The Obama Administration: From Ending Two Wars to Engagement in Five – with the Risk of a Sixth

By Anthony H. Cordesman

DEC 3, 2014 

http://csis.org/publication/obama-administration-ending-two-wars-engagement-five-risk-sixth

Presidents propose action, and then reality intervenes. This cycle holds special irony in the case of President Obama. A year ago, it looked like he might end two of the longest wars in U.S. history by the time he left office. As of today, President Obama has involved the United States in five evolving conflicts, and there is little prospect any of them will be over by the time the next president is inaugurated, unless the United States chooses to disengage and lose.

War 1: Afghanistan

First is the Afghan war. The coming “Transition” at the end of 2014 will not end the U.S. role in the conflict or allow the United States to claim any form of success. The administration has ceased to provide any meaningful unclassified data on either the progress of the fighting or of Afghan forces. Rather, the administration and U.S. agencies can only be accused of lying by omission. The latest semiannual report on the Afghan war has no meaningful metrics on the trends in the fighting, dropped all detailed metrics on the readiness of Afghan units, and totally understates and ignores the negative trends in media reporting, UN casualty data, and Afghan public opinion data from recent surveys like those from the Asia Foundation. It sharply understates political risk and does not address the major economic problems and risks raised by the World Bank.

The president has already had to admit that his previous plan to cap the U.S. training and assistance mission at 9,800 will not work, that at least 12,000 to 15,000 more troops must be deployed, and U.S. combat airpower may be needed in the future. In practice, he may well have to go much further.

The United States does not need to reintroduce major combat units, but it also makes no real world sense for the United States to size support of Afghan forces to a fixed number of personnel, or commit to cut them in half by the end of 2015, or reduce them to nearly zero by the end of 2016, without any regard to the actual course of the fighting. Neither does it make sense for the most recent semiannual report on the Afghan war to lack clear plans for either military or civil aid. The president has made promises that he simply should not have made, and probably cannot keep without losing America’s longest war.

War 2: Islamic State or ISIS

The Middle East faces a faceless threat, bigger and more challenging than ISIL

Faisal Al Yafai

December 2, 2014 

Syrian refugees walk between tents at a refugee camp in the Turkish border town of Yayladagi. The Syrian refugee crisis will reshape the Middle East, argues Faisal Al Yafai 

Who or what has had the most influence on the Middle East this year? As 2014 draws to a close, this is the reflective question many analysts and journalists are drawn to answering.

That question, in fact, was the premise of a television show that gathered together opinion-formers from across the Middle East (including this columnist) in Dubai last week.

In a year that made a household name of Abu Bakr Al Baghdadi, saw the re-election of Bashar Al Assad and the end (for now) of Nouri Al Maliki’s prime ministership, it is natural that a review of the year should focus on a single face.

Yet with so much happening in the Middle East and so many personalities contributing to those events, it strikes me that just as the problems of the Middle East are too big to have been caused by any one person, so the problems are too big to be solved by any one person.

The Middle East’s most influential figure is faceless, a challenge for the region bigger than the threat of ISIL or the rise of Iran. It is the refugee crisis in Syria, a nameless, faceless threat that, nonetheless, is creating new challenges daily.

The scale of the Syrian refugee crisis is almost unfathomable. The UN says three million Syrians have fled the country, with at least another six million displaced within the country. That is more than the population of New York.

Homeless, and fleeing war, at least half of those refugees are children, most of whom have had their education severely disrupted. Many have lost family members, too many are orphans – with all the vulnerability that brings – and all are severely traumatised.

Numbers on that scale are more than a crisis, more than a catastrophe. Syria’s refugee crisis is a cataclysm.

Leaders in Glass Countries Shouldn’t Throw Stones

BY STEPHEN M. WALTStephen M

DECEMBER 4, 2014

Many people probably think the explosive events in Ferguson, Missouri, are a purely domestic issue and have nothing to do with American foreign policy or the U.S. position in the world. That position is understandable, insofar as these events are first and foremost about race relations inside the United States itself, which are largely a product of America’s particular history. At a minimum, what has been happening in Ferguson (and the protests that broke out in New York and elsewhere following yesterday’s news that a grand jury decided not to indict the police officer responsible for the death of Eric Garner) reminds us that race remains a deeply problematic issue here — especially in the context of law enforcement and criminal justice. Not surprisingly, most commentators have focused on what this problem says about America and what the United States needs to do to address it.

Yet what has been happening in Ferguson — and in race relations in the United States more generally — does have some noteworthy foreign-policy dimensions. That is also unsurprising, because America’s internal condition inevitably affects its image in the world and the influence it can wield. When the U.S. economy is in trouble, it limits what the United States can do on the world stage. If the federal government is gridlocked or hamstrung by pointless political grandstanding (see under: Benghazi) the United States will act with less energy and wisdom abroad. And if minorities in the U.S. population are still marginalized, discriminated against, and treated as less-than-equal, then America’s full potential will be unrealized and its moral authority will be compromised in the eyes of many foreign observers.

With that insight in mind, consider the following connections between Ferguson and foreign policy.

For starters, let’s acknowledge that there is a trade-off between ambitious U.S. efforts to transform other parts of the world and the ability of government institutions to improve the lives of Americans here at home. I don’t think more social spending would eliminate racism or solve all the problems in places like Ferguson, but Americans would almost certainly be far better off if we hadn’t wasted $3 trillion+ in our misguided Iraqi and Afghan adventures. For example, spending some of that money on much-needed infrastructure here at home would have created a lot of jobs — including in places like Ferguson — and boosted the overall productivity of the U.S. economy.

A Recommended Agenda for the Next Secretary of Defense

By Andrew Philip Hunter, Ryan Crotty, Gregory Sanders, Maren Leed, Melissa Dalton, John Schaus, T.J. Cipoletti 

DEC 4, 2014 

http://csis.org/publication/recommended-agenda-next-secretary-defense

President Obama is expected to announce in the coming days his nominee to be the next Secretary of Defense. Whoever the next Secretary is, the expectation is that the individual will have a wealth of experience within the Defense Department to draw from. Recruiting an experienced hand at this critical moment will reassure many who worry about the state of the American military. For some critics, however, the more pressing concern will be understanding the nominee’s stance on the major security matters facing the United States today and his or her willingness to challenge administration policy on those issues.

Crises around the world will no doubt continue to dominate the headlines, and to drive meetings of the National Security Council. Against this backdrop, the next Secretary will be significantly challenged to ensure a sustained focus on issues that are important to the U.S. military and national security, but less urgent than items in the daily inbox. CSIS’s International Security Program asked seven of its scholars to recommend which of those important issues should be at the top of the agenda for the next Secretary of Defense. Each scholar also offers recommendations for priority action by the next secretary on these issues.

Andrew Hunter, Director, Defense-Industrial Initiatives Group and Senior Fellow, International Security Program

For the Secretary of Defense, no news is good news when it comes to defense acquisition. Much like the offensive line on a football team, when things are going smoothly, it goes unnoticed. When the Secretary of Defense gets asked about the acquisition system, it usually means something has gone wrong. For this reason, and because acquisition is a highly technical discipline, it can be tempting for the Secretary of Defense to focus attention elsewhere, particularly in his or her early days. Just as the offensive line’s performance is critical to the success of a football team, however, solid performance from the acquisition system is a linchpin to a Secretary’s hopes for a successful tenure.

Defense acquisition is a massive undertaking involving the expenditure of roughly $150 billion annually for research and development and procurement of technology and total contract spending of more than $300 billion annually. Even a small improvement in performance of the acquisition system can make a difference of billions in the cost of equipping the military. Despite widespread pessimism on the prospects for improving defense acquisition, the opportunity to make progress is real. The latest issue of the Department of Defense’s annual report on the Performance of the Defense Acquisition System shows modest improvement in trends relating to cost growth. While this recent progress is encouraging, the squeeze of sequestration and the budget uncertainties generated by continuing resolutions and potential government shutdowns threaten to reverse this trend. The result would be a snowballing path of destruction through already tight defense budgets.

The recent announcement of the Defense Innovation Initiative also demonstrates the strategic importance of acquisition to the Department of Defense. As the 2012 Defense Strategic Guidance and the 2014 Quadrennial Defense Review make clear, innovation is key to the military’s future. Ultimately, the acquisition system bears the largest share of responsibility for delivering innovation. Last but not least, acquisition will be critical in the Secretary’s relationship with Congress. Senator John McCain will take over as Chairman of the Senate Armed Services Committee in the new Congress, and his interest in, and concern about, the defense acquisition system is well known. On the other side of the Capitol, the House Armed Services Committee has already been examining improvements to defense acquisition for over a year under the leadership of Representative Mac Thornberry, the designated next House Committee Chairman, and his ranking member, Representative Adam Smith.

Regin malware: Why did it take so long to uncover?

by:Brandan Blevins

25 Nov 2014

Source Link

Industry observers say the unveiling of the Regin malware, which came after more than half a decade in the wild, highlights the need for better detection methods. 

Symantec Inc.'s discovery of the Regin malware, part of a long-term nation-state-sponsored cyberespionage campaign, has already been compared to the likes of Stuxnet and Flame, two of the most sophisticated pieces of malware ever created. While the expertise needed to create Regin is unquestioned, security industry observers say Regin again proves that more organizations and vendors need to be focused on threat detection rather than prevention.

Symantec's technical analysis of Regin, released late last week, exposed a malware platform that is both powerful and highly customizable. The first version of Regin was used since at least 2008 until 2011, according to Symantec's analysis, while a second version was spotted in 2013.

As a modular malware platform, Regin contains a number of components that rely on each other to function. This design allows attackers to deploy a number of different payloads depending on specific targets and situations. Symantec said the multi-stage loading architecture, which is similar to that of Stuxnet and Duqu, made it difficult to analyze Regin as not all of the malware's components were available at the same time.

And unlike many other advanced persistent threats (APTs), which are typically focused on collecting valuable intellectual property, Symantec's paper indicates that Regin is unique because it is geared toward collecting a variety of nonspecific data and monitoring individuals or organizations for lengthy periods.

It's na�ve to think that these tools couldn't be easily re-purposed or re-deployed against our allies, or even against individual business leaders, political targets or citizens.Chris Messer

"Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen," wrote Symantec's security response team in a blog post. "It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks."

Regin: Who is responsible? 

Upstream superpowers

Sanjib Baruah

December 5, 2014 

Source Link

On November 23, the first power-generating unit of the Zangmu hydropower complex on the Yarlung Tsangpo or the Brahmaputra in China’s Tibet Autonomous Region became operational. The 510 MW Zangmu dam is not as large as some of China’s other large dams, or those that India is building or planning to build on the Yarlung Tsangpo/ Brahmaputra river system. Zangmu, however, underscores the limited channels of cooperation that exist between India and China to govern the rivers they share. Until recently, Indian officials relied on satellite images of construction sites to learn about China’s plans. It took the Chinese some time to acknowledge the existence of dam-building projects on the Yarlung Tsangpo. Things have improved since. But there is no water sharing agreement between India and China. Nor is one on the horizon.

As an “up-stream superpower”, China avoids multilateral entanglements. More than two-thirds of the 40 major transboundary rivers that flow through China and 16 other countries originate in China. China was one of three countries to vote against the adoption by the UN General Assembly of the 1997 UN Convention on the Law of the Non-Navigational Uses of International Watercourses , which seeks to strike a balance between upstream and downstream interests. The convention commits state parties to the utilisation of transboundary rivers in “an equitable and reasonable manner” and requires them to take “all appropriate measures to prevent the causing of significant harm” to co-riparians. India abstained in that vote.

China has since signed bilateral agreements with a number of co-riparians. But as Selina Ho of the National University of Singapore points out, while China has been willing to cooperate with southeast Asian countries on the Mekong, it has not been as forthcoming with India on the Brahmaputra. Ho attributes it to the historical animosity between the two countries, the territorial disputes and “the incongruence between China’s traditional perception of India as a regional power without global reach and India’s growing status as a rival for influence and resources worldwide”. It is not surprising that potential conflicts between India and China feature prominently in most scenarios of future “water wars”.

A day after Zangmu became operational, a Chinese foreign ministry spokesperson was asked about its impact on downstream countries like India and Bangladesh. China is “always responsible in developing and utilising transboundary rivers,” asserted Hua Chunying. China, she added, shares hydrological data with India as per a 2013 MoU. That, she said, would continue, as would cooperation in forecasting floods and the handling of emergencies.

U.S. Intelligence Community R&D Agency Has Awarded a Big Contract to Develop New Superconducting Computer

Reuters/Denis Balibouse

December 3, 2014

A member of the media films the room with the IBM Blue Gene Q Supercomputer on the launch day for the HBP at the Swiss Federal Institute of Technology (EPFL) in Ecublens, near Lausanne October 7, 2013.

(Reuters) - The U.S. intelligence community has launched a multi-year research project to develop a superconducting computer, awarding its first contracts to three major technology companies.

International Business Machines Corp, Raytheon BBN Technologies and Northrop Grumman Corp won the contracts, the Intelligence Advanced Research Projects Activity said Wednesday, without disclosing financial details.

The Cryogenic Computer Complexity (C3) program could lead to a new generation of superconducting supercomputers, said the unit of the Office of the Director of National Intelligence.

"The energy demands of today’s high-performance computers have become a critical challenge for the Intelligence Community that the C3 program aims to address,” IARPA said in a statement. Such computers use massive amounts of energy.

According to ComputerWorld magazine, competition from Europe, Japan andChina, which has the world’s fastest computer, is spurring U.S. efforts to develop the next generation of superconducting supercomputers, called exascale.

In November, the Department of Energy awarded Advanced Micro Devices more than $32 million to fund exascale research. AMD Chief Technology Officer Mark Papermaster, said in a blogpost that energy has been the biggest obstacle for exascale computing, or producing a billion billion calculations per second.

“Computers based on superconducting logic integrated with new kinds of cryogenic memory will allow expansion of current computing facilities while staying within space and energy budgets, and may enable supercomputer development beyond the exascale,” Marc Manheimer, C3 program manager at IARPA, said in the statement.

Cyberspace Becoming a More Dangerous Place for Everyone

Washington Post Editorial Board

December 4, 2014

DANGERS ARE growing in cyberspace. Not only are thieves learning to siphon off millions of credit card numbers and e-mail addresses but elaborate pieces of malware are capable of spying on whole organizations for long periods of time, capturing computer screens, keystrokes and data, transmitting it all to distant servers without being ­detected.

Symantec, a cybersecurity company, has announced the discovery of a new example of this sophistication, called Regin, apparently designed for intelligence collection, and comparable in power and complexity with Stuxnet, the computer worm reportedly used by the United States a few years ago to sabotage Iran’s uranium enrichment program. The new spyware does not resemble the evasive bits of code that scoop up credit card data. Rather, according to Symantec, Regin is built for long-term, under-the-radar espionage and surveillance; it comes with many modular pieces that can be custom-fitted to the target of the attack; and it has already been used against governments, infrastructure operators, businesses, academics and private individuals.

“It goes to extraordinary lengths to conceal itself and its activities on compromised computers,” the company reported. “Its stealth combines many of the most advanced techniques that we have ever seen in use.” Threats like this are “rare,” the company said, and the sophistication underscores how significant resources are being poured into this kind of mega-weapon in cyberspace. The Post’s Ellen Nakashima reported that the spyware can also grab control of cellphone towers and monitor calls.

