20091112 IO Newsletter v10 no 02
advertisement
Information Operations Newsletter Compiled by: Mr. Jeff Harley US Army Space and Missile Defense Command Army Forces Strategic Command G39, Information Operations and Cyberspace Division The articles and information appearing herein are intended for educational and non-commercial purposes to promote discussion of research in the public interest. The views, opinions, and/or findings and recommendations contained in this summary are those of the original authors and should not be construed as an official position, policy, or decision of the United States Government, U.S. Department of the Army, or U.S. Army Strategic Command. Table of Contents ARSTRAT IO Newsletter on OSS.net Page 1 Table of Contents Vol. 10, no. 02 1. Balancing Social Networking and Cybersecurity 2. Mi5 Hires Teenagers to Battle Cyber Terrorism 3. National Security Threats in Cyberspace 4. Army's Electronic Warfare Needs Receive Heightened Emphasis 5. Secret Teen Hacker Army Ridiculed 6. Air Force Activates New Cyberspace Defense Unit 7. Terrorists Nearing Ability to Launch Big Cyberattacks against U.S. 8. Cyberspace the Battleground "For Next World War" 9. Operation Phish Phry Nets 100 Suspects 10. Navy Moves to Meet Information Age Challenges 11. Army Explores New Paths to Secure Communications ARSTRAT IO Newsletter on OSS.net Page 2 Balancing Social Networking and Cybersecurity By Michael Hoffman, Air Force Times, Sep 21, Air Force Space Command tweets. The same command charged with protecting the Air Force’s computer network has 3,855 followers on Twitter. How to keep sensitive information safe and still reach out to the public is but one of the complexities that Gen. Robert Kehler, head of Space Command, is trying to figure out. This summer, Space Command activated the service’s newest numbered Air Force — 24th Air Force — to take on the cyberspace domain. U.S. Cyber Command, a new unified effort ordered by Defense Secretary Robert Gates, stands up Oct. 1. Kehler talked to Air Force Times about these new units and everything else cyber — from Facebook to training — Sept. 16 at the Air Force Association Air & Space Conference at National Harbor, Md., just outside Washington. Q: How vulnerable is the Air Force to a cyber attack? A: Some things are well-protected in cyberspace, but many things are not. When you get into the places that it touches the public domain, many things are not protected. We are looking at cyberspace these days as if it was a densely crowded urban area. Not everything is an attack with a capital “A.” There are criminals in cyberspace. There are spies in cyberspace. There are determined nation-states in cyberspace conducting their nation-state business. The difficulty here is protecting yourself from all those problems you could encounter the same as if you tried to physically protect a military base. ... So, our focus is not on protecting cyberspace as much as it is assuring our missions. It isn’t about trying to defend every node on the network for us. It’s about trying to make sure we can complete our missions in the face of attack. ... The 13-year-old down the street can be just as damaging to you as the determined enemy that is trying to disrupt your national security activities. Q: What is the Air Force’s stance on allowing airmen on social networks such as Facebook and Twitter? A: The extreme answer to protecting yourself is disconnect. But wait, that’s like saying I have an Air Force, but they can only fly when the weather is good or you can only fly in an uncontested domain. Well, that is crazy, that isn’t why the Air Force exists. The Air Force exists to fly, fight and win. So, my initial thinking here is that we have to come up with ways to exploit the power of these networks while protecting the mission. Easy to say, difficult to do. …. I don’t know what that means yet in terms of do we prohibit or ban. Q: What has changed since the standup of 24th Air Force? A: The No. 1 thing I have seen has been focus. ... I have seen us now focus on how we intend to present our capabilities to the other joint war fighters. I have seen us focus on the details of how we are supposed to train; what our tasks are going to be; how do we train to suit those tasks; what our capabilities are; and what our future capabilities might have to be. Q: What priorities and benchmarks do you have for 24th Air Force this year? A: First, we need to get our arms around the Air Force network, understand it and do what we can to ensure our missions on that network. The second thing we need to do is make sure we are the best possible joint partners. U.S. Cyber Command is going to stand up and look at their components, and I want us to be ready for Cyber Command to look at us and say, “we need you.” Q: What do airmen working in the cyberspace mission actually do? A: There is now a joint definition for cyberspace and cyberspace operations. We are using both of those inside the Air Force. Cyberspace is the collection of things that comprise what the Department of Defense would call the global information grid. Cyberspace operations, and this will sound simplistic, are the activities you perform in this domain. ... To operate the network, to Page 3 defend the network, to exploit information that is on the network and, if we are directed, to conduct offensive operations. ... So, it is really those things that will comprise the activities that we expect to see our folks performing in cyberspace. ... Initially, we really want to focus on defense and protection. In addition to that, because of some of the capabilities that we have put in 24th Air Force, we also say airmen are constructing access to cyberspace. Combat communications, for example. If they go out and set up communications someplace, that is constructing entry into the domain. Q: How do you grow a cyberspace expert in the Air Force? A: In cyberspace there is really going to be a combination of expertise. In the enlisted force, we are still going to require enlisted members who are well-schooled in the technical details in what we today call the communications disciplines. We need enlisted people who can fix radars, radios and set up satellite communication links. In addition, though, there is another career path here. Certainly, as we look for people to enter the enlisted ranks, there are going to be some specialists here who are so important to us because of their academic backgrounds and their experience levels that there will be some unique aspects of what we are going to have to train people to do. We expect that the overall training and education process will follow the standard Air Force model. For enlisted, there will be basic training followed by tech school. We think that cyber-related training goes all the way back to basic training, not just tech school. For officers, we see a very similar process to how we train pilots or space operators. ... Bring them in for undergraduate training and then send them off to initial qualification training. There will probably be multiple career pathways. ... There will be some that will be more focused on network activities and network defense and some of the emerging skills. Some of those people will require different educational backgrounds. We will, very likely, recruit. Q: How does an entity as big as the Air Force keep up with the rapidly changing technology? A: We have put some acquisition programs in place over the years for IT-related things. It allows us to keep up and refresh with commercial off-the-shelf things. …. We are working, though, through what is the best way for us to be able to have a dedicated group that goes out and keeps up with acquisition and what level that should be. We are working with Materiel Command right now. Do we allow the local units at that level to make some decisions with acquisition or do we keep all of that at Materiel Command? Do we have a special group do this? We are trying to figure out how to make this work. ... Buying computers, we have purchasing power for that. ... The real question is software, how to defend software when it’s happening. That’s where we are going to have to partner with industry and the Department of Defense and our other services and other agencies. ... There will have to be oversight for this, and we know that. Q How big can cyberspace grow in the Air Force? Is there a ceiling? A: If every organization involved with cyberspace was a ping-pong ball, there is a lot of room in the box for those ping-pong balls. The question then becomes: How big is our ping-pong ball? How big does it get? The answer partially depends on what this new joint structure wants us to do. We, like the rest of the services, want to bring unique capabilities. We don’t want to be duplicative of what the other services are doing. Just like every service is in the air, we are all doing our own mission set in the air. It is going to be the same thing in cyber. Table of Contents Mi5 Hires Teenagers to Battle Cyber Terrorism By Gordon Thomas, Daily Express, 20 Sep MI5 has hired 50 computer-savvy hackers – some of them still teenagers – to work in a newly formed top secret Cyber Operations Command. Each has signed the Official Secrets Act forbidding them to tell their parents or girlfriends what they do in the windowless basement area in the Security Service building beside the Thames. Page 4 MI5 head Jonathan Evans has told his staff that the recruits were essential to combat cyber terrorism which has been traced to China, Russia and Pakistan. The hackers have also intercepted messages from terrorists in Belmarsh maximum security prison. Cyber Command works closely with the Pentagon. In a report to Lord West, the Security Minister, Mr Evans has revealed that during the summer over 1,000 hits were made on computers in Whitehall. Other targets have been air traffic control, power stations and the City of London. Mr Evans sent a confidential memo to 300 banks and accounting firms warning they “are already under cyber attack” from Chinese state organisations. The majority of the teenagers are Asians. They are subjected to the same high level of background security checks used to clear other intelligence staff. Lord West called them “youngsters who use their talents to stop other hackers from closing down this country”. Table of Contents National Security Threats in Cyberspace The last few years have seen a remarkable surge in the degree of concern publicly expressed by government officials regarding “national security threats” in cyberspace. The Bush Administration began development of a Comprehensive National Cybersecurity Initiative (CNCI) in January 2008.1 The Obama Administration has followed with a Cyberspace Policy Review and a promise to appoint a “Cyber Czar” to coordinate a federal government response.2 Funding for initiatives to protect the cyber domain is likely to increase significantly. The ferment of ideas is substantial, even by Washington “crisis” standards. Some question whether a threat exists at all while others deem the threat existential. Novel issues of policy and law surface on an almost daily basis as technological innovation runs headlong forward, leaving policy‐makers and concerned legislators trailing in its wake. As the United States continues the development of its cybersecurity policy, the time is ripe for reflection and an examination of first principles. To that end the American Bar Association Standing Committee on Law and National Security, the McCormick Foundation, and the National Strategy Forum sponsored a two‐day workshop in Annapolis, Maryland on June 4‐5, 2009. The workshop brought together more than two dozen experts with diverse backgrounds: physicists; telecommunications executives; Silicon Valley entrepreneurs; Federal law enforcement, military, homeland security, and intelligence officials; Congressional staffers; and civil liberties advocates. For those two days they engaged in an open‐ended discussion of cyber policy as it relates to national security. The discussion was under Chatham House Rules – their comments were for the public record, but they were not for attribution. The workshop report you are now reading is the result of that discussion. National Security Threats in Cyberspace Sep 2009.pdf Table of Contents Army's Electronic Warfare Needs Receive Heightened Emphasis By Brandon Pollachek, PEO IEW&S Public Affairs, Army News, Sep 23, 2009 FORT MONMOUTH, N.J. (Sept. 22, 2009) -- As the U.S. Army approaches eight years of counterinsurgency operations in two theaters, Iraq and Afghanistan, the enemy use of the electromagnetic spectrum against U.S. Soldiers has remained a persistent challenge. Page 5 Protecting Soldiers from improvised explosive devices and providing them with an accurate and complete understanding of their environment across the spectrum has brought about significant change in focus for the Army in the area of Electronic Warfare. Land component commanders and their staffs must now be more adept in their knowledge of how the electromagnetic spectrum can both positively as well as negatively impact operations, officials said. They said by tightly integrating EW as a form of non-kinetic fires with existing kinetic capabilities, the Army can achieve spectrum dominance through an effects-based joint operations plan. The Program Executive Office Intelligence, Electronic Warfare & Sensors has stepped to the forefront in supporting this new direction with a focus on operationalizing EW as an integrated battlefield capability that will enhance situational awareness, improve force protection, enable dominant maneuver, and aid in precision lethality. To meet the emerging demand for the recently established EW vision, PEO IEW&S stood up the Project Manager Electronic Warfare office Sept. 1 under Col. Rod Mentzer. PM EW, formerly Project Director Signals Warfare, was established to give the developing areas of EW a home for all of their integration needs. "We're changing the name to highlight the core competencies of this project management office as the Army transitions into an era of increased emphasis on capabilities associated with electronic warfare," said Brig. Gen. Thomas Cole, program executive officer for IEW&S. "We have a talented, experienced workforce and synergy of effort among IEW&S, RDECOM, and CECOM here for doing this type of work. PM EW provides the Army a focal point for providing EW capability to Soldiers," Cole said. This change in direction coincides with recent actions within the Army to establish a formal home for EW requirements. "As the the the the Army began to get its fingers back into the fight and electronic warfare scenarios came to forefront, the Army decided it needed to get back into the EW arena and stood up an office in G3/5/7 shop," said Mentzer, referring to the establishment of the Electronic Warfare Division in Pentagon. In February, an EW military occupation series was created, the 29 series, that will eventually give the Army the largest electronic-warfare manpower force of all the services. Nearly 1,600 EW personnel, serving at every level of command, will be added to the Army over the next three years, officials said. The Army's EW personnel will not only be experts in fighting the threat of IEDs, but they will be versed in a much more complex challenge of controlling the electromagnetic environment in land warfare by tactical employment of the three major EW tenets: electronic attack, electronic protection, and electronic warfare support -- to gain an advantage in support of tactical and operational objectives across the full spectrum of operations. PM EW is poised to supply these Soldiers with the tools they need to operate within the EW spectrum, Mentzer said. "PM Electronic Warfare will enable and support these adaptive, versatile and full- spectrum-capable Electronic Warfare Soldiers with the highest technology possible," Mentzer said. Product Managers CREW, Prophet and Information Warfare will remain under the EW charter as the organization poises itself to take the prominent position in fielding and sustaining systems, which will meet the Army's EW needs. PM EW currently fields various versions of Counter RCIED Electronic Warfare Systems, Prophetenhanced systems and a multitude of classified systems. In fiscal year 2009, the organization fielded more than 36,000 CREW devices as well as more than 30 Prophet systems. Over the near term, Mentzer said he plans on working closely with the G3 as they define the requirements and the direction the Army will take in the realm of EW. Page 6 In summarizing the role EW will play in the Army in current conflicts, as well as in the future, Gen. Raymond Odierno, Multi-National Force-Iraq commander said, "I think by having (EW specialists) within every unit in Multi-National Corp-Iraq, in Afghanistan and any future operation, it will better enable our forces to combat the threat that is inside the electronic warfare spectrum." "This expertise and capacity will obviously help save