Dominant Logistics
Cyberwar Solutions
Cyber war.
The words cause most people to think of the climax in a sci-fi action movie.
But for some, the words bring to mind other, more ominous events. Mass chaos.
Environmental devastation. Plane crashes. Nuclear meltdowns.
Armageadon. These are but a few of the potential results of cyber-terrorism
if the so-called experts are to be believed. Today, we spend billions annually to
confront the cyber threat but too few are willing to ask the obvious question. Why?
As with most other "causes", those who are trying to get more funding and
attention for the cause of "cyber-terrorism" are resorting to only talking about
the absolute worst case scenarios possible.
There are very real reasons for us to be devoting large amounts of money to address the
threat of cyberwarfare but most of today's experts are targeting the wrong problems with
the wrong solutions. While disasters are rather unlikely under realistic
cyberwarfare conditions, economic devastation is not. It is entirely too easy for
potential attackers to wreak major havoc on our existing monetary and commercial systems.
The danger of nightmare scenarios is that they cause us to ignore the real threats that we
face. For whatever reason, it seems as though defense personnel lack an effective
grasp of cyber issues while computer folks seem to lack any understanding of basic defense
tactics. If the Richard Clarke's, John Poindexter's, and Anthony Lake's get their
way, the dangers of cyber-terrorism will be far greater in the future than they are today
because they fail to adequately draw any distinction between crime and war. While
today's experts make a strong case for increased funding of computer security, the problem
is that they focus on the wrong issues. Their suggestions would go a long way to
slow cyber crime but are virtually useless against cyber war.
Most "security experts" are pushing to establish what is effectively the
cyber-equivalent of the Maginot Line of WWII infamy. They run around the nation
shouting that just a few more fighting positions (firewalls), just a little more concrete
(security patches), just a few more guns (anti-virus and other security software packages)
and the wall will hold! They know it will! But anyone with even a basic
understanding of tactics knows that this is nonsense. These are the types of
defenses that are highly effective in preventing crime but they are useless in preventing
terrorism or war. Building walls will stop a snot-nosed punk from breaking and
entering - it will not stop a professional intent on taking you out. Professionals
will not waste their time (or risk getting caught) by attempting to break through
traditional security systems. They're going to bypass them altogether. They
can hijack wireless signals, get someone on the inside, or take some similar step to
bypass the security systems entirely. No firewall or security patch can stop this
type of action.
When the obvious tactic of deploying armor (data encryption) is brought up, the security
folks demand that it can be used only if the users are willing to first punch a massive
hole in it by providing the federal government with a key to break the code. After
all, it isn't as though the federal government has ever been infiltrated by spies who sell
this type of information to others... Data encryption is arguably the best defense
that users have to protect computer data (especially financial and commercial data) but
giving the federal government a key will make the job easier for enemies and terrorists.
With literally hundreds of billions of dollars at stake, and more than a few legitimate
national security issues, we need to establish an effective defense of the nation's
computer infrastructure. We need to begin with the fundamental understanding that
the cyber-realm is really no different than the physical realms from a military and
defense perspective. It is just another place to operate, no different than in the
air, on the land, or in the seas. And because of this, the basic rules of defense
still apply. The cyber realm has all of the features that define any other environment in
which defense activites occur. Instead of spurs, ridges, and draws, the cyber realm
features land lines, wireless transmission, and fiber optics. We need to tailor our
computer defenses to this terrain just as we tailor our conventional military tactics.
Forming
the Cyber Battlefield
There needs to be a distinct and physical separation between "the front" (public
data) and "the rear" (private data). Any commander that positioned his
supply units alongside the front of a combat area would be relieved of command in short
order and yet we nonchallantly hook up critical computer systems to networks with Internet
access. Critical systems should not be accessible from online. Where these
systems need to be online, biometric scanners or digital passkeys must be used to limit
access.
Next we need to establish our lines of supply and transit, which in the cyber realm is the
land lines and other infrastructure that connect our computer systems. Our SOP for
infrastructure is so messed up that in many cases, enemy action should be the least of our
concerns. A CNN special back in 1999
highlighted just how ridiculous our current methods are:
In 1995, a New Jersey farmer yanked up a cable with his backhoe, knocking out 60
percent of the regional and long distance phone service in New York City and air traffic
control functions in Boston, New York and Washington. In 1996, a rodent chewed through a
cable in Palo Alto, California, and knocked Silicon Valley off the Internet for hours.
"Although the press plays up the security aspect of hacker problems," says
Schneider, "the other aspect is that the systems are just not built very reliably.
It's easy for operators to make errors, and a gopher chewing on a wire can take out a
large piece of the infrastructure. That's responsible for most outages today."
If even the slightest amount of common sense were in use, this wouldn't be possible... but
this is America. Using buried lines is the appropriate method for protecting
infrastructure lines but they need to be protected with rodent-resistant shielding and
routed away from private property, preferably close to roads or even under the shoulders
of the roads. Special attention should also be paid to shielding major routers and
servers from EMP attacks. Redundant systems should be fielded and paid for out of
the Defense budget, including the addition of four Internet servers to supplement the
existing 13. A potential technique for improving redundancy is the use of existing
military radio and satellite systems for transmitting data over long ranges without wires.
While not suitable for normal usage, these systems would be ideal to address
short-term outages of critical systems.
