RealSecurity

There are a number of folks in the security industry that have downplayed the realities of cyberwar. In some circles the conversation of cyberwar will elicit some interesting reactions and many tend to deny its potency relative to traditional warfare and traditional weapons. Moreover, many begin to blur the lines between cyberwar, cyberterrorism, and other cyberattack scenarios confusing the topic. In virtually every conversation of this nature I’m the one that stands out as the lone voice saying they’re not only wrong, but woefully underestimating the situation.

Let’s start by recognizing the basics, such as war. Simply put, war is destroying the enemy. To accomplish this you must obtain, maintain, and execute what advantages you have over the enemy. There are many dimensions to advantages, how to obtain them and use them. Also, there are key requirements to win a war, such as survivability, situational awareness, command and control, and for the purposes of this discussion, weapon superiority.

Throughout history advances in weapon technology dramatically changed the battlefield. Rifling of cannons and eventually the addition conical shaped projectiles radically increased accuracy and remain a mainstay of many projectile-based weaponry. The Gatling gun, which made its introduction in the American Civil War, provided a means to project massive force down range and was clearly a force multiplier. Although not technically a machine gun, which would come 22 years later, it was a major contributor to the change in tide of the Civil War. The invention of the tank and armored attack vehicles in WWI provided the means to break entrenched battlefield lines and their introduction initiated a much needed thrust across France. Of course, WWII ushered in not only jet powered flight and rocket power, but nuclear weapons. In Vietnam the helicopter changed from a reconnaissance and medical evacuation vehicle, as seen in the Korean War, to a troop insertion/extraction and attack platform unlike anything seen before, becoming a devastating close air support (CAS) weapon. Of course, starting in the 1970’s was the development of stealth technology that was unleashed most publically in the Iraq war during the early 90’s.

In short, weapons can change everything and anything that can be used as a weapon that offers even the slightest advantage over your enemy will be developed and deployed – conventional and non-conventional. Folks… it is war. Therefore, within this context, cyber (technologies within the internetworking and computing space) have evolved from “advantage acquisition” to weaponization because the battlefield now includes the virtual domain.

Early uses of cyber assets were mostly in the form of intelligence gathering to establish situational awareness and, of course, counter intelligence. Moreover, technologies were employed to advance communications and accurate mobilization of resources. For example, the Joint Strike Fighter (JSF) as part of the next generation strike fighter, multi-variation platform F-35 has highly sophisticated computers and communications to align multiple strike forces for effective, real-time battlefield management. Cyber has allowed for air, sea, and ground assets to work together in real-time so there is a shared and unified view of the battlefield conditions and enemy activity.

As technology became more attractive in intelligence communities it began capture the attention of the military to be used for more active interactions. This represents the evolution from technically as a battlefield enabler to intelligence activities to ultimately small pockets of tools that could engage the enemy. However, engagement within this context was predominantly surreptitious, such as quietly shutting down key systems of an advisory.

However, today the move to weaponization of cyber technologies is in full swing. Weaponization in cyberspace was initially taking hacker tools and tactics and refining them to be more effective, not unlike riffling of cannon barrels. It is converting something that is reasonably dangerous and can be generally targeted into a manageable device that can be consistently developed, effectively deployed, accurately directed at the target, and produces the intended results by effectively exploiting vulnerabilities in the enemy’s defenses.

A simple example is malware, which comes in all types of forms with a wide range of impact potential. However, much of what we experience today is indiscriminant because a common hacker’s mission is to infect any system and as many as possible to build a botnet for dishing out spam or just causing havoc. Clearly, the concept is sound in ensuing impact, but is not conducive to the ultimate role of a weapon. A meaningful aspect of weaponization is refinement to that it can be controlled. Even viral-like malware in the wild can be weaponized and retain its viral, self-propagating features, but will use highly sophisticated methods to operate in a predictable manner and even submit to in-flight commands. In some cases, the most sophisticated weaponized version of wild malware reflects an AI-like quality. As opposed to creating a command and control model the software is given objectives and a framework by which to operate.

This is not unlike some “smart bombs”, such as the Tomahawk, introduced in the 1970’s that is a low-altitude, long-range, sub-sonic cruise missile that would intelligently navigate terrain to the target. Later versions (2003-2004 timeframe) would accept in-flight target modifications and make course corrections based on onboard digital maps and GPS, unlike early radar guided versions. Today, there are far smarter bombs that make sophisticated decisions nearly autonomously to complete the mission. A firing solution has moved from physical attribution (temperature, wind speed, altitude, direction, velocity, weather, pitch & yaw, barometric pleasure, power, trajectory, and navigation points, etc.) to directive-based, fire-and-forget autonomy allowing the weapon to make certain decisions on its own. Actually, a lot of this autonomy can be seen in unmanned military vehicles, such as one of my favorites, the Protector, a remote unmanned controlled surface vehicle (USV) (a boat) that offers compelling autonomy allowing the commander to provide basic and general guidance, such as patrolling a bay, river, harbor, and other waterways. Therefore, it is completely natural to see this same technical weapon autonomy strategy materialize in cyberspace.

Of course, weaponization has moved well into the development of completely new forms of cyberweapons. Things that have been researched, developed, tested, and refined from scratch, to create completely new types of weapons, not unlike the hydrogen bombs of WWII – game changers. Fundamentally, cyberweapons are no different from a missile, but instead of traversing the physical domain, it travels across the virtual domain. In fact, as I write this DARPA is developing (and have likely completed) a cyber range – an environment for test firing cyberweapons.

Weaponization of cyberspace is a reality and it is becoming a focal point for various governments, and dare I say a significant trend here in the US. As I write more posts relative to cyberwar and cyberweapons, we’ll get more into the different types of weapons that are coming into existence. It should be of no surprise that on a fundamental level they will mimic real-world weaponry and weapon platforms because the basic rules of war apply. However, how they will manifest and be employed are clearly different. Nevertheless, before we can get into the details of cyberweapons, my next post is going to be on “theater of war”.