23 August 2020

Viewpoint: Network Technology a Growing Liability

By John C. Johnson

The U.S. military has enjoyed a battlefield advantage for most of its modern-day existence in large part because it fields the most advanced and sophisticated weapon systems in the world. 

These state-of-the-art systems have allowed warfighters to communicate, compute and analyze enormous amounts of information in real time — far beyond what is humanly possible. As the defense industry, government research laboratories and universities continue to push the boundary of what is possible, the United States and its allies retain the technological advantage.

Yet, this reliance on technology may be exposing an Achilles heel. Is the dependence becoming a liability? If embedded processing is corrupted, communication links interrupted, and overhead surveillance/navigation denied, then the battlefield advantage will quickly erode, jeopardizing mission objectives while severely threating combatants in the field.


Every day in the press we read about hackers from beyond U.S. borders, many in nations not friendly to or supportive of U.S. policy, breaching networks and exposing sensitive data. Although these attacks target civil institutions such as financial establishments, local governmental organizations, utilities and medical facilities, they constitute a method hackers use to improve their skills — which may evolve into devastating skill sets when applied against military systems, thus leveling the battlefield. As we have seen demonstrated in nonmilitary circumstances, disinformation alone can wreak havoc, and in a military context could cause force employment in response to phantom threats.  

Operating in cyberspace already proliferates for military purposes. In Estonia and Georgia in 2007 and 2008, Russia used cyber manipulation as a strategy prior to engaging in armed conflict. This exploratory precursor provided an opportunity for the Russian military to refine its cyber uses of this fifth domain. Since that time, Russia has continued to disrupt and disseminate false information over online systems. Much of its attention focuses on former satellite countries of the Soviet Union, but the United States, Germany and the United Kingdom have also been targeted. Together with its NATO allies, the United States confronts this Russian cyber threat. However, in the Pacific, the United States stands virtually alone to face China.

The U.S. military has recognized Beijing’s behavior as more confrontational in the last dozen years than previously. Economic encroachment by the Chinese government on South Pacific island nations with infrastructure projects in exchange for port calls, landing rights and basing agreements increases daily. Recent incursions on disputed islands — including Spratly, Paracel and Scarborough Shoal — highlight China’s move to broaden its influence to political as well as economic interests in the region. Its sphere of influence is rapidly expanding across commercial sea lanes. Recent events in Hong Kong and during the COVID-19 pandemic show China’s intent to act without repercussion. 

Was China truly isolating strains of the coronavirus in the Wuhan laboratory so a vaccine could be developed and available for the global community? Are the 350,000-plus Chinese students in U.S. colleges and universities here to learn how to improve quality of life or to siphon off intellectual property? 

What is clear is China’s desire — as a sophisticated adversary — to dominate the South Pacific and challenge U.S. presence and nation-to-nation relationships. When coupled with trade disputes stemming from decade-old agreements, the United States can and should expect tensions between the two nations to continue to rise. Armed conflict is probably not sought, but insidious and clandestine penetration should be anticipated. Cyberattacks may very well be China’s weapon of choice against the U.S. military’s network of dependent systems.

The investment into cyber warfare is less of a financial strain on government resources as compared to advanced satellites, sophisticated surface combatants and radar evading aircraft. If for no other reason than affordability, we can and should expect to see nations trying to control adversaries without direct military engagement.

Nations previously deterred from open confrontation by superior standing armies are now able to enter the battlefield via cyber manipulation and attacks. Poorer nations and rogue cyberattack teams may very well develop the means to take down systems of a physically super opponent. These players without the means to openly confront a nation’s armed forces are just as effective. Open system architectures and commercial-off-the-shelf products, while achieving greater affordability, are revealing conceivable vulnerabilities. 

As U.S. armed forces retire third- and fourth-generation equipment in the process of acquiring fifth-generation system of systems linked with continuous data streams, they are exposing potential weaknesses. Secure networks are of paramount importance to the military and defense industry, yet potential adversaries perceive these networks as prime opportunities for insidious penetration to extract data, disrupt and deny. 

The federal government was the victim of more than 31,000 cybersecurity incidents in fiscal year 2018, wrote Andrew Eversden in the Fifth Domain website. It is clear that individuals and state actors are searching for portals and vulnerabilities in federal and, specifically, Defense Department architectures.

But the threat goes beyond defense architectures to more pointed attacks against satellites, aircraft and surface combatants. For example, U.S. ships in foreign harbors are keenly aware of local efforts to intercept, characterize and identify communications vulnerabilities. Digital intrusion inside these advanced systems is a major concern because it could negate the hardware’s technological advantage.

The proliferation of cyberattack teams from around the globe poses a multidimensional threat. Once an actor determines an entry point, that third party can offer access to the breached system to unfriendly actors for a considerable price, which thus incentivizes them and others to continue searching for cyber intrusion points. Whereas hacked data and system entry nodes in the financial community are marketable to multiple entities, the market for military vulnerabilities rests principally with Russia and China. These two nations have standing armed forces that view cyber warfare as a means to negate U.S. military technological advantage while providing battlefield value in times of confrontation. 

U.S. cyber defense systems and networks have significant exposure. The U.S. Air Force directed a small team of hackers to search for a means to attack the Trusted Aircraft Information Download Station, which gathers real-time information from the F-15; after only a couple of days, the team successfully broke into the aircraft’s system, the Washington Post reported last year.

The Army’s mobile Integrated Tactical Network, which consists of multiple nodes essential to optimizing warfighters’ effectiveness and extensive networks that receive and dispense information, also contains vulnerabilities that must be addressed. Network segmentation may in part close some of the vulnerability issues but at the expense of system/network latency. Similarly, uplinks, downlinks and broadcast transmissions from space assets that provide a significant advantage to the military have been recognized by China and Russia as openings to degrading U.S. military operations.

The defense industry — with the encouragement of the 2016 National Defense Authorization Act — has implemented cybersecurity measures for various products across the industry. But the weapon system development cycle usually lasts about a dozen years, whereas cyber threats evolve almost daily. Hardware designs must of course be strong enough to prevent penetration over the product’s life cycle; however, most threats arise via software intrusion. These breaches through communications nodes and diagnostic ports, once embedded in the internal communication raceways, can cause irreparable harm. Unlike external threats — jamming, electromagnetic pulse, and so forth — these insidious internal penetrations are extremely difficult to detect and even harder to prevent. 

The White House recognized the need for enhanced cybersecurity with a $15 billion budget authority for fiscal year 2019, to be spread across government agencies. The battlefield is not the place to realize that our state-of-the-art systems have been jeopardized by cyber intrusion. The framework provides manufacturers and the government an ability to visually understand where their system lies along the security continuum in the cyber domain. 

Unfortunately, we will struggle daily with cybersecurity. The analogy of cat and mouse certainly applies: Detect, prevent, pursue — a never-ending struggle. 

China, with its immense military forces and cyberattack teams that rival any traditional military, is a deep concern. When we consider its support of North Korea and other rogue players in exchange for identified U.S. military system vulnerabilities, China may very well be forcing the United States into another Cold War. 

Because of U.S. reliance on advanced cyber systems that can be clandestinely broken, advance planning in how to alter the method of force employment when a system of systems and theater-wide networks have been denied or degraded would be prudent. Going old school with single-force employment, celestial navigation, maps with time hacks and turn points, and running stopwatches should never drop from our employment skill set. 

Pushing the envelope of technology development is certainly an imperative, but learning to fight with systems corrupted by opponents is the new normal.

Retired Air Force Col. John C. Johnson is a former vice president and general manager of Northrop Grumman. He can be reached at jjohn4236@yahoo.com.

No comments: