Thursday, October 23, 2014

21st Century Maritime Operations Under Cyber-Electromagnetic Opposition, Part III


For previous installments, see Part 1 and Part 2

Candidate Principle #4: A Network’s Operational Geometry Impacts its Defensibility

Networked warfare is popularly viewed as a fight within cyberspace’s ever-shifting topology. Networks, however, often must use transmission mechanisms beyond physical cables. For field-deployed military forces in particular, data packets must be broadcast as electromagnetic signals through the atmosphere and outer space, or as acoustic signals underwater, in order to connect with a network’s infrastructure. Whereas a belligerent might not be able to directly access or strike this infrastructure for a variety of reasons, intercepting and exploiting a signal as it traverses above or below water is an entirely different matter. The geometry of a transmitted signal’s propagation paths therefore is a critical factor in assessing a network’s defensibility.
The Jominian terms interior and exterior lines of operations respectively refer to whether a force occupies positions within a ‘circle’ such that its combat actions radiate outwards towards the adversary’s forces, or whether it is positioned outside the ‘circle’ such that its actions converge inwards towards the adversary.[i] Although these terms have traditionally applied solely within the physical domains of war, with some license they are also applicable to cyber-electromagnetic warfare. A force might be said to be operating on interior lines of networking if the platforms, remote sensors, data processing services, launched weapons, and communications relay assets comprising its battle networks are positioned solely within the force’s immediate operating area.


While this area may extend from the seabed to earth orbit, and could easily have a surface footprint measuring in the hundreds of thousands of square miles, it would nonetheless be relatively localized within the scheme of the overall combat zone. If the force employs robustly-layered physical defenses, and especially if its networking lines through the air or water feature highly-directional line-of-sight communications systems where possible or LPI transmission techniques where appropriate, the adversary’s task of positioning assets such that they can reliably discover let alone exploit the force’s electromagnetic or acoustic communications pathways becomes quite difficult. The ideal force operating on interior lines of networking avoids use of space-based data relay assets with predictable orbits and instead relies primarily upon agile, unpredictably-located airborne relays.[ii] CEC and tactical C2 systems whose participants exclusively lie within a maneuvering force’s immediate operating area are examples of tools that enable interior lines of networking.
Conversely, a force might be said to be operating on exterior lines of networking if key resources comprising its battle networks are positioned well beyond its immediate operating area.


This can vastly simplify an adversary’s task of positioning cyber-electromagnetic exploitation assets. For example, the lines of communication linking a field-deployed force with distant entities often rely upon fixed or predictably-positioned relay assets with extremely wide surface footprints. Similarly, those that connect the force with rear-echelon entities generally require connections to fixed-location networking infrastructure on land or under the sea. Theater-level C2 systems, national or theater-level sensor systems, intelligence ‘reachback’ support systems, remotely-located data fusion systems, and rear echelon logistical services that directly tap into field-deployed assets’ systems in order to provide remote-monitoring/troubleshooting support are examples of resources available to a force operating on exterior lines of networking.
Clearly, no force can fully foreswear operating on exterior lines of networking in favor of operating solely on interior lines.[iii] A force’s tasks combined with its minimum needs for external support preclude this; some tactical-level tasks such as theater ballistic missile defense depend upon direct inputs from national/theater-level sensors and C2 systems. A force operating on interior lines of networking may also have less ‘battle information’ available to it, not to mention fewer processing resources available for digesting this information, than a force operating on exterior lines of networking.
Nevertheless, any added capabilities provided by operating on exterior lines of networking must be traded off against the increased cyber-electromagnetic risks inherent in doing so. There consequently must be an extremely compelling justification for each individual connection between a force and external resources, especially if a proposed connection touches critical combat system or ‘engineering plant’ systems. Any connections authorized with external resources must be subjected to a continuous, disciplined cyber-electromagnetic risk management process that dictates the allowable circumstances for the connection’s use and the methods that must be implemented to protect against its exploitation. This is not merely a concern about fending off ‘live penetration’ of a network, as an ill-considered connection might alternatively be used as a channel for routing a ‘kill signal’ to a pre-installed ‘logic bomb’ residing deep within some critical system, or for malware to automatically and covertly exfiltrate data to an adversary’s intelligence collectors. An external connection does not even need to be between a critical and a non-critical system to be dangerous; operational security depends greatly upon preventing sensitive information that contains or implies a unit or force’s geolocation, scheme of maneuver, and combat readiness from leaking out via networked logistical support services. Most notably, it must be understood that exterior lines of networking are more likely than interior lines to be disrupted or compromised when most needed while a force is operating under cyber-electromagnetic opposition. The timing and duration of a force’s use of exterior lines of networking accordingly should be strictly minimized, and it might often be more advantageous to pass up the capabilities provided by external connectivity in favor of increasing a force’s chances at avoiding detection or cyber-electromagnetic exploitation.

Candidate Principle #5: Network Degradation in Combat, While Certain, Can be Managed

The four previous candidate principles’ chief significance is that no network, and few sensor or communications systems, will be able to sustain peak operability within an opposed cyber-electromagnetic environment. Impacts may be lessened by employing network-enhanced vice network-dependent system architectures, carefully weighing a force’s connections with (or dependencies upon) external entities, and implementation of doctrinal, tactical, and technical cyber-electromagnetic counter-countermeasures. Network and system degradation will nonetheless be a reality, and there is no analytical justification for assuming peacetime degrees of situational awareness accuracy or force control surety will last long beyond a war’s outbreak.
There is a big difference, though, between degrading and destroying a network. The beauty of a decently-architected network is that lopping off certain key nodes may severely degrade its capabilities, but as long as some nodes survive—and especially if they can combine their individual capabilities constructively via surviving communications pathways as well as backup or ‘workaround’ processes—the network will retain some non-dismissible degree of functionality. Take Iraq’s nationwide integrated air defense system during the first Gulf War, for example. Although its C2 nodes absorbed devastating attacks, it was able to sustain some localized effectiveness in a few areas of the country up through the war’s end. What’s more, U.S. forces could never completely sever this network’s communications pathways; in some cases the Iraqis succeeded in reconstituting damaged nodes.[iv] Similarly, U.S. Department of Defense force interoperability assessments overseen by the Director of Operational Test and Evaluation during Fiscal Year 2013 indicated that operators were frequently able to develop ‘workarounds’ when their information systems and networks experienced disruptions, and that mission accomplishment ultimately did not suffer as a result. A price was paid, though, in “increased operator workloads, increased errors, and slowed mission performance.”[v] 
This illustrates the idea that a system or network can degrade gracefully; that is, retain residual capabilities ‘good enough,’ if only under narrow conditions, to significantly affect an opponent’s operations and tactics. Certain hardware and software design attributes including architectural redundancy, physical and virtual partitioning of critical from non-critical functions (with far stricter scrutiny over supply chains and components performed for the former), and implementation of hardened and aggressively tested ‘safe modes’ systems can fail into to restore a minimum set of critical functions support graceful degradation. The same is true with inclusion of ‘war reserve’ functionality in systems, use of a constantly-shifting network topology, availability of ‘out-of-band’ pathways for communicating mission-critical data, and incorporation of robust jamming identification and suppression/cancellation capabilities. All of these system and network design features can help a force can fight-through cyber-electromagnetic attack. Personnel training (and standards enforcement) with respect to basic cyber-electromagnetic hygiene will also figure immensely in this regard. Rigorous training aimed at developing crews’ abilities to quickly recognize, evaluate, and then recover from attacks (including suspected network-exploitations by adversary intelligence collectors) will accordingly be vital.[vi] All the same, graceful degradation is not an absolute good, as an opponent will assuredly exploit the resultant ‘spottier’ situational awareness or C2 regardless of whether it is protracted or brief.

