[ISN] Information Battleground

From: InfoSec News (isn@private)
Date: Thu Dec 01 2005 - 22:15:04 PST


Forwarded from: William Knowles <wk@private>

http://www.afa.org/magazine/Dec2005/1205info.asp

By Adam J. Hebert
Senior Editor 
December 2005 

Across a range of unusual battle-spaces - global computer networks,
human psychology, and electronic systems -the Air Force has become
fully engaged in information warfare (IW), now deemed a critical
element in the worldwide conflict with terrorists.

USAF is concentrating on three IW thrusts: network - that is, computer
- operations, "influence" operations, and electronic warfare
operations. In these new combat arenas, adversaries, and consequences
of their actions, are constantly shifting.

Encounters rarely are unambiguous.

Take, for example, an unidentified intruder's success in hacking into
the Air Force Personnel Center's Assignment Management System
database, used by airmen for assignment planning. The hacker, acting
last June, used a legitimate user's log-in and access codes and
downloaded the names, birth dates, and Social Security numbers of
33,000 airmen, mostly officers.

In so doing, the miscreant, whoever he was, acquired vast amounts of
data tailor-made for identity theft - or worse.

Maj. Gen. Anthony F. Przybyslawski, commander of AFPC at Lackland AFB,
Tex., said officials became aware of a problem as the information was
being downloaded. Security officers shut down the system, but the
damage was done. Przybyslawski said the center's security standards
simply weren't high enough.

This security breach did not pose a traditional military threat -
apparently. However, it immediately focused attention on the
difficulty the Air Force has in the ever-changing global information
war. What if hackers, terrorists, or hostile nations could acquire
something more sensitive? What if the stolen information was not
personnel data but schedules for the movement of nuclear warheads or
classified stealth aircraft designs?

Building true information security is "indeed a monumental task,"  
said Gen. William T. Hobbins, who led the Air Force's warfighting
integration efforts before being confirmed to become the new commander
of US Air Forces in Europe. "We have threats from multiple sources,
... everything from hostile attacks to inadvertent compromise."

In the past, spies also have used legitimate access illegitimately to
obtain sensitive military information.

In one notorious case, retired Air Force MSgt. Brian P. Regan, working
for the National Reconnaissance Office, penetrated a classified
database and downloaded images and coordinates of Iraqi and Chinese
missile sites. He then tried, unsuccessfully, to sell the information
to Baghdad and Beijing.


Growing Threat

It is no secret that the US military has become highly dependent on
its information systems. USAF defines these systems as including not
only computer networks but also command, control, and communications
equipment. Potential enemies believe that attacks on these systems
constitute an effective way to strike at US military strength.

More than 20 nations, including China and North Korea, possess
dedicated computer attack programs. In a 2005 Pentagon report to
Congress on Chinese military power, officials wrote that the People's
Liberation Army (PLA) sees computer warfare as "critical to seize the
initiative," early in a conflict. The goal: achieve "electromagnetic
dominance."

The PLA, warned the new Pentagon report, "likely" has established
information warfare units able to "develop viruses to attack enemy
computer systems and networks" as well as "tactics to protect friendly
computer systems and networks."

A Chinese information warfare concept of operations "outlines the
integrated use of electronic warfare, [computer attacks], and limited
kinetic strikes against key C4 nodes to disrupt the enemy's
battlefield network information systems," the Pentagon report
observed.

US Strategic Command, DOD's lead organization for network warfare,
contends that Pentagon-focused "intrusion attempts" have been growing
quickly. In the first half of 2004, DOD suffered through more than 150
hostile intrusion attempts per day. In the first half of 2005, by
contrast, there were more than 500 intrusion attempts per day.

The Air Force has seen similar growth in network attacks, but it has
generally fended off the threats so far. Both foreign and domestic
hackers are responsible.

The more the military comes to rely on network-based operations, the
more it must defend those networks, said USAF Lt. Gen. C. Robert
Keh­ler, STRATCOM deputy commander. Hobbins agreed. "The number and
sophistication of attacks have increased," he said, but while "the
number of suspected attempts to penetrate our systems has increased,
... the number of actual intrusions has decreased."


Vulnerability Seen

The Pentagon has been at this for a while. In the late 1990s, DOD
exercises, plus a number of strange attacks on DOD computer systems,
raised the military's awareness of its vulnerability.

