Military Domain of Cyber warfare

 

(Published in CLAWS Scholar Warrior, Spring 2017, ISSN 2319-7331)

“it would require sustained action for an adversary to take down a network for a period of time which would be really debilitating, but it is possible and something that we need to guard against and be concerned about.”

      Christopher Painter, the first Cyber Coordinator for the US State Department

The extent of cyber reach from dedicated attacks on strategic assets to tactical military operations to criminal activities like ransom to inconveniencing mass populations can be gauged from the following incidents:

-One is the well-known Stuxnet strike, which required tremendous amount of resources, brainpower, and planning time. It falls under the one time gambit with major nations already on guard against similar strikes on their critical strategic facilities.

-In 2009, Conficker worm infected civil and defense establishments of many nations, for example, the UK DOD reported large-scale infection of its major computer systems including ships, submarines, and establishments of Royal Navy. The French Naval computer network ‘Intramar’ was infected, the network had to be quarantined, and air operations suspended. The German Army also reported infection of over a hundred of its computers. Conficker sought out flaws in Windows OS software and propagated by forming a botnet. It became the largest known computer worm infection by afflicting millions of computers in over 190 countries.

-There was a cyber attack in Dec 2015 against energy distribution companies in Ukraine, which led to massive power outages and affected a huge civilian population. This achieved high visibility while using an old Trojan BlackEnergy and other malware to shut down critical systems and wiping out data.

-In February 2016, the Hollywood Presbyterian Medical Center in Los Angeles, California was the victim of a cyber attack that encrypted its electronic data rendering its systems unusable for over a week. The hospital was forced to operate with no access to its computer systems and even had to move some patients to other hospitals. The hospital regained access to its data only after paying a fee of 40 bitcoin (approximately USD 17,000) to the attackers. Since 2014, the CryptoLocker ransom ware alone has allowed cyber criminals to collect over $100 million. The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransom ware attack on 25 Nov 2016[1], causing fare station terminals to carry the message, “You are Hacked. ALL Data Encrypted.” The hacker sought a ransom of 100 Bitcoin (~$76000). Interestingly, the hacker behind this extortion attempt had been hacked himself revealing details about other victims as well as clues about his identity and location.

Lastly, As per a Forbes news report in November 2016, anyone could rent an army of 100,000 bots for $7500/- on the dark net. Its controllers boast that the Mirai-based botnet could unleash attacks of one Terabit per second or more[2]. Mirai malware enables computer systems running Linux into remotely controlled “bots” that can be used as part of a botnet in large-scale network attacks. It targets online consumer devices such as remote cameras and home routers. The Mirai botnet has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks since October 2016.

While illustrating the wide ambit under which the cyber attacks take place and the enormous cyber space that is vulnerable, the above examples also highlight the inevitable ease of threat to military and civilian space.

NATO’s CCD CoE (Cooperative Cyber Defence Centre of Excellence) defines Cyberspace as:

“Cyberspace is a time-dependent set of interconnected information systems and the human users that interact with these systems”[3]. The tsunami of networked devices is expanding the cyberspace exponentially along with the requirement of data by individuals, corporations, militaries, and governments. Cyber space is becoming increasingly vulnerable to hostile and unscrupulous interjections; unfortunately, the cyber security aspects are lagging far behind the complexities of the emerging cyberspace. Various factors of cyberspace favor the attackers importantly among them are, its nebulous nature and its dynamic, which leads to ease of switching and concealing identities. These imply that it is extremely difficult to impose punitive measures against them and that such attacks would continue despite the advances in firewalls and other cyber protection systems[4].

The cyber attackers make use of the vulnerabilities like, inadequacies in software, use of secretly tampered hardware, interfaces between software and hardware like reprogrammable RAMs, online connectivity, use of user enabled settings, and access to mal-intentioned personnel who can infect directly or enable remote access. The attacker could target specific computers or carry out a general attack by delivering a payload that can activate at a given time.

To achieve clarity in the military domain of cyber space a few more definitions are necessary. Computer Network Operations (CNO) is a broad term that has both military and civilian application. It is considered one of five core capabilities under Information Operations (IO) Information Warfare by the US Military. In the Dictionary of Military and Associated Terms[5], cyber operations are defined as, “the employment of cyberspace capabilities where the primary purpose is to achieve military objectives or effects in or through cyber space”. As per US Joint Doctrine for Information Operations[6], CNO consists of computer network attack (CNA), computer network defense (CND) and computer network exploitation (CNE). Computer Network Attack (CNA) includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves. Computer Network Defense (CND) includes actions taken via computer networks to protect, monitor, analyze, detect and respond to network attacks, intrusions, disruptions or other unauthorized actions that would compromise or cripple defense information systems and networks. Computer Network Exploitation (CNE) includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks. Computer Network Operations, in concert with electronic warfare (EW), is used primarily to disrupt, disable, degrade, or deceive an enemy’s command and control, thereby crippling the enemy’s ability to make effective and timely decisions, while simultaneously protecting and preserving friendly command and control.

