Operational Military Perspective in Cyber Security IEEE Technology Summit 13 May 2008 M. Paul Zavidniak Technical Fellow, Technical Director Network Communications Division Airborne & Maritime Systems

UNCLASSIFIED 2 Discussion Points Warfighting in the Network Centric Era Military Operating Environment Cyber Space in the Military Environment SWOT Analysis (Strengths, Weaknesses, Opportunities & Threats) Addressing the Challenges Addressing the Threats Designing for the Future Questions

UNCLASSIFIED 3 Tactical Data Networks Disparate by Nature Distributed throughout the Spectrum Internet is not Pervasive CyberSpace Today’s Battlefield Space Domain Space Domain Space: Transformational Communications Airborne Domain Airborne Domain Airborne: Airborne Networking Terrestrial Domain Terrestrial Domain Terrestrial: GIG / Enterprise Services Maritime Domain Maritime Domain Maritime: ForceNet/Network Centric Warfare

UNCLASSIFIED 4 Today’s Battlefield (Capability Perspective) Group Services by Type (or mission) Surveillance Communications Tactical In operations of any nature its essential to ascertain impact of cyber attack by capability What have I lost? Space Domain Space Domain Airborne Domain Airborne Domain Terrestrial Domain Terrestrial Domain Maritime Domain Maritime Domain CyberSpace

UNCLASSIFIED 5 Information Assurance: Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation Warfare in the Net-Centric Era Space Domain Space Domain Airborne Domain Airborne Domain Terrestrial Domain Terrestrial Domain Maritime Domain Maritime Domain CyberSpace Win the Battle Control the Battle Control the Battle Communications / Information Communications/Info Knowledge & Situation Awareness Disrupt Communications Lose Control Information Warfare: the use of information or information technology during a time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries Lose the Battle

UNCLASSIFIED 6 Equipment Operating Environment WB-57 (2005-current) Global Express (2007-current) 60,000+ Ceiling, 2,500 nm Range51,000 ceiling, 5,600 nm Range g Force Requirements Upward3.0g Forward9.0g Sideward 4.0g Downward 6.0g Rearward 1.5g

UNCLASSIFIED 7 Battlefield Airborne Communications Node BACN Spiral 1 (2005-current), NASA WB-57 Aircraft

UNCLASSIFIED 8 Battlefield Airborne Communications Node BACN Spiral 2 (2007-current), Bombardier Global Express

UNCLASSIFIED 9 Equipment Placement in Tactical Aircraft

UNCLASSIFIED 10 UNCLASSIFIED Enhancing Warfighter Capabilities Penetrate anti-access environments Increase persistence of surveillance & reconnaissance Destroy fleeting or emergent targets Shorten TST timelines (F2T2EA) Improve Combat ID Improve SA & C2 Warfighting Capabilities Multiple waveform linking Message translation Voice bridging Composite tactical picture High capacity backbone Network Mgt Net-Centric Gateway Apps Information Assurance CapabilitiesEnablers LOS range extension Translation/ Correlation/ Forwarding between dissimilar TDNs Connecting battlespace nodes to GIG Bridging/Switching dissimilar voice systems New C4ISR Sys to Evolve / Field incrementally (AESA radar, F-22A) Supports Close Air Support, Time Sensitive Targeting, Global Strike, Homeland Defense, Coalition

UNCLASSIFIED 11 UNCLASSIFIED  Cultural issues associated with confirming ‘real’ vulnerabilities No funding for ‘known’ but undocumented requirements Cyber Space in the Military Environment Electromagnetic Spectrum SpaceAirSurfaceSub Information Targets X-BandS -Band Ku -BandC -Band GPS -BandUltravioletInfraredE/OL-BandI-BandULF, VLF, LFHF, VHF, UHFUltravioletInfraredE/OL-BandI-BandULF, VLF, LFHF, VHF, UHFSonarWirelines ULF, VLF, LF SatelliteRadar Physical Targets Wirelines FiberCopper OC48 OC12 OC3 T-45 T-3 POTS B-ISDNFT-1T-1Frm RlySONETATMT-1FT-1B-ISDN PRI-ISDN, X.25, Telnet Internet TCP/IP, etc. Digital Carrier Protocols Media Access Methods User Protocols Services Present focus of US DoD Defensive IW activities  Lack of emphasis on non-IP technologies DoD and Government unique requirements unaddressed

UNCLASSIFIED 12 UNCLASSIFIED Strengths and Weaknesses Diversity –Radio Frequency (divergent frequency allocations) –Carriers (divergent data links) –Protocols (divergent protocols) –Encryption (divergent encryption protocols) –Security (multiple levels of security) Radio ‘operators’ hold clearances –Limited exposure to insider threats Interoperability –Diversity impacts interoperability Information/Knowledge Propagation –Propagation of knowledge is artificially limited Information Timeliness –Constrained propagation yields ‘stale’ data Strengths Weaknesses

UNCLASSIFIED 13 UNCLASSIFIED Opportunities Sought Enhance Interoperability & Information Sharing Accelerate the Flow of Information to the Consumer Exploit the benefits of shared knowledge and technical abilities to increase mission effectiveness and efficiency Goals for the Net Centric Services Strategy –Provide Services Make information and functional capabilities available as services on the network –Use Services Use existing services to satisfy mission needs before creating duplicative capabilities –Govern the Enterprise Establish the policies and processes for services in the enterprise SOA to ensure execution is aligned with interoperability and information sharing objectives

UNCLASSIFIED 14 UNCLASSIFIED OSD Policy IPv6 June 9, 2003 This memorandum provides DoD policy for Enterprise-wide deployment of IPv6. Currently, Internet Protocol version 4 (IPv4) represents the mandated internetworking protocol for the DoD. The achievement of net- centric operations and warfare, envisioned as the Global Information Grid (GIG) of inter-networked sensors, platforms and other Information Technology/National Security System (IT/NSS) capabilities, depends on effective implementation of IPv6 in concert with other aspects of the GIG Architecture. IPv6 is important to IA due to the enhanced IA capabilities it provides. The DoD goal is to complete the transition to IPv6 for all inter and intra networking across the DoD by FY2008 All GIG assets being developed, procured or acquired shall be IPv6 capable

UNCLASSIFIED 15 UNCLASSIFIED Net-Centric Way Forward When they need it In a form they can understand and act on in confidence, and Protects information from those who should not have it When they need it In a form they can understand and act on in confidence, and Protects information from those who should not have it Source: NCE JFC version 1, dated 7 April 2005 “if the Joint Force fully exploits shared knowledge and technical connectivity, then the resulting capabilities will dramatically increase mission effectiveness and efficiency ” Increasing scope of integration, efficiency, and effectiveness A framework for full human and technical connectivity and interoperability that allows all DOD users and mission partners to share information they need Connecting People with Information DoD Net-Centric Services Strategy, Frank Petroski, October 31, 2006

UNCLASSIFIED 16 UNCLASSIFIED The Enterprise SOA

UNCLASSIFIED 17 UNCLASSIFIED Computer virus will be introduced via radio channels and laser comm links One requirement of winning is … monitoring CyberSpace Military Threats “Russian Views on Electronic and Information Warfare,” Mary Fitzgerald, The Hudson Group “Chinese Views on Future War”, Michael Pillsbury, National Defense University Russian PerspectiveChinese PerspectiveThreat Accomplishing Electronic Warfare by jamming enemy communications There are many ways to destroy information systems … jamming an enemy’s communications Jam Directed beam electromagnetic pulse will become a new means of warfare against C4I and intelligence systems by In future wars, key information (and systems) will become “combat priorities”, the key targets Destroy an enemies electronic systems with EMP Target, Destroy Introduce computer viruses by agents, over communications channels, or other means Saturate enemy information networks with false commands and reports, misleading him and corrupting his C2 system Deception by imitating the operation of enemy comm and by changing radio traffic volumes Penetrating classified and unclassified info networks and channels to transmit false info Secret falsification can be used to plant false intelligence and false targets in the place of true intelligence Resist viruses to protect the normal operations of information processing in systems Destroy computer software with a computer virus Disrupt the enemy’s information flow In future wars, operations against military computers will be key …. Including computer virus warfare Spoof Deceive Corrupt Monitor

UNCLASSIFIED 18 UNCLASSIFIED Russia’s Resurgent Military MOSCOW - As a newly self-confident, oil-rich Russia teams up with China in joint military exercises Friday, it is moving to reclaim the former Soviet Union's status as a global military power. A seven-year, $200-billion rearmament plan signed by President Vladimir Putin earlier this year will purchase new generations of missiles, planes, and perhaps aircraft carriers to rebuild Russia's arsenal. Already, the new military posture is on display: This summer, Russian bombers have extended their patrol ranges far into the Atlantic and Pacific oceans, forcing US and NATO interceptors to scramble for the first time since the cold war's end. By Fred Weir | Correspondent of The Christian Science Monitor from the August 17, 2007 edition MOSCOW — Russian bombers have flown to the island of Guam — home to a major American military base — for the first time since the Cold War in an exercise intended to show the Kremlin's resurgent military power, an air force general said yesterday. Two Tu–95 bombers reached Guam, an American territory, this week, and their crews smiled at the pilots of the American fighter jets that scrambled to intercept them, Major General Pavel Androsov said. By MIKE ECKEL, Associated Press, August 10, 2007

UNCLASSIFIED 19 UNCLASSIFIED Estonia hit by ‘Cyber War’ Estonia says the country's websites have been under heavy attack for the past three weeks, blaming Russia for playing a part in the cyber warfare. Many of the attacks have come from Russia and are being hosted by Russian state computer servers, Tallinn says. Moscow denies any involvement. Estonia says the attacks began after it moved a Soviet war memorial in Tallinn. The move was condemned by the Kremlin. "In the 21st century it's not just about tanks and artillery," Nato spokesman James Appathurai told BBC News. The... attacks had affected a range of government websites, including those of the parliament and governmental institutions. "Estonia depends largely on the internet. We have e-government, government is so-called paperless... all the bank services are on the internet. We even elect our parliament via the internet," Mr Tammet said. The Estonian government says its state and commercial websites - including a number of banks - are being bombarded by mass requests for information - overwhelming their computer servers. Targets of the so-called denial-of-service attacks have also included the Estonian foreign and defence ministries and leading newspapers and banks. Estonia's foreign minister says Russia's response to the row over a Soviet war memorial is an "attack" on the whole European Union Published: 2007/05/02 07:46:06 GMT

UNCLASSIFIED 20 UNCLASSIFIED China Fielding Cyber Attack Units China is stepping up its information warfare and computer network attack capabilities, according to a Defense Department report released this week. The Chinese People’s Liberation Army (PLA) is developing information warfare reserve and militia units and has begun incorporating them into broader exercises and training. The Chinese approach centers on using civilian computer expertise and equipment to enhance PLA operations, the DOD report states. “During a military contingency, information warfare units could support active PLA forces by conducting ‘hacker attacks’ and network intrusions, or other forms of ‘cyber’ warfare, on an adversary’s military and commercial computer systems, while helping to defend Chinese networks,” according to the report. “The PLA considers active offense to be the most important requirement for information warfare to destroy or disrupt an adversary’s capability to receive and process data,” the report states. Computer Network Operations is an important part of the Chinese strategy to achieve electromagnetic dominance in any conflict, and as a force multiplier, according to the report. The PLA seeks to combine CNO with electronic warfare, kinetic strikes against C4 nodes, and virus attacks on enemy systems, to form what PLA theorists call “Integrated Network Electronic Warfare,” it noted. By Josh Rogin - Published on May 25,

UNCLASSIFIED 21 UNCLASSIFIED China’s Cyber Warriors Many cyber security experts in the United States and Taiwan worried when Microsoft provided the Chinese government with access to the source code of its Windows operating system in Their fear was that access to the code would make it easier for China’s People’s Liberation Army (PLA) to develop and carry out new information-warfare techniques. A recent series of cyber attacks directed against targets in Taiwan and the United States may confirm that “those fears now appear justified,” says a Taiwanese intelligence officer. Taiwan and China regularly engage in low-level information-warfare attacks. But the past few months have seen a noticeable spike in activity. “‘Blitz’ is an accurate description” of the recent attacks, says the Taiwanese security source. “It’s almost like... a major cyberwar exercise.” By Bishop, in Foreign Policy, Sep/Oct

UNCLASSIFIED 22 UNCLASSIFIED China Honing Cyber-Attack Skills BEIJING The recent allegations that China has been hacking into sensitive government computer systems in the United States and Europe follow years of heavy investment by the People's Liberation Army in cyber-attack capabilities, U.S. defense officials and Asian security analysts said. Although much of China's spending on information warfare remains secret, the Chinese military and its propaganda organs have regularly expressed their desire to develop computer warfare expertise and have boasted of their growing sophistication in the field, these experts said. "There are intensive discussions in China about developing and perfecting their information warfare abilities," said Andrew Yang, a China military expert at the Taiwan-based Chinese Council of Advanced Policy Studies. "They have improved their tactics and approaches. "The U.S. military has alleged for nearly a year that China has launched cyber attacks on Pentagon networks. The issue returned to the spotlight this week after allegations, first reported by the Financial Times, that the PLA in June broke into an unclassified computer system used by the office of Defense Secretary Robert M. Gates. The breach forced the Pentagon to disable the computer system for several days.... The Chinese government has vehemently denied the allegations By Peter Spiegel, Los Angeles Times Staff Writer FROM LOS ANGELES TIMES Sept 7, 2007

UNCLASSIFIED 23 UNCLASSIFIED China’s 5 th Dimension Cyber Army A US military report into the future of geo-political relations with China has claimed that the Chinese government is developing a cyber (5th Dimension) warfare division for use in possible future conflicts. "The Military Power of the People's Republic of China 2007" report suggests that, in addition to the Red Army's army, navy, air force and rocket arms, the Chinese government is putting together a team to deal with "electronic and online arenas." According to the report, "People's Liberation Army authors often cite the need in modern warfare to control information, sometimes termed an 'information blockade'... China is pursuing this ability by improving information and operational security, developing electronic warfare and information warfare capabilities, denial- of-service and deception... China's concept of an 'information blockade' likely extends beyond the strictly military realm to include other elements of state power."

UNCLASSIFIED 24 UNCLASSIFIED Unrestricted Warfare “Unrestricted Warfare” –Qiao Liang & Wang Xiangsui (Sr. Colonels in PLA) –Published in February of 1999 –Translated by the Foreign Broadcast Information Service (FBIS) Relates 8 Essential Principles of “Beyond Limits” Warfare –Omni directionality: 360 degree observation and design –Synchrony: Conducting actions in different spaces within the same time period –Limited Objectives: Actions within an acceptable range for the measures –Unlimited Measures: Unrestricted employment of measures –Asymmetry: Action in the opposite direction from the balance of symmetry –Minimal Consumption: Least amount of resources to achieve the objective –Multidimensional Coordination: Coordination & allocation of all forces in all military and non-military spheres –Adjustment & Control of the Entire Process: Continually acquire information, adjust action and control the situation - Unrestricted Warfare

UNCLASSIFIED 25 UNCLASSIFIED Reflections on Unrestricted Warfare By Robert Bryce April 7, 2006 It’s been seven years since two Chinese soldiers, Qiao Liang and Wang Xiangsui, released their treatise, Unrestricted Warfare. But their 228-page book should be read again by policymakers and warfighters because their points are directly relevant to the dangers facing the U.S. and its gargantuan military-industrial- Congressional complex. Three recent events underscore the need to look at America’s predicament through the eyes of the Chinese. –The March 16 vote by the Senate to raise the federal debt limit to $9 trillion –The recent crash of yet another V-22 Osprey, a crash that illustrates the waste, fraud and abuse within the Pentagon as it pursues a weapon that is too expensive and too complicated –The ongoing scourge of roadside bombs

UNCLASSIFIED 26 UNCLASSIFIED US Perspectives on Cyber Security Threats A botnet denial-of-service attach shut down the Estonian government last year for about two weeks. ‘It went beyond simple mischief, and represented an actual threat to government to govern its country.’ ‘A single individual, a small group of people, or a nation-state can exact the kind of damage or disruption that in years past only came when you dropped bombs or set off explosives’ ‘Risks from cyberattacks are increasing and the consequences are so great that the country needs a ‘Manhattan Project’ for network security’ ‘We need a gamechanger for how we deal with attack’s Homeland Security Secretary, Michael Chertoff [April 8, 2008]

UNCLASSIFIED 27 UNCLASSIFIED Challenges Interoperability addresses Cyber Security requirements but creates ‘exposure’ issues *SOA architectures have acknowledged barriers to adoption –Lack of governance (48%) –Unresolved security issues (40%) –Performance/reliability issues (39%) –Incomplete/immature standards (38%) *Migration of Legacy Components to SOA Environments, Carnegie Mellon University, Software Engineering Institute

UNCLASSIFIED 28 UNCLASSIFIED Addressing the Challenges Know (characterize) your environment Always employ encryption (COMSEC and TRANSEC) and the appropriate IA policies (DITSCAP/DIACAP/ATO/IATO/IATT) Harden operating systems and applications –Without placing encumbrances on the operator Segregate security by level (MILS) Minimize intersections of security levels Consider writing ‘up’ versus ‘down’ Separate the ‘control plane’ from the ‘user plane’ Employ asymmetric communications strategies –Minimize exposure to Cyber threats by minimizing exposure to non-secure (to the platform) uplinks –Address requirements for information dissemination by the broadcast transmission (downlink) of non-secure data where appropriate Innovatively employ special techniques

UNCLASSIFIED 29 UNCLASSIFIED Paul’s Cyber Space Iceberg Theorem The scope of the risks that the commercial market addresses The scope of the threat is publicly acknowledged The actual depth of the cyberspace problem

UNCLASSIFIED 30 UNCLASSIFIED Addressing the Threats Internal –(Embraces Battlefield Overrun Scenarios) –Denial Of Service –Deception and False Reporting –C2/SA Data Exposure External –Monitoring –Direction Finding –Jamming (EW) –Induced Tactical Deception Threat Mitigator Countered By: –LPI/LPD technologies –Encryption –Monitoring –Specialized Techniques Burst TransmissionsBurst Transmissions AgileAgile Countered By: –Monitoring –Access Control and IA Practices –Specialized Techniques Data EncryptionData Encryption Anti-TamperAnti-Tamper

UNCLASSIFIED 31 UNCLASSIFIED Threat and Gap Analysis Mitigator Today’s COTs Solution Encrypt Policy / Authenticate Anti-Virus S/W Wireless Device Transmission Media Consequence of Event Impact on Operations Direction Find (DF) - Geolocation Deny (noise jam) Denial of Service (DoS) Information Superiority Compromised Deny (traffic jam) MonitorEspionage Knowledge & Capability Compromised Alter by SpoofData Integrity Deny (traffic jam) DoSSuperiority Lost Monitor Espionage Knowledge & Capability Compromised Alter Data Integrity DestroyVirusData LostKnowledge Lost Normal Ops Device Lost Kosovo KLA Incidents What Happens This Direction? Insider Threat Detection (e.g. Hannsen)? FBI Hanssen Incident Adversary FocusResult LPI/LPD/Spread Spectrum

UNCLASSIFIED 32 UNCLASSIFIED Neutralizing Cyber Attacks Characterize your network behavior (build a baseline model) and recognize anomalies Look for and recognize early indicators Track indicators against model Label suspicious radios terminals Reallocate network resources Network management / network awareness is the key to disarming the attack

UNCLASSIFIED 33 UNCLASSIFIED Designing for the Future The U.S. DoD requires knowledge of adversary jamming, monitoring and intrusion events –Presently we have limited tools and resources –Many times knowledge is gained after-the-fact (through defectors or counter espionage activities) Countermeasures are needed in order to either: (a) stop the attack; or (b) implement countermeasures –Warfighter Information Network – Tactical (WIN-T) Operational Requirements Document (ORD) Survivability of critical information from source to destination depends on eliminating single points of failure and efficient use of total network bandwidth

UNCLASSIFIED 34 UNCLASSIFIED Cyber Security Hot Points Warfighter connectivity comes with superlative gains and unprecedented risks in battle C2 and SA Warfighter connectivity has been targeted for penetrating attack in future conflicts Tactical wireless networks are difficult to assail from points outside the targeted network Captured node compromise by overrun force is most viable entry method into targeted networks Central monitoring and control is essential for detecting captured nodes, and critical for proactive counteraction.

UNCLASSIFIED 35 UNCLASSIFIED Considerations for the Future AttackMounted SystemIntrusion Attacker Reconnaissance DamageInflicted AccessProbe Cover-Up Target Analysis Analysis = Attacker events = Defender eventsAttackForecast Physical Security Intrusion Detection System Reaction Damage Assessment Recovery Defender Reconnaissance EntryControl Impact Analysis Response Threat Analysis COTS Solution Defense GAP Legend Time Education / Awareness / R&D / Testing / Development / Deployment Fortification ScanScan JamJam Orientate Or Map Orientate TrafficJamTrafficJam MonitorMonitor SpoofSpoof DamageInflictedDamageInflicted DirectionFindDirectionFind CaptureCapture

UNCLASSIFIED 36 UNCLASSIFIED What’s Old is New Again At RSA, what's old is new again Posted by Jon Oltsik, senior analyst at the Enterprise Strategy Group. It's a little slow at this year's RSA Conference, but there is still plenty of hoopla to go around. It's a retro RSA in that this year's hot topics are all oldies but goodies. The list includes: Compliance. Everyone is resurrecting their focus on regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and a host of others. Identity. Think of this as the personalization of IT. Chief information officers want to know who is on the network and what they are doing. Armed with this knowledge, they can block bad behavior and accelerate productive business activities. Data security. Large organizations are desperately trying to get their arms around their data by answering questions like: Where is my confidential data? Who is accessing it? What the heck are they doing with it? Yup, what's old is new again all around this security nexus. It would be easy to say that the marketing folks are either tired or lazy, but I see a completely different meaning here. We are still struggling with basic security problems, after all these years, and the industry is thus going "back to the drawing board," if you will. Let's just hope we get it right this time around, or we all may be in deep trouble. [April 10, 2008]

UNCLASSIFIED 37 UNCLASSIFIED Questions?

UNCLASSIFIED 38 UNCLASSIFIED Reflections on Unrestricted Warfare –The March 16 vote by the Senate to raise the federal debt limit to $9 trillion The greatest threat to our future is our fiscal irresponsibility The Chinese see bankers as warfighters. And that fact should worry every American. –The recent crash of yet another V-22 Osprey, a crash that illustrates the waste, fraud and abuse within the Pentagon as it pursues a weapon that is too expensive and too complicated Although Liang and Xiangsui don’t mention the V-22, it’s a classic example of what they call the “high-tech weapons trap where the cost stakes continue to be raised.” Breaking out of that trap, they say requires “lucid and incisive thinking. However, this is not a strong point of the Americans who are slaves to technology in their thinking.” –The ongoing scourge of roadside bombs The IEDs are allowing the insurgents to camp out inside America’s OODA loop. They have disrupted the military’s game plan and are forcing the U.S. into a reactive posture that is incredibly expensive and cumbersome. It’s also largely ineffective. Continued

UNCLASSIFIED 39 UNCLASSIFIED Color Palette

UNCLASSIFIED 40 UNCLASSIFIED