3
Challenges to Information Superiority

The importance of accurate, timely information in warfare is self-evident. The enormous advantage that superior access to such information can provide to adversaries on either side of a conflict has been recognized by warfighters for thousands of years. The Art of War by Sun Tzu says the following (Giles, 1910):

All warfare is based on deception.

Attack him where he is unprepared, appear where you are not expected.

Fighting with a large army under your command is nowise different from fighting with a small one: it is merely a question of instituting signs and signals.

The quality of decision is like the well-timed swoop of a falcon which enables it to strike and destroy its victim.

Though the enemy is stronger in numbers, we may prevent him from fighting. Scheme so as to discover his plans and the likelihood of their success.

Hence the experienced soldier, once in motion, is never bewildered; once he has broken camp, he is never at a loss.

Hence the saying: If you know the enemy and know yourself, your victory will not stand in doubt; if you know Heaven and know Earth, you may make your victory complete.

The vision of 21st century warfighting strategy, as articulated at the highest levels of U.S. military leadership, is critically dependent on the ability of BLUE forces to obtain and rapidly act on a highly accurate, detailed, and timely picture of the battlespace, and to deny RED forces the ability to do so. In Joint Vision 2020, “Information Superiority” is identified as a key enabler that cuts across all four of the



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances 3 Challenges to Information Superiority The importance of accurate, timely information in warfare is self-evident. The enormous advantage that superior access to such information can provide to adversaries on either side of a conflict has been recognized by warfighters for thousands of years. The Art of War by Sun Tzu says the following (Giles, 1910): All warfare is based on deception. Attack him where he is unprepared, appear where you are not expected. Fighting with a large army under your command is nowise different from fighting with a small one: it is merely a question of instituting signs and signals. The quality of decision is like the well-timed swoop of a falcon which enables it to strike and destroy its victim. Though the enemy is stronger in numbers, we may prevent him from fighting. Scheme so as to discover his plans and the likelihood of their success. Hence the experienced soldier, once in motion, is never bewildered; once he has broken camp, he is never at a loss. Hence the saying: If you know the enemy and know yourself, your victory will not stand in doubt; if you know Heaven and know Earth, you may make your victory complete. The vision of 21st century warfighting strategy, as articulated at the highest levels of U.S. military leadership, is critically dependent on the ability of BLUE forces to obtain and rapidly act on a highly accurate, detailed, and timely picture of the battlespace, and to deny RED forces the ability to do so. In Joint Vision 2020, “Information Superiority” is identified as a key enabler that cuts across all four of the

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances envisioned operational concepts (JCS, 2000). That is, achieving information superiority enables BLUE forces to outmaneuver RED forces (the Dominant Maneuver operational concept); to concentrate BLUE forces quickly and accurately on selected RED targets (Precision Engagement); to react opportunistically to attack newly discovered, prospective RED targets; and to rapidly repurpose resources (Focused Logistics) to protect BLUE forces from attacks by RED forces (Full Dimensional Protection). Conversely, if an adversary can penetrate, infiltrate, contaminate, and/or neutralize the BLUE communications systems, computing systems, and/or the information that they contain, it can inflict serious damage on the BLUE force. This damage can range up to and including the defeat of the BLUE force that otherwise would have prevailed. Furthermore, the vulnerability of the BLUE force to significant reductions in its ability to operate effectively—as a result of disruptions in its ability to communicate and access information securely and in a timely manner—increases as the BLUE force implements new or significantly modified concepts of operation that increasingly depend on information superiority. MAINTAINING INFORMATION SUPERIORITY IN THE FACE OF GLOBALIZATION AND COMMERCIALIZATION The information technology revolution is on par with the Industrial Revolution in terms of bringing in new and disruptive technologies that drive societal change through their ubiquity and pervasiveness. Since computing and communications go hand in hand, this confluence of technologies is often referred to as C&C.1 A current C&C vision would almost certainly include sensors (i.e., computing, communications, and sensors) because many existing and emerging commercial and military applications are critically dependent for their success and value on the availability of sensors that generate information needed for situational awareness. See, for example, the recent coverage in the popular press and in investment publications regarding the many applications of networked radio frequency identification (RFID) tags. The Industrial Revolution began in the United Kingdom and Germany and gradually spread to the rest of the world. In contrast, the C&C revolution has taken root throughout vast areas of the world, and a number of the newest technologies of the 1970s, 1980s, and 1990s are commodity technologies of today. Examples that quickly come to mind are high-performance personal computers, personal digital assistants, two-way pagers, video-camera-enabled cellular telephones, virtual-reality-based multiplayer games, and high-bandwidth networking. The vast majority of these devices and systems were developed in the United States initially, under sponsorship of the Department of Defense (DOD) (largely the Defense Advanced Research Projects Agency [DARPA]). They then were sponsored through cross-agency Presidential Initiatives on High Performance Computing and Communications (now having become the National Coordination Office for Information Technology Research and Development). It is not difficult to see that a variety of benefits resulted from the strategy of using national security “surprise prevention” priorities to seed and then nurture the C&C engine of economic productivity and growth in the late 1990s and early 21st century. The benefits include the following: The level of current superiority in U.S. military systems incorporating information technology, A very high societal return on investment (i.e., well beyond the domain of defense applications), and A vibrant commercial sector, which can deliver systems to the DOD as commercial off-the-shelf (COTS) products (and integrations thereof); these are much less expensive than traditional, one- 1   See, for example, www.smartcomputing.com/editorial/dictionary/detail.asp?guid=&searchtype=1&DicID=16593&RefType=Encyclopedia. Last accessed on April 1, 2005.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances of-a-kind government off-the-shelf (GOTS) systems that had previously been the norm in DOD procurements of platforms and systems. As a result of these successes, this strategy has been studied by several foreign governments and is being emulated by the European Union nations and by Singapore, China, and other nations. Additionally, while the virtues of COTS over GOTS products are indisputable and numerous, a by-product of the “seeding and nurturing” strategy to date has been the acceleration of the commoditization of C&C technologies. A national response to these developments to date could fall into one of two categories: An added emphasis on a classification regimen to protect the newest advances in C&C and a return to a more traditional model of development favored in earlier generations of DOD procurement of platforms and systems. (It is unlikely that such a strategy would succeed in slowing down the commercial emergence significantly, if at all, of many of the enabling technologies over which the DOD might wish to keep control.) A recognition that, while the constituent technologies comprising C&C have been commoditized, their integration into complex, secure, useful, usable, survivable systems that benefit the DOD can indeed be a competitive advantage if the nation maintains sufficient leadership in the relevant systems integration skills. Other nations as well have recognized the advantages of a strong research enterprise. A number are devoting increasing fractions of their national resources to basic and early applied research in many emerging areas, while the United States is at best maintaining a steady level of funding for its research agenda (although the amount of funding is still quite large in absolute, inflation-adjusted dollars) (Roco et al., 1999; Chan et al., 2004). The end result is that the United States can be assured of neither the first and the best technology results nor a first mover’s advantage in applying COTS to military systems. This situation compounds the difficulties faced by the technology warning community. That is, not being in a leadership position in creating and applying the technology makes it much harder to know what to look for and more difficult to understand the implications of the complex array of things observed. With this background, Chapter 3 focuses on providing the beginnings of a roadmap to help the technology warning community identify, analyze, and prioritize developments in the international exploitation of C&C technologies in several key areas. These areas are trusted software; trusted hardware and foundries; supercomputing; ubiquitous sensing, computing, and communications systems; and the fusion of C&C with other novel technologies. Trusted Software Software today plays the role of a universal system. The key to achieving the marriage of “new- and old-economy” technologies is the development of new software-based technologies for the integration of complex systems. The competitor who is more adept at designing, implementing, and operating large, complex, software-based systems will be at a distinct advantage in 21st-century operations that are increasingly dependent on information superiority. These systems of course need to be secure and trustworthy (i.e., they need to do what is expected and only what is expected). One often hears a somewhat-undeserved comment about the state of current software development (particularly in the context of large, software-based systems): that is, current software is just poor

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances enough to slow down the impressive gains made to date in computer hardware—poor enough to keep the performance improvement of systems modest. There are numerous examples of cost overruns caused by failed projects involving software-based system development (especially embedded software) in procurements. These examples include the Crusader artillery system, the Comanche helicopter, the Space-Based Infrared System-High satellite, the F/A-22 airplane, the Future Combat System, and unmanned combat aerial vehicles (the Joint Unmanned Combat Aerial System). This phenomenon is not exclusively a management problem. Competent program managers with experience in large, software-based system development are in short supply and high demand. Their needed multidisciplinary skills are largely honed through on-the-project experience, and they are subject to the natural selection processes of a competitive business environment. They cannot be easily “cloned” through educational programs. With the growth of large software-development centers in India, Israel, and Eastern Europe, the technology warning community should be carefully tracking the work on techniques for the development of trusted software systems, especially trusted embedded software systems. New techniques for the metamodeling of embedded systems, aspect-based programming, and model-based integration of embedded systems should be closely monitored. A related point is the need for new methods for the development of trusted software for civilian infrastructures. The huge market created by the expanding use of wireless embedded systems in physical infrastructures, and the associated commercial requirements for the trustworthiness of those systems, afford the possibility of generating a cyber infrastructure that is secure and trusted—and available worldwide to allies and adversaries alike. Trusted Hardware and Foundries BLUE force technological superiority relies on the development and manufacturing of trusted and, it is hoped, tamperproof hardware components. Therefore, it is important to pay attention to trends in semiconductor manufacturing to determine the relative maturity and directions of U.S. and foreign semiconductor fabrication facilities. To date, the United States remains the world leader in processor fabrication and in the production of application-specific integrated circuits (ASICs). However, emerging foundries in South Korea, Taiwan, and China are poised to take a leading market share in semiconductors. Additionally, technology trends point to the emergence of a number of interesting new nanotechnologies and materials that will be used alongside complementary metal-oxide semiconductor (CMOS) technologies and methods. While CMOS is the dominant electronics technology of today, alternatives—nanotubes (e.g., carbon and silicon), molecular electronics, quantum dots, and others—are rapidly being developed. Eventually they are likely to complement and perhaps even supplant CMOS as the electronics benchmark. It will be important to monitor, with a worldwide perspective, the development of these electronics technologies (DSB, 2005). Supercomputing The greatest supercomputing threat today does not come from fourth-generation computers but rather from the use of grid computing involving the concept of “networks of workstations” to connect commodity personal computers (PCs).2 Such grid computing is already being used by the Search for 2   See, for example, http://www.eecs.berkeley.edu/ and http://webs.cs.berkeley.edu. Last accessed on April 26, 2005.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances Extraterrestrial Intelligence (SETI) Institute to conduct signal analysis of multiband extraterrestrial signals, by astronomers for basic exploration of cosmic background radiation, and for climate modeling. Superiority in this area is achieved through advanced models for distributed programming and infrastructures for supporting high-performance scientific computing. High-performance scientific computing is an important dual-use technology with diverse applications, including cryptology, signal processing and climatic modeling, geological event detection, and intracellular and intercellular interaction modeling (so-called systems biology). The network of workstations is a commodity entity, but the distributed software is the key element of differentiation. Ubiquitous Sensing, Computing, and Communications Systems With the convergence of computing and communications technologies, there is now an emergence of sensor webs of smart dust, networks of cameras, networks of unmanned “X” vehicles (UXVs), networks of microsatellites, and other networked embedded systems. The sensing, computing, and communications hardware that goes into these systems is commodity. However, the exploitation of distributed sensor networks for applications ranging from civilian infrastructure to intelligence-gathering activities in a secure and trusted fashion is once again conditioned on the use of superior techniques for embedded software development for networked embedded systems. Thus, from a technology warning perspective, the investment in systems building for secure cyber infrastructures and other networked embedded systems is an important arena for identification, assessment, and prioritization. More detailed information on ubiquitous sensing, computing, and communications systems is provided in Appendix D in this report. Fusion of Computing and Communications with Other Novel Technologies C&C has been the paradigm-shifting information-technology-based engine of change over the past 30 years. All indications are that in the future it will, for many applications of great importance to the DOD, be leveraged via a fusion of C&C with biotechnologies, information technologies, and nanotechnologies in such a way that the best of the potential capabilities of nano- and biotechnologies are harvested on a C&C substrate. An example of how C&C technologies in ubiquitous sensing and communications systems can be combined with other technologies addressed in this report is the use of video-enabled disposable cellular phones in microair vehicles to provide networked monitoring and surveillance.3 Another example is the use of C&C technologies with DNA computing methods to produce synthetic biological systems.4 POTENTIAL OBSERVABLES THAT MAY INDICATE EMERGING THREATS Many of the technologies that pose potential threats to the communications capabilities of BLUE forces are readily available in the global marketplace. Thus, it is possible to postulate a variety of other observables that may be of value. Table 3-1 summarizes potential observables and potential sources of information for each. For example, the areas that foreign graduate students choose to study may be an indicator of the desire of a foreign government to develop capabilities in that area. In retrospect, it is 3   For additional information, see, for example, http://robotics.eecs.berkeley.edu/bear/. Last accessed on April 1, 2005. 4   See, for example, information on the Biobricks project at http://parts.mit.edu/. Last accessed on April 20, 2005.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances TABLE 3-1 Potential Observables and Sources of Information on Potential Threats to Communications Capabilities Observables Potential Sourcea Movement of graduate students between countries and fields National Science Foundation Science and Engineering Indicators http://www.nsf.gov/sbe/srs/seind04/c0/c0s1.htm   National Science Foundation Survey of Graduate Students and Postdoctorates in Science and Engineering http://www.nsf.gov/sbe/srs/sgss/   Organisation for Economic Co-operation and Development (OECD) Education and Skills http://www.oecd.org/topic/0,2686,en_2649_33925_1_1_1_1_37455,00.html Import and export of critical technology items (volume, type, etc.) U.S. Government Export Portal http://www.export.gov/tradestatistics.html Business travel to and from the United States from select countries correlated to export of certain technologies Travel Industry Association of America http://www.tia.org/default.asp Relevant publications and patents from select foreign countries OECD Work on Patent Statistics http://www.oecd.org/document/10/0,2340,en_2649_34451_1901066_1_1_1_1,00.html U.S. patents and publications U.S. Patent and Trademark Office (Patent Statistics Available for Viewing) http://www.uspto.gov/web/offices/ac/ido/oeip/taf/index.html Workforce migration and mobility OECD Science and Technology Working Papers http://www.oecd.org/findDocument/0,2350,en_2649_33703_1_119684_1_1_1,00.html Labor productivity trends OECD Productivity Statistics http://www.oecd.org/topicstatsportal/0,2647,en_2825_30453906_1_1_1_1_1,00.html Global diffusion of information technologies OECD Information and Communication Technologies http://www.oecd.org/topic/0,2686,en_2649_37409_1_1_1_1_37409,00.html Foreign industrial performance OECD Measuring Industrial Performance http://www.oecd.org/document/15/0,2340,en_2649_34445_1895503_1_1_1_1,00.html aAll sites were last accessed on April 1, 2005. clear that Middle Eastern interest in studying certain areas of engineering, particularly nuclear engineering, was an indicator of a desire to develop a nuclear capability. Another indicator of emerging or existing capability is the return of foreign expatriates to their country of origin. In many cases their return could simply evidence a desire for wealth in a rapidly growing market and would be considered a natural by-product of the global economy. However, the return of foreign expatriates could also indicate that desired information had been obtained in the United States and could now be put to use by foreign entities.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances Another indicator that should be watched is an increased interest in low-power electronics. Such interest could be indicative of developments in the areas of sensors and sensor networks. Similarly, an increased interest in low-power radio-frequency communication may be indicative of developments in sensor networks. Since much of the expertise for sensor networks is the same as that for mobile telephone networks, this behavior may also simply be a natural outgrowth of the increasingly ubiquitous telecommunications environment. The committee believes that it nonetheless bears attention. Advances in cryptography and computer security often appear in the open literature. Increasingly, these advances are the work of foreign researchers. Recently a French researcher broke SHA (secure hash algorithm)-0 (replaced by SHA-1 in 1994), and Chinese researchers have broken message-digest algorithm 5 (MD-5) (Randall and Szydio, 2004; Wang et al., 2004). Israeli researchers have successfully attacked a 40-round version of SHA-1. SHA-1 is the foundation of many security protocols. The National Institute of Standards and Technology believes that SHA-1 remains secure, but has decided to phase it out in favor of hash functions that it believes are stronger, such as SHA-256 and SHA-512 (NIST, 2002). It is difficult to gauge the strength of government efforts in cryptography and computer security since the results are unlikely to be published in the open literature. The analysis of such activities is likely to have to rely more on targeted intelligence collection. A possible indicator is that of hiring patterns of foreign intelligence agencies. The hiring of mathematicians and computer scientists could be a strong indicator that such agencies are developing a capability in cryptography or computer and communications security. An indicator that is often missed is silence. During World War II, leading nuclear physicists prevailed on their colleagues and scholarly journals to refrain from publishing their results. This was interpreted correctly by the Soviets to signify that work of consequence was occurring, since it was very unlikely that the leading physicists of the day would simply stop publishing. If it was noticed that foreign researchers who had been publishing in, say, cryptography suddenly stopped or switched areas, it would be a strong indicator that increased attention should be paid to activities in that area by that government. Areas of industrial investment can also be indicators. Anecdotal discussions indicate that Cisco now considers Huawei Technologies, based in Shenzhen, China, to be its greatest competitor. According to a recent news article (The Economist, 2005), Huawei, China’s leading telecommunications equipment manufacturer, now ranks 8th among wireline-equipment suppliers, up from 18th last year (Cisco ranks first). Former People’s Liberation Army (PLA) officer Ren Zengfei heads Huawei Technologies. Huawei is of particular interest because approximately 40 percent of its employees are in research and development, which contrasts sharply with current commercial practice in the United States.5 Earlier in this chapter it was observed that silence may also be a useful observable. With that idea in mind, some of the areas identified in Table 3-1 (e.g., publications and patents) should be monitored for abrupt pattern changes. A cautionary note with respect to the observables postulated above is that the committee made no assessment regarding policy or other issues that may limit such analysis. Furthermore, the committee acknowledges that many of the observables that it identified may be routinely analyzed by the technology warning community. BASIC WAYS TO DEGRADE OR NEUTRALIZE INFORMATION SUPERIORITY An adversary could impact BLUE force information superiority in a number of ways, including exploitation, corruption, disruption, or destruction of U.S. information systems. Virtually any component 5   See, for example, http://company.monster.com/huaweihk/. Last accessed on February 11, 2005.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances of the information environment is a potential target—that is, the aggregate of individuals, organizations, and systems that collect, process, and disseminate information, including the information itself (JCS, 2000). In this section, the committee provides a “tutorial-level” overview of several of the more commonly used methods of attack. Exploitation If an adversary gains access to protected information, the system has been exploited. Intercepting battle plans and moving assets out of harm’s way are perhaps the most classic examples of battlefield information exploitation. Most commonly, exploitation is associated with voice or data transmission among forces or between forces and command authorities. In the modern battle environment, however, other information can be exploited. Intercepting the communications between a sensor and the next point in the communications stream, or between a weapon and its launch platform, are examples of modern exploitation. Intercepting a wireless or wired signal, “bugging” a node or facility in the system, or emplacing a human agent are all methods of information exploitation. Encryption is perhaps the most effective way to prevent the loss of information through signal interception. “Bugging” may be prevented (or detected) by the application of suitable scanning technology, but doing so may be expensive and tedious. The “spy,” especially an insider threat, may be the most difficult to counter. History is replete with stories from classical times to the present of spies upsetting even the best-laid battle plans. Corruption If an adversary gains access to the information environment and is able to alter information, that information has been corrupted. Means of corrupting information are many—ranging from “spoofing,” which means changing the content of information collected and transmitted, to deception, which is simply creating bad information. Being able to flip 1’s and 0’s in a data stream so that a weapon hits a wrong target is an example of spoofing. Passing on false information so that a wrong target is attacked constitutes deception. The level of maturity of technology required to spoof electronic information is relatively advanced, probably beyond the inherent capability of an insurgent but well within the capability of a state actor. However, insurgents with sufficient money could buy the technology and the capability to use it on the black market or from some less-than-scrupulous state actors. One must have the means to intercept, alter, and then retransmit information, or one must be able to compromise a sensor or to compromise data-processing or data-transmitting hardware. Deception, especially involving human sources, is notoriously easy. Using encryption to ensure the integrity of data that are transmitted is a well-known technique that should be implemented. It is extremely difficult for even a peer adversary to alter the contents of an encrypted data stream in an undetectable fashion. It is much easier to alter the data at the source before it is encrypted (e.g., altering the values returned by a sensor). Disruption Preventing the movement of information constitutes a disruption. The jamming of a signal, either wired or wireless, is an example; the flooding of communications channels with extraneous messages could also disrupt the movement of useful information; cutting a communications link is another

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances example. The destruction of a single node on a system may disrupt the functioning of the system, although it would not destroy the system itself. For example, blowing up a communications tower or shooting down an unmanned aerial vehicle (UAV) could be disruptive of the entire system without destroying it. State actors, whether through indigenous or purchased capability, are the adversaries most likely to acquire weapons to jam U.S. systems. In the early days of Operation Iraqi Freedom, Iraq attempted to use purchased Global Positioning System (GPS) jammers to interfere with GPS precision-guided munitions of the United States (Trimble, 2003). Destruction Taking down an entire information system for an extended period of time effectively constitutes the destruction of that system. The most extreme example would be through the use of an electro-magnetic pulse (EMP) system (Foster et al., 2004). Potential adversaries have no doubt watched U.S. methodology in Iraq and elsewhere and realize that such a strike might gravely damage this nation’s ability to wage warfare. Only a major state actor would be capable of such a strike today over an entire theater. However, lesser state actors and insurgents might, with a lucky hit, be able to destroy a major command center and significantly interfere with the U.S. ability to conduct operations. One major threat from a nuclear-capable, lesser state actor would be to detonate a weapon at high altitude; the resulting EMP might well destroy the electronics in ground assets as well as nearby space assets. If the attacker were so fortunate as to “pump” the Van Allen belts, the number of space assets at risk would rise dramatically (Foster et al., 2004). Analogies in Non-Warfighting Scenarios The BLUE force’s increasing dependence on information superiority has related analogies in non-warfighting scenarios. New and emerging information technologies and their associated applications are recognized as being the engine of productivity growth in developed countries. Conversely, the disruption of widely used services and applications that employ information technologies can have widespread and major consequences. For example, disrupting the capabilities of average U.S. citizens to send and receive e-mail, to make and receive cellular telephone calls, and/or to access Web sites causes a major disruption in their abilities to do their jobs effectively and to conduct their personal business effectively. This is the case today even though e-mail, cellular telephones, and the World Wide Web were not used by average citizens only 15 years ago. Businesses and individuals will become increasingly dependent on applications of information technology that employ sensors (GPS receivers, RFID tags, and so on). Given that dependence, even perceived disruption (e.g., spoofing) could diminish users’ confidence in the underlying information networks and, in effect, degrade the services that the networks would otherwise deliver. COMMITTEE FOCUS: COMMUNICATIONS AND SENSING SYSTEMS Joint Vision 2020 acknowledges the transitory nature of information superiority as well as the fact that it alone does not guarantee victory (JCS, 2000). Rather, information superiority serves as an essential enabler for the operational concepts. In general terms, a distributed BLUE force needs the following:

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances To know where it is (information about the locations of relevant BLUE forces); To know where the adversary is (information about the locations of relevant RED forces and RED systems, which will often be obtained from distributed, networked BLUE sensors); To decide where it wants to be at specific times in the future; To know how to safely get where it wants to be (using networked BLUE sensors to detect threats); To know what to do when it gets there; To respond to emerging opportunities and threats (which will often be detected by networked BLUE sensors); and To be able to do so more quickly and more effectively than the adversary. The ability to communicate over distance with low latency relies on superb communications and rapid, controlled accessibility to relevant information, which are core capabilities of any modern fighting force (MITRE, 2004). Such capabilities become increasingly important as the military moves toward implementation of the operational concepts articulated in Joint Vision 2020. The recognition of the importance of these capabilities has led to programs such as the Joint Tactical Radio System, which seeks to rationalize the disparate communications systems of the armed forces under a standard, interoperable architecture. The importance of such efforts is underscored in programs such as the Future Combat System, which relies on excellent communications and the superb (but controlled) accessibility of relevant information in order to achieve unprecedented situational awareness, coordination, and reaction times. If the abilities of the soldiers and other systems to communicate reliably and/or to access dependable information are substantially disrupted, the effectiveness of the forces that rely on information superiority to accomplish their missions will be substantially reduced. Potential Pathways for Disruption, Denial, or Degradation of Communications and Sensing Capabilities As a result of the highly distributed nature of communications systems, the interdependencies inherent to network architectures, and the fact that BLUE forces increasingly rely on commercially available technologies, innumerable vulnerabilities exist (many of them are well documented in open literature). Below, the committee summarizes some potential pathways that could impact the nation’s ability to maintain information superiority. These pathways include the following: Causing physical damage to wireless handheld appliances and using embedded wireless subsystems to destroy or degrade the ability of BLUE forces to communicate (e.g., using EMP generators to destroy electronic components or to cause significant changes in stored data); Jamming of communications capabilities (e.g., using strong radio signals to overload the wireless receivers in wireless systems and subsystems); Performing a denial-of-service attack on communications capabilities by overloading networks with bogus communications (e.g., injecting packets into a network to cause congestion, preventing BLUE force packets from reaching their destinations); Performing a denial-of-service attack by revoking the access privileges of legitimate users and systems (e.g., by attacking the authentication databases, making it impossible for legitimate soldiers to authenticate themselves to systems that they wish to access); Disrupting network servers so the information that they contain is not accessible to legitimate users of those servers (e.g., by overloading the servers with bogus requests for information, as in a distributed denial-of-service attack on a commercial Web server); \

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances Accessing information that should not be available to the party accessing it (e.g., using a spy with access privileges to obtain information—a form of “insider” attack); Breaking cryptographic systems to read encrypted messages in transit, to read encrypted stored files, or to obtain passwords and cryptographic keys; Spoofing sensors—that is, causing false readings, resulting in misinformation that causes the BLUE forces to misinterpret situations in which accurate situational information is critical (e.g., causing a sensor to mistakenly identify noncombatants as RED forces); Evading sensor detection (stealth) by employing technologies that mask the physical attributes that are being sensed (e.g., clothing that employs a combination of insulation and surface cooling to evade detection by infrared sensors); and Jamming sensors—that is, employing “signals” that overload sensors and/or prevent sensors from discriminating between “noise” and signals of significance (e.g., attempting to overload or damage acoustic sensors with inexpensive, high-power acoustic noise generators). IDENTIFICATION AND ASSESSMENT STEPS OF THE COMMITTEE METHODOLOGY A variety of technologies and tactics may be employed to degrade the information superiority of BLUE forces. Several techniques were discussed in the previous section. Here the committee identifies a few specific technologies and postulates observables that may suggest adversarial intent to develop such capabilities. Two broad categories are considered: system/network attacks and sensor attacks. System/Network Attacks Electromagnetic Pulse Generators The combination of a sufficiently high energy electromagnetic pulse (EMP) generator with a suitable antenna could be used by an adversary to achieve a disruptive capability (see Charts 3-1 and 3-2). CHART 3-1 Technology Assessment: Electromagnetic Pulse Generators Technology Observables Electromagnetic Pulse (EMP) Generators: Non-nuclear, transportable generators of electromagnetic pulses that are sufficiently powerful (and rich in high-frequency content) to be used to damage electronic components or to induce data changes in electronic memories within BLUE force handheld appliances and/or embedded systems. Research and development activities related to high-energy EMP generators (which have no apparent commercial purpose, other than for testing equipment for EMP vulnerability or, perhaps, for certain types of precision welding processes). Accessibility Maturity Consequence Level 2 Watch Destroy electronic components or degrade stored data.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances Radio-Frequency Jammers Low-cost radio-frequency jammers may be procured commercially or assembled from commercially available subsystems and components (see Chart 3-3). Modular Network Nodes The basic capability of modular network nodes can be readily obtained by using commercially available local area networking products, perhaps with some modifications of the associated software plus the associated capability to obtain the necessary passwords and/or encryption keys (see Chart 3-4). CHART 3-2 Technology Assessment: Electromagnetic Pulse Generators Technology Observables EMP Generators Covert or overt research and development activities to develop adaptations of commercial off-the-shelf electronic components that operate at higher voltages, or that employ higher band-gap materials (i.e., so that the adversary can disable BLUE force equipment, without disabling RED force equipment). Accessibility Maturity Consequence Level 3 Watch Asymmetric advantage to adversary. CHART 3-3 Technology Assessment: Radio-Frequency Jammers Technology Observables Radio-Frequency (RF) Jammers: Low-cost, transportable, high-power RF jammers employing adaptive antennas to achieve directional (pointing) capabilities that enable them to direct more of their total power on their targets. Emerging commercial capabilities. Accessibility Maturity Consequence Level 2 Warning Disrupt information flow. CHART 3-4 Technology Assessment: Modular Network Nodes Technology Observables Modular network nodes: Low-cost, small nodes (modules) that can generate bogus traffic that can be used to overload networks (once the necessary network access passwords and/or encryption keys have been obtained). Emerging commercial products used in wireless local area networking applications. Accessibility Maturity Consequence Level 1 for basic capability; difficulty is in gaining access. Watch Disruption of communications.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances Malicious Code Small groups of talented computer scientists can produce potent malicious code. The insertion of undetectable malicious code into well-protected military systems may require access to the systems by persons with system administration privileges. However, this could also be accomplished by adversaries employed by software-development organizations that develop the software used by BLUE forces. The activation of the malicious code by an adversary during an actual operation would probably require the adversary to employ BLUE force insiders with sufficient access privileges (see Chart 3-5). Sensor Attacks Sensor attacks can generally be classified into jamming (overloading the sensory input to degrade the sensor system either temporarily or permanently), signature reduction (camouflage), and spoofing (injecting false signals into the sensor stream either at the sensor or at the network or computation or communication level). While any of these tactics can be effective in specific instances, there is a general hierarchy of impact. While jamming can deny the BLUE forces the use of their sensors, it leaves no doubt that the RED forces are making an assault on the sensor suite, and tracing the source of the jamming leaves RED forces vulnerable to counterattack. Signature-reduction strategies degrade situational awareness without providing an obvious indication of enemy presence or providing any directions for response. Spoofing can degrade BLUE force capabilities by diverting resources into unproductive directions. BLUE forces exploit a diverse and expanding spectrum of sensor modalities, as illustrated in Table 3-2. Additional related information is provided in Appendix D in this report. It should be noted, however, that the information in this report is not comprehensive in terms of either modalities or their potential applications. CHART 3-5 Technology Assessment: Malicious Code Technology Observables Malicious code (e.g., executable software hidden within an application loaded onto a BLUE system) that lies dormant and can be activated by a trigger that is injected by the actions of an insider. The activation of this malicious code causes essential servers and essential communications networking assets (e.g., routers) to become unusable or to perform incorrectly. Covert projects employing computer scientists to develop undetectable malicious code, and the associated methods for inserting it into BLUE systems; virus, worm, etc., attacks, conducted as experiments to test different types of malicious code (e.g., how long does it take to be detected? How fast does it spread among the target systems in a network of systems?); persons employed by adversaries, with computer system expertise who have infiltrated BLUE organizations and attempted to gain significant access privileges via job assignments. Accessibility Maturity Consequence Level 1 for basic capability; difficulty is in gaining access. Watch Could enable exploitation, corruption, or disruption of information environment.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances TABLE 3-2 Examples of Sensor Modalities and Their Potential Utility Sensor Modality Illustrative Applications Terahertz sensors Potential ability to see through walls and under clothes. Infrared spectrum Enabling operations in dark and nighttime environments. Visual spectrum Optical imaging. Acoustic and seismic sensors Identification of certain classes of targets and target bearing. Image/spectroscopy Spatial/spectral resolution of a target. Chemical sensors Detection of presence of chemical agents (e.g. nerve agents). Ionizing radiation Detection of presence of radiological/nuclear materials. NOTE: See Appendix D in this report for additional information on sensor modalities. Sensor attacks are typically targeted to specific sensor modalities. Here the committee has not provided a complete assessment, instead discussing only general approaches that may threaten BLUE sensor suites, together with potential observables. A discussion of a few specific technologies is provided in subsequent chapters (e.g., see the subsection entitled “Sensor Spoofing” in Chapter 5). Jamming In general, sensors are designed to detect weak signals and to filter out extraneous signals without degrading the signals of interest. In most cases, radio-frequency (RF), terahertz (THz), infrared (IR) radiation, optical, ultraviolet (UV), acoustic, chemical, and biological detectors can be readily overwhelmed by the deliberate introduction of large levels of artificial signals into the theater of operations. Undoubtedly the best defense is redundancy—of sensors and of sensing modalities. Reliance on a single sensor of a single observable is an inherently risky strategy that allows an adversary to exploit a single set of vulnerabilities. Hardening of single sensors is usually expensive and most often degrades the sensitivity and/or selectivity of the sensor. Distribution of wide-area networked sensors operating across a range of modalities provides an inherent immunity (see Chart 3-6). CHART 3-6 Capability Identification: Sensor Jamming Capability Potential Observables Sensor jamming In some cases, such as infrared countermeasures for heat-seeking missiles, there are national programs to develop appropriate sources and packaging. Clearly, these need to be monitored. More difficult to detect are strategies that employ low-technology sources, e.g., acoustic generators, to confuse appropriate sensors. On the state level, both the jamming sources and the hardening of each state’s own sensor suite provide potential observables.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances Camouflage Signature reduction is a time-honored military tradition. One specific area of great importance is the reduction of infrared signatures—attempting to reduce the benefit of IR sensors to BLUE forces. There is a long history of signal manipulation and reduction by using advanced coatings (e.g., stealth), improved thermal isolation, and so on. Recently, there has been much activity reported in the open scientific literature in the related fields of photonic crystals, plasmonics, and metamaterials. While the goals are many and span the range from fundamental optical interactions with matter, to improved telecommunications and signal processing systems, to quasi-optical interconnects in next-generation integrated circuits, all of these areas have a potential impact on infrared signatures and sensing (see Chart 3-7). Spoofing There are as many possible targets for the use of spoofing as there are sensors. One category of increasing importance is chemical and biological sensors. Ground forces are significantly hampered by protective gear to defend them against these threats. Thus, RED forces gain significant leverage if BLUE forces must defend against a threat that does not exist while RED forces can operate unencumbered (see Chart 3-8). SUMMARY In Joint Vision 2020, Information Superiority is identified as a key enabler that cuts across all four of the envisioned operational concepts (JCS, 2000). In the future, the United States can be assured neither of being the first to have access to all of the best information technologies nor of having a first mover’s advantage in applying COTS products to military systems. As a result, it is much harder to know what to look for and much more difficult to recognize the implications of the complex array of achievements in information technology and undertakings in development and applications that will be possible to observe. The committee identified a number of generic vulnerabilities of information-technology-enabled systems and applications (including, in principle, those that might be used by BLUE forces to endeavor to maintain information superiority). These vulnerabilities could be attacked via emerging technologies and capabilities that, in most cases, are increasingly available to U.S. adversaries in the form of low-cost, commercial commodity products. The emerging technologies and capabilities that might attack these vulnerabilities include (but are not limited to) the following: Causing physical damage to wireless handheld appliances and embedded wireless subsystems; Jamming of communications capabilities; Performing a denial-of-service attack on communications capabilities by overloading networks with bogus communications; Performing a denial-of-service attack by revoking the access privileges of legitimate users and systems; Spoofing sensors (i.e., causing false readings that result in the dissemination of misinformation); Evading sensor detection (stealth) by employing technologies that mask the physical attributes that are being sensed; and Jamming sensors (i.e., employing “signals” that overload sensors and/or prevent sensors from discriminating between “noise” and signals of significance).

