By ENS Shane Halton, USN
May 2014
https://www.usnwc.edu/mocwarfighter/Article.aspx?ArticleID=25
In their new book The Second Machine Age Work: Progress, and Prosperity in a Time of Brilliant Technologies, authors Erik Brynjolfsson and Andrew McAfee note that there is often a productivity lag following the introduction of new technologies to an industry. This lag exists because while the new technology offers potentially revolutionary gains in productivity and efficiency, it often takes time to develop and implement the business practices most capable of harnessing the power of the new technology and to phase out old practices based on suddenly obsolete technologies.
The U.S. Navy is currently undergoing just such a productivity lag with regards to “cyber warfare.” The potential advantage of employing cyber capabilities to accomplish operational objectives is apparent after even a cursory glance at headlines from the past two years. Secure databases have been raided, vital information continues to be compromised at an alarming rate, industrial production has been directly attacked by malware, and new vulnerabilities in critical systems across the world are discovered daily. It is clear that there are actors, state-funded or otherwise, working alone and collectively, that are capable of wielding immense power in our digital age.
However, it is not yet clear how the Navy should best integrate cyber capabilities into existing operational frameworks and sufficiently educate military personnel as to the cyber capabilities that have combined to form an important new dimension of modern warfare. This article argues that, for the Navy to effectively harness the tools of cyber warfare and make best use of the personnel who develop and employ those tools, two things must occur.
First, the concepts and terminology of cyber warfare must be integrated into the existing operational framework of the Joint Targeting Cycle. While this will necessarily entail a “dumbing down” of some of the more esoteric cyber capabilities, it is the best way to ensure that the power and limitations of cyber warfare tools are made intelligible to the broadest possible grouping of “conventional” military planners and decision makers. Second, this “new” cyber-informed targeting cycle must be tested against existing operational plans in order to make decision makers aware of their options in an actual conflict and to allow exploration into new possibilities that might arise if conventional strike capabilities are supplanted by cyber tools.
The Joint Targeting Cycle (hereafter JTC) is a time-honored operational framework designed to ensure that during a pre-planned kinetic engagement, the right target is attacked by the right asset at the right time. Over the years its methodology has been expanded to encompass the operations of everything from Army artillery units to Navy strike fighters to multi-service Special Operations Forces (SOF) demolition teams. Though different branches of service, and different components within those services, have created customized approaches to the targeting cycle it continues to rest on basic four steps executed in sequence: Decide, Detect, Deliver, and Assess.
Though the employment of cyber warfare tools does not yet possess this clarity of vision and purpose, and is too often characterized by jargon and technical complexity, recent work by Captain Ryan Ostler, USAF, suggests a method to effectively align cyber operations with conventional combat doctrine. Capt. Ostler's Air Force Institute of Technology thesis Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling (2011)1 is primarily concerned with defending Allied military networks against infiltration and attack and in developing the post-attack forensic analysis required to conduct Battle Damage Assessment (BDA) and identify the attacker. Capt Ostler recommends that military personnel charged with network defense develop two databases; the Cyber Attack Methodology Exhaustive Listing (CAMEL) and the Cyber Attack Methodology Attack Tree (CAMAT). The CAMEL is a comprehensive list of all cyber tools known to be at the adversaries' disposal. Think of it as a cyber order of battle (OOB). The CAMEL is ever-changing and must necessarily be updated with the latest intelligence regarding adversary capabilities to be most effective. The CAMAT, by contrast, is comprised of a series of attack “trees” detailing how a particular enemy cyber attack would unfold against an Allied network and the likely effect on the system targeted. The methodology developed by Capt Ostler to defend Allied networks can be reverse engineered to attack adversary networks. By supplementing the steps of the traditional JTC with CAMATs, military planners can add cyber attack options to conventional strike plans. The first step is for cyber specialists to construct an Allied CAMEL database that explicitly details all the cyber attack capabilities available to a planner. Then the capabilities detailed in the CAMEL are converted into decision trees based on specific mission requirements. These decision trees become the CAMATs for a mission.
It is important to highlight the role of Information Dominance Warfare (IDW) qualified personnel in the process of converting the CAMEL into mission specific CAMATs. Intelligence, Information Technology and Cytological system personnel who have achieved their IDW qualification possess significant familiarity with the tools and language of cyber warfare as well as the fundamentals of the JTC. This knowledge places IDW-qualified personnel in a unique position to help translate the jargon-heavy and technically complex world of the cyber specialist into the more direct and immediate requirements of operational strike planning. IDW personnel would ensure that as CAMATs are developed they are constructed using language typically associated with “conventional” military options. Thus, a cyber capability detailed in a hypothetical CAMEL as “using an exploitable logic error to gain root access to a power station SCADA system” might be translated into a CAMAT as “gaining remote control of the local power grid.” In this way, the CAMAT can become a plain-language alternative to kinetic strike options in the JTC.
Contingency plans exist at the operational level of warfare, making Maritime Operations Centers (MOCs) ideal venues for the Navy to begin integrating the cyber dimension of war into current plans and educating operators on the capabilities and limitations of cyber tools. Luckily, this process need not be particularly time or resource intensive. At its core, the CAMEL is merely a knowledge database, one that can be updated and maintained by a handful of specialists working in the MOC’s N39 shop in coordination with Tenth Fleet assets co-located with Fleet MOCs. Once the CAMAT for a particular mission is developed, the process of testing, or war-gaming, the offensive CAMAT against a defending human opponent with a comparable tool set can be automated.
This potential for automation exists because the CAMAT is a list of logical decision trees with a limited number of options available to an operator at every step. Similar to a game of chess, the relatively high number of initial moves available to a player at the start of the game is whittled down as the opposing player makes counter moves and pieces (here, attack options) are removed from the board. An example of this might be an air defense missile system receiving targeting information from a nationwide integrated air defense network. Suppose a CAMAT was developed to infiltrate the network and feed false target track data to the system. A defending cyber operator who becomes aware of the attack might instruct the air defense system to disconnect from the network manually. Though disconnecting from the network would force the system to rely on its own radars, thus degrading its overall functionality, it would greatly reduce its vulnerability to additional cyber attacks.
The above scenario highlights the necessity of continually war-gaming cyber attacks in order to study the secondary, tertiary, and potential unintended effects. Moreover, it also points to crucial differences between a target’s physical and cyber vulnerabilities. For example, the disconnected air defense system in the above scenario would remain highly vulnerable to a cruise missile or anti-radiation missile strike even as its vulnerability to cyber attack disappears completely. To address similar disparities in the physical and cyber vulnerabilities of a target, this article argues that the MOC N39 shop, again in coordination with Tenth Fleet, should focus on developing a third database to complement Capt Ostler’s CAMEL and CAMATs concepts; the CAVEM. The Cyber Attack Vulnerability and Effects Matrix (CAVEM) would allow mission planners to quickly reference the advisability of employing a CAMAT against a target. The CAVEM database doesn’t need to be particularly complex for most scenarios; assigning a simple 0-10 value to targets would suffice (for example, a railway bridge would have a cyber vulnerability of zero). More detailed CAVEMs could illustrate the likely follow on effects of a cyber attack against a target, similar to the collateral damage estimation tables used in conventional strikes.
The advent of cyber warfare promises huge advantages to those military organizations that can harness the technical expertise of specialists and make that technical expertise useful to decision makers and planners. The Navy, through its IDW qualification program, is developing a growing cadre of personnel capable of bridging the gap between “cyber experts” and operational planners using the CAMEL / CAMAT / CAVEM paradigm. In the final analysis, the fate of militaries in the era of cyber warfare is as much a question of organization and training as it is of viruses and vulnerability.
Ensign Halton serves as the intelligence officer for VFA-41 and is stationed at Lemoore Naval Air Station, California. He served as an enlisted intelligence specialist before commissioning as an intelligence officer through the STA-21 program. He has written about global air defense modernization trends and the effects of big data on intelligence analysis for Proceedings magazine.
1 Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling
Thesis - Ryan T. Ostler, Captain,
Department of the Air Force Air University
Air Force Institute of Technology
No comments:
Post a Comment