In 1997, Pentagon officials launched an internal exercise, code-named
"Eligible Receiver." A Red Team of hackers organized by the National
Security Agency was instructed to try to infiltrate Pentagon computer
networks, using only publicly available computer equipment and hacking
software. Although many details about Eligible Receiver are still
classified, it is known that the Red Team was able to infiltrate and
take control of some of US Pacific Command’s computers as well as
emergency systems in major US cities. Eligible Receiver revealed the
surprising vulnerability of supposedly secure military networks.

Not long after Eligible Receiver, the US accidentally uncovered
Moonlight Maze, a two-year-long pattern of probing of computer systems
in the Pentagon, NASA, Energy Department, and university and research
labs. Although the attacks, which were believed to have begun in March
1998, were traced to a mainframe computer in Russia, the perpetrators
never have been publicly identified and may be unknown to the US.  
Russia denied any involvement.

Military information could be better protected by moving everything
from the public Internet to the SIPR Net, a secret military network,
but "the benefits wouldn't outweigh the costs," said Hobbins.

The Defense Department also must be careful not to go too far and make
security so intense that it slows down military action. "We go too far
when [infosec] restricts our ability to act and attack," said one
official. "Our security system should resemble something more like a
Kevlar body vest than full body armor."

The trend today is definitely toward protection. "I can tell you that
information assurance has clearly increased in budgeting priority,"  
Hobbins said. "We live in a resource-constrained environment, but we
do have the means to counter the threats we face."

While the Air Force is continuously studying technologies and
vulnerabilities, its IW effort is not completely devoted to fending
off attacks. Defensive and offensive information warfare operations
are "intrinsically linked and complementary," said Hobbins. He added,
"Our efforts focus upon capabilities that will enable us to defend DOD
assets and exploit, deny, degrade, disrupt, or destroy adversaries'
information [resources]."

STRATCOM would, if so ordered, conduct DOD's information warfare
operations. "You can see the potential" for offensive information
warfare, said Kehler, by looking at what already has happened to the
United States.


Unique Challenge

Strategic Command today is embracing a "unique challenge," said Rear
Adm. Thomas E. Zelibor, STRATCOM director of global operations. The
command is using information warfare as a way to "get the desired
effects without blowing something up."

While officials offer few specifics about what they are trying to
accomplish in offensive information warfare, Zelibor said the goal is
to "delay or disrupt the decision-making process of your adversaries."

This could mean subtly channeling an enemy toward doing "what we want
them to do," said Zelibor.

If the goal is to collect intelligence, DOD might want to observe an
enemy network that it has compromised and not automatically shut the
network down.

Similarly, there is a critical need to be able to track lone
individuals in the war on terror and not necessarily kill or capture
them right away.

Army Gen. Bryan D. Brown, head of US Special Operations Command,
testified before Congress this year that his "No. 1 technological
shortfall" is the inability to "persistently and remotely locate,
track, and target a human." Seeing who terrorists interact with,
listening in on their phone calls, and later swooping in to seize
paperwork and laptops can yield a treasure trove of coveted
"actionable" information.

Kehler said the most dramatic near-term improvements in intelligence
probably will come through fusion, not new sensors. The "big leverage
today" will come by "bringing it all together," he said. Data mining,
a relatively new intelligence tool, is a big part of the fusion
effort.

SOCOM has a standing intelligence collaboration center that "has been
used extensively in supporting unique special operations requirements"  
in Iraq and Afghanistan, said Brown. The collaboration center uses
"the equivalent of a Google search engine," explained Air Force Maj.  
Gen. Donald C. Wurster, deputy director of SOCOM's Center for Special
Operations.

"Whenever we have people go out around the world, they're bringing
information back and plowing it into an infrastructure that enables us
to mine it later," he said.

Wurster told Congress this summer that as troops "were rolling guys up
in Iraq," SOCOM would run the information on fugitives through SOJICC,
the Special Operations Joint Interagency Collaboration Center.

The center "printed out a notebook that would fit in a soldier's thigh
pocket," Wurster continued. The information would tell the troops
everything known about a captured terrorist or insurgent: "Here's who
his family is, here's where he's from, here's who he's hooked up
with."

Wurster described SOJICC as "the most significant piece of horizontal
integration we have ... as a consumer of other people's expertise."

The Air Force plays a major role in gathering the tactical information
needed for immediate use on the battlefield.


Immediate Impact

USAF's fleet of RC-135 Rivet Joint aircraft, for example, gathers
signals intelligence and flies missions of up to 24 hours - seemingly
making it ideal for the war on terror. Rivet Joint crews can listen in
on enemy radio and cell phone conversations, providing immediate
impact on the ground in Afghanistan and Iraq.

Information gathered from the air is "key to how soldiers and marines
do their jobs," said Col. Dennis R. Wier, commander of the 55th
Operations Group at Offutt AFB, Neb.

The RC-135 is so valuable, Wier said in an interview, that US Central
Command and US Pacific Command have the Nebraska-based aircraft
assigned to them around the clock, and Rivet Joints fly over
Afghanistan every day.

Lt. Col. Ron Machoian said the crews know they are making a
difference. "We hear it," said Machoian, commander of the 38th
Reconnaissance Squadron at Offutt. "I can listen to us informing an
engagement on the ground, while I'm airborne."

Intelligence personnel are in short supply, however. Maj. Jeff Lauth,
acting director of operations for the 97th Intelligence Squadron at
Offutt, said staffing for many positions is "critically low." The
airmen have skills that are in high demand outside the Air Force.

Enlisted airborne crypto-linguists are a particular concern. Wier said
this summer that the 55th Wing was only 35 percent manned in
linguists, partially because it takes up to three years to train new
ones. To help fill the need, the Air Intelligence Agency recently
created the Offutt Language Learning Center to help train linguists.

Language needs are much broader than during the Cold War. In addition
to the "traditional" Russian speakers, DOD needs fluency in Arabic,
Pashtu, Farsi, Dari, Urdu, Korean, and Mandarin Chinese. RC-135s don't
have weapons, noted the language center's 1st Lt.  Brandon Middleton,
so "language is the weapon it takes to the fight."

Linguists cannot work without equipment, and obtaining the
intelligence needed is an ongoing challenge. Wier noted that the
RC-135s have their onboard equipment completely upgraded every year or
two to ensure the US can continue to "get" enemy information.

It "blows you away, ... the type of things you can do" with the latest
airborne intelligence equipment, said Maj. Gen. John C. Koziol, who
was then commander of the 55th Wing and now heads the Air Intelligence
Agency.

Constant upgrades and deployments make training difficult, he added.  
It is hard for Rivet Joint aircrews to keep current with the
technology, Koziol said, because each RC-135 variant has its "own
little quirks."

This is a necessary evil. Lt. Col. John Rauch, commander of the 338th
Combat Training Squadron, noted that upgrades come directly from
operational lessons. Combat aircrews continually develop new tactics
and ideas for better equipment.


Protecting Data

The Air Force Information Warfare Center's IW Battlelab is tasked with
quickly developing solutions to many of these operational needs. One
recently fielded example is "Lockjaw," a device to quickly destroy
computer hard drives so that US information does not fall into enemy
hands.

Col. David D. Watt, AFIWC commander, said the unit is working to build
within USAF an awareness of the importance of defending and exploiting
information. The center has an aggressor squadron conducting
vulnerability assessments, Watt said, trying to get in base gates,
access computers, and see what it can "piece together" from various
sources. Officials are often surprised to learn what is found even in
open sources.

A study on information operations in Iraq by the Air Force Command and
Control and Intelligence, Surveillance, and Reconnaissance Center at
Langley AFB, Va., described one security risk that came from an
unlikely place - the Pentagon.

A B-1B bomber mission targeting Saddam Hussein received much publicity
in the early days of Operation Iraqi Freedom. Details of the mission
and crew members' full names, commanding officer, and home base were
widely reported.

This was "an egregious OPSEC [operations security] violation [that]
potentially put the family members ... at risk," stated the study.

AFIWC commander Watt said influence ops in particular are still on
"the ground floor" doctrinally, and the center is trying to get the
rest of the Air Force to understand what information warfare brings to
the fight.

Even something as simple as "the truth" can be applied in different
ways, noted Maj. Tadd Sholtis in the fall 2005 Air & Space Power
Journal. If it is a military objective to deter an enemy from taking
action, both an information operation and a public affairs tactic can
be engaged.

The "IO influence tactic" would be to broadcast radio and television
messages describing the futility of challenging the superior US
military. The "PA tactic," meanwhile, would "demonstrate military
resolve by promoting media coverage of the deployment of
combat-capable forces to the region," Sholtis wrote.

STRATCOM's Zelibor said it is difficult to create metrics - battle
damage assessment, if you will - judging the effectiveness of DOD's
information efforts.

Even so, he noted, strategists can tune in to foreign news sources to
"look for the effects."

Copyright Air Force Association



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Thu Dec 01 2005 - 22:57:17 PST