Offensive cyber operations, from a military point of view, can be inferred as “actions taken in the cyber environment to deny the actual or potential adversary’s use of or access to information or information systems and affect their decision-making process”[7]. Offensive cyber covers the full spectrum of cyber war commencing with the covert to special operations to regular to overt strategic cyber operations. Deploying of offensive cyber capabilities against the attacker would be difficult for a nation state in view of the lack of evidence and/or identity of the aggressor.

As per US DoD, Offensive cyberspace operations (OCO) are “intended to project power by the application of force in and through cyberspace. OCO will be authorized like offensive operations in the physical domains, via an execute order (EXORD).”[8] These offensive cyber operations however, are to be used discriminatingly. “Military attacks will be directed only at military targets. Only a military target is a lawful object of direct attack.” However, military targets are defined broadly as “those objects whose total or partial destruction, capture, or neutralization offers a direct and concrete military advantage”.[9]

Richard Clarke  the former US National Coordinator for Security, Infrastructure Protection and Counter-terrorism in his book Cyber War: The Next Threat to National Security and What to Do About It[10], defines cyber war as “Cyber war are actions by a nation state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption”. There could be various objectives of the cyber attack on military facilities, these could range from, causing damage to the software of the system and/or the network, lie hidden and inject spurious messages, deny or degrade service, disable encryption systems, alter resident data etc. etc. Cyber attacks have also been divided into two categories by some experts as syntactic attacks that act directly, and semantic attacks that aim to modify data. The syntactic attacks are directed onto IT facilities and semantic attacks target users.

A plausible strategic cyber attack scenario: As India, races towards digitization in its infrastructure and related networks, a strategic cyber attack by Pakistan (proxy China) on India, few years hence could unfold by targeting critical infrastructure in the civil and military domain. It could commence with large scale casualties (possibly in thousands) across India resulting from; disruptions, chaos, and accidents in railways and civil air traffic; collapse communications; it could cripple the road/metro traffic in cities; graduate to failures in essential services like the electric, water supply and hospital services; depending upon the level of interconnectivity lead to collapse of goods supply chain and lead to uncontrollable fires. This scenario to large extent is a distinct possibility even today.

Some salient features of strategic cyber attacks are relevant. The strategic cyber attack presents a powerful option of crippling a conventionally superior nation because of its far cheaper costs, remaining obscure thus averting conventional military strike, ability to inflict hard damage & result in long-term loss to man and material, being technologically superior, near instant launch capability at very large distances, and lastly the fact that they lie beyond the realm of any international legal framework.

However, it is also true that putting cyber weapons in the same league as nuclear weapons would not be correct because cyber weapons cannot replicate the damage potential of a nuclear weapon neither do they have the ability to assure destruction to the levels that grants them status of deterrence. As of now strategic cyber weapons have never been used and have not contributed to victory in a military war. They have yet to shift balance of power on the battlefield and accredit themselves with a certified victory.

 

China Factor: China has undertaken modernization of its cyber capabilities under what it calls Informationization. It is an effort by PLA to attain a fully networked force status. The aim of this process is to maintain information superiority and dominance against the adversary. China is developing a comprehensive computer network exploitation capability to gain strategic intelligence about likely aggressors and their allies as a precursor to winning future conflicts. The overall aim is to synergize computer network operation, electronic warfare, and kinetic strikes to cripple enemy’s information infrastructure. They have adopted “Integrated Network Electronic Warfare” (INEW)[11] that consolidates the offensive mission for both computer network attack (CNA) and EW under PLA General Staff Department’s (GSD) 4th Department (Electronic Countermeasures). The computer network defense (CND) and intelligence gathering responsibilities are assigned to the GSD 3rd Department (Signals Intelligence), and a variety of the PLA’s specialized IW militia units. The PLA is choosing its personnel from the Chinese civilian sector to induct qualified work force with specialized skills from commercial industry and academia. There are circumstantial links between China’s exploitation and theft of key intellectual property from technology-based industries via cyberspace and the PRC’s economic development goals. Dmitri Alperovitch of McAfee had compiled a report Operation Shady RAT[12] in 2011 that highlighted hacking of more than seventy-one corporations and government entities around the world by a single entity using remote access tool (RAT) from 2006 to 2011. Mandiant’s 2013 report APT1: Exposing One of China’s Cyber Espionage Units[13], claims that the PLA’s cyber unit 61398 is most likely behind such exploitation on behalf of the PRC’s military and economic goals.

Conclusion

Taking cognizance of enhanced Chinese cyber warfare capabilities US Department of Defense Strategy for Operating in Cyberspace[14], 2011 had outlined five strategic initiatives:

– Treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential.

– Employ new defense operating concepts to protect DoD networks and systems.

– Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cyber security strategy.

– Build robust relationships with U.S. allies and international partners to strengthen collective cyber security.

– Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.

The US DoD in its cyber strategy for 2015[15] has set five strategic goals for its cyberspace missions:

– Build and maintain ready forces and capabilities to conduct cyberspace operations.

– Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions.

– Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyber attacks of significant consequence.

– Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages.

– Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability.

In June 2016, a likely cyber attack on Indian government and commercial organizations by Chinese military’s western headquarters was carried out[16]. An alert was issued to the Indian Armed forces that a Chinese Advanced Persistent Threat (APT) group called Suckfly, based in Chengdu region, is targeting Indian organizations, with the defence establishments as is its prime targets. Suckfly is involved in carrying out cyber espionage activities by sending out a malware called Nidiran.

One thing is certain that cyber attacks in all its forms and variations are going to increase exponentially in both the military as well as the civil arena. This interim period of development of strategic cyber weapons accords an opportunity to nation like India to put in place its cyber offense & defense policies and enhance its cyber capabilities to meet eventualities in future.

It is understood that India has started thinking of setting up its own cyber-military industrial complex, and a proposal for automated cyber-defence was submitted in early 2016[17] for a productized platform to be developed jointly by public and private bodies. The proposal is supposedly based upon that of the US DoD Cyber Strategy. It caters to the sharing of cyber-attack indicators across the cyberspace domain in India.

The future cyber warrior in military domain may not confirm to rugged and tough image of soldier of today. He/she may be a person with mediocre health but with a cyber aptitude and capability that could collectively outshine India’s enemies.

[1] https://krebsonsecurity.com/2016/11/san-francisco-rail-system-hacker-hacked/

[2] http://www.forbes.com/sites/leemathews/2016/11/29/worlds-biggest-mirai-botnet-is-being-rented-out-for-ddos-attacks/#6040253c3046

[3] Ottis, R., & Lorents, P. (2010). Cyberspace: Definition and Implications. Tallinn: Cooperative Cyber Defence Centre of Excellence, CCD CoE. https://ccdcoe.org/multimedia/cyberspace-definition-and-implications.html

[4] Porche, I. R. I., Sollinger, J. M., & McKay, S. (2011). A Cyberworm that Knows no Boundaries. Santa Monica: RAND National Defense Research Institute. http://www.rand.org/content/dam/rand/pubs/occasional_papers/2011/RAND_OP342.pdf

[5] JP 1-02 Dictionary of Military and Associated Terms. Washington: US DoD https://fas.org/irp/doddir/dod/jp1_02.pdf).

[6] JP 3-13 Joint Doctrine for Information Operations. Washington: US DoD https://fas.org/irp/doddir/dod/jp3_13.pdf

[7] Bernier, M., & Treurniet, J. (2010). Understanding Cyber Operations in a Canadian Strategic context: More than C4ISR, more than CNO (Conference on Cyber Conflict Proceedings 2010). Tallinn: CCD COE. https://ccdcoe.org/publications/2010proceedings/Benier%20-%20Understanding%20Cyber%20Operations%20in%20a%20Canadian%20Strategic%20Context%20More%20than%20C4ISR,%20More%20than%20CNO.pdf

[8] https://fas.org/blogs/secrecy/2014/10/offensive-cyber/

[9] Cyberspace Operations, JP 3-12 (R)http://fas.org/irp/doddir/dod/jp3_12r.pdf

[10] Clarke, R. A., & Knake, R. (2010). Cyber war: the next threat to national security and what todo about it. New York: Ecco.

[11] US-China Economic and Security Review Commission Report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation,2009.

http://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-030.pdf

[12] http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf

[13] https://chinadailymail.com/2013/02/23/mandiant-executive-summary-exposing-one-of-chinas-cyber-espionage-units/

[14] http://csrc.nist.gov/groups/SMA/ispab/documents/DOD-Strategy-for-Operating-in-Cyberspace.pdf

[15] http://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf

[16] http://www.indiandefensenews.in/2016/06/defence-forces-on-alert-after-chinese.html

[17] http://www.huffingtonpost.in/pukhraj-singh/cyber-the-war-india-never-fought-but-lost/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s