14 September 2021

How Equipment Left In Afghanistan Will Expose US Secrets

PATRICK TUCKER

The ultimate winner of two decades of war in Afghanistan is likely China. The aircraft and armored vehicles left behind when U.S. forces withdrew will give China—through their eager partners, the Taliban—a broad window into how the U.S. military builds and uses some of its most important tools of war. Expect the Chinese military to use this windfall to create—and export to client states—a new generation of weapons and tactics tailored to U.S. vulnerabilities, said several experts who spent years building, acquiring, and testing some of the equipment that the Taliban now controls.

To understand how big a potential loss this is for the United States, look beyond the headlines foretelling a Taliban air force. Look instead to the bespoke and relatively primitive pieces of command, control, and communication equipment sitting around in vehicles the United States left on tarmacs and on airfields. These purpose-built items aren’t nearly as invincible to penetration as even your own phone.

“The only reason we aren’t seeing more attacks is because of a veil of secrecy around these systems,” said Josh Lospinoso, CEO of cybersecurity company Shift5. “Once you pierce that veil of secrecy…it massively accelerates the timeline for being able to build cyber weapons” to attack them.

Lospinoso spent ten years in the Army conducting penetration tests against radios, small computers, and other IT gear commonly deployed in Afghanistan.

Take the radios and communications equipment aboard the Afghan Air Force C-130 transport plane captured by the Taliban. The Pentagon has assured that the equipment was disabled. But if any of it remains on the plane an adversary with time and will could pick those apart one by one.

“You now have some or all of the electronic components on that system and it's a representative laboratory; it’s a playground for building, testing, and iterating on cyber-attacks where maybe the adversary had a really hard time” until he obtained actual copies of the gear, Lospinoso said. “It is the playground for them to develop attacks against similar items.”

Georgianna Shea, who spent five years at MITRE helping the Pentagon research and test new technologies, said the loss of key equipment to the Taliban “exposes everything we do in the U.S., DOD: our plans of action, how we configure things, how we protect things. It allows them unlimited time and access to go through and find vulnerabilities that we may not be aware of.”

“It’s not just a Humvee. It’s not just a vehicle that gets you from point A to point B. It’s a Humvee that’s full of radios, technologies, crypto systems, things we don’t want our adversaries getting a hold of,” said Shea, now chief technologist at the Foundation for Defense of Democracies’s Transformative Innovation Lab.

Of particular concern are the electronic countermeasures gear, or ECMs, used to detect improvised explosive devices.

“Imagine the research and development effort that went into develop those ECM devices that were designed to counter IEDs,” said Peter Christensen, a former director of the U.S. Army’s National Cyber Range. “Now, our adversaries have them. They’re going to have the software and the hardware that goes with that system. But also develop capabilities to defeat or mitigate the effectiveness of those ECM devices.”

Gear that has been “demilitarized” or “rendered inoperable,” as U.S. officials described the planes and vehicles left behind, can still reveal secrets, Shea said.

“In some cases, this equipment was fielded with the assumption we would have gates and guards to protect it. When it was developed, no one thought the Chinese would have it in their cyber lab, dissecting it, pulling it apart.”

Once an attacker has physical control of a device, little can stop her from discovering its vulnerabilities—and there are always vulnerabilities, Shea said.

Under current acquisition practices, most new defense gear is not tested for vulnerabilities until late in the design process. Testers often receive far too little time to test comprehensively. Sometimes they get just two weeks, she said, and yet “they always find something. Always.”

“Regardless of the previous testing that’s been done on compliance, they always find something: always… “They’re very backlogged and don’t have an unending amount of resources,” she said. So you have to schedule development with these testers. There’s not enough resources to test it to the depth and breadth that it should be to understand all of the vulnerabilities.”

Plans to fix newly discovered vulnerabilities “were often inconsistent or inadequate,” Christensen said.

Lospinoso, who spent years conducting such tests for the Army, still performs penetration testing for the U.S. military as a contractor. He says a smart hacker can usually find useful vulnerabilities in hardware “within hours.”

When such a network attack disables a radio or a truck, troops are generally not trained to do anything about it. They may not even realize that they have been attacked, and may chalk up problems to age or maintenance problems.

“Every time we run an attack against a system, knocked out a subcomponent or have some really devastating effect that could cause loss of an asset—every time, the operator in the cockpit says, ‘We do not have operating procedures for what you just did,’” Lospinoso said.

Little of this is new. In 2017, the Government Accountability Office highlighted many of these concerns in a blistering report.

More than just insight into network vulnerabilities, the abandoned vehicles and gear will help China understand how U.S. forces work with partner militaries, said N. MacDonnell Ulsch, the CEO and chief analyst of Phylax Analytics.

“If you were to take all of the technology that was currently deployed in Afghanistan by the [United States] and you made an assessment of that, you have a point in time and a point in place reference of what the status quo is; what technology is being used, how much it costs, what’s it capable of doing and you realize it’s going to a developing nation,” Ulsch said.

China can use the knowledge to develop their weapons and tactics, but also to give their arms-export sales team an edge, he said. The Taliban have highlighted their nascent partnership with China as perhaps their most important foreign diplomatic effort. China, meanwhile, has already begun giving millions in aid to the new regime.

Whatever vulnerabilities China does discover will likely imperil U.S. troops for years to come, Lospinoso said.

“There is a zero percent chance we will go back and re-engineer” all of the various systems with serious cyber vulnerabilities, he said. “We are stuck with billions and billions in weapon systems that have fundamental flaws.”

No comments: