Category Archives: Cyber warfare

Hybrid warfare-The Naval Dimension

(Published IndraStra Global 01 Jan 2017, http://www.indrastra.com/2017/01/FEATURED-Hybrid-Warfare-Naval-Dimension-003-01-2017-0002.html)

 It is so damn complex. If you ever think you have the solution to this, you’re wrong, and you’re dangerous. You have to keep listening and thinking and being critical and self-critical.

Colonel H.R. McMaster, 2006

In his monograph, Strategic Implications of Hybrid War: A Theory of Victory[1],Lieutenant Colonel Daniel Lasica posits that hybrid force actors attempt to combine internal tactical success and information effects regarding enemy mistakes through the deliberate exploitation of the cognitive and moral domains. In this manner, he describes hybrid warfare simultaneously as a strategy and a tactic because of the blending of conventional, unconventional, criminal, cyber and terrorist means & methods. A hybrid force is thus able to compress the levels of war and thereby accelerate tempo at both the strategic and tactical levels in a method faster than a more conventional actor is able to do. In this theoretical model, the hybrid actor will always gain a perceived strategic advantage over the conventional actor regardless of tactical results. David Sadowski and Jeff Becker, in their article “Beyond the “Hybrid Threat: Asserting the Essential Unity of Warfare,[2]” assert, that the idea of simply seeing hybrid warfare as a combination of threat categories or capabilities fails to appreciate the complexity of the hybrid approach to warfare. Rather, they argue that the essential aspect of hybrid warfare is the underlying unity of cognitive and material approaches in generating effects. Such a unity of cognitive and material domains allows for flexibility in a strategic context in which social “rules” can be redefined in an iterative process to the hybrid’s advantage in terms of legality and military norms.

Majors Mculloh and  Johnson in their monograph ‘Hybrid warfare’[3] have said that hybrid war may be best summarized as a form of warfare in which one of the combatants bases its optimized force structure on the combination of all available resources—both conventional and unconventional—in a unique cultural context to produce specific, synergistic effects against a conventionally-based opponent.

 Don’t ever forget what you’re built to do. We are built to solve military problems with violence.

– A Former Brigade Commander in Op Iraqi Freedom

Therefore, it will not be wrong to say that Hybrid warfare in naval context is a violent conflict utilizing a complex and adaptive organization of regular and irregular forces, means, and behavior across a predominantly maritime domain among others to achieve a synergistic effect, which seeks to exhaust a superior military force.

Alternatively, put simply, it is naval irregular warfare plus cyber war and any other component that emerges in future. CIA has succinctly brought out the contrasting dimensions of Modern versus Irregular warfare in the following table:

Contrasting Dimensions of War[4]
Modern Irregular
Organized Informal
Advanced technology At-hand technology
Logistics-dependent Logistics-independent
National direction Local direction
Coherent doctrine Ad hoc doctrine
Decisive battle Raids and skirmishes
Soldier Warrior
Allies Accomplices
Segregation Integration

Littoral areas and cities in vicinity of the coast could be important sites of future conflict, and both have characteristics that make them more complex than the high seas, and hinterland. Adversaries will increasingly exploit these complex environments to degrade technological advantages of regular forces. Given the close proximity of many cities to the coast as well as abundance of unmanned coastal areas, maritime hybrid is a distinct possibility requiring active involvement of the Navy and the Coast guard. In case of a maritime hybrid war the normal components of the Navy would continue to play an important part in the littorals and in open seas for interdiction of adversary’s irregular assets like floating armories and mercenary flotillas.

Maritime forces are often utilized primarily in support of ground operations, but it is seen that; in environments with a maritime component; maritime operations tend to have a noticeable comparative advantage over land-based operations in terms of mobility, freedom of maneuver, and the ability to impose a smaller or less visible footprint on land. The maritime forces could easily choke supplies through the sea route to reach adversary, protect own maritime trade and fishing in the area, provide logistic and fire support to forces on land from the sea, close escape routes and so on. One important point is that vital external maritime support can be conveniently obtained from friendly nations at sea for ISR, communications and fighting cyber war. The supporting ships could be operating as close as just 12 miles off the coast or hundreds of mile in open seas without violating any regulations.

Now it would be appropriate to look at a few of the salient features of 26 Nov 2008 Mumbai attack as relevant to subject at hand. The Mumbai attack has been analyzed in great depth by various agencies (for e.g. Rand’s ‘Characterizing and Exploring the Implications of Maritime Irregular Warfare’[5] and ‘The Lessons of Mumbai[6]’) and individuals, therefore an attempt is being made here to highlight the main findings of some of these studies. In addition to the meticulous planning, reconnaissance, likely pre-positioning of weapons & ammunition, the major innovation on the part of the terrorists was the real-time exploitation of the international media. Each of the terrorists carried a BlackBerry smart phone to monitor CNN and BBC Internet coverage of the attack in real time. They then immediately adjusted their tactics to increase the amount of media coverage that the attacks would receive. It is believed that the major efforts made by the terrorists to kill U.S. and British civilians were part of the plan to garner more international press coverage.

The case of the LeT attacks in Mumbai illustrates the advantages that could accrue to an adversary from a maritime approach to a target. A maritime approach allows operatives to avoid border crossings and airport security, it offers opportunities to hijack a local vessel so that attackers can blend in with the normal local coastal traffic, and offers terrorist teams extra time for pre-attack planning as well as extra time for rest just before the attack commences. Finally, a maritime insertion allows terrorists to select very precise landing sites and infiltration routes.

The case of the LeT attacks in Mumbai also illustrates the disadvantages that can accrue to a terrorist enemy from a maritime approach to a target. First, once a full blown, large-scale assault has started, it can be very difficult to extricate the operatives. Second, the transport of large explosives aboard fishing vessels and trawlers is risky; thus, maritime terrorist strikes might be limited to relying on small arms to do their damage. Third, some kind of reconnaissance cell would have to be sent to the target city well in advance of the attack, providing an opportunity for a skilled intelligence agency to mount surveillance on the reconnaissance cell and break up the plot before the assault team could embark. Moreover, a maritime approach does not allow the terrorist team to disperse until it lands ashore. Even if the operatives approach in two or three different small boats, the interception of just one of the boats could drastically reduce the team’s numbers and effectiveness.

The fact remains that despite low technological instrumentation, a non state/state sponsored actor coming from open sea, could carry out effective surveillance & reconnaissance regarding the characteristics of targets at land/sea that could be attacked in future. Maritime Hybrid War may graduate to pose bigger economic threat than a military one. Furthermore, these economic costs could be imposed with relatively minor investments from the adversary.

What is worrisome is that now the Hybrid threat can emerge from anywhere in the vast oceans; be it floating armories, mercenary flotillas, or innocuous vessels carrying legitimate cargo with an embedded cyber war-waging cell. The maritime hybrid threat has to be interdicted using Naval and marine assets preferably before it reaches the shores and synergizes with other elements into a full-scale hybrid war. Even though the Indian Government has strived to put in place a very robust MDA there are intelligence gaps, which remain among the various agencies involved which could lead to slipping in of threatening elements physically or otherwise.

“The categories of warfare are blurring and do not fit into neat, tidy boxes. We can expect to see more tools and tactics of destruction — from the sophisticated to the simple — being employed simultaneously in hybrid and more complex forms of warfare.”

Professor Colin Gray

Cyber War

A word about the maritime dimension of cyber war would be proper at this stage. In recent years, there has been considerable discussion of the phenomenon of cyber warfare, its methods, and its ramifications. In essence there are three objectives that can be achieved by cyber-offensive activities: espionage (infiltrating the target’s information storage systems and stealing information), denial of service attacks (preventing Internet usage), and sabotage (infiltrating systems reliant on Internet connections and causing functional damage via malevolent programs). The media largely focuses on the use of computer programs as weapons in the cyber domain, but an attack on Internet infrastructure especially the submarine optical fiber cables is no less an option for terrorists, and often more devastating and effective. In fact, thousands of miles of more than 200 international submarine cable systems carry an estimated 99% of all the world’s trans-oceanic internet and data traffic. Widespread disruption to undersea communications networks could sabotage in excess of $10 trillion in daily international financial transactions, as stated by Michael Sechrist in a 2012 paper ‘New Threats, Old Technology Vulnerabilities in Undersea Communications Cable Network Management Systems[7]’ published by the Harvard Kennedy School. It is pertinent to note that satellites carry just about 5% of global communication traffic.

Even partial damage has extensive consequences because of the resultant jamming of traffic on the limited remaining connection. It is true that the diplomatic and military effects of having Internet communication with world at-large cut off would not be significant, but the direct and indirect economic consequences could be extremely expensive to our economy, especially with the transfer of much data to online cloud services that are actually placed abroad.

What bigger Hybrid threat can be posed at sea than the cutting off the subsea internet cables at time, place, and depths of one’s choosing or cutting off undersea facilities like VLF communication nodes and hydrophones? Would it not be an example of extreme denial of service weapon? Incidentally, such capabilities do exist with some nations today.

Two other aspects of hybrid war, which merit immediate attention of the maritime forces, are onslaught of sensors and swarm warfare.

Sensors

One very important aspect of the Hybrid warfare is transparency in every field because f utilization of various types of sensors. This ubiquitous sensing revolution promises enhanced awareness of physical, social, and cyber environments by combining three technological trends: the proliferation of ever cheaper and more capable sensors into virtually every device and context; large data aggregation and ready access to it using vast cloud-based archives; and cross-spectral data fusion & sense-making algorithms running on increasingly powerful processors. All of these trends are accelerating, at exponential rates. For instance, as brought by Capt John Litherland, USN (ret), in his paper ‘Fighting in the Open: The Impact of Ubiquitous Sensors on the Future Maritime Battle space’[8]:

-The worldwide total number of sensors has increased tremendously and will pass the one trillion mark, or more than 100 sensors for every person on earth.

– Mass production of electronics has led to significant enhancements in Sensing capabilities. Every smart phone today has a complete inertial, electronic and satellite navigation system comprising just a minor component of its price. Incidentally, a smart phone today hosts of many  of the sensors such as, accelerometer, temperature, gravity, gyroscope, light, linear acceleration, magnetic field, orientation, pressure, proximity, relative humidity, rotation vector and temperature[9].

-The worldwide digital data generation rate now exceeds one ZB (1021 bytes) per year and global storage exceeds 10 ZB.

-The ability to fuse and make sense of unstructured data from disparate sensors and incommensurable formats is being addressed by use of advances in processing capability and data handling algorithms.

-The advent of sensors has however, made the battle space transparent. Today, the warfare has to adapt to this transparency and let go traditional concepts of concealment and camouflage. Stealth technologies are unable to cope up with concealing signatures of the multitude of sensors being used across various domains, be it in the air, on the surface or under water. Navies today can no longer spring a surprise on the adversary because it is not feasible to operate blind in a battlefield littered with multi-spectral sensors, dispersed spatially, and operating in broadband.

The Indian Navy (IN) has to prepare for this aspect of hybrid warfare. The Indian Navy could utilize some of the concepts out lined by Litherland in his paper quoted above[10] :

– Dispersal – IN forces must disperse over as much of the maritime battle space as possible.

– Deception – IN must strategize on targeting the adversary’s sensor complex across multiple spectra with noise, false targets, and cyber attacks.

– Range – IN must gainfully implement Net Work Centric warfare to bestow ‘crippling effects’ at large distances when dispersed.

– Speed – together with range, the speed at which kinetic and non-kinetic effects can be imposed on the adversary will also be a critical factor in Naval war.

Unless the Indian Navy starts preparing now to fight in the Age of Sensors, it risks becoming vulnerable in the event of a hybrid war.

Swarms

Seminal work has been done on Swarm warfare by Prof. John Arquilla  and David Ronfeldt in their various writings (Swarming and Future of Conflict[11], Countering and exploiting Swarms[12], etc.) the present section derives from their thought processes. Swarm warfare has become the dominant doctrinal concept of certain navies like the Iranian Revolutionary Guard Corps Navy, which has about fifty missile and torpedo boats, along with other light coastal craft, all of which train to employ ‘ESBA’ i.e. like a swarm of bees tactics. The IRGC Navy also has several bases on small islands in the Persian Gulf, from which they can “swarm by fire” with the Chinese missiles in their inventory. China’s PLA Navy regularly practices swarm tactics with its missile, torpedo, and gunboats.

For the Indian Navy, comprised as it is of a number of high-value vessels, swarms pose a considerable and rising threat. Swarm attacks are likely not only from small boats, but also from aircraft, submarines, and drones. At present, the author is unaware of any fitting response by the Indian Navy focused on the use of counter-swarms of drones, and robots. The Indian Navy should also consider responses; as suggested by Prof  Prof. John Arquilla[13];  by designing swarms of much smaller craft like large numbers of jet-ski-sized drones or autonomous weapons whose goal would be to seek out and destroy incoming swarms with rockets, or by ramming and self-detonating. Small and swift Weapons could pose a far superior swarming threat to hybrid adversaries. IN could also think of small undersea swarming systems which are already on the design board to meet demands of clearing minefields, engaging enemy submarines, and carrying out ISR missions. Similarly, small aerial swarm weapon systems could prove exceptionally useful in dealing with air defense of carrier strike groups.

