. natural gas pipeline operators. The incidents drew new attention to an Al Qaeda video obtained in 2011 by the Federal Bureau of Investigation (FBI) reportedly calling for “electronic jihad” against U.S. critical infrastructure.  These cybersecurity events coupled with serious consequences from recent pipeline accidents have heightened congressional concern about cybersecurity measures in the U.S. pipelines sector.

Excerpt, Paul W. Parfomak, Pipeline Cybersecurity: Federal Policy, CRS Report for Congress, Aug. 16, 2012

US Cyberattacks against Enemies: Afghanistan

The U.S. military has been launching cyberattacks against its opponents in Afghanistan, a senior officer says, making an unusually explicit acknowledgment of the oft-hidden world of electronic warfare.  Marine Lt. Gen. Richard P. Mills’ comments came last week at a conference in Baltimore during which he explained how U.S. commanders considered cyber weapons an important part of their arsenal.  “I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact,” Mills said. “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.”

Mills, now a deputy commandant with the Marine Corps, was in charge of international forces in southwestern Afghanistan between 2010 and 2011, according to his official biography. He didn’t go into any further detail as to the nature or scope of his forces’ attacks, but experts said that such a public admission that they were being carried out was itself striking.  “This is news,” said James Lewis, a cyber-security analyst with the Washington-based Center for Strategic and International Studies. He said that while it was generally known in defense circles that cyberattacks had been carried out by U.S. forces in Afghanistan, he had never seen a senior officer take credit for them in such a way.  “It’s not secret,” Lewis said in a telephone interview, but he added: “I haven’t seen as explicit a statement on this as the one” Mills made.  The Pentagon did not immediately respond to an email seeking comment on Mills’ speech.

U.S. defense planners have spent the past few years wondering aloud about how and under what circumstances the Pentagon would launch a cyber attack against its enemies, but it’s only recently become apparent that a sophisticated program of U.S.-backed cyberattacks is already under way.  A book by The New York Times reporter David Sanger recently recounted how President Barack Obama ordered a wave of electronic incursions aimed at physically sabotaging Iran’s disputed atomic energy program. Subsequent reports have linked the program to a virus dubbed Flame, which prompted a temporary Internet blackout across Iran’s oil industry in April, and another virus called Gauss, which appeared to have been aimed at stealing information from customers of Lebanese banks. An earlier report alleged that U.S. forces in Iraq had hacked into a terrorist group’s computer there to lure its members into an ambush.

Herbert Lin, a cyber expert at the National Research Council, agreed that Mills’ comments were unusual in terms of the fact that they were made publicly. But Lin said that the United States was, little by little, opening up about the fact that its military was launching attacks across the Internet.  “The U.S. military is starting to talk more and more in terms of what it’s doing and how it’s doing it,” he said. “A couple of years ago it was hard to get them to acknowledge that they were doing offense at all — even as a matter of policy, let alone in specific theaters or specific operations.”

Mills’ brief comments about cyberattacks in Afghanistan were delivered to the TechNet Land Forces East conference in Baltimore on Aug. 15, but they did not appear to have attracted much attention at the time. Footage of the speech was only recently posted to the Internet by conference organizers

Marine General: We Launched Cyberattacks Against Afghanistan, CBS News, Aug. 24, 2012

United States, Iran and the Stuxnet Worm

From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.  Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.  At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.  “Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.  Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.  These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.

Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.

Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.

The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication.

It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.

A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.

The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.

Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor — whose fuel comes from Russia — to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the Iranians made a political decision to do so.  Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.

For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.

The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.  The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.

Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant. Expectations for the plan were low; one participant said the goal was simply to “throw a little sand in the gears” and buy some time. Mr. Bush was skeptical, but lacking other options, he authorized the effort.  It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.  Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.  The unusually tight collaboration with Israel was driven by two imperatives. Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success. But American officials had another interest, to dissuade the Israelis from carrying out their own pre-emptive strike against the Iranian nuclear facilities. To do that, the Israelis would have to be convinced that the new line of attack was working. The only way to convince them, several officials said in interviews, was to have them deeply involved in every aspect of the program.

Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy, the United States began building replicas of Iran’s P-1 centrifuges, an aging, unreliable design that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market. Fortunately for the United States, it already owned some P-1s, thanks to the Libyan dictator, Col. Muammar el-Qaddafi.  When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games borrowed some for what they termed “destructive testing,” essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department’s national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.

Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant.

“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the C.I.A., said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data…  Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”

In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.  The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.  The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally. “This may have been the most brilliant part of the code,” one American official said.

Later, word circulated through the International Atomic Energy Agency, the Vienna-based nuclear watchdog, that the Iranians had grown so distrustful of their own instruments that they had assigned people to sit in the plant and radio back what they saw.  “The intent was that the failures should make them feel they were stupid, which is what happened,” the participant in the attacks said. When a few centrifuges failed, the Iranians would close down whole “stands” that linked 164 machines, looking for signs of sabotage in all of them. “They overreacted,” one official said. “We soon discovered they fired people.”

Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.  But by the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice….

But the good luck did not last. In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.

“I don’t think we have enough information,” Mr. Obama told the group that day, according to the officials. But in the meantime, he ordered that the cyberattacks continue. They were his best hope of disrupting the Iranian nuclear program unless economic sanctions began to bite harder and reduced Iran’s oil revenues.

American cyberattacks are not limited to Iran, but the focus of attention, as one administration official put it, “has been overwhelmingly on one country.” There is no reason to believe that will remain the case for long. Some officials question why the same techniques have not been used more aggressively against North Korea. Others see chances to disrupt Chinese military plans, forces in Syria on the way to suppress the uprising there, and Qaeda operations around the world. “We’ve considered a lot more attacks than we have gone ahead with,” one former intelligence official said….

Mr. Obama has repeatedly told his aides that there are risks to using — and particularly to overusing — the weapon. In fact, no country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.

DAVID E. SANGER,Obama Order Sped Up Wave of Cyberattacks Against Iran, New York Times, June 1, 2012