The Cyber Warfare Unit
The cyber warfare unit should be a battalion-size element of roughly 600 personnel with
additional civilian support. In total, we should field four of these units.
HHC will provide the command and control elements of the unit, support and manning
of the back-up Internet server, and intel support. Total personnel should be about
120 for this company.
Alpha company will be a unit of 160 computer programming specialists. Their primary
role will be providing the software used to support other unit activities with a secondary
role of decompiling and evaluating software from other systems to find viruses and logic
bombs.
Bravo company will be a 160 man unit filling the defensive roles of the unit. Their
role is to identify and counter attacks on our computer infrastructure.
Charlie company will be the final 160 man unit for offensive operations. Their
mission is to attack and disrupt the information systems of enemy forces.
All four units will be co-located using a shared computer system. The design I am
proposing will involve a total of 32 Beowulf cluster supercomputers, each with 64 nodes
(total of 2048 nodes). The idea is to build this system so that it can be scaled up
or down very rapidly to meet changing requirements. Some defense needs require
massive computing power (encryption breaking) while others would be better served by a
number of smaller systems (data dredging and denial of service). A separate file
network would be linked to the systems with the proper software and data files for each
configuration and task. Scaling would be a matter of shutting down the software,
changing some settings on the system, and loading up the software for the desired
configuration.
Of the Beowulfs, half would be designed to scale up to a maximum of a single system with
1024 nodes with other configurations of 256 nodes and 512 nodes. The other half
would be designed to scale down (four systems could go all the way to individual
computers) with configurations of 32 nodes, 16 nodes, and 8 nodes. An estimate from PSSC Labs puts the
price tag for this entire system, racks, hubs, and all, at roughly $7.25 million (Thanks
for the help Alex!).
Cyber Warfare Operations
Normal operations for the unit will break down something like this:
HHC will devote much of its time and resources to managing the "big picture" of
threats and risks. It will function as a link between government agencies and
civilian software companies to identify our weaknesses and coordinate addressing these
weaknesses with the other units.
Alpha company will be spending time writing software for the other units but the bulk of
its time will be in a new activity that I call "code scrubbing." This is
the practice of decompiling existing software and evaluating it for the presence of
aberrant code, viruses, or logic bombs. Verified code will be copied into a database
for future reference.
Bravo company will be providing the code for Alpha company to evaluate. All critical
systems with online access need to be included in the practice of code scrubbing.
Bravo company will access all of the computers that are online at a given critical
site (say, an air traffic control facility). They will download all of the files on
each computer and all of these files get "scrubbed" by Alpha company. A
reference file is then created and in future downloads, the files can be compared to the
reference to locate problem code. While this may seem very complicated and time
consuming, it really isn't because this will only be taking place for critical
infrastructure like transportation controls and power grid management systems. Once
the reference files are developed, there should be no problem with scrubbing all critical
systems at least daily.
Charlie company will be devoting its efforts to the other side of the equation.
Their primary role will be scouting the Internet and probing the defenses of
enemies. Their primary recon tool will be a program called a spider. Spiders
are currently used by search engines to automatically traverse the Internet and build
databases with the information on webpages. Charlie will use custom spiders tailored
for locating data pertaining to terrorism and cyber warfare. Charlie will also use
various hacker tools for gathering additional information once enemy sites have been
located.
In a cyber war footing, operations will work as such:
HHC will perform command and control but will also be directing redundant operations to
include the back-up Internet server and military wireless systems to keep the bulk of
infrastructure operational.
Alpha company will use its reference files to wipe out crippled systems (those hit with
viruses, logic bombs, or other cyber weapons) and reinstall clean code to restore
operations.
Bravo company will be supporting Alpha in restoring critical systems while also countering
denial of service attacks by locating the offending systems and counterstriking them.
Charlie company will be gathering intel from throughout the Internet and will also assist
the other companies in defensive ops. If the enemy can be defined and targeted,
Charlie will hit their own systems with the appropriate tools to prevent continued
strikes.
Conclusion
In total, four of these cyber warfare units should be established and stationed throughout
the country. Their existence should be combined with unlimited use of data
encryption and subsidizing by the DOD for the fielding of biometric scanners and digitial
passkeys to protect critical financial data. The use of Beowulf cluster systems
allows us to expand on these capabilities in an economical way in the future. It
also allows us to establish a program of replacing these systems every year to keep the
equipment up to date and sell off the used systems to reduce our operating costs.
Beyond these steps, the best defense that the government can provide is stay the hell out
of the way. Yes, companies are losing billions every year because of cyber issues
but that is their problem. When they start to lose more money than it costs to
defend their systems, they will take the appropriate steps. While it is easy for
someone like Richard Clarke to take a podium and demand that software companies patch the
holes in their products, this action ignores a basic fundamental of defense.
In war, one tends to attack at the weakest point in an enemies defense. As long as
we know where the holes are and have the appropriate means available to deal with them,
then the holes are not an issue. If anything, they lead to improvements in defense
by two methods. First is that we know where the attacks will be and can prepare for
them. Second, and most important, is that it doesn't give us a false sense of
security that we are safe.
There are grave dangers posed by failing to adequately address computer issues today.
But building a cyber Maginot Line is no answer. This is cyberwar - not
Hollywood.
Dominant
Logistics Home || Supporting Articles