But who is behind it? Symantec could not identify the origins. Confirmed infections have shown up mostly in Russia (28 percent) and Saudi Arabia (24 percent) but none in the United States, Israel or Britain. It may well be another example of American ingenuity in service of intelligence missions, like Stuxnet, but the reality of cyberconflict is that fingerprints can often be difficult to discern. The line between defense and offense, and between nation-states and other groups, can be hazy. Another security firm, Cylance, has reported that Iranian groups hacked into a range of international targets, including airlines, military and energy complexes, hospitals, telecommunications and other institutions.

Networks in the United States remain vulnerable to intrusion, disruption, theft, espionage and attacks that could produce physical damage, all weaknesses that cry out for a more aggressive defense than has been mounted so far. Although the U.S. military is standing up a major cyber effort, both offensive and defensive, private-sector networks in the nation are overly exposed. These networks are the backbone of the economy, health care, education, transportation, energy and countless other critical functions. In the future, attacks are certain to be aimed at them with potentially dire consequences.

Warnings about this have been issued for several years, with insufficient effect. Adm. Michael S. Rogers, the new head of the National Security Agency and U.S. Cyber Command, recently predicted a cyberattack on critical U.S. infrastructure — such as water or electrical systems — in the next decade, saying that it is “only a matter of when, not if, we are going to see something dramatic.” He added, “This is not theoretical.” Or reassuring.

NSA/GCHQ Reportedly Intercepted Messages of Major Cellphone Network Operators Around the World

Ryan Gallagher

December 4, 2014

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.

For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks.

The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance.

The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers.

Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

One high-profile surveillance target is the GSM Association, an influential U.K.-headquartered trade group that works closely with large U.S.-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

Worrying about cyberwar is making countries less safe

Leo Mirani@lmirani

December 3, 2014

Ten days ago, on Nov. 24, online security firms revealed the existence of a powerful computer virus called Regin. A tool of espionage (pdf), the bug displayed all the hallmarks of nation-state backing, researchers said. Suspicion immediately fell on the US and Israel.

The following day came news of a massive intrusion into the systems of Sony Pictures Entertainment. Several pre-release films were leaked, along with detailed personal records and communications of employees. An estimated 100 terabytes of data were stolen, and some 40 gigabytes have so far been leaked. Investigators pointed the finger at North Korea (paywall).

Unsurprisingly, there has since been much hand-wringing about cyberwarfare, with one prominent right-wing American website declaring that “The first cyber war is under way.”

It is precisely this sort of hype that Thomas Rid, a professor of security studies at King’s College London, and Robert M. Lee, an active-duty US Air Force cyber-warfare operations officer, warn against in their paper “OMG Cyber!” (pdf), published in the most recent issue of RUSI Journal, a well-regarded peer-reviewed academic journal of defense and security topics.

Cyber-riches

Rid and Lee argue that hype makes for bad policy. As defense budgets have shrunk, cyber is one area where funding has grown. That leads to perverse incentives, encouraging worry in order to gain and preserve funding. Since cyber is where the money is, all threats are re-labelled cyber-something. That means “it is ever harder to say when something clearly is not cyber-related,” the authors write.

“What we are seeing is espionage and practices and techniques that are easy to understand both technically and politically,” says Lee. “By hyping them into something they are not we fail to respond appropriately. Our policies, our technologies, our education, [and] our military’s readiness are being focused on a classification and understanding of the problem that does not align with the reality.”

Air Force CIO plots comprehensive cyber strategy

By Sean Lyngaas 

Dec 03, 2014 

http://fcw.com/articles/2014/12/03/air-force-cio-cyber.aspx 

Air Force CIO Lt. Gen. William Bender says the service needs a more far-reaching cybersecurity strategy.

Recently installed Air Force CIO Lt. Gen. William Bender is planning a comprehensive review of the service’s cybersecurity vulnerabilities that will go far beyond what he says is the current, narrowly drawn view of USAF networks.

By focusing on Air Force-only networks and not the larger information environment in which they operate, the service’s cybersecurity strategy covers only "20 percent of the problem," Bender told FCW on Dec. 3.

Bender’s plan for a cybersecurity task force is still just that -- it needs to be fleshed out and approved by the Air Force chief of staff and secretary. But Bender, who succeeded retired Lt. Gen. Michael Basla as CIO in September, envisions a "comprehensive, enterprise-level look at the cyber threat as it relates to everything outside of that 20 percent" of Air Force-only networks.

Bender wants the task force to include members from academia, the national lab system, other military services and industry. He hopes to get the project set up in the coming weeks and months, after which it would be about a year before the group delivers a detailed diagnosis of the Air Force's cybersecurity vulnerabilities, and a remedying strategy, to the secretary.

"You have got to know where your problems are before you can do something about it," said Bender, who was previously deputy chief in the Office of Security Cooperation in Baghdad. "As a CIO, I may be able to use policy and guidance to take care of some" vulnerability issues, he added, citing as an example his ability to kick users off a network if their cyber hygiene doesn’t pass muster.

With other military services advising the task force, the Air Force could draw lessons from the Navy’s recently launched cyber task force, which is a deep dive into issues like interoperability and resiliency.

There is a cyber component to a much broader "30-year" Air Force strategy that Secretary Deborah Lee James and Chief of Staff Gen. Mark Welsh released in July. That strategy did not delve into a vision for securing Air Force information networks, but it did evince an interest in offensive cyber capabilities, calling cyberspace a "promising [domain] for a true breakthrough in our approach to Air Force core missions." The document describes "non-kinetic effects such as speed and reversibility that may present more attractive options to war-fighting commanders than those we currently offer."

The First Cyber War is under way

JOHN HAYWARD 

2 Dec 2014

http://www.breitbart.com/InstaBlog/2014/12/02/The-First-Cyber-War-is-under-way

Perhaps it's only in the skirmish phase, but many large conflicts begin with relatively small encounters. After years of maneuvering to get hackers and defensive programming into position, the First Cyber War is under way.

It seems increasingly likely that the hack of Sony Pictures was a cyber-war action. The malware used to perpetrate the attack turns out to be written in Korean, and the North Koreans aren't issuing any blanket denials of responsibility. (The fun thing about North Korean diplomacy is that they can simultaneously imply that they're behind an action like this, and castigate the world for believing they're responsible. Kim Jong Un certainly seems to enjoy having his cake and eating it too...)

The headline-grabbing result of the Sony hack was the theft of several unreleased movies, plus one already in theaters, leading to a torrent of BitTorrent downloads, but that's not all the hackers did. They also took down the corporate computer network and filched some business data, including a spreadsheet with the salaries of over 6,000 Sony employees, including the executives. This information was passed along to the media, evidently with the goal of embarrassing the company. (Is three million bucks a year in salary really all that excessive for a top CEO, especially given how much movie stars and directors pull down?)

The Norks are hacked off at Sony because of an upcoming movie called "The Interview," which satirizes the CIA using dimwitted journalists to assassinate the North Korean dictator. The Russians have been frisky online as well, apparently in a snit over the application of Western sanctions following their adventure in Ukraine. At the end of October, the White House revealed its computer systems had been under sustained attack for weeks - a far more serious cyber-threat than a few thrill-seeking freebooters could be expected to manage. Two weeks ago, the State Department had to shut down its unclassified email system to install security upgrades and deal with the effects of a suspected cyber-attack. Microsoft just discovered a security flaw in the latter editions of its Windows operating system that allowed Russian hackers to spy on NATO for the past five years.

How the world's powers are preparing to defend themselves against cybercrime

By Con Coughlin

03 Dec 2014

Source Link

In a country where the slightest hint of criticism can result in immediate confinement to a hellish prison camp, it is hardly surprising that North Korea’s authoritarian regime should take a dim view of a Hollywood comedy based on the assassination of its self-styled “dear leader”, Kim Jong-un.

The North Korean dictator is not renowned for his sense of humour at the best of times, a disposition that cannot have been improved by his frequent bouts of ill-health. Kim Jong-un’s attempts to assert his authority in Pyongyang have been undermined by his continuing battle against various demons, including diabetes, alcoholism, depression and, earlier this year, cancer - the treatment for which prompted speculation that he had died.

This has made life very difficult indeed for those working at his official Ryonsong Residence near Pyonyang, where Mr Kim’s irrational rages pose a constant threat to the life expectancy of his aides. So far this year he has had his uncle and mentor, Jang Song-thaek, executed by firing squad, as well as one of his mistresses and a dozen pop musicians, who were accused of making lewd videos. For good measure, he made the musicians’ families watch as they were shot.

As Mr Kim is also constantly making threatening gestures towards America, it was only a matter of time before his bizarre conduct attracted the attention of Hollywood script-writers, with the result that Sony’s US-based film division is shortly to release “The Interview”, a production starring Seth Rogan and James Franco. Except that the company’s promotional plans for the comedy have been sabotaged. A sophisticated hacking operation against their computer systems in California has led to five of their big Christmas releases being leaked online.

Despite Pyongyang’s denials, there seems to be little doubt that the sabotage was carried by their newly-acquired cyber warfare wing in retaliation for a film that the regime has denounced as the work of “gangster moviemakers”. Describing the storyline as a “wanton act of terror”, North Korea’s state-controlled media warned Hollywood to expect “merciless countermeasures”.

Report Says Cyberattacks Originated Inside Iran

By NICOLE PERLROTH

DEC. 2, 2014 

Source Link

SAN FRANCISCO — Iranian hackers were identified in a report released Tuesday as the source of coordinated attacks against more than 50 targets in 16 countries, many of them corporate and government entities that manage critical energy, transportation and medical services.

Over the course of two years, according to Cylance, a security firm based in Irvine, Calif., Iranian hackers managed to steal confidential data from a long list of targets and, in some cases, infiltrated victims’ computer networks to such an extent that they could take over, manipulate or easily destroy data on those machines.

Cylance called the attacks “Operation Cleaver” because the word cleaver frequently appeared in the attackers’ malicious code.

The New York Times was able to independently corroborate the firm’s findings with another security firm, Crowdstrike, which said it had been tracking the same group of Iranian hackers for the past nine months under a different alias, “Cutting Kitten”; kitten is the firm’s naming convention for attack groups based in Iran, a nod to the Persian cat.

The hackers used a set of tools that can spy on and potentially shut down critical control systems and computer networks, aiming them at targets in the United States, Canada, Israel, India, Qatar, Kuwait, Mexico, Pakistan, Saudi Arabia, Turkey, the United Arab Emirates, Germany, France, England, China and South Korea.

Cylance would identify only one of Cleaver’s victims — a Navy-Marine Corps network in San Diego that connects sailors, Marines and civilians across the United States — in its 86-page report. But it said other victims in the United States included a major airline, a medical university, an energy company that specializes in natural gas production, an automobile manufacturer, a major military installation and a large military contractor.

Net Politics Book Review:Countdown to Zero Day

by Adam Segal

November 25, 2014

Source Link

Iranian President Mahmoud Ahmadinejad visits the Natanz nuclear enrichment facility, 350 km (217 miles) south of Tehran, on April 8, 2008. (Iranian Presidential official website/Courtesy Reuters) 

The first public announcement of what became known as Stuxnet, the malware designed to slow Iran’s nuclear program, could have easily disappeared into the ether. VirusBlokAda, a little-known cybersecurity firm in Belarus, first noticed the new vulnerability and posted an announcement on their website and an online English-language security forum. After some early news reports about the code and moves to patch the initial vulnerability by Microsoft, it would have been natural for everyone involved to move on the next malware threat. No one had any reason to know what Stuxnet would become. 

But a number of security researchers were intrigued by what they saw and kept going back to crack the code. Their story is the backbone of Kim Zetter’s Count Down to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, an incredibly detailed and readable account of the U.S. and Israeli attack on the computers that controlled the centrifuges at Natanz. Zetter follows the three main groups of cybersecurity experts from Symantec, Kaspersky Lab, and the Langner Group as they decode the malware. As the groups unraveled Stuxnet, they also discovered companion programs including Flame andGauss, which were designed for espionage, not destruction. Zetter does an exceptional job of describing how the malware operated and how it affected infected Iranian networks. 

Throughout the book, Zetter has to manage the tension between what the actual impact of Stuxnet on the nuclear program was and what the potential for future cyberattacks will be. If the computer attacks did little to hamper the Iranians and future attacks are likely difficult to develop, require extensive intelligence capabilities, and cause little physical damage, then Stuxnet looks less a weapon that reshapes foreign policy and more like another tool that is wielded by militarily and economically powerful states. Zetter sees Stuxnet as the beginning of something radically new and the possible damage from cyber as high, but she doesn’t silence other opinions. She gives voice to those who claim Stuxnet had little impact on Iran’s capabilities and when Zetter repeats anecdotes about other cyberattacks that have allegedly caused physical damage, she provides alternative explanations. 

US Army Intelligence Wants to Know How Algorithms Can Improve Intelligence Processing, Analysis and Reporting

The following item was posted online yesterday on the U.S. government’s contracting website fbo.gov: 

The US Army, Intelligence and Information Warfare Directorate (I2WD), is seeking information on algorithms, tools, & workflows to address the need for improved real-time multi-INT fusion and processing, exploitation, & dissemination (PED). Intelligence includes the position/location reports and/or target signatures that are derived from various multi-INT sensors. The multi-INT analyst is challenged with an ever-growing quantity of intelligence from multiple sources and does not have the tools to rapidly combine data and identify meaningful events.

To this end, the Army is seeking PED applications that accelerate the processing of intelligence, increase the richness of exploitation, facilitate dissemination, expedite and enhance analyst RFI fulfillment, and improve commander situational awareness. Applications may lend themselves to either real-time or forensic use or both. Examples of such algorithms include (but are not limited to) the following:

Real-time algorithms will reside directly on the sensor platform, with the purpose of rapidly processing, correlating, and reducing multi-INT data for immediate situational awareness as well as maximizing available bandwidth to a ground station or PED cell. Forensic algorithms take advantage of the wider range of data available on the cloud along with the increased processing power available to provide enhanced products with full situational and historical context. The primary focus of this request is the enhancement of real-time user workflow.

CYBER WAR REPRESENTS EXISTENTIAL THREAT TO U.S.; 3 THREATS THAT SHOULD TRULY TERRIFY YOU

By Chriss W. Street

4 December 2014

Nineteenth century military genius Carl von Clausewitz coined the phrase: “War is a mere continuation of politics by other means.” In his day, the number of wars was limited by the time and expense to organize large armies and then march across borders to inflict pain.

War was much more expensive in the twentieth century, but the number of conflicts expanded because planes and missiles cut the time it took to inflict pain. Proliferating technologies make it now possible for any nation to acquire cyber tools at minimal cost to instantly inflict pain on any other nation. Clausewitz would expect the number of cyber wars to grow exponentially in the twenty-first century.

The advent of cyber war represents a new “high bar risk” as the U.S. faces-off against a deadly trifecta of cutting-edge digital technologies, advanced military weapons, and the ability to disrupt critical infrastructure. With this type of war built around digital technology, America’s enemies will focus on turning our own technology against us.

The first year of the twenty-first century will be remembered for 19 illegal aliens who trained at a Florida school to use U.S. commercial airliners as improvised explosive devices. The 9/11 terrorists slaughtered more Americans than died at Pearl Harbor. With the U.S. government politically forced to declare war on much of the Middle East, the financial cost from the attacks and subsequent military response is over $3.3 trillion.

Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard A. Clarke, defined “cyber warfare” as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” When confronted with the statistic that less than 0.0025% of revenue at the average U.S. corporation was being spent on information technology security, Clarke warned: “If you spend more on coffee than on IT security, then you will be hacked. What’s more, you deserve to be hacked.”

Edward Snowden’s revelations concerning the militarized activities of the NSA highlight cyber warfare’s danger to the U.S. corporate sector. Military power in the cyber domain is projected through the civilian computer networks of U.S. tech giants such as Google, Facebook, Verizon, and Apple. The cooperation or conscription of private U.S. networks for cyber warfare attacks or defenses creates an extreme liability for these firms. U.S. tech companies are top targets for suspicion and potential retaliation by enemy states.

The main proliferator of cyber warfare capabilities to potential enemies of the United States is the boom in attendance by international students at U.S. colleges. The State Department’s 2014 Open Doors Report on International Educational Exchange reported the number of international students studying at U.S. colleges grew since 2000 by 72% to 886,052. About 23% of international students worldwide now study in the U.S.

TIME TO DEBATE ABOUT SPACE BASED DEFENSE?

by Fortuna's Corner

December 4, 2014

By High Frontier Posting on December 4, 2014 in Arms Control, Brilliant Pebbles, Henry F. Cooper, High Frontier, Raptor Talon, Space Based Defense

High Frontier

A recent National Defense Industrial Association (NDIA) publication raised a timely issue—that it is time to debate the utility of space based defenses against ballistic missiles, because of the growing threat. I could not agree more, and here provide additional reasons why and offer some counters to those who criticized aspects of this important paper.

As Lt. General James Abrahamson and I wrote on the 30th anniversary of Ronald Reagan’s March 23, 1983 speech that launched the Strategic Defense Initiative (SDI), the most effective missile defense concept to come from the SDI era (1884-93) was the Brilliant Pebbles space-based interceptor (SBI) system. “Abe” began the program as a special access program on his watch as SDI Director; Lt. General George Monahan carried the program through a “season of studies” to formal concept validation approval by the Pentagon’s defense acquisition authorities on his watch (and I believe that had he lived he would have joined in our 2013 assessment); and, on my watch, I carried the program through a congressional gauntlet until it was sharply curtailed by the “congressional powers that be” in 1992.

(Click here to read the ballistic missile defense (BMD) historian’s published account of this story, discussed in Don Baucom’s “The Rise and Fall of Brilliant Pebbles.”)

In early 1993, the Clinton administration sharply curtained the SDI program—even cutting by 80-percent a fully funded, congressionally mandated national missile defense (NMD) program to develop and deploy a ground-based homeland defense as soon as technologically feasible. The congressionally-approved Brilliant Pebbles technology demonstration program was totally scuttled even though congress had appropriated over $300 million for fiscal year 1993—Defense Secretary Les Aspin boasted he was “taking the stars out of Star Wars.”

The Clinton administration declared its allegiance to the anti-ballistic missile (ABM) Treaty as the “cornerstone of strategic stability,” and that Treaty blocked the testing and deployment of effective BMD systems if they could defend the U.S. homeland—especially space-based defenses.

The Navy's cyber awakening

By Sean Lyngaas 

Oct 31, 2014 

The Navy Department has laid out a strategy that clearly identifies cyberspace as a warfighting domain. The strategy is designed to better assess cyber risks across the service in the wake of a high-profile breach of its computers last year.

"Cyber and IT [are] now a commander's business," declared Matthew Swartz, a member of the department's Senior Executive Service who is helping lead a yearlong task force to implement the new strategy.

The main purpose of Task Force Cyber Awakening, which was explained in detail to reporters during an Oct. 31 roundtable, is to give leaders a clearer picture of how the cybersecurity postures of the service's many components, from the Naval Sea Systems Command to the Space and Naval Warfare Systems Command, stack up.

Today it might take the Navy days or weeks to assess the cybersecurity strength of a given program, Swartz said. The goal is to dramatically reduce that time. Cyber breaches on any network are inevitable, he added. But awareness of vulnerabilities can be much improved.

In developing the new strategy, leaders realized there wasn't a "unifying front" for collecting information on cyber vulnerabilities across the service, Swartz said.

One of the catalysts for the new strategy was the breach last year, reportedly by Iranian hackers, of the Navy Marine Corps Intranet, the service's massive internal computer network.

The NMCI intrusion was "part of the foundation that led to this task force" because it drove home how critically reliant the Navy Department is on an internal network for enterprisewide operations, Swartz said.

The task force, led by Vice Adm. Ted Branch, deputy chief of naval operations for information dominance, has four subgroups that cover issues such as interoperability and resiliency. One group is charged with delivering a cyber resiliency plan for the Navy in November, which the department will continue to refine. The task force will finish its work in August 2015 and, if things go according to plan, will leave in its wake an "enduring capability that we organize around," Swartz said.

Pentagon Worries That Russia Can Now Outshoot U.S. Stealth Jets

Dave Majumdar

12.04.14 

American fighter planes are fastest, most maneuverable jets in the world. But their weapons are becomingly increasingly obsolete—and that has some in the U.S. Air Force spooked. 

High flying and fast, the F-22 Raptor stealth jet is by far the most lethal fighter America has ever built. But the Raptor—and indeed all U.S. fighters—have a potential Achilles’ heel, according to a half-dozen current and former Air Force officials. The F-22’s long range air-to-air missiles might not be able to hit an enemy aircraft, thanks to new enemy radar jamming techniques. 