Conclusion

So ‘ere’s to you fuzzy-wuzzy, at your ‘ome in the Soudan; You’re a pore benighted ‘eathen, but a first class fightin’ man. 

Rudyard Kipling

Starting with the fundamental definition of Hybrid war in maritime context as “Naval irregular warfare plus cyber war and any other component that emerges in future”, the implications of cyber, sensors, and swarm warfare have been discussed in this article. However, new types of hybrid threats would keep surfacing and the IN has to be ready for them when called upon to counter them.

Hybrid war, being inherently nebulous and dynamic in nature, calls for constantly adapting naval doctrines and technologies to meet the emerging maritime hybrid threats.

(Based upon a talk ‘Maritime and Air Dimensions of Hybrid War’ delivered by the author during ‘National Seminar: Hybrid Warfare’ on 02 Nov 2016 under aegis of Centre for Land Warfare Studies, New Delhi)

[1] https://www.scribd.com/document/40211290/Strategic-Implications-of-Hybrid-War-a-Theory-of-Victory

[2] smallwarsjournal.com/blog/journal/docs-temp/344-sadowski-etal.pdf

[3] http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA591803

[4]https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/96unclass/iregular.htm

[5] http://www.rand.org/pubs/monographs/MG1127.html

[6] https://www.rand.org/pubs/occasional_papers/2009/RAND_OP249.pdf

[7] http://ecir.mit.edu/images/stories/sechrist-dp-2012-03-march-5-2012-final.pdf

[8] http://www.secnav.navy.mil/innovation/HTML_Pages/2015/07/FightingInTheOpen.htm

[9] https://www.quora.com/how-many-different-sensors-are-available-inside-a-smartphone

[10]http://www.secnav.navy.mil/innovation/HTML_Pages/2015/07/FightingInTheOpen.htm

[11] http://www.rand.org/pubs/documented_briefings/DB311.html

[12]http://www.secnav.navy.mil/innovation/HTML_Pages/2015/04/CounteringAndExploitingSwarms.htm

[13] ibid

Cyber Warfare – a Perspective

(Published  15 Oct 2016, CLAWS)

The US Defense Science Board report of 2013 states that “in a perfect world, DOD operational systems would be able to tell a commander when and if they were compromised, whether the system is still usable in full or degraded mode, identify alternatives to aid the commander in completing the mission, and finally provide the ability to restore the system to a known, trusted state. Today’s technology does not allow that level of fidelity and understanding of systems.” The report brings out that, systems such as automated intrusion detection, automated patch management, status data from each network, and regular network audits are currently unavailable. A cyber attack against national critical infrastructure could therefore have a cascading effect upon economy, society, and government in ways difficult to understand, model or predict.

In cyber warfare, it has been claimed that opponents can distract, disrupt, and demoralize a nation by skilful use of cyber tools, timing, surprise, and an adversary’s specific vulnerabilities. These vulnerabilities are not restricted to military targets; the ability to attack civilian targets such, as public utilities or financial sector can be far more dangerous and subsequently more effective, at discouraging and deterring potential adversaries because of its immediate social and political effects. Theoretically, at least adversary may not need kinetic weapons to render a nation incapable of defending itself. On the other hand, it has not been feasible to assess the real cyber warfare capabilities of the nations because these have never been used in large scale war-fighting resulting in serious damage or led to a full scale war between nations.

It is reasonable to presume that current tools of war would continue to be utilized for achieving military objectives simply because cyber attack in current form exists as a onetime gambit, since cyber weapons are transient and last only until the breaches are plugged. There is no doubt that delay and denial can be achieved to a large extent but whether that would lead to a victory on ground is a fact yet to be seen.

It has been brought out as per a Mandiant Consulting report that the mean time an intruder remained in the victim’s system undetected was 205 days in 2014 and 146 days in 2015. This highlights the use of cyber warfare to remain undetected in a system to prepare for a strike by infiltration, location of weak spots and leave cyber weapons for a preemptive strike to destroy networks and information systems.

Pure military planning and countermeasures would not be able to play a critical role in cyber security because of the civilian nature of cyberspace and the predominantly non-military nature of the nebulous attacker. Much of the cyber expertise and resources required to defend information infrastructure are located outside of the military establishments. Creating a credible cyber capability is less about technology than finding the right people and skill sets, which can be difficult for militaries.

Realm of Cyber Attacks. Some examples that highlight the distinct types of cyber attacks as relevant to national security are in order now. These are cited to highlight the extent of cyber reach from the dedicated attacks on strategic assets to tactical military operations to criminal activities like ransom.

One is the well-known Stuxnet strike, which required tremendous amount of resources, brainpower, and planning time. It falls under the one time gambit with major nations already on guard against similar strikes on their critical strategic facilities.

In 2009, Conficker worm infected civil and defense establishments of many nations, for example, the UK DOD reported large-scale infection of its major computer systems including ships, submarines, and establishments of Royal Navy. The French Naval computer network ‘Intramar’ was infected, the network had to be quarantined, and air operations suspended. The German Army also reported infection of over a hundred of its computers. Conficker sought out flaws in Windows OS software and propagated by forming a botnet, it was very difficult to weed it out because it used a combination of many advanced malware techniques. It became the largest known computer worm infection by afflicting millions of computers in over 190 countries.

There was a cyber attack in Dec 2015 against energy distribution companies in Ukraine, which led to massive power outages and affected a huge civilian population. This achieved high visibility while using an old Trojan BlackEnergy and other malware to shut down critical systems and wiping out data.

In February 2016, the Hollywood Presbyterian Medical Center in Los Angeles, California was the victim of a cyber attack that encrypted its electronic data rendering its systems unusable for over a week. The hospital was forced to operate with no access to its computer systems and even had to move some patients to other hospitals. Staff relied on fax machines and telephones to keep hospital operations moving. The hospital regained access to its data only after paying a fee of 40 bitcoin (approximately USD 17,000) to the attackers. In March 2016, Methodist Hospital in Henderson, Kentucky, experienced a similar attack and declared a “state of emergency” being unable to access patient files. Methodist Hospital was able to restore their system from data backups and did not pay the attackers. Since 2014, the CryptoLocker ransom ware alone has allowed cyber criminals to collect over $100 million.

While illustrating the wide ambit under which the cyber attacks take place and the enormous cyber space that requires protection the above examples also highlight the inevitable ease of threat to civilian space. The cyber war if unleashed in entirety could encompass strategic, tactical, financial, social, and psychological space among others. It would thus be waged beyond a traditional military war on the borders.

Autonomous systems. An area of immediate concern for the military is Autonomous systems, for a system to be autonomous, it must have the capability to independently compose and select among different courses of action to accomplish goals based on its knowledge and understanding of the environment.

Autonomous decision-making resides in software replete with branching logic and tables of variables and parameters, which together, model the mission to be accomplished, the environment in which it must be executed, and the conditions that are relevant. The more complex the mission and the more diverse the environment, the more extensive and complex is the software. The autonomous systems also have organic sensors, a considerable amount of stored information, and optional communication for some supervisory functions, along with a capability to receive and implement over-the-air updates. These systems present an ideal target for the adversary. Thus more the capabilities, more the software and hence greater the vulnerability. To weed out the intruder in complex software and eradicate vulnerabilities which may or may not have been introduced by the attacker would require validation and verification, which may not be humanly possible in the time available.

It is evident that the amount of data and the speeds at which processing is required in case of cyber defense is not feasible for human beings to carry it out. Conventional algorithms also cannot tackle dynamically changing data during a cyber attack. As it appears today, effective cyber defense would only be provided by real time flexible Artificial Intelligence systems with learning capability. This in simple terms requires using Artificial Intelligence systems at practically every stage of military operations.

Conclusion. As of penning this article, a code of Mirai malware was released by a hacker, which has resulted in the largest ever DDos attack across countries. Mirai malware is used to create botnets that infect Internet of Things devices connected to the internet. It is said that about 1.0 to 1.5 million devices have been infected so far with numbers rising every second.

Nations have to think differently if cyber attacks are to be defended effectively. During an international conference on Electronic Warfare in Kuala Lumpur recently, the delegates were surprised to note that Indian Government had been following a policy of segregating internet-connected computers from those that carried important information. Much of the software being developed for cyber defense is being sent over the web from India albeit under IPR of different nations. Time is ripe for India to harness and synergies both cyber attack and cyber   defense capabilities.