Tomorrow, we assess the psychological effects of cyber-electromagnetic attacks and then conclude with a look at the candidate principles’ implications for maritime warfare.


[i] “Joint Publication 5-0: Joint Operational Planning.” (Washington, D.C.: Joint Chiefs of Staff, 2011), III-27.
[ii] For an excellent technical discussion on the tradeoffs between electronic protection/communications security on one side and data throughput/system expense on the other, see Cote, 31, 58-59. For a good technical summary of highly-directional line-of sight radiofrequency communications systems, see Tom Schlosser. “Technical Report 1719: Potential for Navy Use of Microwave and Millimeter Line-of-Sight Communications.” (San Diego: Naval Command, Control and Ocean Surveillance Center, RDT&E Division, September 1996), accessed 10/15/14, www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA318338
[iii] Note the discussion on this issue in “Joint Operational Access Concept, Version 1.0.” (Washington, D.C.: Joint Chiefs of Staff, 17 January 2012), 36-37.
[iv] Michael R. Gordon and LGEN Bernard E. Trainor, USMC (Ret). The Generals’ War: The Inside Story of the Conflict in the Gulf. (Boston: Back Bay Books, 1995), 256–57.
[v] “FY13 Annual Report: Information Assurance (IA) and Interoperability (IOP),” 330, 332-333.
[vi] See 1. Jonathan F. Solomon. “Cyberdeterrence between Nation-States: Plausible Strategy or a Pipe Dream?” Strategic Studies Quarterly 5, No. 1 (Spring 2011), Part II (online version): 21-22, accessed 12/13/13, http://www.au.af.mil/au/ssq/2011/spring/solomon.pdf; 2. “FY12 Annual Report: Information Assurance (IA) and Interoperability (IOP),” 307-311; 3. “FY13 Annual Report: Information Assurance (IA) and Interoperability (IOP),” 330, 332-334.

Wednesday, October 22, 2014

21st Century Maritime Operations Under Cyber-Electromagnetic Opposition, Part II

Part 1 available here

Candidate Principle #2: A Network’s Combat Viability is more than the Sum of its Nodes

Force networking generates an unavoidable tradeoff between maximizing collective combat capabilities and minimizing network-induced vulnerability risks. The challenge is finding an acceptable balance between the two in both design and operation; networking provides no ‘free lunch.’
This tradeoff was commonly discounted during the network-centric era’s early years. For instance, Metcalfe’s Law—the idea that a network’s potential increases as the square of the number of networked nodes—was often applied in ways suggesting a force would become increasingly capable as more sensors, weapons, and data processing elements were tied together to collect, interpret, and act upon battlespace information.[i] Such assertions, though, were made without reference to the network’s architecture. The sheer number (or types) of nodes matter little if the disruption of certain critical nodes (relay satellites, for example) or the exploitation of any given node to access the network’s internals erode the network’s data confidentiality, integrity, or availability. This renders node-counting on its own a meaningless and perhaps even misleadingly dangerous measure of a network’s potential. The same is also true if individual systems and platforms have design limitations that prevent them from fighting effectively if force-level networks are undermined.
Consequently, there is a gigantic difference between a network-enhanced warfare system and a network-dependent warfare system. While the former’s performance expands greatly when connected to other force elements via a network, it nevertheless is designed to have a minimum performance that is ‘good enough’ to independently achieve certain critical tasks if network connectivity is unavailable or compromised.[ii] A practical example of this is the U.S. Navy’s Cooperative Engagement Capability (CEC), which extends an individual warship’s air warfare reach beyond its own sensors’ line-of-sight out to its interceptor missiles’ maximum ranges courtesy of other CEC-participating platforms’ sensor data. Loss of the local CEC network may significantly reduce a battleforce’s air warfare effectiveness, but the participating warships’ combat systems would still retain formidable self and local-area air defense capabilities.
Conversely, a network-dependent warfare system fails outright when its supporting network is corrupted or denied. For instance, whereas in theory Soviet anti-ship missile-armed bombers of the late 1950s through early 1990s could strike U.S. aircraft carrier battle groups over a thousand miles from the Soviet coast, their ability to do so was predicated upon time-sensitive cueing by the Soviet Ocean Surveillance System (SOSS). SOSS’s network was built around a highly centralized situational picture-development and combat decision-making apparatus, which relied heavily upon remote sensors and long-range radiofrequency communications pathways that were ripe for EW exploitation. This meant U.S. efforts to slow down, saturate, block, or manipulate sensor data inputs to SOSS, let alone to do the same to the SOSS picture outputs Soviet bomber forces relied upon in order to know their targets’ general locations, had the potential of cutting any number of critical links in the bombers’ ‘kill chain.’ If bombers were passed a SOSS cue at all, their crews would have had no idea whether they would find a carrier battle group or a decoy asset (and maybe an accompanying aerial ambush) at the terminus of their sortie route. Furthermore, bomber crews firing from standoff-range could only be confident they had aimed their missiles at actual high-priority ships and not decoys or lower-priority ships if they received precise visual identifications of targets from scouts that had penetrated to the battle group’s center. If these scouts failed in this role—a high probability once U.S. rules of engagement were relaxed following a war’s outbreak—the missile salvo would be seriously handicapped and perhaps wasted, if it could be launched at all. Little is different today with respect to China’s nascent Anti-Ship Ballistic Missile capability: undermine the underlying surveillance-reconnaissance network and the weapon loses its combat utility.[iii] This is the risk systems take with network-dependency.