The issue has come to the fore as tensions continue to rise with Russia and a potential conflict between the great powers is once again a possibility—even if a remote one. 

“We—the U.S. [Department of Defense]—haven’t been pursuing appropriate methods to counter EA [electronic attack] for years,” a senior Air Force official with extensive experience on the F-22 told The Daily Beast. “So, while we are stealthy, we will have a hard time working our way through the EA to target [an enemy aircraft such as a Russian-built Sukhoi] Su-35s and our missiles will have a hard time killing them.” 

The problem is that many potential adversaries such as the Chinese and the Russians have developed advanced digital radio frequency memory (DRFM) jammers. These jammers, which effectively memorize an incoming radar signal and repeat it back to the sender, seriously hamper the performance of friendly radars. 

Worse, these new jammers essentially blind the small radars found onboard air-to-air missiles like the Raytheon AIM-120 AMRAAM, which is the primary long-range weapon for all U.S. and most allied fighter planes. 

That means it could take several missile shots to kill an enemy fighter, even for an advanced stealth aircraft like the Raptor. “While exact Pk [probability of kill] numbers are classified, let’s just say that I won’t be killing these guys one for one,” the senior Air Force official said. It’s the “same issue” for earlier American fighters like the F-15, F-16, or F/A-18. 

Wanted: An Enemy for America's Third Offset Strategy

Zachary Keck

December 4, 2014 

Source Link

The Pentagon's Third Offset Strategy can't solve all the country's national security challenges, and it will fail if it tries.

In a widely publicized speech at the Reagan National Defense Forum last month, Defense Secretary Chuck Hagel announced a new Pentagon initiative aimed at fostering a third “game-changing” Offset Strategy. Modeled off of Eisenhower’s New Look doctrine in the 1950s, and the Offset Strategy of the 1970s and 1980s, the Third Offset Strategy seeks to harness technological innovations to preserve America’s military primacy in the future.

Despite the grand rollout, much of the details of the Third Offset Strategy remains to be fleshed out. With this in mind, the House Armed Services’ Subcommittee on Seapower and Projection Forces held the first of what its chairman, Rep. Randy Forbes (R-VA), promised would be many hearings on the new strategy. Entitled “The Role of Maritime and Air Power in the Third Offset Strategy,” the hearing featured testimony from four prominent defense think tankers with previous Pentagon experience.

One of the more important debates that emerged among the witnesses concerned whether the Third Offset Strategy should focus on all the challenges the Pentagon deals with, or else more narrowly on a few of the most important threats it faces-- such as anti-access/area-denial (A2/AD).

On one side of this debate was Andrew Hunter, who is now at the Center for Strategic and International Studies after recently leaving Pentagon where he served as Ash Carter's chief of staff, among other positions. Hunter argued that the Third Offset Strategy “must be integrated in a broader national strategy” and focused on all the issue areas outlined in key defense strategy documents like the QDR and Defense Strategic Guidance.

“To address a mission set this diverse,” Hunter said, “the next offset strategy will have to focus on capabilities with a broad array of applications, from the high end to the low end of conflict. I believe there is a real danger of over specifying the problem particularly if you are specifying it at one end of the spectrum solely.”

As such, Hunter repeatedly cautioned against using the Offset Strategy to select specific platforms. Instead, he argued that the Offset Strategy should merely identify capabilities and operational concepts.

TALK STEALTHY TO ME

Kelley Sayler

December 4, 2014

As the Air Force Times recently reported, the F-22 and F-35A conducted their first integrated training mission earlier this month. Several observers declared this mission, which included offensive counter air, defensive counter air and interdiction operations, to be a success. But if the planes are to actually operate as a cohesive strike package in the complex A2/AD environments of the future, the services will first need to address a glaring gap in interoperability: data links.

Currently, the F-22 and F-35 are equipped with two different low probability-of-intercept/low probability-of-detection (LPI/LPD) systems for exchanging data while in stealth mode: the F-22 uses the older and more limited Intra Flight Data Link (IFDL); the F-35 operates with the newer Multifunction Advanced Data Link. Quite astoundingly, these two LPI/LPD systems cannot communicate with each other, meaning that if the F-35 and F-22 need to share information with each other, they must do so using the non-stealthy Link 16 system used by 4th-generation legacy aircraft. (And even then, the F-22 is limited to receiving data; it cannot transmit it.)

This is particularly problematic because, given the expense of operating both the F-22 and the F-35 in comparison to legacy aircraft, they are — at least in the near-term — likely to be deployed together only when stealth is required. Furthermore, the lack of compatible data links means that the information gathered by the planes’ highly capable sensors and avionics — often described as one of their greatest comparative advantages — cannot be fully leveraged within a 5th-gen strike package, in turn diminishing the potential of integrated targeting capabilities.

The problems do not end there. In addition to the lack of interoperability between the two 5th-generation fighter datalinks, there is also a lack of interoperability between 5th-generation fighter and 4th-generation fighter datalinks. This means that legacy aircraft are not able to maximally benefit from the vastly superior situational awareness and threat detection capabilities of their 5th-generation brethren. As a result, F-35 operators — which in addition to the Air Force will include the U.S. Marine Corps and Navy, as well as a host of foreign governments — cannot realize the full return on unprecedented levels of investment.