31 December 2019

The less-hyped, but more realistic threats to US national security

Robert Turkavage

Statements by President Donald Trump and some members of Congress have caused many Americans to view unsecured borders as the preeminent threat to our nation’s security. While secure borders are important to our economic and physical security, recent information has disclosed alarming deficiencies in U.S. military capabilities. Other information has revealed inadequate cybersecurity requirements in our weapons systems and in other infrastructure systems. These vulnerabilities pose a far greater threat to our national security than our Southern Border.

Hypersonic missile threat

The U.S. missile defense system operates on the assumption that the incoming threat is a ballistic missile traveling on a predictable trajectory. To defeat these systems, Russia has developed several types of weapons classified as “hypersonic” because they travel at speeds greater than five times the speed of sound (Mach 5). Russia claims one such weapon, the Avangard, consists of a glide vehicle attached to a ballistic missile and has a range of 3,700 miles. Once launched, the glide vehicle — which can carry a conventional or nuclear payload — separates from the missile and is able to make rapid lateral and vertical movements as it travels to its target at speeds purportedly reaching Mach 20. Russia claims to possess another missile with similar maneuverability, the Kinzhal. Russia contends that this missile, which is fired from a fighter jet, has a range of 1,200 miles, and a speed up to Mach 10.


If Russian claims are true, the Kinzhal and Avangard would be almost impossible to intercept due to their speed and their ability to rapidly change direction. The Avangard was reportedly placed into service in 2019, and the Kinzhal is slated to be placed into service in 2020. The U.S. currently does not possess hypersonic weapons but has awarded contracts to Lockheed Martin to develop a hypersonic capability. U.S. General John Hyten, Commander of the U.S. Strategic Command, stated of the hypersonic threat: “We don’t have any defense that could deny the employment of such a weapon against us.

Weapons systems cybersecurity threat

U.S. weapons systems heavily depend on software, IT, and networking to achieve their intended performance. Weapons systems are connected to an extensive set of networks within the Department of Defense (DOD). Some weapons systems are connected to external networks of subcontractors while other systems are connected to non-networked systems that connect to the internet. A successful compromise of any of these systems may allow a cyberattacker to gain access to other systems through the network interconnections.

A Government Accountability Office (GAO) report highlighted that our weapons system vulnerability stems from the fact that DOD historically focused on the cybersecurity of its networks but not the weapons systems themselves. DOD’s cyberfocus was on the use and operation of weapon system hardware rather than on the IT systems that support the use and operation of the weapons and critical IT capabilities embedded with those systems. Alarmingly, GAO reported that until recently, cyber survivability was not factored into “Requirements,” the most important system capabilities that must be met when developing weapons systems. As a result, there was limited emphasis on cybersecurity during weapons system design. Further, GAO reported until around 2014, weapons system testing was limited due to absence of cybersecurity requirements. GAO concluded that nearly all major weapons systems acquisition programs that were operationally tested between 2012 and 2017 had mission critical cyber vulnerabilities that adversaries could compromise.

Recent prosecutions have confirmed exploitations of these vulnerabilities by adversaries. In 2018, two individuals associated with APT 10, a cybergroup tied to China Ministry of State Security, were federally charged for engaging in a campaign which, in part, compromised more than 40 computers in order to steal data from U.S. Navy Department systems. In 2018, a member of the North Korean government- sponsored hacking team known as the Lazarus Group was federally charged in connection with cyberattacks targeting Lockheed Martin and other defense contractors.

Electrical grid cybersecurity threats

The U.S. electrical grid is comprised of three separate grids: the eastern interconnection, the western interconnection, and the “Texas” interconnection. Each interconnection meets the electrical needs of its territory and has limited ability to share electricity with other Interconnections. The generation, transmission and distribution of electricity within a grid is supported by “Internal Control Systems” (ICS), network-based systems that monitor and control grid processes such as opening and closing grid circuit breakers. Grids have become more vulnerable to cyberattacks, in part, due to less reliance on proprietary devices in ICS systems, in favor of more widely available devices that use traditional IT network protocols.

The U.S. Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC) oversee federal efforts in grid operations including cybersecurity. According to a GAO report, DOE has conducted two assessments of a cyberattack on a single interconnection. Those assessments produced varying reports of the potential scale of power outages that could result from cyberattacks. The third assessment by FERC focused on a cyberattack on all three interconnections and concluded an attack could result in a widespread blackout spanning the contiguous U.S.

In 2018, the FBI and Department of Homeland Security issued an alert warning of Russian cyber intrusions targeting the energy sector. The alert linked the cybergroup “Dragonfly” to this activity, which included targeting ICS infrastructure. In another case, in 2018, nine Iranian citizens were federally charged in connection with cyberintrusions conducted at the behest of the government of Iran. FERC employee computers were among those hacked during this cyber campaign.

Our president, Congress, and intelligence agencies need to heed these “red flag” threats to our national security. Events of 9/11 serve as a reminder as to what may happen if they do not.

Robert Turkavage is a retired FBI Supervisory Special Agent; a former Vice-President (Global Security) with JPMorgan Chase and Co., and an unsuccessful Republican Party candidate for U.S. Congress (N.J.) in 2018.

No comments: