Pages

22 November 2021

Are U.S. Missile Defenses Vulnerable To Cyberattacks?

Daniel Goure

China and Russia are rapidly expanding their strategic ballistic missile arsenals. China recently tested an intercontinental hypersonic weapon that would allow it to strike critical targets in the United States in a matter of minutes. To counter this threat, the U.S. is rethinking what kind of missile defenses it requires to protect the homeland, forces abroad, and allies.

The strategic balance is changing in real-time. China is building hundreds of ballistic missile silos and could deploy more than 1,000 strategic nuclear warheads capable of reaching the U.S. mainland by 2030. China also has a massive arsenal of theater-range ballistic missiles capable of threatening U.S. forward-deployed forces and allies in the Indo-Pacific region.

The Chinese test of a hypersonic missile with global reach is a potential game-changer. The Chairman of the Joint Chiefs of Staff, General Mark Milley, called this a “Sputnik moment.” Hypersonic weapons fly at five times the speed of sound or more and can maneuver to evade detection or engagement by missile defenses designed for current types of ballistic missiles. With such a weapon, in theory, China could not only defeat existing missile defenses but execute an incapacitating attack against even our National Command Authority (NCA). A senior U.S. Air Force missile defense commander explained the threat thusly:

“The thing that concerns us with hypersonics is our warning time and our warning capability, as these things launch high and then cruise at a lower altitude than we see our normal ICBMs. So, it is that ability to provide a warning to our national leadership, what that threat is . . .”

The Chinese hypersonic missile threat has made the United States rethink its missile defense approach. U.S. defense officials recognize that America’s missile defense capabilities, while formidable, are designed to track and shoot down traditional ballistic missiles and would struggle with hypersonic systems. MDA is looking at developing a specialized sensor constellation, called the Hypersonic and Ballistic Tracking Space Sensor (HBTSS) system that will provide continuous tracking of both hypersonic and regular ballistic missiles. The HBTSS network could provide high-quality tracking and targeting data to existing theater and homeland missile defenses such as the Aegis/Standard Missile, THAAD and National Missile Defense systems.

Even in the event of a breakthrough system that counters hypersonic threats, that capability needs to be resilient and protected from an “x-factor” threat that would undermine the technological feat it represents. One of the most serious of these is a strategic cyberattack that could render missile defenses useless.

Unfortunately, the potential of a disarming cyberattack against U.S. missile defenses is an all too real possibility. China has demonstrated a sophisticated and robust ability to attack U.S. networks and assets, including weapons systems. A preemptive cyberattack on U.S. missile defenses could be give the leading edge to a Chinese missile attack either in the Indo-Pacific or against the U.S. mainland.

U.S. weapons systems are particularly vulnerable to cyber threats. According to a recent report by the Government Accountability Office (GAO), Pentagon weapons testers “found mission-critical cyber vulnerabilities in nearly all weapon systems that were under development” over a period of years.

To date the Pentagon and the Missile Defense Agency (MDA) have not done enough to provide the necessary cybersecurity for our missile defense capabilities. This particular vulnerability may be in part because U.S. missile defenses must be networked to be effective. The U.S. has a not-so-great track record when it comes to cybersecurity protection of its missile defense systems. For instance, the 2019 Missile Defense Review failed to discuss ways of protecting missile defense systems from cyberattacks.

According to a report by the DoD Inspector General, evidence from multiple parts of the National Missile Defense System provided evidence of significant inadequate data encryption, a dearth of antivirus programs, no multifactor authentication mechanisms, poor physical security procedures and unpatched software vulnerabilities that had been identified decades ago. Since 2017, MDA has failed to complete an assessment of the cyber vulnerability of its networks and systems.

The Department of Defense (DoD) needs to give priority to protecting its networks, databases, command and control systems, sensor grids, and weapons systems against cyberattacks. This is important with respect to theater and national missile defense systems.

The Senate draft version of the 2022 National Defense Authorization Act (NDAA) recognizes this need and has proposed language that will hopefully become policy. The bill calls for robust operational cybersecurity testing of U.S. missile defense systems, including sensor networks and command and control systems. One of the key requirements in the NDAA language is an inventory of all networks and systems that support the U.S. Ballistic Missile Defense System.

Fortunately, DoD has a major program underway that is working toward meeting the requirements set out in a draft NDAA called Comply-to-Connect (C2C). C2C creates an integrated structure of tools and technologies to ensure that only legitimate users can access a network and that their behavior follows acceptable standards. Given the scale of current missile defense systems—involving multiple sites as well as airborne, ship-based, and space-based sensors and weapons—keeping track of who is on the network is a major challenge. C2C is a key means for not only tracking who is on a network but also provides for the detection and neutralization of cyber threats to IT networks.

The technology also is effective at protecting operational technology (OT). OT includes computing and communications systems that manage, monitor and control industrial systems and other hardware. Most networked weapons systems can be considered OT because their software programs are designed to support and direct physical processes, such as the flight of a missile.

China’s progress towards an advanced hypersonic and ballistic missile threat must be viewed as a wake-up call for faster implementation of a mosaic of solutions that ensure our missile defenses are protected. It makes no sense to build new sensor networks and weapons systems to defeat advanced ballistic missile threats while leaving those defenses vulnerable to a cyber Pearl Harbor.

No comments:

Post a Comment