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances CHART 3-7 Capability Identification: Camouflage Capability Potential Observables Camouflage (signature reduction) This is an active area in the open literature, with many papers being presented at international scientific meetings and published in the archival literature. It is important to monitor this activity and to seek to apply developments to BLUE systems to better understand the capabilities of these newly emerging capabilities. The usual phenomenon of active research groups going silent is a potential indicator of state activity. Monitoring the commercial development of these technologies will be especially important because of the strong efforts in Europe and Asia-Pacific. CHART 3-8 Capability Identification: Sensor Spoofing Capability Potential Observables Sensor spoofing particularly relating to chemical and biological agents. Development of simulants for toxic agents. Testing against commercial sensors. This is again a very active area of investigation, with much of the literature open and available. Just as for low-observable research, it will be important to monitor not just research directed specifically at sensor spoofing, but more generally at improved sensors for chemical/biological agents for homeland defense, and for commercial as well as military applications. The committee also identified for each of the emerging technologies or capabilities listed above, potential indicators that the technology warning community could employ to attempt to determine the actual intentions and/or capabilities of U.S. adversaries to employ these technologies and methodologies. REFERENCES Chan, Felix, Dora Marinova, and Michael McAleer. 2004. Trends and volatilities in foreign patents registered in the USA. Applied Economics 36(6):585-592. DSB (Defense Science Board). 2005. Task Force on High Performance Microchip Supply. Office of the Under Secretary of Defense, Washington, D.C. February. Available online at http://www.acq.osd.mil/dsb/reports/2005-02-HPMS_Report_Final.pdf. Last accessed on April 12, 2005. The Economist. 2005. See Huawei run. March 5-11 issue. pp. 60-61.

OCR for page 28
Avoiding Surprise in an Era of Global Technology Advances Foster, John S., Earl Gjelde, William R. Graham, Robert J. Hermann, Henry “Hank” M. Kluepfel, Richard L. Lawson, Gordon K. Soper, Lowell L. Wood, Jr., and Joan B. Woodard. 2004. Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack. Available online at http://www.globalsecurity.org/wmd/library/con-gress/2004_r/04-07-22emp.pdf. Last accessed on April 1, 2005. Giles, Lionel, translator. 1910. Sun Tzu on the Art of War, The Oldest Military Treatise in the World. Translated from the Chinese. Available online at http://www.chinapage.com/sunzi-e.html. Last accessed on February 4, 2005. JCS (Joint Chiefs of Staff). 2000. Joint Vision 2020. Director for Strategic Plans and Policy, J5; Strategy Division. U.S. Government Printing Office, Washington, D.C. MITRE Corporation. 2004. Horizontal Integration: Broader Access Models for Realizing Information Dominance. MITRE Corporation, McLean, Va. Available online at http://www.fas.org/irp/agency/dod/jason/classpol.pdf. Last accessed on April 1, 2005. NIST (National Institute of Standards and Technology). 2002. Announcing the Secure Hash Standard. Available online at http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf. Last accessed on April 1, 2005. Randall, James, and Michael Szydio. 2004. Collisions for SHA0, MD5, HAVAL, MD4, and RIPEMD, but SHA1 Still Secure. August 31. RSA Laboratories. Available online at http://www.rsasecurity.com/rsalabs/node.asp?id=2738. Last accessed on April 1, 2005. Roco, M.C., R.S. Williams, and P. Alivisatos, eds. 1999. Nanotechnology Research Directions, IWGN Workshop Report. September. Available online at http://www.wtec.org/loyola/nano/IWGN.Research.Directions/. Last accessed on April 1, 2005. Trimble, Stephen. 2003. In Iraq, GPS is surviving jamming threat, Pentagon says. Aviation Week. March 25. Available online at http://www.aviationnow.com/avnow/news/channel_aerospacedaily_story.jsp?id=news/gps.xml. Last accessed on April 1, 2005. Wang, Xiaoyun, Dengguo Feng, Xuejia Lai, and Hongbo Yu. 2004. Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. Revised on August 17, 2004. Available online at http://eprint.iacr.org/2004/199.pdf. Last accessed on April 1, 2005.