Our military leadership at all levels seemingly has a very difficult time understanding the ramifications of intrusions into our critical information networks. What the nature of those intrusions will be, how and whether they can be detected, what effects they will have (if any), and the interconnection of vulnerabilities that come with the 21st Century lapis philosophorum of being “networked”.
By feeding counterfeit radio signals to the yacht, the UT team was able to drive the ship far off course, steer it left and right, potentially take it into treacherous waters, even put it on a collision course with another ship. All the time, the ship’s GPS system reported the vessel was calmly moving in a straight line, along its intended course. No alarms, no indication that anything was amiss.
Military leaders lack a nuanced understanding of what they so clumsily label the “cyber domain”. Discussions almost always center around denial or disruption of service. Very rarely do they address what is a far more serious, more difficult to detect, and potentially much more paralyzing in effect; the compromise of trusted information sources and networks. When such issues come to the fore in the exercises and wargames of which I am a part, I do try to let people know that being “shut down” at an inconvenient time is serious, but in the pantheon of bad stuff our enemies can do to us, it is relatively low on the list. And that we should be bracing for far more difficult and widespread problems from those intrusions.
The instance of GPS hacking, as reported by Fox News, is a peek into how serious things can be. Anything that is remotely accessed and controlled is vulnerable to intrusion. Often, there is not a Human in the Loop (HITL) until well downstream of any such intrusion. SCADA systems remain notoriously vulnerable, and attribution nearly impossible. In addition, many of the exploits to be leveraged by our enemies are likely already IN our networks. Small bits of code that allow for override of authentication, turn off IDS, firewall permissions, domain name server settings, any and all of the security measures on which our critical infrastructure relies so heavily.
Our understanding at all levels of war needs to be reflected in realistic and demanding training for conducting operations without our massive technological advantage, or with many of those systems compromised or suspect. We did so for many years in the Cold War, where the Soviets could potentially mount a significant challenge in the electronic spectrum. And we need to learn anew to do it again, and to be disciplined in doing so. The acronyms MIJI (meaconing, intrusion, jamming, and interference) and PACE (primary, alternate, contingency, emergency) used to be common to everyone in leadership from the tactical level on up. The first was the adversary threat to our operations, the second, the methodology by which we could communicate and operate with loss of capability due to those threats.
The longer we talk about the “cyber domain”, the longer we display a simplistic and unimaginative understanding of the threat, the less time we will have and more difficult will be the task of understanding how we can fight and win wars when our enemies can deny us a spectrum we have dominated for decades.