Candidate Principle #3: Contact Detection is Easy, Contact Classification and Identification are Not

The above SOSS analogy leads to a major observation regarding remote sensing: detecting something is not the same as knowing with confidence what it is. It cannot be overstated that no sensor can infallibly classify and identify its contacts: countermeasures exist against every sensor type.
As an example, for decades we have heard the argument ‘large signature’ platforms such as aircraft carriers are especially vulnerable because they cannot readily hide from wide-area surveillance radars and the like. If the only method of carrier concealment was broadband Radar Cross Section suppression, and if the only prerequisite for firing an anti-carrier weapon was a large surface contact’s detection, the assertions of excessive vulnerability would be true. A large surface contact held by remote radar, however, can just as easily be a merchant vessel, a naval auxiliary ship, a deceptive low campaign-value combatant employing signature-enhancement measures, or an artificial decoy. Whereas advanced radars’ synthetic or inverse synthetic aperture modes can be used to discriminate a contact’s basic shape as a classification tool, a variety of EW tactics and techniques can prevent those modes’ effective use or render their findings suspect. Faced with those kinds of obstacles, active sensor designers might turn to Low Probability of Intercept (LPI) transmission techniques to buy time for their systems to evade detection and also delay the opponent’s development of effective EW countermeasures. Nevertheless, an intelligent opponent’s signals intelligence collection and analysis efforts will eventually discover and correctly classify an active sensor’s LPI emissions. It might take multiple combat engagements over several months for them to do this, or it might take them only a single combat engagement and then a few hours of analysis. This means new LPI techniques must be continually developed, stockpiled, and then situationally employed only on a risk-versus-benefit basis if the sensor’s performance is to be preserved throughout a conflict’s duration.
Passive direction-finding sensors are confronted by an even steeper obstacle: a non-cooperative vessel can strictly inhibit its telltale emissions or can radiate deceptive emissions. Nor can electro-optical and infrared sensors overcome the remote sensing problem, as their spectral bands render them highly inefficient for wide-area searches, drastically limit their effective range, and leave them susceptible to natural as well as man-made obscurants.[iv]  
If a prospective attacker possesses enough ordnance or is not cowed by the political-diplomatic risks of misidentification, he might not care to confidently classify a contact before striking it. On the other hand, if the prospective attacker is constrained by the need to ensure his precious advanced weapons inventories (and their launching platforms) are not prematurely depleted, or if he is constrained by a desire to avoid inadvertent escalation, remote sensing alone will not suffice for weapons-targeting.[v] Just as was the case with Soviet maritime bombers, a relatively risk-intolerant prospective attacker would be compelled to rely upon close-in (and likely visual) classification of targets following their remote detection. This dependency expands a defender’s space for layering its anti-scouting defenses, and suggests that standoff-range attacks cued by sensor-to-shooter networks will depend heavily upon penetrating (if not persistent) scouts that are either highly survivable (e.g., submarines and low-observable aircraft) or relatively expendable (e.g., unmanned system ‘swarms’ or sacrificial manned assets).
