6 December 2014

Regin malware: Why did it take so long to uncover?



Industry observers say the unveiling of the Regin malware, which came after more than half a decade in the wild, highlights the need for better detection methods. 

Symantec Inc.'s discovery of the Regin malware, part of a long-term nation-state-sponsored cyberespionage campaign, has already been compared to the likes of Stuxnet and Flame, two of the most sophisticated pieces of malware ever created. While the expertise needed to create Regin is unquestioned, security industry observers say Regin again proves that more organizations and vendors need to be focused on threat detection rather than prevention.

Symantec's technical analysis of Regin, released late last week, exposed a malware platform that is both powerful and highly customizable. The first version of Regin was used since at least 2008 until 2011, according to Symantec's analysis, while a second version was spotted in 2013.

As a modular malware platform, Regin contains a number of components that rely on each other to function. This design allows attackers to deploy a number of different payloads depending on specific targets and situations. Symantec said the multi-stage loading architecture, which is similar to that of Stuxnet and Duqu, made it difficult to analyze Regin as not all of the malware's components were available at the same time.

And unlike many other advanced persistent threats (APTs), which are typically focused on collecting valuable intellectual property, Symantec's paper indicates that Regin is unique because it is geared toward collecting a variety of nonspecific data and monitoring individuals or organizations for lengthy periods.

It's na�ve to think that these tools couldn't be easily re-purposed or re-deployed against our allies, or even against individual business leaders, political targets or citizens.Chris Messer

"Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen," wrote Symantec's security response team in a blog post. "It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks."

Regin: Who is responsible? 

Upstream superpowers

December 5, 2014 

On November 23, the first power-generating unit of the Zangmu hydropower complex on the Yarlung Tsangpo or the Brahmaputra in China’s Tibet Autonomous Region became operational. The 510 MW Zangmu dam is not as large as some of China’s other large dams, or those that India is building or planning to build on the Yarlung Tsangpo/ Brahmaputra river system. Zangmu, however, underscores the limited channels of cooperation that exist between India and China to govern the rivers they share. Until recently, Indian officials relied on satellite images of construction sites to learn about China’s plans. It took the Chinese some time to acknowledge the existence of dam-building projects on the Yarlung Tsangpo. Things have improved since. But there is no water sharing agreement between India and China. Nor is one on the horizon.

As an “up-stream superpower”, China avoids multilateral entanglements. More than two-thirds of the 40 major transboundary rivers that flow through China and 16 other countries originate in China. China was one of three countries to vote against the adoption by the UN General Assembly of the 1997 UN Convention on the Law of the Non-Navigational Uses of International Watercourses , which seeks to strike a balance between upstream and downstream interests. The convention commits state parties to the utilisation of transboundary rivers in “an equitable and reasonable manner” and requires them to take “all appropriate measures to prevent the causing of significant harm” to co-riparians. India abstained in that vote.

China has since signed bilateral agreements with a number of co-riparians. But as Selina Ho of the National University of Singapore points out, while China has been willing to cooperate with southeast Asian countries on the Mekong, it has not been as forthcoming with India on the Brahmaputra. Ho attributes it to the historical animosity between the two countries, the territorial disputes and “the incongruence between China’s traditional perception of India as a regional power without global reach and India’s growing status as a rival for influence and resources worldwide”. It is not surprising that potential conflicts between India and China feature prominently in most scenarios of future “water wars”.

A day after Zangmu became operational, a Chinese foreign ministry spokesperson was asked about its impact on downstream countries like India and Bangladesh. China is “always responsible in developing and utilising transboundary rivers,” asserted Hua Chunying. China, she added, shares hydrological data with India as per a 2013 MoU. That, she said, would continue, as would cooperation in forecasting floods and the handling of emergencies.

U.S. Intelligence Community R&D Agency Has Awarded a Big Contract to Develop New Superconducting Computer

Reuters/Denis Balibouse
December 3, 2014

A member of the media films the room with the IBM Blue Gene Q Supercomputer on the launch day for the HBP at the Swiss Federal Institute of Technology (EPFL) in Ecublens, near Lausanne October 7, 2013.

(Reuters) - The U.S. intelligence community has launched a multi-year research project to develop a superconducting computer, awarding its first contracts to three major technology companies.

International Business Machines Corp, Raytheon BBN Technologies and Northrop Grumman Corp won the contracts, the Intelligence Advanced Research Projects Activity said Wednesday, without disclosing financial details.

The Cryogenic Computer Complexity (C3) program could lead to a new generation of superconducting supercomputers, said the unit of the Office of the Director of National Intelligence.

"The energy demands of today’s high-performance computers have become a critical challenge for the Intelligence Community that the C3 program aims to address,” IARPA said in a statement. Such computers use massive amounts of energy.

According to ComputerWorld magazine, competition from Europe, Japan andChina, which has the world’s fastest computer, is spurring U.S. efforts to develop the next generation of superconducting supercomputers, called exascale.

In November, the Department of Energy awarded Advanced Micro Devices more than $32 million to fund exascale research. AMD Chief Technology Officer Mark Papermaster, said in a blogpost that energy has been the biggest obstacle for exascale computing, or producing a billion billion calculations per second.

Computers based on superconducting logic integrated with new kinds of cryogenic memory will allow expansion of current computing facilities while staying within space and energy budgets, and may enable supercomputer development beyond the exascale,” Marc Manheimer, C3 program manager at IARPA, said in the statement.

Cyberspace Becoming a More Dangerous Place for Everyone

Washington Post Editorial Board
December 4, 2014

DANGERS ARE growing in cyberspace. Not only are thieves learning to siphon off millions of credit card numbers and e-mail addresses but elaborate pieces of malware are capable of spying on whole organizations for long periods of time, capturing computer screens, keystrokes and data, transmitting it all to distant servers without being ­detected.

Symantec, a cybersecurity company, has announced the discovery of a new example of this sophistication, called Regin, apparently designed for intelligence collection, and comparable in power and complexity with Stuxnet, the computer worm reportedly used by the United States a few years ago to sabotage Iran’s uranium enrichment program. The new spyware does not resemble the evasive bits of code that scoop up credit card data. Rather, according to Symantec, Regin is built for long-term, under-the-radar espionage and surveillance; it comes with many modular pieces that can be custom-fitted to the target of the attack; and it has already been used against governments, infrastructure operators, businesses, academics and private individuals.

“It goes to extraordinary lengths to conceal itself and its activities on compromised computers,” the company reported. “Its stealth combines many of the most advanced techniques that we have ever seen in use.” Threats like this are “rare,” the company said, and the sophistication underscores how significant resources are being poured into this kind of mega-weapon in cyberspace. The Post’s Ellen Nakashima reported that the spyware can also grab control of cellphone towers and monitor calls.

But who is behind it? Symantec could not identify the origins. Confirmed infections have shown up mostly in Russia (28 percent) and Saudi Arabia (24 percent) but none in the United States, Israel or Britain. It may well be another example of American ingenuity in service of intelligence missions, like Stuxnet, but the reality of cyberconflict is that fingerprints can often be difficult to discern. The line between defense and offense, and between nation-states and other groups, can be hazy. Another security firm, Cylance, has reported that Iranian groups hacked into a range of international targets, including airlines, military and energy complexes, hospitals, telecommunications and other institutions.

Networks in the United States remain vulnerable to intrusion, disruption, theft, espionage and attacks that could produce physical damage, all weaknesses that cry out for a more aggressive defense than has been mounted so far. Although the U.S. military is standing up a major cyber effort, both offensive and defensive, private-sector networks in the nation are overly exposed. These networks are the backbone of the economy, health care, education, transportation, energy and countless other critical functions. In the future, attacks are certain to be aimed at them with potentially dire consequences.

Warnings about this have been issued for several years, with insufficient effect. Adm. Michael S. Rogers, the new head of the National Security Agency and U.S. Cyber Command, recently predicted a cyberattack on critical U.S. infrastructure — such as water or electrical systems — in the next decade, saying that it is “only a matter of when, not if, we are going to see something dramatic.” He added, “This is not theoretical.” Or reassuring.

NSA/GCHQ Reportedly Intercepted Messages of Major Cellphone Network Operators Around the World

Ryan Gallagher
December 4, 2014

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.

For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks.

The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance.

The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers.

Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

One high-profile surveillance target is the GSM Association, an influential U.K.-headquartered trade group that works closely with large U.S.-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

Worrying about cyberwar is making countries less safe


December 3, 2014

Ten days ago, on Nov. 24, online security firms revealed the existence of a powerful computer virus called Regin. A tool of espionage (pdf), the bug displayed all the hallmarks of nation-state backing, researchers said. Suspicion immediately fell on the US and Israel.

The following day came news of a massive intrusion into the systems of Sony Pictures Entertainment. Several pre-release films were leaked, along with detailed personal records and communications of employees. An estimated 100 terabytes of data were stolen, and some 40 gigabytes have so far been leaked. Investigators pointed the finger at North Korea (paywall).

Unsurprisingly, there has since been much hand-wringing about cyberwarfare, with one prominent right-wing American website declaring that “The first cyber war is under way.”

It is precisely this sort of hype that Thomas Rid, a professor of security studies at King’s College London, and Robert M. Lee, an active-duty US Air Force cyber-warfare operations officer, warn against in their paper “OMG Cyber!” (pdf), published in the most recent issue of RUSI Journal, a well-regarded peer-reviewed academic journal of defense and security topics.

Cyber-riches

Rid and Lee argue that hype makes for bad policy. As defense budgets have shrunk, cyber is one area where funding has grown. That leads to perverse incentives, encouraging worry in order to gain and preserve funding. Since cyber is where the money is, all threats are re-labelled cyber-something. That means “it is ever harder to say when something clearly is not cyber-related,” the authors write.

“What we are seeing is espionage and practices and techniques that are easy to understand both technically and politically,” says Lee. “By hyping them into something they are not we fail to respond appropriately. Our policies, our technologies, our education, [and] our military’s readiness are being focused on a classification and understanding of the problem that does not align with the reality.”

Air Force CIO plots comprehensive cyber strategy

By Sean Lyngaas 
Dec 03, 2014 

Air Force CIO Lt. Gen. William Bender says the service needs a more far-reaching cybersecurity strategy.

Recently installed Air Force CIO Lt. Gen. William Bender is planning a comprehensive review of the service’s cybersecurity vulnerabilities that will go far beyond what he says is the current, narrowly drawn view of USAF networks.

By focusing on Air Force-only networks and not the larger information environment in which they operate, the service’s cybersecurity strategy covers only "20 percent of the problem," Bender told FCW on Dec. 3.

Bender’s plan for a cybersecurity task force is still just that -- it needs to be fleshed out and approved by the Air Force chief of staff and secretary. But Bender, who succeeded retired Lt. Gen. Michael Basla as CIO in September, envisions a "comprehensive, enterprise-level look at the cyber threat as it relates to everything outside of that 20 percent" of Air Force-only networks.

Bender wants the task force to include members from academia, the national lab system, other military services and industry. He hopes to get the project set up in the coming weeks and months, after which it would be about a year before the group delivers a detailed diagnosis of the Air Force's cybersecurity vulnerabilities, and a remedying strategy, to the secretary.

"You have got to know where your problems are before you can do something about it," said Bender, who was previously deputy chief in the Office of Security Cooperation in Baghdad. "As a CIO, I may be able to use policy and guidance to take care of some" vulnerability issues, he added, citing as an example his ability to kick users off a network if their cyber hygiene doesn’t pass muster.

With other military services advising the task force, the Air Force could draw lessons from the Navy’s recently launched cyber task force, which is a deep dive into issues like interoperability and resiliency.

There is a cyber component to a much broader "30-year" Air Force strategy that Secretary Deborah Lee James and Chief of Staff Gen. Mark Welsh released in July. That strategy did not delve into a vision for securing Air Force information networks, but it did evince an interest in offensive cyber capabilities, calling cyberspace a "promising [domain] for a true breakthrough in our approach to Air Force core missions." The document describes "non-kinetic effects such as speed and reversibility that may present more attractive options to war-fighting commanders than those we currently offer."

The First Cyber War is under way

2 Dec 2014

Perhaps it's only in the skirmish phase, but many large conflicts begin with relatively small encounters. After years of maneuvering to get hackers and defensive programming into position, the First Cyber War is under way.

It seems increasingly likely that the hack of Sony Pictures was a cyber-war action. The malware used to perpetrate the attack turns out to be written in Korean, and the North Koreans aren't issuing any blanket denials of responsibility. (The fun thing about North Korean diplomacy is that they can simultaneously imply that they're behind an action like this, and castigate the world for believing they're responsible. Kim Jong Un certainly seems to enjoy having his cake and eating it too...)

The headline-grabbing result of the Sony hack was the theft of several unreleased movies, plus one already in theaters, leading to a torrent of BitTorrent downloads, but that's not all the hackers did. They also took down the corporate computer network and filched some business data, including a spreadsheet with the salaries of over 6,000 Sony employees, including the executives. This information was passed along to the media, evidently with the goal of embarrassing the company. (Is three million bucks a year in salary really all that excessive for a top CEO, especially given how much movie stars and directors pull down?)

The Norks are hacked off at Sony because of an upcoming movie called "The Interview," which satirizes the CIA using dimwitted journalists to assassinate the North Korean dictator. The Russians have been frisky online as well, apparently in a snit over the application of Western sanctions following their adventure in Ukraine. At the end of October, the White House revealed its computer systems had been under sustained attack for weeks - a far more serious cyber-threat than a few thrill-seeking freebooters could be expected to manage. Two weeks ago, the State Department had to shut down its unclassified email system to install security upgrades and deal with the effects of a suspected cyber-attack. Microsoft just discovered a security flaw in the latter editions of its Windows operating system that allowed Russian hackers to spy on NATO for the past five years.

How the world's powers are preparing to defend themselves against cybercrime

03 Dec 2014

In a country where the slightest hint of criticism can result in immediate confinement to a hellish prison camp, it is hardly surprising that North Korea’s authoritarian regime should take a dim view of a Hollywood comedy based on the assassination of its self-styled “dear leader”, Kim Jong-un.

The North Korean dictator is not renowned for his sense of humour at the best of times, a disposition that cannot have been improved by his frequent bouts of ill-health. Kim Jong-un’s attempts to assert his authority in Pyongyang have been undermined by his continuing battle against various demons, including diabetes, alcoholism, depression and, earlier this year, cancer - the treatment for which prompted speculation that he had died.

This has made life very difficult indeed for those working at his official Ryonsong Residence near Pyonyang, where Mr Kim’s irrational rages pose a constant threat to the life expectancy of his aides. So far this year he has had his uncle and mentor, Jang Song-thaek, executed by firing squad, as well as one of his mistresses and a dozen pop musicians, who were accused of making lewd videos. For good measure, he made the musicians’ families watch as they were shot.

As Mr Kim is also constantly making threatening gestures towards America, it was only a matter of time before his bizarre conduct attracted the attention of Hollywood script-writers, with the result that Sony’s US-based film division is shortly to release “The Interview”, a production starring Seth Rogan and James Franco. Except that the company’s promotional plans for the comedy have been sabotaged. A sophisticated hacking operation against their computer systems in California has led to five of their big Christmas releases being leaked online.

Despite Pyongyang’s denials, there seems to be little doubt that the sabotage was carried by their newly-acquired cyber warfare wing in retaliation for a film that the regime has denounced as the work of “gangster moviemakers”. Describing the storyline as a “wanton act of terror”, North Korea’s state-controlled media warned Hollywood to expect “merciless countermeasures”.

Report Says Cyberattacks Originated Inside Iran


DEC. 2, 2014 

SAN FRANCISCO — Iranian hackers were identified in a report released Tuesday as the source of coordinated attacks against more than 50 targets in 16 countries, many of them corporate and government entities that manage critical energy, transportation and medical services.

Over the course of two years, according to Cylance, a security firm based in Irvine, Calif., Iranian hackers managed to steal confidential data from a long list of targets and, in some cases, infiltrated victims’ computer networks to such an extent that they could take over, manipulate or easily destroy data on those machines.

Cylance called the attacks “Operation Cleaver” because the word cleaver frequently appeared in the attackers’ malicious code.

The New York Times was able to independently corroborate the firm’s findings with another security firm, Crowdstrike, which said it had been tracking the same group of Iranian hackers for the past nine months under a different alias, “Cutting Kitten”; kitten is the firm’s naming convention for attack groups based in Iran, a nod to the Persian cat.

The hackers used a set of tools that can spy on and potentially shut down critical control systems and computer networks, aiming them at targets in the United States, Canada, Israel, India, Qatar, Kuwait, Mexico, Pakistan, Saudi Arabia, Turkey, the United Arab Emirates, Germany, France, England, China and South Korea.

Cylance would identify only one of Cleaver’s victims — a Navy-Marine Corps network in San Diego that connects sailors, Marines and civilians across the United States — in its 86-page report. But it said other victims in the United States included a major airline, a medical university, an energy company that specializes in natural gas production, an automobile manufacturer, a major military installation and a large military contractor.

Net Politics Book Review:Countdown to Zero Day

November 25, 2014

Iranian President Mahmoud Ahmadinejad visits the Natanz nuclear enrichment facility, 350 km (217 miles) south of Tehran, on April 8, 2008. (Iranian Presidential official website/Courtesy Reuters) 
The first public announcement of what became known as Stuxnet, the malware designed to slow Iran’s nuclear program, could have easily disappeared into the ether. VirusBlokAda, a little-known cybersecurity firm in Belarus, first noticed the new vulnerability and posted an announcement on their website and an online English-language security forum. After some early news reports about the code and moves to patch the initial vulnerability by Microsoft, it would have been natural for everyone involved to move on the next malware threat. No one had any reason to know what Stuxnet would become. 

But a number of security researchers were intrigued by what they saw and kept going back to crack the code. Their story is the backbone of Kim Zetter’s Count Down to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, an incredibly detailed and readable account of the U.S. and Israeli attack on the computers that controlled the centrifuges at Natanz. Zetter follows the three main groups of cybersecurity experts from Symantec, Kaspersky Lab, and the Langner Group as they decode the malware. As the groups unraveled Stuxnet, they also discovered companion programs including Flame andGauss, which were designed for espionage, not destruction. Zetter does an exceptional job of describing how the malware operated and how it affected infected Iranian networks. 

Throughout the book, Zetter has to manage the tension between what the actual impact of Stuxnet on the nuclear program was and what the potential for future cyberattacks will be. If the computer attacks did little to hamper the Iranians and future attacks are likely difficult to develop, require extensive intelligence capabilities, and cause little physical damage, then Stuxnet looks less a weapon that reshapes foreign policy and more like another tool that is wielded by militarily and economically powerful states. Zetter sees Stuxnet as the beginning of something radically new and the possible damage from cyber as high, but she doesn’t silence other opinions. She gives voice to those who claim Stuxnet had little impact on Iran’s capabilities and when Zetter repeats anecdotes about other cyberattacks that have allegedly caused physical damage, she provides alternative explanations. 

US Army Intelligence Wants to Know How Algorithms Can Improve Intelligence Processing, Analysis and Reporting

The following item was posted online yesterday on the U.S. government’s contracting website fbo.gov: 

The US Army, Intelligence and Information Warfare Directorate (I2WD), is seeking information on algorithms, tools, & workflows to address the need for improved real-time multi-INT fusion and processing, exploitation, & dissemination (PED). Intelligence includes the position/location reports and/or target signatures that are derived from various multi-INT sensors. The multi-INT analyst is challenged with an ever-growing quantity of intelligence from multiple sources and does not have the tools to rapidly combine data and identify meaningful events.

To this end, the Army is seeking PED applications that accelerate the processing of intelligence, increase the richness of exploitation, facilitate dissemination, expedite and enhance analyst RFI fulfillment, and improve commander situational awareness. Applications may lend themselves to either real-time or forensic use or both. Examples of such algorithms include (but are not limited to) the following:

Real-time algorithms will reside directly on the sensor platform, with the purpose of rapidly processing, correlating, and reducing multi-INT data for immediate situational awareness as well as maximizing available bandwidth to a ground station or PED cell. Forensic algorithms take advantage of the wider range of data available on the cloud along with the increased processing power available to provide enhanced products with full situational and historical context. The primary focus of this request is the enhancement of real-time user workflow.

CYBER WAR REPRESENTS EXISTENTIAL THREAT TO U.S.; 3 THREATS THAT SHOULD TRULY TERRIFY YOU

By Chriss W. Street
4 December 2014

Nineteenth century military genius Carl von Clausewitz coined the phrase: “War is a mere continuation of politics by other means.” In his day, the number of wars was limited by the time and expense to organize large armies and then march across borders to inflict pain.

War was much more expensive in the twentieth century, but the number of conflicts expanded because planes and missiles cut the time it took to inflict pain. Proliferating technologies make it now possible for any nation to acquire cyber tools at minimal cost to instantly inflict pain on any other nation. Clausewitz would expect the number of cyber wars to grow exponentially in the twenty-first century.

The advent of cyber war represents a new “high bar risk” as the U.S. faces-off against a deadly trifecta of cutting-edge digital technologies, advanced military weapons, and the ability to disrupt critical infrastructure. With this type of war built around digital technology, America’s enemies will focus on turning our own technology against us.

The first year of the twenty-first century will be remembered for 19 illegal aliens who trained at a Florida school to use U.S. commercial airliners as improvised explosive devices. The 9/11 terrorists slaughtered more Americans than died at Pearl Harbor. With the U.S. government politically forced to declare war on much of the Middle East, the financial cost from the attacks and subsequent military response is over $3.3 trillion.

Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard A. Clarke, defined “cyber warfare” as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” When confronted with the statistic that less than 0.0025% of revenue at the average U.S. corporation was being spent on information technology security, Clarke warned: “If you spend more on coffee than on IT security, then you will be hacked. What’s more, you deserve to be hacked.”

Edward Snowden’s revelations concerning the militarized activities of the NSA highlight cyber warfare’s danger to the U.S. corporate sector. Military power in the cyber domain is projected through the civilian computer networks of U.S. tech giants such as Google, Facebook, Verizon, and Apple. The cooperation or conscription of private U.S. networks for cyber warfare attacks or defenses creates an extreme liability for these firms. U.S. tech companies are top targets for suspicion and potential retaliation by enemy states.

The main proliferator of cyber warfare capabilities to potential enemies of the United States is the boom in attendance by international students at U.S. colleges. The State Department’s 2014 Open Doors Report on International Educational Exchange reported the number of international students studying at U.S. colleges grew since 2000 by 72% to 886,052. About 23% of international students worldwide now study in the U.S.

TIME TO DEBATE ABOUT SPACE BASED DEFENSE?

December 4, 2014

By High Frontier Posting on December 4, 2014 in Arms Control, Brilliant Pebbles, Henry F. Cooper, High Frontier, Raptor Talon, Space Based Defense
High Frontier

A recent National Defense Industrial Association (NDIA) publication raised a timely issue—that it is time to debate the utility of space based defenses against ballistic missiles, because of the growing threat. I could not agree more, and here provide additional reasons why and offer some counters to those who criticized aspects of this important paper.

As Lt. General James Abrahamson and I wrote on the 30th anniversary of Ronald Reagan’s March 23, 1983 speech that launched the Strategic Defense Initiative (SDI), the most effective missile defense concept to come from the SDI era (1884-93) was the Brilliant Pebbles space-based interceptor (SBI) system. “Abe” began the program as a special access program on his watch as SDI Director; Lt. General George Monahan carried the program through a “season of studies” to formal concept validation approval by the Pentagon’s defense acquisition authorities on his watch (and I believe that had he lived he would have joined in our 2013 assessment); and, on my watch, I carried the program through a congressional gauntlet until it was sharply curtailed by the “congressional powers that be” in 1992.

(Click here to read the ballistic missile defense (BMD) historian’s published account of this story, discussed in Don Baucom’s “The Rise and Fall of Brilliant Pebbles.”)

In early 1993, the Clinton administration sharply curtained the SDI program—even cutting by 80-percent a fully funded, congressionally mandated national missile defense (NMD) program to develop and deploy a ground-based homeland defense as soon as technologically feasible. The congressionally-approved Brilliant Pebbles technology demonstration program was totally scuttled even though congress had appropriated over $300 million for fiscal year 1993—Defense Secretary Les Aspin boasted he was “taking the stars out of Star Wars.”

The Clinton administration declared its allegiance to the anti-ballistic missile (ABM) Treaty as the “cornerstone of strategic stability,” and that Treaty blocked the testing and deployment of effective BMD systems if they could defend the U.S. homeland—especially space-based defenses.

The Navy's cyber awakening

By Sean Lyngaas 
Oct 31, 2014 

The Navy Department has laid out a strategy that clearly identifies cyberspace as a warfighting domain. The strategy is designed to better assess cyber risks across the service in the wake of a high-profile breach of its computers last year.

"Cyber and IT [are] now a commander's business," declared Matthew Swartz, a member of the department's Senior Executive Service who is helping lead a yearlong task force to implement the new strategy.

The main purpose of Task Force Cyber Awakening, which was explained in detail to reporters during an Oct. 31 roundtable, is to give leaders a clearer picture of how the cybersecurity postures of the service's many components, from the Naval Sea Systems Command to the Space and Naval Warfare Systems Command, stack up.

Today it might take the Navy days or weeks to assess the cybersecurity strength of a given program, Swartz said. The goal is to dramatically reduce that time. Cyber breaches on any network are inevitable, he added. But awareness of vulnerabilities can be much improved.

In developing the new strategy, leaders realized there wasn't a "unifying front" for collecting information on cyber vulnerabilities across the service, Swartz said.

One of the catalysts for the new strategy was the breach last year, reportedly by Iranian hackers, of the Navy Marine Corps Intranet, the service's massive internal computer network.

The NMCI intrusion was "part of the foundation that led to this task force" because it drove home how critically reliant the Navy Department is on an internal network for enterprisewide operations, Swartz said.

The task force, led by Vice Adm. Ted Branch, deputy chief of naval operations for information dominance, has four subgroups that cover issues such as interoperability and resiliency. One group is charged with delivering a cyber resiliency plan for the Navy in November, which the department will continue to refine. The task force will finish its work in August 2015 and, if things go according to plan, will leave in its wake an "enduring capability that we organize around," Swartz said.

Pentagon Worries That Russia Can Now Outshoot U.S. Stealth Jets


12.04.14 

American fighter planes are fastest, most maneuverable jets in the world. But their weapons are becomingly increasingly obsolete—and that has some in the U.S. Air Force spooked. 

High flying and fast, the F-22 Raptor stealth jet is by far the most lethal fighter America has ever built. But the Raptor—and indeed all U.S. fighters—have a potential Achilles’ heel, according to a half-dozen current and former Air Force officials. The F-22’s long range air-to-air missiles might not be able to hit an enemy aircraft, thanks to new enemy radar jamming techniques. 

The issue has come to the fore as tensions continue to rise with Russia and a potential conflict between the great powers is once again a possibility—even if a remote one. 

“We—the U.S. [Department of Defense]—haven’t been pursuing appropriate methods to counter EA [electronic attack] for years,” a senior Air Force official with extensive experience on the F-22 told The Daily Beast. “So, while we are stealthy, we will have a hard time working our way through the EA to target [an enemy aircraft such as a Russian-built Sukhoi] Su-35s and our missiles will have a hard time killing them.” 

The problem is that many potential adversaries such as the Chinese and the Russians have developed advanced digital radio frequency memory (DRFM) jammers. These jammers, which effectively memorize an incoming radar signal and repeat it back to the sender, seriously hamper the performance of friendly radars. 

Worse, these new jammers essentially blind the small radars found onboard air-to-air missiles like the Raytheon AIM-120 AMRAAM, which is the primary long-range weapon for all U.S. and most allied fighter planes. 

That means it could take several missile shots to kill an enemy fighter, even for an advanced stealth aircraft like the Raptor. “While exact Pk [probability of kill] numbers are classified, let’s just say that I won’t be killing these guys one for one,” the senior Air Force official said. It’s the “same issue” for earlier American fighters like the F-15, F-16, or F/A-18. 

Wanted: An Enemy for America's Third Offset Strategy

December 4, 2014 

The Pentagon's Third Offset Strategy can't solve all the country's national security challenges, and it will fail if it tries.
In a widely publicized speech at the Reagan National Defense Forum last month, Defense Secretary Chuck Hagel announced a new Pentagon initiative aimed at fostering a third “game-changing” Offset Strategy. Modeled off of Eisenhower’s New Look doctrine in the 1950s, and the Offset Strategy of the 1970s and 1980s, the Third Offset Strategy seeks to harness technological innovations to preserve America’s military primacy in the future.

Despite the grand rollout, much of the details of the Third Offset Strategy remains to be fleshed out. With this in mind, the House Armed Services’ Subcommittee on Seapower and Projection Forces held the first of what its chairman, Rep. Randy Forbes (R-VA), promised would be many hearings on the new strategy. Entitled “The Role of Maritime and Air Power in the Third Offset Strategy,” the hearing featured testimony from four prominent defense think tankers with previous Pentagon experience.

One of the more important debates that emerged among the witnesses concerned whether the Third Offset Strategy should focus on all the challenges the Pentagon deals with, or else more narrowly on a few of the most important threats it faces-- such as anti-access/area-denial (A2/AD).

On one side of this debate was Andrew Hunter, who is now at the Center for Strategic and International Studies after recently leaving Pentagon where he served as Ash Carter's chief of staff, among other positions. Hunter argued that the Third Offset Strategy “must be integrated in a broader national strategy” and focused on all the issue areas outlined in key defense strategy documents like the QDR and Defense Strategic Guidance.

“To address a mission set this diverse,” Hunter said, “the next offset strategy will have to focus on capabilities with a broad array of applications, from the high end to the low end of conflict. I believe there is a real danger of over specifying the problem particularly if you are specifying it at one end of the spectrum solely.”

As such, Hunter repeatedly cautioned against using the Offset Strategy to select specific platforms. Instead, he argued that the Offset Strategy should merely identify capabilities and operational concepts.

TALK STEALTHY TO ME

December 4, 2014

As the Air Force Times recently reported, the F-22 and F-35A conducted their first integrated training mission earlier this month. Several observers declared this mission, which included offensive counter air, defensive counter air and interdiction operations, to be a success. But if the planes are to actually operate as a cohesive strike package in the complex A2/AD environments of the future, the services will first need to address a glaring gap in interoperability: data links.

Currently, the F-22 and F-35 are equipped with two different low probability-of-intercept/low probability-of-detection (LPI/LPD) systems for exchanging data while in stealth mode: the F-22 uses the older and more limited Intra Flight Data Link (IFDL); the F-35 operates with the newer Multifunction Advanced Data Link. Quite astoundingly, these two LPI/LPD systems cannot communicate with each other, meaning that if the F-35 and F-22 need to share information with each other, they must do so using the non-stealthy Link 16 system used by 4th-generation legacy aircraft. (And even then, the F-22 is limited to receiving data; it cannot transmit it.)

This is particularly problematic because, given the expense of operating both the F-22 and the F-35 in comparison to legacy aircraft, they are — at least in the near-term — likely to be deployed together only when stealth is required. Furthermore, the lack of compatible data links means that the information gathered by the planes’ highly capable sensors and avionics — often described as one of their greatest comparative advantages — cannot be fully leveraged within a 5th-gen strike package, in turn diminishing the potential of integrated targeting capabilities.

The problems do not end there. In addition to the lack of interoperability between the two 5th-generation fighter datalinks, there is also a lack of interoperability between 5th-generation fighter and 4th-generation fighter datalinks. This means that legacy aircraft are not able to maximally benefit from the vastly superior situational awareness and threat detection capabilities of their 5th-generation brethren. As a result, F-35 operators — which in addition to the Air Force will include the U.S. Marine Corps and Navy, as well as a host of foreign governments — cannot realize the full return on unprecedented levels of investment.

5 December 2014

Shifting sands and shifty friends

Chirosree Basu

The former president of Afghanistan, Hamid Karzai, with the Indian prime minister, Narendra Modi, November 20, 2014 

When the purpose of the book is to make India conscious of the fact that "the evolving realities in Afghanistan present India with a historic chance", and that it will lose credibility with not only the United States of America but also with ordinary Afghans if India fails to seize it, one wonders why the book should have "a lost opportunity" as part of its title. In fact, it is not clear which lost opportunity Pant is talking about.

There is one which is obvious. From 2001 to around 2009, India was at the pinnacle of the success brought by its exercise of soft power in Afghanistan. Indian presence in Afghanistan was ubiquitous - in the construction of the critical Zaranj-Delaram road in Nimruz province, in its cooperation with Afghanistan in civil aviation, media and information, rural development, education, commerce and banking, waste and water management, training of defence and civil administration professionals, the enhancement of Afghanistan's food security through wheat aid, the rehabilitation and medical treatment of children, electoral management and standardization of State services and so on. That unnerved Pakistan, which hit back by orchestrating attacks on Indian establishments in Afghanistan through its proxy warriors.

The heightened militant activity in Afghanistan led to a troop surge by the Barack Obama administration in 2009. The exit plan was announced at the same time and that changed the entire complexion of the game. India was expressly told to tone down its presence in Afghanistan that was making Pakistan act wayward and thereby difficult for the West to handle it. India may not have followed instructions to the T but its steadfast principle of not bringing in boots to preserve the investments it had made, and thereby secure its own interests, went against it. As Pant puts it, "if India was unwilling to stand up for its own interests, few saw the benefit of aligning with India."

Pant also acknowledges that Indian presence in Afghanistan got weaker with the Obama administration's deepening of its security dependence on Pakistan in the hope of achieving a semblance of success in Afghanistan. By 2010, the US had been sold the idea that a reconciliation was possible with the Taliban and by 2011, Pakistan had established itself in the role of the indispensable mediator in such reconciliation drives, much to the indignation of Afghanistan's then president, Hamid Karzai, who was trying to proceed independently on the same lines.

MOVING AHEAD DESPITE THE USUAL SUSPECTS

05 December 2014

References have been made in Kathmandu of moving towards building an ‘economic federation’ in 15 years. It is clear that, thanks to Pakistani negativism, the original vision of an ‘economic union’ has fallen by the wayside

Prime Minister Narendra Modi had a full diplomatic calendar in November, participating in three multilateral summits — the East Asia Summit in Nay Pyi Taw (Myanmar), the G20 Summit in Brisbane and the South Asian Association for Regional Cooperation Summit in Kathmandu. The East Asia Summit is integral to India’s economic and strategic agenda across its eastern shores.

It casts the Indian strategic imprint across the Asia-Pacific Region. Over the past 15 years, India has concluded a free trade agreement with the 10 members of Asean, with bilateral trade targeted to reach $100 billion soon. India has also concluded Comprehensive Economic Cooperation Agreements with two major East Asian economic powers — Japan and South Korea. It has actively engaged Australia, which straddles the Indian and Pacific Oceans. These developments enable India to proactively deal with the assertive role of China in the

Asia-Pacific region. Participation in G20 gives India a role on the high table of global economic decision making. Our three-decade long interaction in Saarc with our South Asian neighbours has little to show, by way of economic cooperation, thanks primarily to the obstructionist policies of Pakistan. A “Group of Eminent Persons” crafted a

long-term vision for Saarc in 1998, which envisaged the establishment of a South Asian Free Trade Area by 2010, a Customs Union by 2015 and an Economic Union by 2020. The visionary, Mr Atal Bihari Vajpayee, even advocated that the culmination of this process should be the establishment of a Saarc Monetary Union. The 2002 Saarc Summit in Kathmandu loftily proclaimed: “To give effect to the shared aspirations for a more prosperous South Asia, the leaders agreed to the vision of a phased and planed process eventually leading to a South Asian Economic Union”.

Where exactly do we stand today? After much foot-dragging, Saarc countries have concluded a Free Trade Agreement confined to goods, but excluding all services like information technology. Even this agreement has been stymied by Pakistan, which has declined to even accord India the World Trade Organisation-mandated ‘Most Favoured Nation’ treatment.

The prospect of a Comprehensive Economic Cooperation Agreement like those India has fashioned in East and Southeast Asia remains bleak and the vision of an Economic Union is a constantly receding mirage. While references have been made in Kathmandu of moving towards building an “economic federation” in 15 years, it is clear that thanks to Pakistani negativism, the original vision of an Economic Union has fallen by the wayside.

The Mahatma I saw

Dec 02, 2014

Cariappa said that he had to brief the Mahatma about the battle and wanted me to accompany him. It was Mahatma Gandhi’s day of silence. He wrote on a slate, ‘I am proud of our Army. Non-violence is the weapon of the strong and not the coward.’

Einstein wrote about Mahatma Gandhi, “Gene-rations to come, it may well be, will scarce be-lieve that such a man as this one, ever in flesh and blood, walked upon this Earth.” I belong to a now-vanishing generation whi-ch saw Gandhiji in flesh and blood.

As a college student in Patna, I had read D.F. Karaka’s biogra-phy of the Mahatma, Out of Dust. It brought out how the Mahatma raised us out of dust. He transformed us from being subjects of a colonial power to proud citizens of an indepen-dent country.

I once attended a public meeting of thousands addres-sed by him in Patna. After he left the venue, I saw many pick up the dust from the ground over which he had walked and apply it to their foreheads. I had just entered my teens and I felt his address had touched my soul. I was told that he received hundreds of letters regularly from all over the world and a reply was sent promptly to each. This encouraged me to write to him for his autograph. His secretary immediately replied asking me to send `10 for the Harijan Fund for his autograph. I couldn’t afford it.

During the Quit India Movement, on August 10, 1942, a procession of a few thousand students had gone to hoist the Congress flag over the Patna Secretariat. I was in the rear of the procession. British troops opened fire and seven students were killed. The procession dispersed. Virtual martial law was imposed in Patna that evening. My father was posted in Purnea at that time. Along with many students, I crossed the river in a steamer to catch a train to Purnea. We found rail-way tracks and railway stations ransacked so we decided to trek to our destinations. En route, I saw atrocities committed by British troops.

By March 1943, all was quiet. Schools and colleges reopened. Congress leaders were locked in prison. The movement seemed to have fizzled out. Despite being an ardent admirer of the Mahatma, who had called upon people to boycott the war effort, I decided to join the Army. We used to hear Subhas Chandra Bose’s radio broadcasts from Singapore and of the formation of the Indian National Army. I felt non-violence could not get us Independence. Britain’s military might had to be weakened from within. I applied for a commission in the Army, got selected and was asked to report at the Officers Training School, Belgaum.

From Patna one had to go to Belgaum via Pune, spending a whole day in Pune to catch the train connection to Belgaum. The Mahatma was then impri-soned in Aga Khan Palace, guarded by British troops. Passing the palace gates in a tonga, I offered obeisance from outside, seeking his forgiveness for joining the Army despite his call to not to do so.

Only once did I see the Mahatma from close quarters. During the first India-Pakistan War in Kashmir, on October 22, 1947, thousands of Pakistani forces comprising both tribes-men and Pakistan Army per-sonnel in civilian clothes led by Maj. Gen. Akbar Khan, invaded Kashmir.

Why India must engage with ICANN

ARUN MOHAN SUKUMAR

ReutersTURNING POINT: “The governance architecture that emerges after September 2015 could erode or enrich the capacity of states to regulate the flow of information online and protect the rights and security of their citizens.”

India’s Internet diplomacy has found its voice late, leaving the government with little time to get its act together before the ICANN-U.S. contract expires in September next year

Late last month, the Prime Minister’s Office chaired a meeting of the three nodal ministries — the Ministry of External Affairs, the Department of Telecommunications and the Department of Electronics and Information Technology — responsible for charting India’s line on global Internet governance, capping a welcome effort to attend to this foreign policy concern at the highest level. The PMO’s intervention has come not a moment too soon: the contract between the United States government and the Internet Corporation for Assigned Names and Numbers (ICANN) — which manages the Domain Name System (DNS) under U.S. oversight — expires in less than a year, leaving cyberspace up for grabs. The governance architecture that emerges after September 2015 could erode or enrich the capacity of states to regulate the flow of information online, protect the rights and security of their citizens, and develop robust Internet economies.

India’s ability to negotiate this transition has been hindered by a lack of inter-ministerial consensus and a familiar reluctance to engage civil society. Unlike other state-driven deliberations, the rules of this game are different: the U.S. has refused to cede control of ICANN to an inter-governmental agency, insisting instead on a “multi-stakeholder” body to replace its oversight. This requirement has given multinational corporations the ability to punch above their weight in international negotiations.

Countering the challenge