The Future Is in the East

Adm. Timothy J. Keating, USN (Ret.), the former commander of the U.S. Pacific Command (PACOM), led off TechNet Asia-Pacific 2011 by calling for the United States to "lead from within" instead of "leading from behind."

Allies must remain engaged or fall prey to rapidly changing political and economic trends.

The challenges presented by the Asia-Pacific region in the 21st century are complex and diverse, and the U.S. military must carry out an increasingly changing mission under tightening budget constraints. The United States must adapt to ensure that it can address these and many other concerns, including cyberspace security of military and commercial networks, that will play a significant role in determining the future of the Asia-Pacific region.

Many of these issues were explored by high-ranking officials and experts at TechNet Asia-Pacific 2011, held November 1-3 in Honolulu, Hawaii. Some of these experts emphasized that these challenges also are opportunities, but the United States must be prepared to meet them or face serious consequences in a vast region that comprises half the world’s population.

The former commander of the U.S. Pacific Command (PACOM) said that the United States should forego the concept of “leading from behind” and instead “lead from within.” Adm. Timothy J. Keating, USN (Ret.), emphasized that the United States must bolster its position as the pre-eminent partner in the Asia-Pacific region. Never before has that role been more important than it is today, he declared.

Adm. Keating described the geopolitical focus as a pendulum swinging from the Middle East toward the Far East. With China and India spurring greater economic growth and influence in the region, the United States must shift its own military and governmental focus to maintaining relationships with dozens of countries across that vast area.

The admiral related that when he was PACOM commander, he and his staff visited more than 30 nations. In every nation, at some point in discussions, leaders would say to him that the United States was their indispensable partner. These nations did not want the United States to salt the Asia-Pacific region with military bases, but they did want—and still want—bilateral relationships that help them preserve peace and security. Maintaining relationships with the nations of that region is more crucial now than ever before, he emphasized.

Adm. Keating offered several warnings about U.S. policy in the region. He identified the South China Sea as a lightning rod for possible conflict. Many nations have interests there, he pointed out, and these interests could lead to a military conflict in the future.

But the one item that keeps the former PACOM commander awake at night is the threat of nuclear war between India and Pakistan. He said that if another Mumbai-type attack kills hundreds of people and is traced irrefutably to terrorists operating from within Pakistan, India will not be able to stand idly by—it will launch retaliatory strikes against sites within Pakistan. In turn, Pakistan will react militarily to India’s invasion of its airspace and launch its own military strikes against India. With India’s military superiority, subsequent escalations would “tip the scales” more toward India, leading Pakistan to resort to its nuclear option. This possibility is at the top of Adm. Keating’s list of concerns, he said.

In warning that the United States should not let budget cuts hamstring policy in the Asia-Pacific region, the admiral declared that U.S. forces must maintain a physical presence throughout the area. He said, “Virtual presence can equal absence,” a statement repeated almost verbatim by a later speaker, Lt. Gen. Duane D. Thiessen, USMC, commander, U.S. Marine Corps Forces Pacific. Gen. Thiessen cited the need for U.S. forces to have a forward presence, but he allowed that it would be different from traditional basing patterns.

In the future, U.S. forces in the Asia-Pacific region will face widely dispersed, relatively small unit engagements. This will be challenging for existing force concentrations, he noted, and it will require “more of everything and an increased capability for everything.” High mobility, good communications and effective logistics are prerequisites for U.S. military operations in that far-reaching area.

Lt. Gen. Duane D. Thiessen, USMC, commander, U.S. Marine Corps Forces Pacific, emphasized that U.S. forces will have to follow suit as the Asia-Pacific region undergoes significant political and economic changes.

Emphasizing that the world is witnessing a shift of economic and political power toward the Asia-Pacific region, Gen. Thiessen added that U.S. military forces will be following suit. “The focus of the United States is shifting to the Pacific,” he stated. “That’s where our challenges will be over the next few years. Forces will be shifting there too.”

Gen Thiessen pointed out that regional security and stability is “absolutely mandatory—it has to happen,” and it is a top priority for the United States. The phenomenal economic growth throughout the region over the past few years has occurred because of the lack of war. However, tension is built into the Asia-Pacific region, and it will not go away anytime soon. Tension that would destroy the peace would be devastating, the general stated, and the United States must adjust its capabilities so that it can ensure continued security into the future.

“It’s not the last 10 years; it’s the next 10 years that we need to focus on,” Gen. Thiessen declared.

Networking technologies are playing a key role in helping the U.S. Coast Guard meet its Asia-Pacific challenges. Rear Adm. Charles W. Ray, USCG, the commander of the 14th Coast Guard District, described how many isolated Pacific islands and atolls are U.S. territory, and their fish-rich waters constitute more than a million square miles of U.S. exclusive economic zone (EEZ).

The admiral allowed that the Coast Guard is looking toward unmanned aerial vehicles (UAVs) to augment its surveillance forces. A key Coast Guard requirement is persistent surveillance over the U.S. EEZ, and UAVs could provide vital information on what lies over the distant horizon from the nearest cutter.

Adm. Ray explained that the Coast Guard is seeking an inexpensive UAV for its maritime needs. While the service has no UAV program of record, it has been partnering with the Customs and Border Patrol on its Predator program. The Coast Guard also is following the Navy’s UAV efforts, he added.

 

From area networks to critical infrastructure, threats affect both planning and execution.

It may take a village of computer experts to build the next generation of networks as access, identification, applications and security concerns weigh heavily on planners and managers alike. New networking trends such as the proliferation of social media are complicating efforts to find solutions to thorny problems such as cybermarauders, who are becoming increasingly sophisticated.

The overriding concern for networking remains security, and it continues to increase in importance and menace. Tom Reilly, vice president and general manager, HP Enterprise Security, pulled no punches in a TechNet Asia-Pacific 2011 address on security concerns and solutions.

“Things are going to be much uglier in the cybercrime world,” Reilly stated. He explained that cyber adversaries are evolving away from traditional marauders out for fun and profit. Many of them now are working at the behest of nation-states, and their growing sophistication increasingly threatens more than just a single targeted small network.

That sophistication essentially has rendered firewalls obsolete as primary network defense mechanisms. The growth of mobile networking that has defined the transformation of information technology has opened the door to a broad range of attacks. Foremost are attacks against applications, he reported. Applications are being attacked through cross-file scripting, and registration forms are being used to break into an application.

The advent of mobile and cloud computing has led to devolving perimeters amid consumers who want more access to information. As a result, security measures must focus on all aspects of a network, not just its architecture and data. Instead of securing a network through its Internet protocol (IP) address, security managers must shift their focus to the user and his or her activities, Reilly offered. This may include proactive measures that block vulnerabilities and continue to monitor them, for example.

Ironically, while mobile computing has increased risk, the move to cloud computing may improve security. Reilly explained that the cloud provider would be responsible for security compliance, so individual users and groups would not be as much of a weak link in the security chain.

Ultimately, the user may be the main weapon in countering cybercrime. Reilly emphasized the need to step up the education of end users. Just as citizens know not to walk down a dark alley in a dangerous urban setting, so should network users know not to open phishing emails. Education can give users the necessary cyber street smarts that help reduce cyberattacks on networks.

Adm. Keating offered that the United States should start pursuing some of the people who are hacking into U.S. systems and stealing intellectual property. Going after cybermarauders may be the only way to reduce their activities, he said.

The admiral called for a “thorough review of our nation’s policy” with an eye toward taking action against cyberintruders. Saying it is time to “let the genie out of the bottle,” Adm. Keating insisted that the government should take down some of the people “who are persistent in getting into our programs.” By going on the offensive, the United States may have some effect on cyberintruders, he suggested.

A different kind of security represents a major problem with the use of social media among warfighters. Operations security (OPSEC) concerns frequently run afoul of social media use, and a panel devoted to military elements of social networking explored that challenge. And, as with network security, the key to OPSEC in social media may be user education.

Master Sgt. Andrew Baker, USA, 516th Signal Brigade, said that forces need to be more OPSEC-oriented with new media. In the Army, soldiers often did not consider that the information they were posting on Facebook was giving away operational details that could be used by an enemy. “Right now, in the OPSEC environment, education is basic,” he said, calling for leaders to be more aggressive in OPSEC.

His concerns were highlighted by the firsthand experiences of SPC E4 Anthony Vandergrift, USA (Ret.), who used social media in Afghanistan as an infantryman. He related how some soldiers bought a 56k cell modem so they could post information on social media sites. In doing so, they circumvented Army rules and could have put their unit at risk.

Nonetheless, social media offers considerable advantages to the military. Lt. Theresa Donnelly, USN, director, U.S. Pacific Command (PACOM)/J-01 Public Affairs Social Media, observed that service members can be the military’s best journalists through blogging and other forms of social media reporting. “At the end of the day, we’re all communicators,” she pointed out.

The reliance on networks poses a threat to military operations that suddenly lose vital networking capabilities. Lt. Gen. William T. Lord, USAF, Air Force chief information officer (CIO), warned of the day when military networking systems suddenly become unavailable. “While we’re so deeply embedded in this technology, we still have to remember how to write in grease pencil on Plexiglas,” he said. “What do you do when you don’t have the ubiquitous wireless device in your hand? How do we continue to fight? We have to make sure of that.”

Lt. Gen. William T. Lord, USAF, Air Force chief information officer (CIO), warns of vulnerabilities in the military’s infostructure.

Gen. Lord suggested that one particular vulnerability that would have serious implications would be the loss of Global Positioning System (GPS) data. A possible solution could be found in the Joint Aerial Layer Network under development. This network would link aircraft across service lines as they operate in the battlespace, and the general offered that it might be able to substitute for GPS for a limited period of time if signals from the space-based system are lost. He added that the U.S. Army and Navy have joined the Air Force in examining this concept.

Networking is only going to grow bigger when the third version of the Global Information Grid (GIG 3.0) comes along. A panel of current and former Defense Department officials weighed in on the challenges and requirements facing development of GIG 3.0. These panelists agreed that identity and access management will be the key items in its development.

While the department wants innovative solutions, only those supported by current technologies will be eligible, said Mark Loepker, acting director for the Defense Information Assurance Program. Loepker, who participated in the panel via a videoconference link from Herndon, Virginia, said that industry should bring products “with security baked in.” Other key attributes of the future GIG include data center and server consolidation, network standardization and optimization, and enterprise email, messaging and collaboration services.

This new network will tap existing technology to provide better information sharing—particularly for interservice, interagency and international coalitions—along with improved cybersecurity and responsiveness, offered panel moderator Randy Cieslak, PACOM CIO. Defendable agile compartmented enclaves would help fight through cyberattacks, and these virtual enclaves would match usage needs with authorized information moving safely among them.

The ultimate note on innovation may have been struck by former defense official Marv Langston, now with Langston Associates. He suggested that the tough budget times that lie ahead may be a boon to innovative solutions. Declining budgets present the best time to get new ideas into the system, he said, because when budgets are rising, people do not listen to innovative suggestions because they are too busy spending money.

 

 

More networking + better hackers = major effects. 

The nation’s critical infrastructure may be in more peril than anticipated as its new technology capabilities increase network vulnerability. For these challenges, commercial off-the-shelf technologies may not be sufficient for providing solutions. Special custom-designed technologies will be needed for most of these security needs. Even if these measures are somewhat successful, network managers most likely will need to reinvent their security procedures as cybermarauders become even more sophisticated in their malice.

One of the biggest challenges is to protect the nation’s critical infrastructure, which was explored in depth by a panel at TechNet Asia-Pacific 2011. The focal point of vulnerability is supervisory control and data acquisition (SCADA) systems that have become ubiquitous in many industrial applications. This panel of experts examined the power grid, and their assessment was anything but sanguine.

Rear Adm. Paul Becker, USN, the PACOM J-2, described how the use of SCADA industrial control systems was a serious threat to the infrastructure. These systems increasingly have become the target of an assortment of cybermarauders ranging from ordinary hackers to criminal gangs and nation-states. This growing vulnerability is a result of two developments: the increasing sophistication of malicious cybernauts, and new mobile technologies that have opened SCADA systems to access by hackers. The admiral observed that nation-states appear to be the only cyberthreat with the ability to attack the nation’s infrastructure. However, organized crime now is able to develop or hire hacker talent.

David Rolla of the Hawaiian Electric Company elaborated on how the SCADA threat has grown. Companies such as his have trended toward more integrated and more sophisticated control systems, and greater interconnectedness means more interdependency. The need for a communications infrastructure, which requires external communication links, also has increased vulnerabilities. Where the threat used to be broad-based—such as simple denial of service—it now takes the form of highly targeted attacks focused on a single entity, Rolla said.
The solution may be to adopt military-style situational awareness for networks. Adm. Becker suggested that command and control (C²) of networks is one approach to ensuring that managers are aware of their networks’ status at all times, particularly with regard to cyberthreats. Rolla added that a good network situational awareness tool must be able to weed out legitimate security threats from natural disasters or even overzealous marketing events. He reported that his company is trying to put in place a holistic system that protects the entire network from start to finish.

These situational awareness tools may need to be custom-designed for SCADA systems. Bryan Richardson, a critical infrastructure security expert with Sandia National Laboratories, said that specialized tools probably will constitute the bulk of the solution, although some could come from traditional information technology sources.