Launching Stealth Warfare

A U.S. Air Force hot bench team at the Global Cyberspace Integration Center examines software and information systems for potential problems before they are delivered to warfighters. Cyberspace could be the first line of offense in future warfare.

The next “shot heard ’round the world” may turn out to be the surreptitious movement of millions of bits and bytes careening through cyberspace. Suspicions already surround the cyberactivity that took place in the weeks before Russia launched a conventional military attack against Georgia last year. And in May 2007, the removal of a bronze statue of a World-War-II-era Soviet soldier from a park in Estonia resulted not in riots in the streets but rather in what has been described as the first war in cyberspace. These incidents may indicate how adversaries—and the United States military—could deploy cyberweapons as the first line of offense prior to traditional kinetic activity.

Brig. Gen. Mark O. Schissler, USAF, director, cyberspace operations, Office of the Air Force Deputy Chief of Staff for Operations, Plans and Requirements, believes the U.S. Defense Department should take note of these cyberattacks but cautions that not all malicious cyberactivities are the same, so the lessons to be learned are limited.

Several facts are universal, however, and among them is the urgent need to ramp up defense of the U.S. information infrastructure. The consequences of not doing so, Gen. Schissler warns, not only could affect the U.S. military but also the citizens of the nation by increasing risk to their safety as well as their peace of mind.

Although strategies to defend against the effects of cyberwarfare must vary, the incidents in Estonia and Georgia offer some gold nuggets of insight. In some ways, Estonia is an even more connected nation than the United States. Estonians not only surf the Web but also use the Internet for many of their government services and activities, including voting. The attack came in the form of a distributed denial of service (DOS) that arrived in three waves. Once identified as an organized attack, the Estonian government began defending its networks to the best of its ability.

The DOS attack on Estonian infrastructure affected the country and would have a similar effect on American cities, Gen. Schissler predicts. “It’s inconvenient, but it’s something you can recover from in a matter of hours or certainly in a day or two if it’s not persistent. But for the time it goes on, things such as banking and communication and in some places, even things like the 911 service, if it’s digitally based, are all at risk if your network is overwhelmed and there’s not any other method to reroute traffic,” he adds.

Gen. Schissler calls the cyberattack on Estonia a watershed event. First, it was clearly an organized attack and not just attempts from a variety of hackers to breach networks. Second, Estonia not only absorbed the strike and took specific actions to protect its networks better but also began to work with NATO to establish capabilities and communication about cybersecurity. “They’re working to help other countries be prepared because none of us thinks this is going to become less active; it’s going to become more common. Estonia’s reaction was particularly responsible,” the general says.

The attack on Estonia occurred only in cyberspace; this was not so in the Republic of Georgia. Approximately two weeks before the Russians launched a kinetic attack, “a great deal of cyberactivity took place,” Gen. Schissler says. Although these activities such as DOSs cannot be directly tied to the ensuing conventional attack, the timeline appears to indicate that this was the case, he adds. “It doesn’t mean that’s the universal plan; it just means that in one case, there was a flurry of cyberactivity that preceded a kinetic operation. They may or may not be tied together. It’s very hard to attribute some nonkinetics and most cyberactivities,” he states.

This ability to attack an organization or even a nation surreptitiously is precisely what makes cyberwarfare so dangerous and attractive. The general notes that, unlike conventional warfare in which the militaries of nations identify themselves through uniforms and insignia, cyberattacks continue to be incredibly hard to ascribe to specific countries or individuals. “It usually comes fairly well disguised and below the surface, and you can’t attribute who did it and for what purpose very well either during or after the event,” Gen. Schissler says. Similar to malfunctions on personal computers, it is difficult to say if they are the result of malicious intent or just being in the wrong place at the wrong time, he adds.

One of the reasons that cyberattacks are so stealthy is that the ability to launch activities such as DOSs has changed. “Now we know that affecting a denial-of-service attack, even by a group of civilians, is actually pretty easy to do. You can have the pieces in play and in place long before you’re ready to flip the switch and make it happen,” the general maintains.

Botnets are one tool in a cyberadversary’s toolbox. Using someone else’s computer as a way station, innocent computer users become part of the attack mechanism without their knowledge. “Folks have figured out how to do that, and they’re very effective at it,” Gen. Schissler notes.

“Those things just used to be inconvenient. When you get into denial of service, it could affect your whole network, capability and things like banking and 911 emergency services. I’m not suggesting that happened in Georgia; those are just things that could be affected. When you launch the DOS, you really don’t know what the scope of the effect will be. You’re just hoping for some kind of effect that gets some notoriety or inconveniences the target,” the general says.

But Gen. Schissler observes that another aspect of cyberattacking that has changed during the past several years is the desire for notoriety. In the 1990s and earlier this century, hackers as well as nation-state militants were eager to claim responsibility as a sign of their prowess and power. Today, wreaking havoc, then slyly sneaking away is more likely to happen.

“We’re dealing with folks who are pretty exquisite in their skills, and they’re very good at covering their tracks. And that should sound very familiar to you because that’s what criminals do. If they’re hacking for a purpose, then they have a criminal mind, and they’re going to figure out how to create either deniability or just to cover their tracks pretty well. We’re on the crux of what makes cyber so much different from any other kind of activity. Most of the traditional rules and policies just don’t apply. Attribution is one of those,” the general states.

In addition to the desire to remain anonymous, the general has observed another change on the cyberhorizon: an exponential increase in activity. He likens it to Moore’s Law, the axiom that states that computing power doubles every 18 months. “I think the same kind of mathematical relationship works for the threat vector … . You think about how complicated the threat vectors are, the attack mechanisms and what people are using against other computer users now, it follows that Moore’s Law theory, I think. And it’s multiplying exponentially so it will get more and more difficult to secure your network and your capability into the future,” Gen. Schissler states.

The general says he views cyberspace as equal to air, land, sea and space in terms of warfare domains. As a mission operator or planner, his best plan would include approaching adversaries where they are most vulnerable, and that includes cyberspace, he states.

“Cyberspace is one of the most asymmetric approaches in warfare, and that’s why most military planners would now factor it in as they make an [offensive] plan or a defensive plan. They would think about the cyberspace domain and how they could use it, how they’ll need to defend it to maintain their own capability and how the adversary could use it coming at them even … if you’re just involved in a ground activity,” Gen. Schissler says.

One means to prepare to sustain a cyberattack is by ensuring redundancy is built into all capabilities. This can be as straightforward as having more than one of each item, just as military airplanes now carry four, five and sometimes six radios should one be lost during operations, he adds.

Gen. Schissler emphasizes that it is not only the military that must take these types of precautions but also the government and private sectors. “The answer is we have to collaborate and cooperate in a way that we never have before. Government, academia, business, we all share the same risks if we’re unwilling to cooperate and collaborate on issues related to cyber,” he maintains.

Cooperation and leadership are central to a report titled “Securing Cyberspace for the 44th Presidency” (SIGNAL Connections, January 2009). The report was created by a commission led by Rep. James R. Langevin (D-RI); Rep. Michael T. McCaul (R-TX); Scott Charney, vice president for trustworthy computing, Microsoft Corporation; and Lt. Gen. Harry D. Raduege Jr., USAF (Ret.), chairman, Deloitte Center for Network Innovation, under the auspices of the Center for Strategic and International Studies (CSIS). The yearlong study resulted in 25 different but interrelated recommendations. It includes strategic concepts and recommendations; it does not include a significant amount of details because the commissioners felt that President Barack Obama’s administration needs to develop the specifics further, Gen. Raduege states.

Gen. Schissler has high praise for the commission. “CSIS was most prescient in describing the future risks for America. I think they covered the waterfront in the things they said that the next administration should be working to do,” he declares.

The general also applauds the thoroughness of the report and the recommendations. “I would say we should read the CSIS report with the same level of interest that we read everything we could find right after the airplanes hit the towers in New York to understand immediately how to secure our country and protect it. Some of that was available to us in a very well-written report about a year earlier.”

Gen. Schissler is referring to the “Road Map for National Strategy: Imperative for Change.” The U.S. Commission on National Security/21st Century published the report in early 2001, before the September 11, 2001, terrorist attacks; it includes five key areas in need of organizational change. The first among them was ensuring the security of the American homeland by creating an independent National Homeland Security Agency that would be responsible for planning, coordinating and integrating various government activities involved in homeland security.

“CSIS has described the future risks to all nations well, and it has some very good steps that we should study closely. I would look at that as almost a checklist, and we should think seriously about every one of those recommendations. And, if we’re not going to adopt one, convince ourselves why not,” Gen. Schissler maintains.

“We have to learn from the things that happened yesterday, a week ago and a month ago if we are going to be at all prepared for what’s going to happen this week and next month,” he adds.

Web Resources
U.S. Air Force Cyber Command: www.afcyber.af.mil
“Securing Cyberspace for the 44th Presidency”: www.csis.org/component/option,com_csis_pubs/task,view/id,5157/type,1/
Global CyberspaceIntegrationCenter: www.gcic.af.mil
“Road Map for National Security: Imperative for Change”: http://govinfo.library.unt.edu/nssg/PhaseIIIFR.pdf