Pages

1 September 2016

Cyber Wars

By Paul D. Shinkman Senior National Security Writer 
Aug. 29, 2016

The military is experimenting with drones, sensors and new tactics designed to defeat digital enemies on tomorrow's battlefields. 

FORT IRWIN, Calif. – One of the three reconnaissance soldiers peers over a ridgeline at the target compound his small patrol is surveilling. Another adds a piece of foliage to an antennae to mask its outline and the third tugs camouflage netting over himself as he silently taps away on a laptop computer. 

Their objective is to identify the location of three “known insurgents,” code named “Jets,” “Eagles” and “Steelers” after their unit’s favorite NFL teams, and report back to their commander on what kind of hardware the enemy might have. The question is who, and what, is inside this rudimentary cluster of buildings. 

The gritty sand beneath their feet, strewn with the metallic litter of war zones is reminiscent of combat tours in Iraq, as are the 110 degree temperatures, while the soaring craggy peaks that encircle their location could have been taken right out of the mountainous regions of Afghanistan. 

For these soldiers, however, the real battlefield is invisible. 

They’re the latest trainees here at the National Training Center in brand new tactics the U.S. Army is trying to perfect, all a part of an urgent experiment to bring America’s military and intelligence might up to speed with its adversaries – namely Russia, China and Iran. New and constantly evolving digital threats continue to emerge on 21st century battlefields, and this latest training brigade here is only the fifth time the Army has tried to incorporate cyber operators into its traditional fighting units and the first time officials have allowed a civilian reporter to observe their activities. 

These soldiers are using new kinds of sensors the Army has developed to pick up on cellphone signals and other forms of digital communication the enemy uses to share its locations and coordinate attacks. Through this new kind of training, the Army is trying to perfect the fieldcraft of these experts in computers and digital warfare – cybersoldiers. 

It’s a twofold mission: The military’s fledgling cyber teams are trying to figure out precisely how to deploy highly technical operatives into the field and work alongside the kind of soldier that signed up for the dusty, hot and dangerous work of the service branches like infantry, cavalry and armor troops, while also convincing old guard combat commanders that the battlefield now extends into a realm they can neither see nor attack with bullets, artillery shells or armored vehicles. 

Along the way they’re developing new procedures and techniques for how to win wars in this modern battlespace by understanding, trying to defeat and at times mirroring enemies that refuse to operate by the kind of rules the U.S. imposes on itself. 

And so seasoned commanders who have routinely reported to this patch of desert the size of Rhode Island before deploying to the Middle East must now help train these young men and women whose professional careers may have previously relegated them to an air-conditioned facility where they wielded a computer mouse in one hand and a fistful of junk food in the other. 

“There is this perception that cyberspace operations are generally in a basement, eating Cheetos and drinking Mountain Dew,” Army Maj. Deonand Singh says while walking along a goat path on the side of a shale-caked mountain. He talks quietly while observing the three trainees in the valley below as they set up their position, the second of the day, chosen after freeing their Humvee that got stuck on this ridgeline a few minutes before. “To build credibility within our force, we have to be with our maneuver elements. So we want tactically proficient soldiers that can maneuver with these troopers.” 


Soldiers conducting a simulated cyber exercise set up an observation post in the middle of this valley at the National Training Center at Fort Irwin, Calif. (Paul D. Shinkman for USN&WR)

Singh is a former armor officer and cavalry scout with multiple deployments to Iraq and Afghanistan who now serves as the operations officer for the 780th Military Intelligence Brigade, which is helping to forge new rules and procedures for how the Army will combine old and new. He frequently relies on his own combat background to explain the highly technical realities of modern military cyber operations to brigade commanders who may not yet fully understand these new high-tech tools at their disposal, or how and why they’re necessary on today’s battlefields. 

One of the most important lessons Singh and his superiors frequently cite begins with preventing the enemy forces from being able to attack first. 

“I have to defend my networks like I have to defend a base,” Singh says. “What are the things that would prevent me from maintaining mission command?”

It’s an important question and one at the heart of then-Army Chief of Staff Gen. Ray Odierno’s call in 2014 for the Army to focus on cyberwarfare, resulting in a program announced last year that preceded the training here. 

“Commanders need to understand,” says Capt. Sam Lough, one of the trainers for this exercise, “that wherever they move, their own technology or technology in the environment is used for or against them.” 

All of the junior officers here are reluctant to say they’re preparing for the potential of going to war with Russia or another comparably powerful nation. But Moscow’s highly publicized international adventures over the last eight years have mobilized the entire U.S. government to reconsider what war might look like in the future. 

Russia became the first country to successfully incorporate cyber operations into a massive military maneuver when it invaded Georgia in 2008. Its tank and infantry movements followed a cyber strike that crippled the websites for Georgia’s ministries of defense and foreign affairs, among other key elements of its government and commercial infrastructure. 

Separatists in Ukraine that Moscow backs continue to use highly advanced cyber tactics to harass the forces loyal to Kiev while waging a sophisticated propaganda campaign to control the sole source of information available to the population in the breakaway areas of Ukraine’s east. 

The training scenarios here are designed to replicate those kinds of quagmires. 

“A lot of the models we’re doing are based off the threats you’re seeing in Ukraine,” says Lt. Col. Jonathan Burnett, the head of the Cyber Support to Corps and Below program with U.S. Army Cyber Command. “Specifically with the utilization of social media.” 

