Forwarded from: William Knowles <wk@private> http://www.afa.org/magazine/Dec2005/1205info.asp By Adam J. Hebert Senior Editor December 2005 Across a range of unusual battle-spaces - global computer networks, human psychology, and electronic systems -the Air Force has become fully engaged in information warfare (IW), now deemed a critical element in the worldwide conflict with terrorists. USAF is concentrating on three IW thrusts: network - that is, computer - operations, "influence" operations, and electronic warfare operations. In these new combat arenas, adversaries, and consequences of their actions, are constantly shifting. Encounters rarely are unambiguous. Take, for example, an unidentified intruder's success in hacking into the Air Force Personnel Center's Assignment Management System database, used by airmen for assignment planning. The hacker, acting last June, used a legitimate user's log-in and access codes and downloaded the names, birth dates, and Social Security numbers of 33,000 airmen, mostly officers. In so doing, the miscreant, whoever he was, acquired vast amounts of data tailor-made for identity theft - or worse. Maj. Gen. Anthony F. Przybyslawski, commander of AFPC at Lackland AFB, Tex., said officials became aware of a problem as the information was being downloaded. Security officers shut down the system, but the damage was done. Przybyslawski said the center's security standards simply weren't high enough. This security breach did not pose a traditional military threat - apparently. However, it immediately focused attention on the difficulty the Air Force has in the ever-changing global information war. What if hackers, terrorists, or hostile nations could acquire something more sensitive? What if the stolen information was not personnel data but schedules for the movement of nuclear warheads or classified stealth aircraft designs? Building true information security is "indeed a monumental task," said Gen. William T. Hobbins, who led the Air Force's warfighting integration efforts before being confirmed to become the new commander of US Air Forces in Europe. "We have threats from multiple sources, ... everything from hostile attacks to inadvertent compromise." In the past, spies also have used legitimate access illegitimately to obtain sensitive military information. In one notorious case, retired Air Force MSgt. Brian P. Regan, working for the National Reconnaissance Office, penetrated a classified database and downloaded images and coordinates of Iraqi and Chinese missile sites. He then tried, unsuccessfully, to sell the information to Baghdad and Beijing. Growing Threat It is no secret that the US military has become highly dependent on its information systems. USAF defines these systems as including not only computer networks but also command, control, and communications equipment. Potential enemies believe that attacks on these systems constitute an effective way to strike at US military strength. More than 20 nations, including China and North Korea, possess dedicated computer attack programs. In a 2005 Pentagon report to Congress on Chinese military power, officials wrote that the People's Liberation Army (PLA) sees computer warfare as "critical to seize the initiative," early in a conflict. The goal: achieve "electromagnetic dominance." The PLA, warned the new Pentagon report, "likely" has established information warfare units able to "develop viruses to attack enemy computer systems and networks" as well as "tactics to protect friendly computer systems and networks." A Chinese information warfare concept of operations "outlines the integrated use of electronic warfare, [computer attacks], and limited kinetic strikes against key C4 nodes to disrupt the enemy's battlefield network information systems," the Pentagon report observed. US Strategic Command, DOD's lead organization for network warfare, contends that Pentagon-focused "intrusion attempts" have been growing quickly. In the first half of 2004, DOD suffered through more than 150 hostile intrusion attempts per day. In the first half of 2005, by contrast, there were more than 500 intrusion attempts per day. The Air Force has seen similar growth in network attacks, but it has generally fended off the threats so far. Both foreign and domestic hackers are responsible. The more the military comes to rely on network-based operations, the more it must defend those networks, said USAF Lt. Gen. C. Robert Kehler, STRATCOM deputy commander. Hobbins agreed. "The number and sophistication of attacks have increased," he said, but while "the number of suspected attempts to penetrate our systems has increased, ... the number of actual intrusions has decreased." Vulnerability Seen The Pentagon has been at this for a while. In the late 1990s, DOD exercises, plus a number of strange attacks on DOD computer systems, raised the military's awareness of its vulnerability. In 1997, Pentagon officials launched an internal exercise, code-named "Eligible Receiver." A Red Team of hackers organized by the National Security Agency was instructed to try to infiltrate Pentagon computer networks, using only publicly available computer equipment and hacking software. Although many details about Eligible Receiver are still classified, it is known that the Red Team was able to infiltrate and take control of some of US Pacific Command’s computers as well as emergency systems in major US cities. Eligible Receiver revealed the surprising vulnerability of supposedly secure military networks. Not long after Eligible Receiver, the US accidentally uncovered Moonlight Maze, a two-year-long pattern of probing of computer systems in the Pentagon, NASA, Energy Department, and university and research labs. Although the attacks, which were believed to have begun in March 1998, were traced to a mainframe computer in Russia, the perpetrators never have been publicly identified and may be unknown to the US. Russia denied any involvement. Military information could be better protected by moving everything from the public Internet to the SIPR Net, a secret military network, but "the benefits wouldn't outweigh the costs," said Hobbins. The Defense Department also must be careful not to go too far and make security so intense that it slows down military action. "We go too far when [infosec] restricts our ability to act and attack," said one official. "Our security system should resemble something more like a Kevlar body vest than full body armor." The trend today is definitely toward protection. "I can tell you that information assurance has clearly increased in budgeting priority," Hobbins said. "We live in a resource-constrained environment, but we do have the means to counter the threats we face." While the Air Force is continuously studying technologies and vulnerabilities, its IW effort is not completely devoted to fending off attacks. Defensive and offensive information warfare operations are "intrinsically linked and complementary," said Hobbins. He added, "Our efforts focus upon capabilities that will enable us to defend DOD assets and exploit, deny, degrade, disrupt, or destroy adversaries' information [resources]." STRATCOM would, if so ordered, conduct DOD's information warfare operations. "You can see the potential" for offensive information warfare, said Kehler, by looking at what already has happened to the United States. Unique Challenge Strategic Command today is embracing a "unique challenge," said Rear Adm. Thomas E. Zelibor, STRATCOM director of global operations. The command is using information warfare as a way to "get the desired effects without blowing something up." While officials offer few specifics about what they are trying to accomplish in offensive information warfare, Zelibor said the goal is to "delay or disrupt the decision-making process of your adversaries." This could mean subtly channeling an enemy toward doing "what we want them to do," said Zelibor. If the goal is to collect intelligence, DOD might want to observe an enemy network that it has compromised and not automatically shut the network down. Similarly, there is a critical need to be able to track lone individuals in the war on terror and not necessarily kill or capture them right away. Army Gen. Bryan D. Brown, head of US Special Operations Command, testified before Congress this year that his "No. 1 technological shortfall" is the inability to "persistently and remotely locate, track, and target a human." Seeing who terrorists interact with, listening in on their phone calls, and later swooping in to seize paperwork and laptops can yield a treasure trove of coveted "actionable" information. Kehler said the most dramatic near-term improvements in intelligence probably will come through fusion, not new sensors. The "big leverage today" will come by "bringing it all together," he said. Data mining, a relatively new intelligence tool, is a big part of the fusion effort. SOCOM has a standing intelligence collaboration center that "has been used extensively in supporting unique special operations requirements" in Iraq and Afghanistan, said Brown. The collaboration center uses "the equivalent of a Google search engine," explained Air Force Maj. Gen. Donald C. Wurster, deputy director of SOCOM's Center for Special Operations. "Whenever we have people go out around the world, they're bringing information back and plowing it into an infrastructure that enables us to mine it later," he said. Wurster told Congress this summer that as troops "were rolling guys up in Iraq," SOCOM would run the information on fugitives through SOJICC, the Special Operations Joint Interagency Collaboration Center. The center "printed out a notebook that would fit in a soldier's thigh pocket," Wurster continued. The information would tell the troops everything known about a captured terrorist or insurgent: "Here's who his family is, here's where he's from, here's who he's hooked up with." Wurster described SOJICC as "the most significant piece of horizontal integration we have ... as a consumer of other people's expertise." The Air Force plays a major role in gathering the tactical information needed for immediate use on the battlefield. Immediate Impact USAF's fleet of RC-135 Rivet Joint aircraft, for example, gathers signals intelligence and flies missions of up to 