June8,2011 Cyberwarfare:TheComingBattles Inthenextthreeweeks,thispaperwillbetakingyouonatourofthenewestformofwarfare,the bloodybattlesalreadybeingfought,themindshreddingcomplexities,thethreatsevenminorenemies canimpose,theplanstodefendournationandalliesand,neverleast,whattheyouthofthecountry needtogearupfor.So,letsstartwithasimplequestion:Howseriousisthisnewformofwarfare? ThereisavasthydroelectricplantatShushenskayainSiberia. 1 Size?Abouttwicethesizeofthe Hooverdam.Insidetheturbineroom,wherethousandsoftonsofwaterspeedthroughhugedynamos generatingelectricity,thereare10turbinesproducingelectricity.Anaccidentoccurred.Well,itwas initiallycalledanaccidenttoallowtheRussianequivalentoftheFBItotryandfindthecyberattacker. Whatthecomputerhackerdid,wastoallowthefullpressureofwatertooverspeedanoutofservice turbineandthenreversedtheelectricity.Thestrainonthewildlyspinningrotorprovedtoomuchandit explodedlikeawaterhammer,destroyingthedamsgeneratorroomandkilling74people.

Oh,and40 tonsoftransformeroilwerespilledintotheYeniseiRiverkilling25%ofthetroutfisheries,about400 tonsoffish(sofar). Threesimplecommandsfromahackersittingfarawaydestroyed12%ofRussiasconventional electricsupply,killedskilledworkers,andcausedmassiveenvironmentalandfinancialdamage.Howbad wasthisattackcomparedtootherevents?ThemonetaryeffectonRussiaseconomywassimilartothe Japanesenuclearreactormeltdown.Inotherwords,devastating. Sofar,nooneissurewhocausedtheattack.AEuropeancybersecurityexpertexaminedthecode usedintheattackandsaysthewormwaswrittenbyalargeteamwithvaryinglevelsofexpertise.The expertpointedouttherewerepeopleonthatteamwhowerecomputercodeexpertsaswellaspeople whounderstoodthefunctioningofcentrifuges(turbines).AsimilarcyberattackwaslaunchedbyIsrael againstIransnuclearmaterialsprocessingplantlastyearthatwasheraldedasthemosteffective weaponemployedbyIsraeltodate(againstthreatstothecountry). Whatisworryingisthatthelevelsofexpertiseneededtolaunchsuchattacksarereadilyavailable, eveninsmallcountries,criminalorganizationsordissidentgroups.TherearetheHongKongBlondswho callthemselvescybersamurai,ororganizedcriminalgroupsconductingcybertheft,andshadowyteams

http://www.youtube.com/watch?v=mmOOZJ7mdqYorhttp://www.youtube.com/watch?v=luSgoEjw7CM andhttp://www.bigpicture.in/thesayanoshushenskayadamaccident/

ofanarchistswithinChinaandRussiatheCIAhascalledcybermilitias.Toquotealeadingmilitaryjournal here,massivedamagecanbeinflictedontheUSthroughthecybersphereandthereisnowayto stopit. 2 AndtheShushenskayaplantaccident?Turnsoutitrevealedanotherangletoworryabout: cyberfratricide.Aplantworkeraccidentallyorinangersenttheerrantcodefromhome.European expertsareskeptical.ButtheabilitytoturnthatkindofmistakeintoaweaponhasthePentagon quakinginfear(andatthesametimeusingthesamemeansasaweapon).TheIsraelisdidexactlythat when,in2007,theyshutdownSyriasairspaceandairdefensetobombaN.Koreandesignednuclear labthere. TheproblemfacingUScyberwarriorsandplannersisthis:USlawsdonotpermitpreemptivestrikes againstpossibleenemiesandsometimesyouonlyhavefractionsofasecondtostopsuchattacksby employingdeadlypreemptivemeasures.Nextweek,welllookatwhatournationisdoingtoensure yoursafety.Andwhattheywishtheycoulddo. end Cyberwarfare:AirForcetotheRescue? The24thAirForcedivisionisresponsibleforconductingUSdefensecyberoperations.Lt.Gen. MichaelBasla,vicecommanderoftheAirForceSpaceCommand,wecantdefendthewholenetwork justlikewecantdefendalltheairdomain.Insteadwedefendtheportionweneedtooperatein.Weve doneitalreadytoassure[supportfor]Predator[inAfghanistanandIraq]andspacelaunchoperations. Buthesworriedaboutthemultiplenetworksandsystemsemployedbythemilitary,evenseparate oneswithintheAirForce.HethenwentontoexplaintheneedtointegrateallUSbasedcyberdefense, Wemustreducecomplexityandimproveprocessesbyhomogenizingthesenetworks.Now,ifthat doesntringalarmbells,nothingshould.Duringthecrisison9/11thepolice,FBIandfirefighterscould noteventalktoeachother,letalonetheFBI,CIA,NSA,Mil.Intel,etc.,etc.AsYogiBerrawouldsay,Its djvualloveragain. Meantime,Americandefenseisnotonlymilitary.ThereisalargecompanycalledLockheedMartin thathasa24/7mannedcyberdefenseoperationstaffedbysome400employeestrackingand monitoringinternetandcybertraffic.Ifyoucan,imaginetheNASAmissioncontrolcenter,doubleitand addacoupleofhundredmonitors,workstationsanddedicatednerdsfightingoffattackseverysingle
2

AvWeekMay23,2011DigitalDeluge

day.LockheedMartinsellstimeontheirsystemtocorporations,banks,USgovernmentagencies.They are,afterall,adefensecontractor.Theymonitor145,0000computersdailyand700millionemailsa month,ofwhichonly300millionmakeitpastfiltersandneedtobeanalyzedbeforeemployeescan openthem. TheirsystemreliesonintelligenceanalysisaccordingtoLt.Gen(Ret.)CharlesCroomtheirVPfor securitysolutions,Youseeapatternandbegintopredictattacks.Hesaysyouhavetounderstand bothattackersandemployeesinordertopredictwhattheywilldonext.Andthereare7steps 3 tothe cyberkillchain:reconnaissance,weaponization,delivery,exploitation,installation,commandand control,andactionsonobjectives.Ifyoucatchthemearlyon,youcanneutralizethem,everythingfrom thekidwhostryingtomakeanamebybreakingintoamajorbusinesscomputerdatabasetothe professionalcybergangswantingtosteal,totheenemyintentondestroyingyou. HowsureisLockheedMartinoftheirabilitytothwartallattacksinthefuture?Notveryasthey admittheyarespending20%ofallrevenueonresearchanddevelopmentmodeledafterSiliconValley thinktankmethods.Whattheyreallyneedtodoisbuildautomation,nothumaneyesgluedtoascreen hopingtospotanattackbeforeitistoolate.Andthepeopletheyneedtorelyonfordevelopmentare all,shallwesay,mavericks.AttheNextGenCenterLockheedsharessuchR&DwithCisco,Intel,Juniper NetworksandSymantec.AndthenerdsthinkingandplanningareallowediPads,iPhonesandtheir preciousMacs,definitelynotmainframeaccess. MeanwhileCongressisboggeddown,thinkingwerestillinthe20thCentury,refusingtoallowsuch cyberdefenseoperationstocounterattackinpreemptivewaystopreventanattackbeforeitistoolate. ThinkaboutCrooms7steps(above),ifyoucanstopanintruderatreconnaissancebeforeheadvances toweaponization,youaremorelikelytostopanattack.Ifyouseesomeonesnoopingaroundyour house,insideyouryard,callthecops.Withcyberwarfare,callingthecops(whocannottalktoeach otheranyway)wouldbetoolate.Perhapsitisbettertoshoottokill(atleastelectronically). end Cyberwarfare:WhoAreTomorrowsWarriors? 4 SchoolsarewrongaccordingtoLynnDugle,presidentofRaytheonIntelligenceandInformation SystemsWearelookingfortalentinallthewrongplaces.Andtheorganizations,agencies,and
http://www.militaryinformationtechnology.com/mithome/288mit2010volume14issue10 november/3693cybersituationalawareness.html 4 AvWeek,May23,2011
3

companiesthatmostneedthistypeoftalentwillbetheleastlikelytoattractit.Aerospaceanddefense areoverreliantonhistoricallearningmethodsandprocesses,shewentontoexplain.Shehasareal prejudicetowardpeoplewhowork9to5,arewillingtocontaintheirpersonaltimeofftothreeweeks, andtochargetheirtimein6minuteintervals.Whatshewantsarepeople,thenextgenerationof cyberwarriors,tocomefromwayoutsidethosenormaleducationalarenas. Forexample,shehasbeenrecruitinghackers.Hackercontestsareteamevents,tosolvethese thingsittakesmorethanonepersonandthenwesawahighschoolerwhohadenrolledasan individual.Hedidverywell.Soweidentifiedhimandfollowedup.HesnowworkingatRaytheon,from home,hiscar,wherever.Maybebetweenridesonthenearestwave,dude. DianeMillerofNorthropGrummantellsataleofhiringagaragemechanicpickedoutofa competitioncalledCyberPatriot,acompetitionsetuppreciselytohighlighttheserogueexperts. LockheedismeanwhileenrollingvolunteerstudentsintoitsCyberUniversity,andhavealreadyplaced 400500oftheseinjobsatLockheed,about25%ofthoseincyberwarfaredefense(oroffense). SpeakingofCyberPatriot,teamsfromhundredsofschoolsacrossthenationenteredthecompetition andwhentheteamshadbeenreducedto30,thestalkingindustryrecruitersmovedin.Andthesameis happeningatthecollegelevel.NorthropsCybersecurityResearchConsortiumincludesMIT,Carnegie MellonandPurdue.Buthighschoolanduniversitiesmaybetoolittletoolateforfuturecyberwarfare defense.DukeAyers,amajorplayerinCyberPatriot,thinksthatmaynotbegoodenough,Wecannot sitbackandwait,andthinkcollegeistheplacetotrainthem.Weneedtostartwithawarenesstraining, atkindergartenandabitolder,sotheyunderstandhowtoprotectthemselves.Thenastheygetolder, intheirearlyteens,weneedtoprovidetherealenvironmentinwhichtheycanlearntoprotectothers withrealsystems.HefeelsCyberPatriothasstartedthatprocessbyidentifyingtalentlateronandyet stillcreatingpeerpressureforothersmuchyoungertofollowthesamecareerpath. Meantime,thereisarealwargoingon,battlesfoughtandwon,foughtandlost,foughtanddrawn, everydayallacrossthenation.Yourcomputerfightsthebattleautomaticallywitheveryemailyou receivebutneedstobeupdatedeveryhour(orless)tomakesurethenewestidentifiedthreatis thwartedbeforeitistoolate.Butiftheattackerhadtargetedyou,onlyyou,chancesareyouwould havebeenviolatedbeforenow.Todayitmaybeyourlaptop.Tomorrowyourcar,viaOnStaroryourcell phonehookup,maybeputtingyourcarinreverseat70mphonthefreeway,causingcitywidechaos(not tomentionyourinjuries).Allthesethreatsarereal,andourdefenseindustryistryingtogettogrips

withthem.Itdoesnottakeapoorpilotatthemechanicalcontrolsofaplanetobringanation momentarilytoitsknees.Thereisthenewcyberenemywarriororterroristwemustsafeguardagainst. Congressneedstobepartofthesolutionorgettheheckoutoftheway.Ifthereisaprobeintoa computer,thecomputerandcyberwarriorsshouldbeallowedtofrightenthemofforcounterattack beforeitistoolate.Passiveresistanceisnoteffectiveinthecyberrealm.