“Observing that theater of operation, we recognize there are some lessons learned that we can take when it comes to building out to the structure,” he says. 

The Army is investing heavily in new and sometimes simple techniques its soldiers could use to counter these threats. Troops here are considering whether and how they can wage what the military calls “information operations,” or propaganda, such as a version of the reverse text message Amber Alerts that U.S. emergency responders use, which the military could employ to warn locals about an impending attack. One official describes it as a modern-day digital version of Air Force “leaflet drops.” 

More directly, the 780th, based at Fort Meade, Maryland, has outfitted commercial four-rotor drones with specially 3D-printed brackets and housings to carry military-grade sensors capable of picking up cellphone signals and other mediums for cyber communications. They’ve made simpler versions of the sensors they can hide next to a roadside to, for example, determine how many cellphones are inside an insurgent’s truck that happens to drive by. 


Soldiers from the 780th Military Intelligence Brigade have retrofitted a commercial drone using 3-D printers to house sensors and other equipment they use to track digital signals from enemy communications equipment. (Paul D. Shinkman for USN&WR)

“We’re working on being able to have a platoon take a cyberspace capability, maneuver it to a point on the battlefield where they’re in a position to range the target and then be able to deliver an effect to deny that enemy the ability to communicate,” Burnett says. Asked if he can elaborate, he simply smiles and says, “No, I can’t.” 

It’s a common response from all here who refuse to specify what they’re able to do once they hack into enemy systems, citing the sensitive nature of that information.

But the exercises conducted at this range offer some clues. For example, battlefield commanders when deciding to attack a fixed position usually include in their plan some sort of diversion to help diffuse the danger posed to their assaulting force. That would have been limited previously to, for example, employing smoke canisters or a mortar or artillery strike on another part of the enemy facility. Cyber operators here say they’re able to provide other options to the same commander that can achieve comparable effects. 

Some of the other tactics employed by real-world enemies provide greater context into how the U.S. is preparing technically for war. 

Russia, China, and insurgent networks like the Islamic State group have demonstrated a mastery of exploiting open-source networks like closed-circuit video feeds or social media platforms to help survey the battlefield and influence the population they’re trying to control. And that’s part of the exercises here – there are traffic cameras installed in the training center’s mock-up towns with a public feed, further complicating moving military vehicles through those positions.

The U.S. Army is experimenting with using small drones like this one to accompany foot patrols, allowing soldiers to track enemy cell phone signals and other forms of communication.

The instructors have also set up dummy social media sites reminiscent of Facebook, Twitter, YouTube and GoFundMe. The training units are expected to monitor those in addition to the traditional enemy battlefield maneuvers. If donations begin to increase toward a “GoFundMe” account that turns out to be a front for the enemy to raise funds for weapons, that’s a sign to the trainee force that their attempts to win over the local population might not be working. 

There are, however, limitations on how far the U.S. is willing to go in this realm. Trying to exploit a soldier’s use of his or her personal electronic accounts is off-limits during the exercises, even if they were to post something revealing about their simulated activities. (These kinds of slip-ups have had real-world effects, such as the Russian soldier whose seemingly benign selfie accidentally confirmed his unit was, indeed, within Ukrainian territory.) 

Some of the same kinds of restrictions apply on potential battlefields: A U.S. intelligence officer who asked that his name be withheld points out the U.S. rules for fighting cyberwars prohibit shutting down all information to a civilian area. This differs from some areas in eastern Ukraine, for example, or in Crimea, where separatist forces backed by Russia have successfully limited locals’ electronic access only to information vetted by Moscow, according to troops on the ground who have liberated these areas. 

“I don’t think it’s any different from the challenges that the infantry squad or platoon faces when they go outside the wire,” says Capt. Robert Busby, a defensive cyber specialist, referring to troops who leave the confines of a U.S. base to go on patrol. “Just because the bad guys don’t play by the rules doesn’t mean we’re going to throw the rulebook out the window.” 

One of the greatest complicating factors falls squarely on Busby’s specialty, which is preventing attacks against the Army’s networks and identifying those who try. Some of the world’s best hackers distinguish themselves by being able to mask their identity or making it seem as though someone else launched the attack. 

“What we don’t want is to ever go on the offense when you don’t have clear attribution,” Busby says. 

Identifying the tools the enemy is using provides an effective way at countering them, he adds. Conventional weapons, for example, like smart bombs or missiles have the same effect each time they’re employed. Hackers like Busby, however, train to identify the electronic versions of these weapons, reverse-engineer them and stop them before they’re able to strike their intended target. 

“So, every time you fire that weapon, you’re basically hitting the tank with rubber bullets,” Busby says. “It forces the enemy to go back to the drawing board and [spend] a lot of time and a lot of money figuring out how to attack us. We can deter them, because if they know they’re going to burn a tool the second they use it, they’re going to be a lot less likely to want to use it.” 

Fighting cyberwars is inherently complicated, not in the least because they usually take place in what the military calls “gray space” – civilian areas an enemy targets specifically because it muddies how their opponents can respond. And the U.S. has a lot of work left to do. 

“The challenge is the knowledge gap,” Burnett says, “informing [commanders] of what cyberspace operations really is, and then training, and having time to train.” 

“Our adversaries in conflicts around the world have proven the information environment is here, and it has measurable impact in conflicts.”

No comments:

Post a Comment