Future
high-end maritime warfare tends to be described as the use of distributed,
networked maritime sensors that ‘seamlessly’ cue the tactical actions of dispersed
forces armed with standoff-range guided weapons. Most commentary regarding these
‘sensor-to-shooter’ networks has been based around their hypothesized
performances under ‘perfect’ conditions: sensors that see all within their
predicted fields of view, processors that unfailingly discriminate and classify
targets correctly, communications pathways that reliably and securely transmit
data between network nodes, and situational pictures that assuredly portray
ground truth to combat decision-makers. While it is not unreasonable to start
with such an idealized view in order to grasp these networks’ potential, it is
misguided to end analysis there. Regrettably, it is not unusual to come across
predictions implying that these networks will provide their operators with an
unshakable and nearly-omniscient degree of situational awareness, or that the
more tightly-networked a force becomes the more likely the geographic area it
covers will become a graveyard for the enemy.
Although
we implicitly understand networked maritime warfare relies upon the
electromagnetic spectrum and cyberspace, for some reason we tend to overlook the
fact that these partially-overlapping domains will be fiercely contested in any major
conflict. It follows that we tend not to consider the effects of an adversary’s
cyberwarfare and Electronic Warfare (EW) when assessing proposed operating
concepts and force networking architectures. Part of this stems from the fact
that U.S. Navy forces engaged in actual combat over the past seventy years seldom
faced severe EW opposition, and have never faced equivalent cyberattacks. Even
so, as recently as the 1980s, the Navy’s forward deployed forces routinely operated
within intensive EW environments. Though certain specific skill sets and
capabilities were highly compartmentalized due to classification
considerations, Cold War-era regular Navy units and battlegroups were trained
not only to fight-through an adversary’s electronic attacks but also to wield intricate
EW methods of their own for deception and concealment.[i] The
Navy’s EW (and now cyberwarfare) prowess lives on within its nascent Information
Dominance Corps, but this is not the same as having a broad majority of the
overall force equipped and conditioned to operate in heavily contested cyber-electromagnetic
warfare environments.
Any
theory of how force networking should influence naval procurement, force
structure, or doctrine is dangerously incomplete if it inadequately addresses the
challenges posed by cyber-electromagnetic opposition. Accordingly, we need to
understand whether cyber-electromagnetic warfare principles exist that can
guide our debates about future maritime operating concepts.
This week I'll be proposing several candidate principles that seem logical
based on modern naval warfare systems’ and networks’ general characteristics.
The resulting list should hardly be considered
comprehensive, and is solely intended to stimulate debate. Needless to say, these
candidates (and any others) will need to be subjected to rigorous testing
within war games, campaign analyses, fleet exercises, and real world operations
if they are to be validated as principles.
Candidate Principle #1: All Systems and Networks are Inherently Exploitable
It
is a fact of nature, not to mention engineering, that notwithstanding their
security features all complex systems (and especially the ‘systems of systems’
that constitute networks) inherently possess exploitable design
vulnerabilities.[ii]
Many vulnerabilities are relatively easy to identify and exploit, which
conversely increases the chances a defender will uncover and then effectively mitigate
them before an attacker can make best use of them. Others are buried deep
within a system, which therefore makes them difficult for an adversary to
discover let alone directly access. Still others, though perhaps more readily
discernable, are only exploitable under very narrow circumstances or if significant
resources are committed. It is entirely possible that notwithstanding its
inherent vulnerabilities, a given system might survive an entire protracted
conflict without being seriously exploited by an adversary. To confidently assume
this ideal outcome would in fact occur, though, amounts to a high-stakes gamble
at best and technologically unjustified hubris at worst. Instead, system
architects and operators must assume that with enough time, an adversary will
not only uncover a usable vulnerability but also develop a viable means of
exploiting it if the anticipated spoils merit the requisite investments.
A
handful of subtle design shortcomings may be enough to enable the blinding,
distraction, or deception of a sensor system; disruption or penetration of
network infrastructure systems; or manipulation of a Command and Control (C2)
system’s situational picture. Systems can also be sabotaged, with ‘insider
threats’ such as components received from compromised supply chains—not to
mention actions by malevolent personnel—arguably being just as effective as
remotely-launched attacks. For example, a successful inside-the-lifelines
attack against the industrial controls of a shipboard auxiliary system might
have the indirect effect of crippling any warfare systems that rely upon the former’s
services. Cyber-electromagnetic indiscipline within one’s own forces might even
be viewed as a particularly damaging, though not deliberately malicious, form
of insider threat in which the inadequate ‘hygiene’ or ill-considered tactics
of a single operator or maintainer can eviscerate an entire system’s or
network’s security architecture.[iii]
Moreover,
networking can allow an adversary to use their exploitation of a single,
easily-overlooked system as a gateway for directly attacking important systems
elsewhere, thereby negating the latter’s robust outward-facing cyber-electromagnetic
defenses. Any proposed network connection into a system must be cynically viewed
as a potential doorway for attack, even if its exploitation would seem to be
incredibly difficult or costly to achieve.[iv]
This
hardly means system developers must build a ‘brick wall’ behind every known vulnerability,
if that were even feasible. Instead, a continuous process of searching for and
examining potential vulnerabilities and exploits is necessary so that risks can
be recognized and mitigation measures prioritized.[v] Operators,
however, cannot take solace if told that the risks associated with every ‘critical’
vulnerability known at a given moment have been satisfactorily mitigated. There
is simply no way to guarantee that undiscovered critical vulnerabilities do not
exist, that all known ‘non-critical’ vulnerabilities’ characteristics are fully
understood, that the mitigations are indeed sufficient, or that the remedies
themselves do not spawn new vulnerabilities.
Tomorrow, we will investigate the
fallacy of judging a force network’s combat viability by merely counting its
number of nodes. We will also examine the challenges in classifying and
identifying potential targets, and what that means for the employment of
standoff-range weapons.
[i]
Jonathan F. Solomon. “Defending the Fleet from China’s Anti-Ship Ballistic
Missile: Naval Deception’s Roles in Sea-Based Missile Defense.” (master’s
thesis, Georgetown University, 2011), 58-62.
[ii]
Bruce Schneier. Secrets and Lies: Digital
Security in a Networked World. (Indianapolis, IN: Wiley Publishing, 2004),
5-8.
[iii]
For elaboration on the currently observed breadth and impacts of insufficient
cyber discipline and hygiene, see 1. “FY12 Annual Report: Information Assurance
(IA) and Interoperability (IOP).” (Washington, D.C.: Office of the Director,
Operational Test and Evaluation (DOT&E), December 2012), 307-309; 2. “FY13
Annual Report: Information Assurance (IA) and Interoperability (IOP).”
(Washington, D.C.: Office of the Director, Operational Test and Evaluation
(DOT&E), January 2014), 330, 332-334.
[iv]
For an excellent discussion of this and other vulnerability-related
considerations from U.S. Navy senior leaders’ perspective, see Sydney J.
Freedberg Jr. “Navy Battles Cyber Threats: Thumb Drives, Wireless Hacking,
& China.” Breaking Defense, 04
April 2013, accessed 1/7/14, http://breakingdefense.com/2013/04/navy-cyber-threats-thumb-drives-wireless-hacking-china/
[v] Schneier,
288-303.
No comments:
Post a Comment