|Lt. Gen. William T. Lord, USAF, Air Force chief information officer, discusses potential cyber challenges and solutions at the Thursday keynote luncheon during TechNet Asia-Pacific 2011 in Honolulu, Hawaii.|
For these challenges, commercial off-the-shelf technologies may not be sufficient for providing solutions. Special custom-designed or military technologies will be needed for most of these security needs. Even if these measures are somewhat successful, network managers most likely will need to reinvent their security procedures as cybermarauders become even more sophisticated in their malice.
These were among the topics discussed in the final day of TechNet 2011, held November 1-3 in Honolulu, Hawaii. Two speakers and a panel comprising local Hawaii and U.S. Pacific Command (PACOM) experts offered blunt assessments of cyber vulnerabilities as well as potential solutions for these and other networking challenges.
One of the biggest challenges is to protect the nation’s critical infrastructure, and the day’s only panel explored that problem in depth. The focal point of vulnerability is supervisory control and data acquisition (SCADA) systems that have become ubiquitous in many industrial applications. This panel of experts examined the power grid, and their assessment was anything but sanguine.
Rear Adm. Paul Becker, USN, the PACOM J-2, described how the use of SCADA industrial control systems was so serious a threat to the infrastructure. These systems increasingly have become the target of a range of cybermarauders ranging from ordinary hackers to criminal gangs and nation-states. This growing vulnerability is a result of two developments: the increasing sophistication of malicious cybernauts, and new mobile technologies that have opened SCADA systems to access by hackers. The admiral observed that nation-states appear to be the only cyberthreat with the ability to attack the nation’s infrastructure. However, organized crime now is able to develop or hire hacker talent.
David Rolla of the Hawaiian Electric Company elaborated on how the SCADA threat has grown. Companies such as his have trended toward more integrated and more sophisticated control systems, and greater interconnectedness means more interdependency. The need for a communications infrastructure, which requires external communication links, also has increased vulnerabilities. Where the threat used to be broad-based—such as simple denial of service—it now takes the form of highly targeted attacks focused on a single entity, Rolla said.
The solution may be to adopt military-style situational awareness for networks. Adm. Becker suggested that command and control (C2) of networks is one approach to ensuring that managers are aware of their networks’ status at all times, particularly with regard to cyberthreats. Rolla added that a good network situational awareness tool must be able to weed out legitimate security threats from natural disasters or even overzealous marketing events. He reported that his company is trying to put in place a holistic system that protects the entire network from start to finish.
These situational awareness tools may need to be custom-designed for SCADA systems. Bryan Richardson, a critical infrastructure security expert with Sandia National Laboratories, said that specialized tools probably will constitute the bulk of the solution, although some could come from traditional information technology sources.
But even that approach may be insufficient for military operations that suddenly lose vital networking capabilities. Lt. Gen. William T. Lord, USAF, Air Force chief information officer (CIO), warned of the day when military networking systems suddenly become unavailable. “While we’re so deeply embedded in this technology, we still have to remember how to write in grease pencil in Plexiglas,” he said. “What do you do when you don’t have the ubiquitous wireless device in your hand? How do we continue to fight? We have to make sure of that.”
Gen. Lord suggested that one particular vulnerability that would have serious implications would be the loss of global positioning system (GPS) data. A possible solution could be found in the Joint Aerial Layer Network under development. This network would link aircraft across service lines as they operate in the battlespace, and the general offered that it might be able to substitute for GPS for a limited period of time if signals from the space-based system are lost. He added that he U.S. Army and Navy have joined the Air Force in examining this concept.
The networking problems that plague the U.S. Coast Guard are more a function of geography than malevolence, but technology still must play a role in meeting that challenge. Rear Adm. Charles W. Ray, USCG, the commander of the 14th Coast Guard District, allowed that the Coast Guard is looking toward unmanned aerial vehicles (UAVs) to augment its surveillance forces. A key Coast Guard requirement is persistent surveillance over the millions of square miles that constitute the U.S. exclusive economic zone, and UAVs could provide vital information on what lies over the distant horizon from the nearest cutter.
The admiral explained that the Coast Guard is seeking an inexpensive UAV for its maritime need. While the service has no UAV program of record, it has been partnering with Customs and Border Patrol on its Predator program. The Coast Guard also is following the Navy’s UAV efforts, he added.
Make plans now for TechNet Asia-Pacific 2012, November 13-15 in Honolulu, Hawaii.