Tuesday, March 31, 2015

Power Projection Panel at the EMC Chair Symposium at the Naval War College

Last week at the invitation of Dr. Derek Reveron, the EMC Chair in Maritime Strategy at the Naval War College, I participated in a panel discussion of Power Projection, and I chose to speak on the topic of the continuing relevance of the aircraft carrier--given that it continues to field an evolving air wing.

The always provocative Dr. T.X. Hammes and Dr. Erik Gartzke were my panel mates, and Dr. Jim Holmes of the War College was our moderator.

My portion of the chat begins at 18:30.

AEI/Heritage Project for the Common Defense (Navy and USMC) Weekly Read Board

Navy:










USMC:
6.     Marine, Air Force Congress Wish Lists: About $7.6 Billion (full text below)



Marine, Air Force Congress Wish Lists: About $7.6 Billion

By Roxana Tiron and Tony Capaccio | March 23, 2015 05:04PM ET
(Updates with Air Force list starting in first paragraph.)
(Bloomberg) -- The Marine Corps has about $2.1 billion in needs that weren’t part of the fiscal 2016 Pentagon budget request, while the Air Force has a wish list of almost $5.5 billion, according to documents the services sent to lawmakers.
Marine Corps priorities include $1.05 billion for six more Lockheed Martin Corp. F-35B Joint Strike Fighters, $24.5 million for three Bell H-1 helicopters and $180 million for two Lockheed KC-130J aircraft.
For the Air Force, one of the costliest demands is $1.2 billion for 13 Lockheed C-130J Super Hercules transport aircraft as part of a recapitalization effort. The Air Force also would need another $160 million for eight more General Atomics MQ-9 Reaper drones.
The so-called unfunded requirements list has been requested by the leaders of the congressional committees overseeing defense. It gives the military services a second chance to pitch programs the Pentagon hasn’t had enough resources to fund completely. The other military services are also expected to send in their needs as Congress starts writing next year’s defense bills.
“These programs contained on the list would further enhance our combat readiness and effectiveness should additional funds above those already requested in the fiscal year 2016 president’s budget be made available,” General Joseph Dunford, Commandant of the Marine Corps, wrote to the leaders of the House and Senate defense panels.
The 2016 budget request already includes funding for nine F-35B Marine Corps models; 28 H-1 helicopters and two KC-130J aircraft.
The Pentagon’s official budget request also includes 29 MQ-9 Reaper drones and 27 C-130 transport aircraft, including versions for Special Operations and personnel recovery.
Other needs include $23.3 million airfield security improvements at Marine Corps Air Station in Cherry Point, North Carolina, and $11.7 million for an enlisted aircrew trainer facility at Marine Corps Air Station in Miramar, California.
The Air Force listed $132.3 million for the modification of engines for Boeing Co.’s B1-B bomber aircraft, $3 million for Lockheed F-16 fighter-jet cockpit modernization and $31 million for C-130J fuselage training.
Lawmakers have been wrestling with defense funding for fiscal 2016 in light of the 2011 Budget Control Act, Public Law 112-25, which caps national security spending at $523 billion.
Both the House and Senate budget blueprints to be considered this week include a proposed boost in war funding that isn’t subject to the caps. The bills would provide $96 billion for the overseas contingency operations fund, compared with the $58 billion President Barack Obama requested for that war fund.
To contact the reporters on this story: Roxana Tiron in Washington atrtiron@bloomberg.net; Tony Capaccio in Washington at acapaccio@bloomberg.net To contact the editors responsible for this story: Katherine Rizzo at krizzo5@bloomberg.netRobin Meszoly, Bennett Roth

Friday, March 27, 2015

Observations on CS-21R

It’s taken me a few weeks to find the time to finish reading CS-21R and write up my thoughts. Overall I believe the document does an excellent job articulating how the Navy, Marine Corps, and Coast Guard intend to ‘man, train, and equip’ in this era of uneasy international peace, increasingly revisionist and adversarial great powers, dramatic technological change, and American self-imposed fiscal paralysis. The signals CS-21R sends regarding the importance of being prepared both materially and intellectually for waging major maritime war are exemplary, especially in the sense that our prospects for preventing such a war depend greatly upon that exact preparation. Likewise, CS-21R’s discussions of how the cyber and electromagnetic domains are central to modern warfare—and what steps the sea services will take to ensure their readiness to fight in those domains—are simply outstanding.


Strengths
Here are the items I found particularly commendable:
  • Continues 2007 CS-21’s emphasis on international maritime security cooperation. Restates importance of working with longstanding allies, building new partnerships with formally non-aligned states, and even cooperating with competitors where possible on enhancing the security of the global maritime commons. Recognizes allies would play essential roles in major maritime combat, and that further interoperability enhancements are therefore required.
  • Cements ADM Greenert’s maxim of “Warfighting First.” Sends unambiguous message that fleet design, operating concept development, platform and system procurement, and force-wide training are to be focused on developing the capabilities needed for waging major maritime war.
  • Strong emphasis on maintaining peacetime forward naval presence. Details specific forces that will be deployed (whether permanently or rotationally) in specific regions for certain peacetime missions.
  • Addresses the global strategic changes since 2007 CS-21. Chinese and Russian behavior called out as major influences on CS-21R. Chinese and Russian maritime warfare capabilities are clear factors (to those versed in modern maritime warfare concepts, emerging defense technologies, competitors’ orders of battle, etc.) driving the required Navy capabilities and competencies outlined in the document.
  • Clearly informed by the Joint Operational Access Concept (JOAC) and Air-Sea Battle/Joint Concept for Access and Maneuver in the Global Commons (JAM-GC). Heavy attention to measures for establishing/restoring/maintaining access to theaters of interest whether during peacetime or war. Advances idea that holistic ‘All Domain Access’ is a core Navy function on par with deterrence, sea control, power projection, and maritime security. Whether one agrees with it being a Navy function or not, it unmistakably indicates that Navy leadership is prioritizing development of capabilities, competencies, and operating concepts that will help overcome access challenges.
  • Underscores expectation that future combat (especially in the event of major war) will occur under conditions of intense cyber-electromagnetic opposition. Articulates roles of cyberspace operations, electronic warfare, and command and control warfare in obtaining operational access as well as in defeating adversary forces.
  • Articulates the minimum overall fleet size as well as the minimum inventories of major power projection combatant types needed to execute the Maritime Strategy (and by implication national grand strategy) in peacetime and war. Note, though, that this force structure is—by definition—likely right up against the strategic “tipping point” as defined in CNA’s March 2010 study of the same name. James Holmes thoroughly dissects exactly this point in an excellent piece at Real Clear Defense this week.
  • Strategic deterrence emphasized as a principal Navy mission.
  • Recognizes that projection of power ashore can represent all forms of national power; it is not just physical strikes or amphibious assaults.
  • Recognizes that sea control is a precondition for performing power projection tasks.
  • Expands details regarding how Marine Corps and Coast Guard will be employed to execute the vision as compared to 2007 CS-21.

“Must” Statements
It is quite revealing to look at what CS-21R lists as imperatives. Unlike “Will” statements that pronounce intentions, a “Must” statement implies requirements imposed on the sea services. Of the five “Musts” in the document, three are directly related to cyberspace operations and electromagnetic warfare:
  • “Naval forces must have the resilience to operate under the most hostile cyber and EM conditions.” (Pg. 8)
  •  “…we must become more comprehensive in our offensive capability to defeat the system rather than countering individual weapons.” (refers to adversary long-range maritime strike systems, Pg. 21)
  • “…the Navy and Marine Corps must maintain a fleet of more than 300 ships, including 11 aircraft carriers, 14 ballistic missile submarines (replaced by 12 Ohio Replacement Program SSBN(X)), and 33 amphibious ships, while the Coast Guard must maintain a fleet of 91 National Security, Offshore Patrol, and Fast Response Cutters.” (Pg. 27)
  • “[Naval combatants] “must be complemented by reconfigurable platforms such as the Joint High Speed Vessel, National Security Cutter, and auxiliaries including Large, Medium-Speed Roll-on/Roll-off (LMSR) ships, Dry Cargo/Ammunition (T-AKE) ships, Mobile Landing Platforms (MLP), and the Afloat Forward Staging Base (AFSB).” (Pg. 28)
  • “The electromagnetic-cyber environment is now so fundamental to military operations and so critical to our national interests that we must treat it as a warfighting domain on par with sea, air, land, and space.” (Pg. 33)

Concerns
There are countless views on what CS-21R should or should not have contained, should or should not have said, and so forth. You can’t fully satisfy everyone all of the time, myself included.
In his comments on Bryan McGrath’s ID post on CS-21R, John McLain (formerly of OPNAV N51) talks about the numerous revisions that occurred while routing the draft document up the chain and across organizations for review. I’ve done my share of document development and routing, and I fully appreciate John’s point: consensus generally requires tradeoffs and compromises on content. He’s also quite correct that the process for developing a strategy, tracking its implementation, communicating its ideas, and adapting it over time as the strategic environment changes and lessons are learned is just as important as what the product document actually says.
In hopes of contributing to the next iteration of this process, I’ve listed my main critiques of CS-21R below:
  • CS-21R seems to assume the reader already agrees with the assertion that forward naval presence is of vital importance to U.S. grand strategy. Though the document summarizes major benefits that flow from presence, it surprisingly does not go to the lengths previous publicly-released U.S. Maritime Strategies did to underscore the case. The 1986 publicly-released Maritime Strategy document was remarkably specific in explaining conventional deterrence’s dependence upon forward presence (examples: limited time available for mobilization, sheer distances to reach theaters of interest, immediate and short-term military balances in theater with emphasis on warfighting capabilities, and need for broad escalation management options). 2007 CS-21 did so as well, albeit to a lesser degree given the strategic environment of the time. The question of whether or not CS-21R should have been more detailed on this topic is not academic, as it is clear that many of America’s political leaders and opinion elites either do not appreciate what is at risk as forward naval presence (and domestic Coast Guard coverage) declines—or loudly refute these risks exist. I would argue that no good opportunity to increase the visibility of one’s case to those open to being convinced (especially by countering critics’ arguments) should ever be rejected. 
  • Despite exceptional discussions of how forward presence will be achieved despite insufficient force structure to meet full Combatant Commander demands, there is limited discussion of how this presence will trade against the rest of the fleet’s surge readiness (even if the 2011 Budget Control Act ceilings are repealed). The Optimized Fleet Response Plan is explained, but the issues it mitigates are alluded to rather than spelled out. A non-navalist reader might come away with the incorrect impression that there were no serious trades between forward presence and fleet readiness/reset.
  • On that note, there is no discussion of the steps or resources needed to reset the fleet from the maintenance/manning shortfalls of the past decade and the more recent optempo crisis. This is one of the highest priority issues articulated in Navy leadership’s Congressional testimony as well as public statements, but it is surprisingly not addressed in CS-21R.
  • CS-21R acknowledges conventional deterrence has requirements, variables, and implications that are distinct from those concerning nuclear deterrence. But unlike the publicly-released 1986 document or 2007 CS-21, CS-21R doesn’t connect how everything else it articulates is informed by basic conventional deterrence principles or otherwise promotes deterrence credibility. The discussions of how naval combatants support conventional deterrence is implicitly power projection-centric; the wording creates an impression that conventional deterrence centers on strike capabilities (and land-attack at that). The importance of sea control to deterrence by denial (examples: war at sea operations, protection of vital sea lanes for allies economic sustenance as well as reinforcement of our and their forward defenses) is overlooked. Additionally, CS-21R does not explain how the forces allocated to each theater of interest will support deterrence beyond simply ‘showing the flag;’ their latent warfighting roles within a theater deterrent are left implicit.
  • Beyond platforms supporting strategic deterrence (SSBNs) or heavy conventional power projection (e.g. carriers, amphibious warships), it is left unclear how the rest of the fleet’s platforms trade against each other. SSN and LCS-FF acquisitions are arguably the Navy’s highest priority non-capital combatant programs right now per Navy leadership talking point emphasis, but neither is mentioned explicitly in that context. Nor is there any allusion to what will be sacrificed or what risks will be accepted to make those procurements possible. These considerations will become increasingly important in preparing U.S. maritime strategy for the fiscal pressures that will emerge during the final years of this decade and stretch into the 2020s…regardless of whether the 2011 Budget Control Act ceilings are lifted.
  • CS-21R’s discussion of sea control recognizes that the condition reflects local margin of superiority, but it does not note that this condition is generally temporary. It also does not note that sea control is not something sought in and of itself, but rather is sought for discrete operational purposes.
  •  Strategic sealift is mentioned but its criticality is not underlined. America’s ability to wage war overseas depends on strategic sealift; this message should not be left implicit.
  • Standing peacetime European maritime security and deterrence is clearly being left to European militaries, with contributions from the four BMD-capable DDGs in Rota and forces transiting through EUCOM en route to other theaters. This may be all that is possible given the U.S. Navy’s fleet size and the operational demands in East/Southeast/Southwest Asia. It is also likely consistent with current Defense Planning Guidance. It strikes me as odd, though, for this to be the case in the theater in which the risk of major war is presently highest and conventional deterrence credibility is accordingly most needed. In this light, it is even odder that the section defining how and why the Navy will achieve presence in the European theater does not mention the Russian threat at all (especially when Russian revanchism was mentioned in the global security environment section). Europe is primarily referred to as a bridge for projecting power into other theaters or as a locus for maritime security efforts; in other words a means to an end rather than a set of allies (and a representation of values) that we are committed to defend. Given the fact that European militaries (and especially navies) are struggling for funding and are already far less capable than the U.S. Navy, it is questionable whether this element of CS-21R will endure long if Russian coercion against NATO continues to increase. If this is the case, then there is a gap in CS-21R regarding how trades with presence/operational requirements in other theaters will be managed.
  •  The 1986 publicly-released Maritime Strategy was a product of the pre-Goldwater/Nichols era, and so its discussion of how the Navy would move pieces around on the global chessboard in a general war does not carry over into the Combatant Commander-dominant era in which CS-21R resides. But the 1986 document also explained how the Navy’s basic operating concepts provided specific means for achieving strategic ends in a generic major war. It outlined how each element of the fleet would operate together (as well as with Joint and allied forces) within combined arms campaign constructs. That’s still germane today under ‘man-train-equip,’ and it can be argued that it’s a crucial missing piece for justifying the force structure articulated by CS-21R as well as explaining to non-experts (and especially some critics) how a modern combined arms maritime force works.
o   Example: strike is the single explicitly articulated mission for aircraft carriers in CS-21R, even though their roles supporting sea control are arguably just as important. The caption addressing the E-2D Hawkeye’s role in the Navy Integrated Fire Control-Counter Air concept (pg. 20) speaks indirectly to the carrier’s central sea control roles; it is surprising that this was not echoed in the document’s main body narrative.
o   Example: very limited discussion of how the sea services are supported by the Air Force (beyond aerial refueling and intelligence/surveillance/reconnaissance) and the Army (beyond Integrated Air and Missile Defense), or how the Navy supports those services (beyond kinetic and non-kinetic fires, plus intelligence/surveillance/reconnaissance). This could have been used to further connect how CS-21R connects with JOAC and JAM-GC.
My critiques should not be interpreted to detract from the exceptional work done by the CS-21R development team. They have powerfully communicated the message that readiness to deter—and if necessary wage—major war is once again America’s sea services’ paramount priority. They have heralded the idea that 21st Century seapower will depend in great part on the ability to fight in the cyber and electromagnetic domains. They have upheld the notion that maritime security cooperation remains central to the functioning of the international system.
Job well done.
 
The views expressed herein are solely those of the author and are presented in his personal capacity. They do not reflect the official positions of Systems Planning and Analysis, and to the author’s knowledge do not reflect the policies or positions of the U.S. Department of Defense, any U.S. armed service, or any other U.S. Government agency.


Wednesday, March 25, 2015

SASC Chair McCain Strong on UCLASS

Word is out today of a letter Senate Armed Services Committee Chairman John McCain sent to the Secretary of Defense outlining his desire to see the Navy develop UCLASS for action in contested environments.  Here is the money quote from the letter: "“Developing a new carrier-based unmanned aircraft that is primarily an ISR platform and unable to operate effectively in medium- to high –level threat environments would be operationally and strategically misguided.”

The support of the SASC Chair for a stealthy(enough) penetrator means that both the HASC Seapower Chair Rep. Randy Forbes (R-VA) and Senator McCain (R-AZ) are firmly in the camp of those ( like me) who believe the Navy's professed preference for an ISR privileged UCLASS is the wrong choice (see here, here , here, here).

Of additional interest is McCain's advocacy in the letter of the Navy continuing to make use of the UCAS-D X-47B for testing and concept development.  McCain cited the fact that after April, there would be no unmanned vehicles operating from carriers for several years.

This is a great first step.  The carrier airwing MUST continue to evolve if the Navy is going to stay in the power projection business.  Three additional enhancements to the airwing are required:

  • The return of organic refueling capability--not just for the carrier air wing, but also for refueling of transiting land based vehicles.
  • The return of a sea control aircraft capable of extended ASW and ASUW missions (a la the S-3B).
  • And of considerable importance--a large, likely unmanned "truck" capable of carrying multiple, small, long range, weaponized UAV's.   This vehicle would fly to less dense portions of an adversary strike/reconnaissance complex and disgorge its payload, which would form up with other similarly launched groups of vehicles to create a swarming mass of dozens or scores of vehicles to saturate an opponent's air defenses, in advance of other, larger, less stealthy but more powerful weapons time to arrive shortly after.  

Tuesday, March 24, 2015

Russia Responds to Atlantic Resolve


Under Operation Atlantic Resolve, the U.S. has been rotationally deploying relatively small land-based force packages into Eastern Europe that are intended to signal American commitment to defending NATO’s boundary members against Russian aggression (while arguably also serving as deterrence tripwires). It's been pretty confusing trying to sort out what is being deployed where. Although last Thursday I noted the reported deployment of the 3rd Infantry Division’s entire 1st Armored Brigade Combat Team (BCT) to the Baltics, per the latest Atlantic Resolve fact sheet only a few hundred personnel and vehicles will actually be positioned in the Baltics. Furthermore, these vehicles will be consolidated with U.S. Army Europe’s prepositioned stocks in Germany at the end of the BCT’s deployment; they will not be left in the Baltics. According to LTG Ben Hodges, Commander of U.S. Army Europe, however, that does not preclude redistributing those vehicles to prepositioning sites in the Baltics or other Eastern European NATO members at a later date.

Russia’s response to all this is hardly surprising or unexpected. From Agence France-Presse via Defense News last Thursday:
Putin on Monday [3/16] ordered drills for more than 40,000 troops in regions spanning the country, from the Arctic to the far east to the volatile southern Caucasus, and ordered nuclear bomber jets to be deployed in Crimea a year after its annexation by Moscow.
Russia's chief of the general staff, Valery Gerasimov, said Thursday that the "number of troops taking part in the exercises has gone up to 80,000, and the number of aircraft has increased to 220," quoted by RIA Novosti state news agency.
Troops in the western and central regions and military aircraft were scrambled for exercises, Gerasimov said.
The drills are the latest in a succession of large-scale military maneuvers that Moscow has ordered as relations with the West have plunged to a post-Cold War low over the crisis in Ukraine.
"I've been watching the Russian exercises...what I cared about is they can get 30,000 people and 1,000 tanks in a place really fast. Damn, that was impressive."
Conventional deterrence by denial rests heavily on creating a perception that a fait accompli isn’t possible, or that achieving one would be very costly and risky. This is why forward presence is so critical to deterrence credibility. The challenge becomes even harder when the adversary can mobilize and deploy an order of magnitude faster than the defender can.
Pavel Felgenhauer, a longstanding and often well-sourced Russian military analyst, notes at the Jamestown Foundation’s Eurasia Daily Monitor that:
This week (March 16–21), the Russian military began massive, “sudden” military exercises (“vnezapnaya proverka”). The authorities initially announced that the “sudden exercises” are intended to check out the battle readiness of Russia’s Northern Fleet and the possibility of reinforcing it with forces from other military districts. According to the Russian Ministry of Defense, 38,000 soldiers, 3,360 military vehicles, 41 navy ships, 15 submarines and 110 aircraft are involved in the exercise. The mass deployment of air and naval forces in the Barents Sea practices ensuring the safety of Russian nuclear missile–armed submarines, which have to be defended at all costs before they launch their hundreds of nuclear warheads at the United States. The military plans to land marines and paratroopers on the shore of the Kola Peninsula close to the Norwegian border and on the polar archipelagos of Novaya Zemlya and Franz Josef Land.
According to a defense ministry source, the “sudden exercise” was intended to send a message to the North Atlantic Treaty Organization (NATO) that Russia is ready for war and can counter with force the deployment of limited US and other NATO forces to the Baltic, Romania, Poland and Bulgaria. Moscow, apparently, did not give Western nations any prior notification about the exercise (Vedomosti, March 17).
Neither side has had experience with brinksmanship on par with the darker moments of the Cold War in over a generation. That does not bode well for crisis stability, to put it mildly.

--Updated 3/24/15 7:38AM EDT to correct typo in 6th paragraph--

The views expressed herein are solely those of the author and are presented in his personal capacity. They do not reflect the official positions of Systems Planning and Analysis, and to the author’s knowledge do not reflect the policies or positions of the U.S. Department of Defense, any U.S. armed service, or any other U.S. Government agency.

Monday, March 23, 2015

Honeypots: An Overlooked Cyberweapon



Most discussions of the use of ‘cyber’ as ‘fires’ supporting conventional forces focus on penetrating an enemy’s systems or networks to ‘see’ or manipulate what he ‘sees,’ disrupt or corrupt his communications, disable or damage select systems, and so on. However, there is no assurance that the specific system or network vulnerabilities attacks are designed to exploit will still be available when needed during combat. Vulnerabilities are discovered and patched all the time (though practically speaking, it is impossible to identify every single vulnerability that actually exists in a complex system). An adversary can also change his network topology or close off access points needed by the attacker at inopportune times. Lastly, an exploit is a precious thing: a single use may alert the adversary to a particular vulnerability and may even help the adversary discover new techniques or components that he can reuse in his own arsenal of exploits. Penetrative cyberattacks cannot be assured under all conditions, and may not be worth burning a relevant exploit under some conditions. This hardly means that they are impossible or not worth the costs. It does mean that we must be sober about their combat potential.

It is a given that adversaries will attempt their own wartime penetrative cyberattacks on our military systems and networks. We generally view this as a defensive problem. We often forget that their attacks can also provide us with (passive) offensive opportunities.
Counterintelligence operations and military deception efforts have long used the tactic of feeding disinformation to an adversary’s intelligence collection apparatus. This generally involves knowing at least some of an adversary’s preferred intelligence collection points as well as what kind of ‘evidence’ is best suited to sell the adversary the desired deceptive ‘story.’ Or if it isn’t clear how to convincingly sell a story, the deceiver can conceal accessible ‘real’ information (or make it appear fake) by surrounding it with ‘haystacks’ of false information.
The tactic made a seamless transition into the network age via the honeypot concept. One of the earliest honeypot examples I know of dates back to 1986 when astronomer Cliff Stoll populated one of the mainframes he administered at Lawrence Berkeley Laboratory with entire directories of fake files made to appear related to the Strategic Defense Initiative to help entrap a KGB-sponsored hacker. Stoll had monitored the hacker for quite some time, so he knew exactly what kinds of disinformation would serve as ideal bait. As computing and networking technology has advanced, so have the honeypots (and honeynets).
Honeypots could be outstanding assets for helping to thwart an adversary’s military surveillance and reconnaissance efforts. I outlined how this might be done in my 2013 maritime deception and concealment article; a peer reviewer suggested that I call the technique “Computer Network Charade” (CNC) to line up with the Defense Department computer network operations terminology of the time:
CNC takes advantage of the fact that timely fusion of intelligence into a situational picture is exceptionally difficult, even when aided by data mining and other analytical technologies, since a human generally has to assess each piece of “interesting” information. Once counterintelligence reveals an adversary’s intelligence exploitation activities within friendly forces’ networks, CNC can feed manipulative information tied to a deception story or worthless information meant to saturate. This can be done using the existing exploited network elements, or alternatively by introducing “honeypots.” Massive amounts of such faked material as documents, message traffic, e-mails, chat, or database interactions can be auto-generated and populated with unit identities, locations, times, and even human-looking errors. The material can be either randomized to augment concealment or pattern-formed to reinforce a deception story, as appropriate. A unit can similarly manipulate its network behavior to defeat traffic analysis, or augment the effectiveness of a decoy group by simulating other units or echelons. All this leaves the adversary the task of discriminating false content from any real items he might have collected… this hypothetical CNC tactic is envisioned for the Nonsecure Internet Protocol Router Network (NIPRNet) and perhaps also the Secure Internet Protocol Router Network (SIPRNet). It is not envisioned for operational or tactical data-link or distributed fire-control networks.
Regardless of CNC method, it can be determined whether or not planted disinformation has been captured by the adversary. The commonalities of CNC with many communication-deception tactics are not coincidental. In fact, civilian mass media, social networks, and e-mail pathways can also be used as disinformation channels in support of forward forces.
CNC’s relative immaturity means that its viability must be proved in war games, battle experiments, and developmental tests before it can be incorporated in doctrine and operational plans. CNC may well prove more useful for concealment (saturating adversary collection systems and overwhelming decision makers with sheer volume and ambiguity) than for outright deception. A potentially useful way to estimate its combat efficacy would be to study historical cases of equivalent communications deception. For example, in spring 1942, U.S. naval intelligence used a false, unencrypted radio message about Midway Island’s water-purification system to elicit enemy communications activity that helped verify that Midway was indeed the Imperial Japanese Navy’s next target. There is little conceptual difference between this episode and how CNC might be used in the future. (Pg. 94, 111-112)
CNC (or whatever else you might prefer to call it) therefore represents a form of anti-intelligence/surveillance/reconnaissance.
Another potential use of honeypots is to attack the adversary’s warfare systems or military support infrastructure indirectly and over time. As CFR’s Adam Segal pointed out earlier this month, during the early 1980s French intelligence granted the CIA use of a KGB defector-in-place to funnel disinformation into the Soviet program to collect information on sensitive Western technologies. This ‘Farewell dossier’ not only led to the rolling up of the KGB’s technology transfer operations against European targets, but also ended up inducing the Soviets to use flawed designs and defective components in a wide range of military and industrial systems. It has long been rumored that a section of the Trans-Siberia oil pipeline suffered a massive explosion in 1982 due to ‘tailored’ industrial control software exposed to KGB collection assets.
Segal is absolutely correct about how Farewell could apply in the network age. If a given opponent is striving to advance its national technology base by stealing U.S. data, then it makes great sense to use honeypots and honeynets to pump false information to the opponent. The opponent’s use of such reverse-engineered technologies in his own systems could create vulnerabilities the U.S. could exploit. Similarly, if an opponent’s collections against U.S. military technologies are intended to find exploitable vulnerabilities for use in the event of a crisis or war, then the U.S. could disclose false vulnerabilities in order to induce the opponent to waste precious resources developing and stockpiling worthless exploits. Even if planted data was discovered by the opponent to be deliberately misleading, his realization of the scale of the use of honeypots might cause him to doubt the legitimacy of other 'true' data collected by his hacking and exfiltration operations. The return on investment could be incalculable.
Honeypots and honeynets may not be as direct as penetrative cyberattacks, and their effects would most definitely not be immediately observable. All the same, they would likely be more available in war as they would have the advantage of the adversary ‘running straight into the weapon.’ The nascent Long Range Research and Development Planning Program (LRRDPP) under the ‘Third Offset Strategy’ initiative ought to encourage development of technologies that could support creation of honeypots and honeynets that exhibit highly realistic behaviors and can automatically generate massive amounts of highly realistic but misleading, useless, or fault-laden information while simultaneously distracting attention from a network's actual elements of value.


The views expressed herein are solely those of the author and are presented in his personal capacity. They do not reflect the official positions of Systems Planning and Analysis, and to the author’s knowledge do not reflect the policies or positions of the U.S. Department of Defense, any U.S. armed service, or any other U.S. Government agency.

site stats