the lives of our Soldiers and it will also help us to move forward and understand the spectrum as we continue to develop our operation." Table of Contents Secret Teen Hacker Army Ridiculed By John Leyden, The Register, 24 September 2009 The UK government's reported decision to employ ex-hackers to work at a newly-established Cyber Security Operations Centre have met with derision from both a high-profile former hacker and an acknowledged cybersecurity expert. Lord West, the Home Office security minister, first suggested that former hackers (or "naughty boys", as he described them) might play a key role in Britain's revamped cyberdefence strategy back in June. At the time it seemed like just another in the admiral-turned-minister's growing list of eccentric observations on various aspects of security policy. For example, he later suggested that a net-flinging entanglement "bazooka" designed to stop speedboats might be just the job for use on "topless lovelies". This was doubtless surprising to its developers, who saw it as a weapon against USS Cole-style suicide attacks. However, last weekend the Sunday Express reported that the MI5 had hired "50 computer-savvy hackers – some of them still teenagers – to work in a newly formed top secret Cyber Operations Command." The majority of the teens are Asians, the paper adds. All are subject to the same level of background security checks used to clear the employment of other intelligence staff. The Sunday Express helpfully adds that this means they have signed the Official Secrets Act and are forbidden from "tell[ing] their parents or girlfriends what they do in the windowless basement area in the Security Service building beside the Thames". Lord West reportedly described the new hires as "youngsters who use their talents to stop other hackers from closing down this country". Mathew Bevan (AKA Kuji), a British hacker arrested and unsuccessfully prosecuted for hacking into secure US government networks back in 1994, who later became a successful security consultant, helped us pick apart the many implausibilities of the story. "These hackers were described as having been 'naughty', but did not have any criminal records," Bevan told El Reg. "How on earth they came to the attention of GCHQ without getting caught (as being caught would suggest that charges would be brought, and if not how come?)." Bevan noted the lack of buzz about any attempt to recruit hackers by members of the security service. "I have not heard of any UK hacker/ex-hacker/naughty boy actually having been approached to work at this level," he said. "The truth is that of course they couldn't find 50 UK hackers, because those who are actively hacking are doing their best to not get caught. So they had to outsource to India or China. This begs the question, how on earth did these people even manage to pass the stringent security checks which are performed to work within government offices? Even the USA is saying that due to the amount of hacking coming out of China, that employing Chinese to secure America's Government machines is perhaps not a good idea." The Welsh former-hacker turned successful hypnotherapist concludes that the whole MI5 hackerhire story is exaggerated, at best. He speculates that the motive for creating such an elaborate yarn might be one of gaining bragging rights, a posture full of contradictions. Page 7 "So this elite team of 'naughty boys', of course, it's not true," Bevan said. "The details have been exaggerated at the least but most likely have been made up, just another attempt at psyops and a way of us to look cool to the American administration, which has said it has hired hackers." "We have to go bragging to the world that we have ex-hackers in our employment whilst at the same time we are actively trying to extradite or prosecute others. This is sending out a conflicting message as to whether hacking is wrong or a career choice. When it comes to team size, if you have to claim that you have such a big and impressive one everyone knows that its probably very tiny and disappointing," Bevan concludes. Security consultant Rik Ferguson, someone who has actually worked with GCHQ, said that the idea of idea of hiring reformed hackers to face off against state-sponsored cyberspies, tech-savvy terrorists and cybercriminals from eastern Europe is woefully misguided. "What really upsets me with this story is the implication that *only* young (former) criminals have the skills required to carry out the work necessary to combat cyber terrorism," Ferguson writes. "I have not personally met any of the team that have been hired for these posts at Cyber Operations Command, but I have a feeling that they wouldn’t care too much for the implication either." Ferguson repeats Bevan's point that the government is sending out mixed messages about the legality of hacking, more influenced by Hollywood than reality, by suggesting it is both reprehensibly criminal and simultaneously a useful national security skillset. "It is entirely unacceptable that our security services and our government are broadcasting the message that the only qualification necessary for a job in MI5 is being a hacker (one bad enough to have got caught). People who have been found to have broken the law should not be allowed to profit from their misdeeds, especially by way of an employment offer in the very field of their criminal activities. Would you hire a convicted embezzler as a your accountant? How about a teenage convicted embezzler?" Ferguson's critique of "schoolboy tales of hiring 'naughty boys' for hi-tech derring-do" can be found here. Table of Contents Air Force Activates New Cyberspace Defense Unit Air Force combines space and cyberspace under single command By Amber Corrin, Defense Systems, Oct 06, 2009 The Air Force has activated a new communications organization that will support the Air Force's Space Command, a new command that combines space and cyber-space operations under one organization. The new 689th Combat Communications Wing, headquartered at Robins Air Force Base in Georgia, specializes in deployed communications. The wing will play a support role in combat theaters where resources are sparse, such as Afghanistan, and in humanitarian aid operations, according to the Air Force. The dedicated cyber command, the 24th Air Force, reports to the Air Force Space Command. The Air Force created the cyber command this year, and it became operational Aug. 18. “As we activate the Combat Communications Wing, that fills in a critical niche,” Maj. Gen. Richard Webber, commanding general of the 24th Air Force, said at a commemorative ceremony Oct. 5, according to a report from local news service macon.com. Webber added that the “cyber warriors” would have a “high rate of deployment,” the report said. The 24th Air Force's integration under Space Command represents a landmark in Air Force operations, combining space and cyberspace under a single organization. Like traditional Air Force units, the 24th is set to provide forces for combat -- but unlike traditional units, these forces can also conduct cyber warfare. The CCW is the newest of three sub-organizations supporting the 24th Air Force; the other two are the 688th Information Operations Wing and the 67th Network Warfare Wing. Page 8 Commanded by Col. Theresa Giorlando, the CCW nationwide will comprise roughly 6,000 active duty, reserve and National Guard airmen, as well as civilian and contractor support from the 3rd and 5th Combat Communications Groups, ten Air National Guard Combat Communications units and four Air Force Reserve Combat Communications squadrons. “We are going to be the cornerstone for dominating cyberspace,” Giorlando said at the ceremony. Table of Contents Terrorists Nearing Ability to Launch Big Cyberattacks against U.S. By Jill R. Aitoro, NextGov, 10/02/09 The biggest threat to U.S. computer networks is terrorist organizations that will purchase software code from cybercriminals to penetrate sensitive systems, a possibility that could be just a few years away, information security and former intelligence officials said on Friday. Although enemy states often are blamed for cyberattacks against the United States, it is not common because political and financial repercussions dissuade most countries from launching a widespread effort, James Woolsey, a former CIA director, said during a panel discussion at the International Spy Museum. The talk was part of the launch of a new gallery on cyber threats. "We don't have the [degree] of strife [with] those that have these capabilities -- such as China and Russia," that would cause them to attack the United States, Woolsey said. "The ultimate problem we face is the possibility that we will have an enemy whose objective is total destruction." Power plants are a prime target, he said, with the goal being to take down the electric grid. "Would anyone want to do that?" Woolsy asked. "Yes. We saw their faces on 9/11." Al Qaeda and other Islamic terrorist organizations are honest about what motivates them, he said. "They believe God wants to destroy the U.S.," Woolsey added. "That's a different kind of enemy." While most nation states have the capability to launch a widespread cyberattack, but choose not to, terrorist organizations have not yet developed the necessary computer programming skills to do significant damage, according to Mike McConnell, former director of National Intelligence. "When terrorist groups have the sophistication, they'll use it," he said. That could happen within the next few years as cybercriminals peddle through the black market the software programs needed to launch a debilitating cyberattack, said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. "When does stuff get good enough for al Qaeda to go buy it? That will happen in the next few years," he said. McConnell also noted the possibility that enemy nation states will use a terrorist organization as a proxy, providing the technology but denying involvement. Among the most effective strategies to combat cybercrime and terrorism is international engagement to support global criminal investigation and legal action against those tied to cyberwarfare activities, Lewis said. "We agreed to not sell nuclear weapons to terrorists and that's worked out pretty well," he said. "Now we need agreement among nations to not supply terrorists with these capabilities and to support better cybercrime laws" to pursue those that support attacks. Table of Contents Cyberspace the Battleground "For Next World War" By Marc Chacksfield, Tech Radar, 7 October 2009 The telecommunications arm of the United Nations has been discussing the future of cybersecurity, asking nations to batten down their internet hatches and prepare for an online war. Speaking at the ITU Telecom World 2009 conference, the boss of the UN International Telecommunications Union (ITU) Hamadoun Touré explained: "The next world war could happen in cyberspace and that would be a catastrophe. Page 9 "We have to make sure that all countries understand that, in that war, there is no such thing as a superpower." Cyber-sheriff Outlining the seriousness of a web war, Touré noted that the "loss of vital networks would quickly cripple any nation, and none is immune to cyber attack." One way that nations can prepare for cyber-attacks, explains Touré, is the most obvious one – better online security. "The best way to win a war is to avoid it in the first place," he explained to delegates at the conference. It seems the message is getting through, as according to the Associated Foreign Press, US Secretary for Homeland Security Janet Napolitano has ordered 1,000 cybersecurity bods to look after America's online security. Other nations bolstering their security for the web include South Korea, who are to begin training 3,000 'cyber-sheriffs'. Cyber security has been highlighted this week after it was revealed that thousands of Hotmail accounts had been hacked into. Google, Yahoo and AOL have also had their security compromised. Table of Contents Operation Phish Phry Nets 100 Suspects By Tony Bradley, PC World, October 07, 2009 United States and Egyptian authorities began rounding up 100 suspects indicted in connection with a two-year investigation dubbed "Operation Phish Phry." Operation Phish Phry involved the United States Attorney's Office, FBI, Egyptian authorities and the Electronic Crimes Task Force in Los Angeles. The 53 suspects in the United States are concentrated in North Carolina, Las Vegas, and Los Angeles, with the majority being from LA. The FBI stated that the number of individuals involved in the phishing scam make it the largest number of defendants ever charged for the same cybercrime. Phishing itself is a play on words. It is a cyber-attack that relies on social engineering to dupe users into divulging sensitive information or downloading malicious software. It derives its name from the use of bait, such as emails and web sites that appear to be from respected, legitimate sources, to attract victims, similar to the way anglers rely on lures to reel in fish. Typically, a phishing attack begins with an email that is designed to look like it is from a bank or financial institution. The email generally contains a message directing the user to respond with account information or username / password credentials, or provides a link which directs users to a counterfeit web site designed to look like the authentic site for the financial institution in question. The information provided by victims is collected by the attackers and later used to steal the victim's identity or access the victim's accounts and remove funds. The ring broken up by Operation Phish Phry originated with phishing attack emails from the Egyptian suspects. Those phishing attacks collected account data and personal information which was subsequently used to access the victim's accounts at Bank of America and Wells Fargo and remove money. The Egyptian hackers enlisted the aid of partners in the United States to assist with moving money from the compromised accounts to launder the funds. There are three primary ringleaders in the United States. The other 50 suspects are alleged moles or runners who set up fraudulent accounts to deposit the stolen money and facilitates transferring funds to Egypt to pay the hackers their cut of the spoils. Page 10 The 100 suspects face a 51-count indictment accusing them of conspiracy to commit wire fraud and bank fraud. The ringleaders face additional charges of aggravated identity theft, money laundering, and unauthorized access to protected computers. All of the suspects face possible prison terms of up to 20 years if convicted. Table of Contents Navy Moves to Meet Information Age Challenges By Gerry Gilmore, posted on War on Terror News, 3 Oct 2009 10.02.2009 WASHINGTON - The Navy is merging its information technology, intelligence and communications operations into one organization to better address Information Age challenges, including threats to computer networks, the Navy's top officer said here Oct. 1. "If we as a Navy are to remain dominant in this Information Age or Cyber Age, or whatever moniker you choose to put on it, I think that we have to take advantage of the new opportunities that exist, such as the vast stores of collected data -- information and intelligence that often lie at rest, unrecoverable, unavailable and untapped," Navy Adm. Gary Roughead, chief of naval operations, said during remarks at a Center for Strategic and International Studies-sponsored event at the Washington Hilton Hotel. Because the Navy must capitalize on its ability to access, filter, analyze and then disseminate information to warfighting commanders for action in real time, Roughead said, it's consolidating its intelligence directorate, communications networks and related information technology capabilities to form a single new organization: the deputy chief of naval operations for information dominance. The reorganization is slated for completion by year's end. The Navy also is standing up Fleet Cyber Command, Roughead said, to be operated by the reconstituted U.S. 10th Fleet. The 10th Fleet was involved in efforts to thwart enemy submarines during World War II. The Air Force and Army also are standing up organizations that focus on information operations and network security. Fleet Cyber Command will be a subordinate unit to U.S. Cyber Command, the formation of which was directed by Defense Secretary Robert M. Gates on June 23. Cyberspace presents "a huge potential vulnerability for us because of our dependence on the electronic world for communications – for everything we do," Gates said during a Sept. 16 speech at the Air Force Association conference at the National Harbor in Maryland. It is important, Gates said, for the Defense Department and the military services to integrate the different information technology and communications elements "from exploitation to defense," to achieve unity of effort. Today's Navy requires "uninhibited access to assured communication capabilities in cyberspace" to operate, Roughead said. However, he added, ever-present online saboteurs with various allegiances and intent make cyberspace a daily battlefield. "We must be prepared to operate in cyberspace when it's denied, and then we must also be able to deny space when it's required or when it's appropriate," Roughead said. People are key in cyberspace, Roughead said, and that's why the Navy is moving its information technology, intelligence, information warfare, oceanography and space cadre specialists into a new Information Dominance Corps. Now numbering about 44,000 officers, enlisted members and civilians, the corps is slated to add 1,000 trained technicians in the near future, Roughead said. Military members will retain their current branches and skill ratings, he added. The consolidation of information technology, communications, intelligence and other assets moves away from the Navy's tradition of stove-piped organizations, Roughead said, which "have really caused us to sub-optimize our ability to aggregate combat capability and the movement of information in ways that can maximize the effectiveness of a fleet, of a unit or of an individual." Page 11 Military officials have found that new technology has mitigated concerns that battlefield data collected by unmanned aerial vehicles and other methods in overseas combat zones would be overwhelming to commanders, Navy Vice Adm. David J. Dorsett, director of naval intelligence, told reporters at the Hilton after Roughead's speech. U.S. forces in Iraq and Afghanistan, Dorsett said, have successfully employed a series of tools that "enabled operational commanders, down to the brigade and, in several cases, the battalion and that type of level, to get large quantities of information." Another aspect of this tool set, Dorsett continued, involves systems that can rapidly "fuse, synthesize and make sense of this tremendous volume of data" by overlaying or sorting it according to the category of intelligence, such as technical- or human-based. "That overlaying then provides clarity and leads to operations against adversaries, insurgents, terrorists," Dorsett said, noting the system has been "very, very successful" over the past few years. The Navy is working with other agencies to apply these proven information-technology tools in the maritime security environment, Dorsett said. "We are using the Navy's intelligence structure and the Navy's oceanographers, overlaying information concerning how pirates operate – trends, activities, et cetera – with what the weather looks like over a period of time," Dorsett said. That information, he added, is shared with U.S. partners to determine where anti-pirate forces need to operate. "And, what we've seen is fairly significant successes in putting forces in the right place -- really over the last few weeks – to counter pirates in their attempts to hijack ships," Dorsett said. Table of Contents Army Explores New Paths to Secure Communications By Barry Rosenberg, Defense Systems, Oct 01, 2009 Secure communications has arguably been the highest priority for military services since allied code breakers deciphered the German Enigma encryption and decryption machine during World War II. Security often comes in two flavors: what can be done now to improve existing networks and what future network architectures should look like in the long term. For the latter, the military services were depending on the Transformational Communications Satellite (TSAT) to provide protected satellite communications. The Army, in particular, was counting on TSAT to bring protected communications to the fourth increment of the Warfighter Information Network-Tactical (WIN-T) on-the-move communications program. Earlier this year, Defense Secretary Robert Gates canceled the TSAT program. So what is the Army’s plan for protected communications in the 2015 time frame? “The requirements document calls for Increment 4 to connect with high-bandwidth, protected satellite transmissions — capabilities the TSAT program was meant to achieve,” WIN-T Project Manager Col. Chuck Hoppe said. “Following the termination of the TSAT program, the Department of Defense is re-examining the capabilities required and how best to meet those needs.” “The Army is investigating how to bring protected, communications-on-the-move into a smallaperture, on-the-move antenna, needed for Increment 4. These investigations currently are looking at what capabilities can be achieved with the Advanced Extremely High Frequency satellite program.” The AEHF program consists of three satellites in geosynchronous orbit, which are being designed to replace the Milstar satellites. Lockheed Martin and Northrop Grumman are building the satellites, which are expected to transmit data at about 8 megabits/sec, and each AEHF satellite is said to have greater capacity than all six Milstar satellites combined. The companies plan to launch one satellite in 2010, 2011 and 2012. Page 12 Near-term goals In the near term, the Army’s plan for the Global Network Enterprise Construct, which will bring together the Army’s various networks in a single enterprise that connects to the larger Global Information Grid, depends on secure communications. “The GNEC concept can’t work without a safe, secure network,” said Maj. Gen. Susan Lawrence, commanding general of the Army Network Enterprise Technology Command (Netcom) and 9th Signal Command. “The mission demands it, the warfighter relies on it, and we have an obligation to deliver it. “We’ve developed a comprehensive strategy to ensure that the [Secure IP Router Network, Unclassified but Sensitive IP Router Network] and all the elements of the enterprise network provide that safe and secure operating environment. Our approach enhances our defensive capabilities, improves the sustainment of programs, leverages our partnerships with industry, and develops more effective rapid detection and response capabilities. We're partnering with the military intelligence community to improve predictive intelligence as well. This strategy will allow us to dominate and win the Army’s cybersecurity fight.” Lawrence described the Army’s center of gravity in this fight as its security centers: the Army Global Network Operations Security Center and Theater Network Operation Security Centers. “The AGNOSC and TNOSCs are the network’s guardians,” she said. “They work on a daily basis to detect, analyze and overcome the threat to theater and global network operations, helping our forces to maintain information dominance. Additionally, the TNOSCs also provide network operations and service-desk functions, while the AGNOSC serves as the Army’s operational arm into the world of the Joint Task Force-Global Network Operations. Together, they represent the Army’s key LandWarNet cyber defense capability.” That emphasis on security helps to facilitate Netcom’s evolution from being a network and communications manager to a cyber force. “In a very real sense, we already are the Army’s cyber force,” Lawrence said. “The Army Global Network Operations Security Center currently performs or supports around 92 percent of the missions expected to go to the future Army Cyber Command. They and the TNOSCs perform critical functions in the operations and defense of the network, enabling and preserving the commander’s battle command capability, situational awareness and decision superiority.” “While command and control warfare is the primary focus for cyber operations at the strategic level, the center of gravity at the operational and tactical levels, as evidenced during Operation Rampart Yankee, [a computer exercise], is operations and defense of the network — something we are successfully doing today.” The evolution continues Army voice communications are on the threshold of a transformational change, said Steven Schliesman, chief of the Technical Management Division and project manager of the Network Service Center at the Program Executive Office for Electronic Information Systems, speaking at the Army’s LandWarNet Conference 2009. That change involves the evolution of voice over IP to VOIP for secure networks, which is known as VOSIP. There are 50,000 users in the DOD VOSIP environment, but the vast majority are at the tactical level in Iraq and Afghanistan. In the continental United States, the VOSIP disappears, leading to a breakdown in secure voice communications between the continental United States and operational theaters. “Presently, the Army lacks an enterprise-level view for VOSIP that provides centralized management and appropriate planning, implementation, operation, maintenance and funding that is also aligned with the Global Network Enterprise Construct,” Schliesman said. There are a number of additional challenges related to VOSIP, Schliesman said. “VOSIP deployment is dependent on the availability of the [Secret IP Router Network] infrastructure, which in [the United States] may not be as far along as it is elsewhere. In addition, VOSIP usage is expanding, Page 13 and there is a desire to use a single desk phone that would accommodate connectivity to both classified and wireless networks and would support secure and nonsecure communications.” Arguably the greatest challenge is that there is no single, authoritative voice for VOIP in the Army. Unlike the strong vision that has been expressed for data transmission over the network, there is nothing like that for voice. “Who is the proponent for voice, and how do we get our architecture solidified, like we’re doing in the data world?” Schliesman said. Black key over SIPRnet Another important secure communications development is the capability to transmit the encrypted key, sometimes known as the black key, via SIPRnet. Until now, an encrypted key has been a 128bit binary code stored on a CD, floppy disk or USB drive that was necessary to encrypt radio transmission and scramble voice transmission. Typically the key had to be physically taken from one place to another, which exposed the courier to the danger of improvised explosive devices or hostile fire. That reality, combined with the Army’s recent ban of thumb drives to prevent the spread of viruses and loss of important data, prompted Army computer engineers to figure out a way to transmit the key electronically. “We were able to use existing resources to develop a workaround given the ban on USB devices,” said Ken Maloon, project lead for Encrypted Key Distribution (EKD) over SIPR for Product Director Network Operations at Program Manager WIN-T. The application used to download the encrypted key to a SIPRnet terminal is a Tier 3 Download Utility. The utility runs on a SIPRnet terminal at a higher echelon brigade or above, where the key is transmitted and then downloaded at the receiving terminal. The utility doesn’t generate any data. It is basically a pop-up box, similar to one used to attach a file to an e-mail message, and it is a mechanism to get the data from the higher-end SIPRnet terminal at brigade level down to a lower SIPRnet terminal at the company level. Because of the urgent need for the black key, the program can acquire a certificate of networthiness from Netcom for use of EKD over SIPRnet in two weeks, instead of the 90 days that the process usually takes, Maloon said. Table of Contents Page 14