24 hours - seemingly making it ideal for the war on terror. Rivet Joint crews can listen in on enemy radio and cell phone conversations, providing immediate impact on the ground in Afghanistan and Iraq. Information gathered from the air is "key to how soldiers and marines do their jobs," said Col. Dennis R. Wier, commander of the 55th Operations Group at Offutt AFB, Neb. The RC-135 is so valuable, Wier said in an interview, that US Central Command and US Pacific Command have the Nebraska-based aircraft assigned to them around the clock, and Rivet Joints fly over Afghanistan every day. Lt. Col. Ron Machoian said the crews know they are making a difference. "We hear it," said Machoian, commander of the 38th Reconnaissance Squadron at Offutt. "I can listen to us informing an engagement on the ground, while I'm airborne." Intelligence personnel are in short supply, however. Maj. Jeff Lauth, acting director of operations for the 97th Intelligence Squadron at Offutt, said staffing for many positions is "critically low." The airmen have skills that are in high demand outside the Air Force. Enlisted airborne crypto-linguists are a particular concern. Wier said this summer that the 55th Wing was only 35 percent manned in linguists, partially because it takes up to three years to train new ones. To help fill the need, the Air Intelligence Agency recently created the Offutt Language Learning Center to help train linguists. Language needs are much broader than during the Cold War. In addition to the "traditional" Russian speakers, DOD needs fluency in Arabic, Pashtu, Farsi, Dari, Urdu, Korean, and Mandarin Chinese. RC-135s don't have weapons, noted the language center's 1st Lt. Brandon Middleton, so "language is the weapon it takes to the fight." Linguists cannot work without equipment, and obtaining the intelligence needed is an ongoing challenge. Wier noted that the RC-135s have their onboard equipment completely upgraded every year or two to ensure the US can continue to "get" enemy information. It "blows you away, ... the type of things you can do" with the latest airborne intelligence equipment, said Maj. Gen. John C. Koziol, who was then commander of the 55th Wing and now heads the Air Intelligence Agency. Constant upgrades and deployments make training difficult, he added. It is hard for Rivet Joint aircrews to keep current with the technology, Koziol said, because each RC-135 variant has its "own little quirks." This is a necessary evil. Lt. Col. John Rauch, commander of the 338th Combat Training Squadron, noted that upgrades come directly from operational lessons. Combat aircrews continually develop new tactics and ideas for better equipment. Protecting Data The Air Force Information Warfare Center's IW Battlelab is tasked with quickly developing solutions to many of these operational needs. One recently fielded example is "Lockjaw," a device to quickly destroy computer hard drives so that US information does not fall into enemy hands. Col. David D. Watt, AFIWC commander, said the unit is working to build within USAF an awareness of the importance of defending and exploiting information. The center has an aggressor squadron conducting vulnerability assessments, Watt said, trying to get in base gates, access computers, and see what it can "piece together" from various sources. Officials are often surprised to learn what is found even in open sources. A study on information operations in Iraq by the Air Force Command and Control and Intelligence, Surveillance, and Reconnaissance Center at Langley AFB, Va., described one security risk that came from an unlikely place - the Pentagon. A B-1B bomber mission targeting Saddam Hussein received much publicity in the early days of Operation Iraqi Freedom. Details of the mission and crew members' full names, commanding officer, and home base were widely reported. This was "an egregious OPSEC [operations security] violation [that] potentially put the family members ... at risk," stated the study. AFIWC commander Watt said influence ops in particular are still on "the ground floor" doctrinally, and the center is trying to get the rest of the Air Force to understand what information warfare brings to the fight. Even something as simple as "the truth" can be applied in different ways, noted Maj. Tadd Sholtis in the fall 2005 Air & Space Power Journal. If it is a military objective to deter an enemy from taking action, both an information operation and a public affairs tactic can be engaged. The "IO influence tactic" would be to broadcast radio and television messages describing the futility of challenging the superior US military. The "PA tactic," meanwhile, would "demonstrate military resolve by promoting media coverage of the deployment of combat-capable forces to the region," Sholtis wrote. STRATCOM's Zelibor said it is difficult to create metrics - battle damage assessment, if you will - judging the effectiveness of DOD's information efforts. Even so, he noted, strategists can tune in to foreign news sources to "look for the effects." Copyright Air Force Association *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Thu Dec 01 2005 - 22:57:17 PST