On the expendable scout side, an advanced weapon (whether a traditional missile or an unmanned vehicle swarm) could conceivably provide reconnaissance support for other weapons within a raid, such as by exposing itself to early detection and neutralization by the defender in order to provide its compatriots with an actionable targeting picture via a datalink. An advanced weapon might alternatively be connected by datalink to a human controller who views the weapon’s onboard sensor data to designate targets for it or other weapons in the raid, or who otherwise determines whether the target selected by the weapon is valid. While these approaches can help improve a weapon’s ability to correctly discriminate valid targets, they will nevertheless still lead to ordnance waste if the salvo is directed against a decoy group containing no targets of value. Likewise, as all sensor types can be blinded or deceived, a defender’s ability to thoroughly inflict either outcome upon a scout weapon’s sensor package—or a human controller—could leave an attacker little better off than if its weapons lacked datalink capabilities in the first place.
We should additionally bear in mind that the advanced multi-band sensors and external communications capabilities necessary for a weapon to serve as a scout would be neither cheap nor quickly producible. As a result, an attacker would likely possess a finite inventory of these weapons that would need to be carefully managed throughout a conflict’s duration. Incorporation of highly-directional all-weather communications capabilities in a weapon to minimize its datalink vulnerabilities would increase the weapon’s relative expense (with further impact to its inventory size). It might also affect the weapon’s physical size and power requirements on the margins depending upon the distance datalink transmissions had to cover. An alternative reliance upon omnidirectional LPI datalink communications would run the same risk of eventual detection and exploitation over time we previously noted for active sensors.  All told, the attacker’s opportunity costs for expending advanced weapons with one or more of the aforementioned capabilities at a given time would never be zero.[vi] A scout weapon therefore could conceivably be less expendable than an unarmed unmanned scout vehicle depending upon the relative costs and inventory sizes of both.
The use of networked wide-area sensing to directly support employment of long-range weapons could be quite successful in the absence of vigorous cyber-electromagnetic (and kinetic) opposition performed by thoroughly trained and conditioned personnel. The wicked, exploitable problems of contact classification and identification are not minor, though, and it is extraordinarily unlikely any sensor-to-shooter concept will perform as advertised if it inadequately confronts them. After all, the cyclical struggle between sensors and countermeasures is as old as war itself. Any advances in one are eventually balanced by advances in the other; the key questions are which one holds the upper hand at any given time, and how long that advantage can endure against a sophisticated and adaptive opponent.

Tomorrow, we will consider how a force network’s operational geometry impacts its defensibility. We will also explore the implications of a network’s capabilities for graceful degradation.


[i] David S. Alberts, John J. Garstka, and Frederick P. Stein. Network Centric Warfare: Developing and Leveraging Information Superiority, 2nd Ed. (Washington, D.C.: Department of Defense C4ISR Cooperative Research Program, August 1999), 32-34, 103-105, 250-265.
[ii] For some observations on the idea of network-enhanced systems, see Owen R. Cote, Jr. “The Future of Naval Aviation.” (Cambridge, MA: Massachusetts Institute of Technology Security Studies Program, 2006), 28, 59.
[iii] Solomon, “Defending the Fleet,” 39-78. For more details on Soviet anti-ship raiders dependencies upon visual-range (sacrificial) scouts, see Maksim Y. Tokarev. “Kamikazes: The Soviet Legacy.” Naval War College Review 67, No. 1 (Winter 2013): 71, 73-74, 77, 79-80.
[iv] See 1. Jonathan F. Solomon. “Maritime Deception and Concealment: Concepts for Defeating Wide-Area Oceanic Surveillance-Reconnaissance-Strike Networks.” Naval War College Review 66, No. 4 (Autumn 2013): 88-94; 2. Norman Friedman. Seapower and Space: From the Dawn of the Missile Age to Net-Centric Warfare. (Annapolis, MD: Naval Institute Press, 2000), 365-366.
[v] Solomon, “Defending the Fleet,” 94-96.
[vi] Solomon, “Maritime Deception and Concealment,” 95.

Tuesday, October 21, 2014

21st Century Maritime Operations Under Cyber-Electromagnetic Opposition


Future high-end maritime warfare tends to be described as the use of distributed, networked maritime sensors that ‘seamlessly’ cue the tactical actions of dispersed forces armed with standoff-range guided weapons. Most commentary regarding these ‘sensor-to-shooter’ networks has been based around their hypothesized performances under ‘perfect’ conditions: sensors that see all within their predicted fields of view, processors that unfailingly discriminate and classify targets correctly, communications pathways that reliably and securely transmit data between network nodes, and situational pictures that assuredly portray ground truth to combat decision-makers. While it is not unreasonable to start with such an idealized view in order to grasp these networks’ potential, it is misguided to end analysis there. Regrettably, it is not unusual to come across predictions implying that these networks will provide their operators with an unshakable and nearly-omniscient degree of situational awareness, or that the more tightly-networked a force becomes the more likely the geographic area it covers will become a graveyard for the enemy.
Although we implicitly understand networked maritime warfare relies upon the electromagnetic spectrum and cyberspace, for some reason we tend to overlook the fact that these partially-overlapping domains will be fiercely contested in any major conflict. It follows that we tend not to consider the effects of an adversary’s cyberwarfare and Electronic Warfare (EW) when assessing proposed operating concepts and force networking architectures. Part of this stems from the fact that U.S. Navy forces engaged in actual combat over the past seventy years seldom faced severe EW opposition, and have never faced equivalent cyberattacks. Even so, as recently as the 1980s, the Navy’s forward deployed forces routinely operated within intensive EW environments. Though certain specific skill sets and capabilities were highly compartmentalized due to classification considerations, Cold War-era regular Navy units and battlegroups were trained not only to fight-through an adversary’s electronic attacks but also to wield intricate EW methods of their own for deception and concealment.[i] The Navy’s EW (and now cyberwarfare) prowess lives on within its nascent Information Dominance Corps, but this is not the same as having a broad majority of the overall force equipped and conditioned to operate in heavily contested cyber-electromagnetic warfare environments.
Any theory of how force networking should influence naval procurement, force structure, or doctrine is dangerously incomplete if it inadequately addresses the challenges posed by cyber-electromagnetic opposition. Accordingly, we need to understand whether cyber-electromagnetic warfare principles exist that can guide our debates about future maritime operating concepts. 
This week I'll be proposing several candidate principles that seem logical based on modern naval warfare systems’ and networks’ general characteristics. The resulting list should hardly be considered comprehensive, and is solely intended to stimulate debate. Needless to say, these candidates (and any others) will need to be subjected to rigorous testing within war games, campaign analyses, fleet exercises, and real world operations if they are to be validated as principles.

Candidate Principle #1: All Systems and Networks are Inherently Exploitable

It is a fact of nature, not to mention engineering, that notwithstanding their security features all complex systems (and especially the ‘systems of systems’ that constitute networks) inherently possess exploitable design vulnerabilities.[ii] Many vulnerabilities are relatively easy to identify and exploit, which conversely increases the chances a defender will uncover and then effectively mitigate them before an attacker can make best use of them. Others are buried deep within a system, which therefore makes them difficult for an adversary to discover let alone directly access. Still others, though perhaps more readily discernable, are only exploitable under very narrow circumstances or if significant resources are committed. It is entirely possible that notwithstanding its inherent vulnerabilities, a given system might survive an entire protracted conflict without being seriously exploited by an adversary. To confidently assume this ideal outcome would in fact occur, though, amounts to a high-stakes gamble at best and technologically unjustified hubris at worst. Instead, system architects and operators must assume that with enough time, an adversary will not only uncover a usable vulnerability but also develop a viable means of exploiting it if the anticipated spoils merit the requisite investments.
A handful of subtle design shortcomings may be enough to enable the blinding, distraction, or deception of a sensor system; disruption or penetration of network infrastructure systems; or manipulation of a Command and Control (C2) system’s situational picture. Systems can also be sabotaged, with ‘insider threats’ such as components received from compromised supply chains—not to mention actions by malevolent personnel—arguably being just as effective as remotely-launched attacks. For example, a successful inside-the-lifelines attack against the industrial controls of a shipboard auxiliary system might have the indirect effect of crippling any warfare systems that rely upon the former’s services. Cyber-electromagnetic indiscipline within one’s own forces might even be viewed as a particularly damaging, though not deliberately malicious, form of insider threat in which the inadequate ‘hygiene’ or ill-considered tactics of a single operator or maintainer can eviscerate an entire system’s or network’s security architecture.[iii]
Moreover, networking can allow an adversary to use their exploitation of a single, easily-overlooked system as a gateway for directly attacking important systems elsewhere, thereby negating the latter’s robust outward-facing cyber-electromagnetic defenses. Any proposed network connection into a system must be cynically viewed as a potential doorway for attack, even if its exploitation would seem to be incredibly difficult or costly to achieve.[iv]
This hardly means system developers must build a ‘brick wall’ behind every known vulnerability, if that were even feasible. Instead, a continuous process of searching for and examining potential vulnerabilities and exploits is necessary so that risks can be recognized and mitigation measures prioritized.[v] Operators, however, cannot take solace if told that the risks associated with every ‘critical’ vulnerability known at a given moment have been satisfactorily mitigated. There is simply no way to guarantee that undiscovered critical vulnerabilities do not exist, that all known ‘non-critical’ vulnerabilities’ characteristics are fully understood, that the mitigations are indeed sufficient, or that the remedies themselves do not spawn new vulnerabilities.

Tomorrow, we will investigate the fallacy of judging a force network’s combat viability by merely counting its number of nodes. We will also examine the challenges in classifying and identifying potential targets, and what that means for the employment of standoff-range weapons. 


[i] Jonathan F. Solomon. “Defending the Fleet from China’s Anti-Ship Ballistic Missile: Naval Deception’s Roles in Sea-Based Missile Defense.” (master’s thesis, Georgetown University, 2011), 58-62.
[ii] Bruce Schneier. Secrets and Lies: Digital Security in a Networked World. (Indianapolis, IN: Wiley Publishing, 2004), 5-8.
[iii] For elaboration on the currently observed breadth and impacts of insufficient cyber discipline and hygiene, see 1. “FY12 Annual Report: Information Assurance (IA) and Interoperability (IOP).” (Washington, D.C.: Office of the Director, Operational Test and Evaluation (DOT&E), December 2012), 307-309; 2. “FY13 Annual Report: Information Assurance (IA) and Interoperability (IOP).” (Washington, D.C.: Office of the Director, Operational Test and Evaluation (DOT&E), January 2014), 330, 332-334.
[iv] For an excellent discussion of this and other vulnerability-related considerations from U.S. Navy senior leaders’ perspective, see Sydney J. Freedberg Jr. “Navy Battles Cyber Threats: Thumb Drives, Wireless Hacking, & China.” Breaking Defense, 04 April 2013, accessed 1/7/14, http://breakingdefense.com/2013/04/navy-cyber-threats-thumb-drives-wireless-hacking-china/
[v] Schneier, 288-303.


site stats