Evolution of Cyber War
USAF set up IW squadrons in 1980s. All banking institutions and major industries especially the Aero Space industries also started building in cyber security in their networks. The financial institutions were at the forefront or cyber attacks, wherein hackers tried to steal/siphon money. This threat to banks and the security precautions could not be made public in order to retain the investor confidence.
As a result of success of IW in the Gulf War 91, USAF decided on IW across full spectrum of command and control. So the 688th Information Operations Wing was set up. The Wing has technical skill sets of AF Electronic Warfare centre; AF Cryptographic support center’s Securities directorate and Intelligence capabilities from former AF Intelligence Command. As on 2010, it has a staff of 1000 which includes military and civil.
…cyber space has data, networks and electronic devices. Good cyber defense implies protecting all three components and not merely data.
In 1993 USAF established an IW Cell at Kelly Air Force Base, Texas. By mid 90s, the IW flight, consisting 25 personnel, would work alongside Combined Air Operation Centre (CAOC) whenever operations were going on. IW operations were undertaken during Bosnia Operation in 1995 and against Serbia in 1999. The comprehensive operations included EW against Radars and SAMs, cyber attacks against IADS, operations against Television, Radio as well as cyber attacks against computer based systems like power generation, Oil refining systems etc.
In the past, the US caused a massive explosion in a new trans-Siberian oil pipeline running from the Urengoi gas fields in Siberia across Kazakhstan, Russia and Eastern Europe. It did it by causing its pumping station to over rev by computer malware in cooperation with some outraged Canadians who had supplied the software for the pumps.1 USN established its cyber cell in 1999 and mandated the unit to become like the ‘Top Gun’ amongst fliers.
In Dec 1998 DoD/USAF established Joint Task Force on Computer Network Defense ITF – CND. It was headed by a Maj Gen and was to work with the Army, Navy and the Marine Corps. This was an immediate result of a massive malware attack on US -military nets. It took the US 14 months to clean up this virus from its systems. It also revealed the enormity of possible damage to improperly secure networks.
Cyber War exercises named “Eligible Receiver” and “Solar Sunrise” were conducted in which Federal Agencies/Services, Israeli analysts and Californian teens attacked Defense networks. Weaknesses and vulnerabilities were identified and preventive steps initiated. In Sep 2001 Pentagon created Joint Task Force-Computer Network Operations- JTF-CNO. The replacing of CND by Computer Network Operations (CNO) implied the need to attack in order to defend proactively.
In 2008 DoD defined cyber space as, “a global domain within the information environment consisting of interdependent network of information technology infrastructures, including the Internet, telecommunication network, computer system and embedded processor and controllers.” It illustrated that cyber space has data, networks and electronic devices. Good cyber defense implies protecting all three components and not merely data. Earlier, it was believed that encrypting data was enough for cyber security.
Cyber Defense now meant following:
Cyber security is akin to Air Superiority. One has to fight to attain it and thereafter sustain it with constant effort. Also cyber security relates to place and time. Unlike air war in which offense is the best defense, in cyber war defense becomes primary…
- Secure and exclusive networks in which individuals cannot plug in Pen Drives, CDs and external devices.
- Defense in depth by firewalls. So that when under a cyber attack the system degrades gradually rather than suffer catastrophic collapse. And after attack is over, the system recovers.
- The system should be Self Diagnosing and to have built in healing capability.
- Data bases must employ stealth methodologies where for example, modulating chip technology enables them to hide, morph and masquerade as effectively as any attacking agent.2
Cyber security is akin to Air Superiority. One has to fight to attain it and thereafter sustain it with constant effort. Also cyber security relates to place and time. Unlike air war in which offense is the best defense, in cyber war defense becomes primary because of nature of attacker. There are no hostile cyber bases which preemptive bombing can destroy.
In 2001 USAF placed Cyber Wing under Space Command. By May 2002 it had a manning of 340 personnel. Later Cyber Command was made a sub unit of US Strategic command. It achieved full operational capability on 31 Oct 2010. The Cyber Command is headed by a General who also is the Director National Security Agency (NSA) and Chief of Central Security services. This arrangement in one stroke has made cyber structure more horizontal and integrated. Cyber command looks after all military networks numbering 15000 in all the Services. It has replaced the earlier Joint Task Force – Computer Network Operating and the Joint Functional Component Command for Network Warfare JFCC-NW. It has under it the Cyber Commands of US Army, Navy, Marine Corps and Air Force. It is responsible for both defense and offense in Cyber War. In addition it provides technical and electronic warfare support to Department of Homeland Security (DHS). If and when asked by DHS it will provide additional assistance. DHS looks after civil and private networks.
…as the cyber process and attacks kept increasing, especially post 9/11 and after the incident of US spy plane P3C Orions collision with a Chinese interceptor in which the Chinese pilot died, USA selected a new strategy for cyber security.
NSA looks after all the government networks apart from the ones in military domain. US CYBERCOM has been tasked to develop:
- Methods to assess operational impact of intrusions.
- Identify proper response.
- Coordinate action with appropriate organizations.
- Prepare Response Plans.
- Execute plans through Service components.
US CYBERCOM will also issue Operational Alert conditions depending upon detected threats. The conditions are normal, A,B,C & D. Over and above these arrangements the Cyber organizations seek support and rely on private security specialists companies to deal with cyber threat.
The earlier concept of cyber security was purely defensive. However, as the cyber process and attacks kept increasing, especially post 9/11 and after the incident of US spy plane P3C Orion’s collision with a Chinese interceptor in which the Chinese pilot died, USA selected a new strategy for cyber security. Now it was felt that purely defensive strategy was reactive and insufficient to ward off cyber threat. For proper cyber security there is a need to actively patrol the cyber network for detecting potential trouble. So the new strategy of cyber attack comprises following:
- Denial of Service
- To patrol the Internet to pinpoint attackers.
- To create Logic bombs, worms, Trojans & Malware for use as and when needed.
The diagram illustrates the working of a computer network attack (CNA).3
Rivet Joint is an specialist transport aircraft (KC-135) which is used for CNA. It is in contact with agencies like NSA, JTF – CNA, and IW – EW centers via satellite links to receive and send back latest information for CNA planning. It injects cyber weapons as appropriate into hostile IADS network, Scud type missiles command and control centre and the communication networks. Another special aircraft called Compass Call (C-130 modified) monitors the effectiveness of communication network attacks.
In USA 24th AF looks after cyber operations, manned by 14000 airmen. The 24th AF has three major wings and an operations centre under it. These are:
- 67th Network Warfare Wing: It looks after information operations. Its 8000 strong manpower is located at some 100 locations worldwide. There are 35 squadrons and these deal in operations of Television, Radio, Telephone exchange and networks including mobile phones and networks.
- 688th Information Operation Wing: Deals in cyber space R&D and manned by 1000 staff which is a mix of military and civil.
- 689th Combat Communication Wing: Its mission is to train, deploy and deliver expeditionary and specialized communication; air traffic and landing systems for relief and combat operations.
In 2010 USAF undertook some important steps with regard to cyber branch. It established a new cadre for Cyber War with 1000 cyber warriors. These personnel were selected after a strict screening process which also judged their aptitude for cyber work. Their performance in online games was also a major criteria. This cadre is to be expanded to 6000. The cadre will comprise military, government employees, contractors and willing patriotic youths. Specialist cyber strike units will be created from these personnel. The training will include undergraduate cyber training, initial qualification training. The standards, evaluation and examinations will follow similar pattern as for flying training. The cyber warriors will get incentive pay similar to flying pay. Their main communication devices will be Droids and I Phones connected on secure and non-secure networks.
The cyber warriors will identify own networks weakness which will be followed up by regular patch up of vulnerabilities. In addition their actual target could include blowing up electric generators / motors; use of high power microwave to upset fly by control of combat aircraft and more.4
The NSA and JFCC – NW have worked together since 2005. The NSA has 700 personnel with Ph D. This vast experience is shared by the other cyber warriors who have benefited immensely. The CYBERCOM has partnership with 100 universities to train students on net security. Many of these students, thereafter, join NSA or civil cyber agencies. Now using the computer net attack, US forces can penetrate hostile computers systems and either mine it for data or damage it with crippling algorithms or even spoof it with false information. Some of the CNA tricks include ringing hostile phones every 30 seconds; send a fabricated Fax directly to the enemy operator to do things that would lead to trouble; sending accusatory e-mails etc. The idea is to make the enemy distrust own communication system or to shut down all communications.5