Thursday, March 5, 2009

Cloud Warfare & Proactive Network Defenses

It is quickly becoming apparent that new weapon of choice for modern conflicts is not in the traditional battle field. Instead many nation-states are increasingly employing cyber warfare to attack other states or entities in an effort to disrupt or disable critical technological infrastructure. States like China and Russia, which remain inferior to the U.S. militarily, have identified the United State's cyberspace vulnerability and worked diligently to exploit it. I've had a keen facination with the military side of computing, so I thought I'd take a moment to give you an overview of the current state of Cyber warfare.

For those new to military network computing / Cyber warfare, there two main groups in the US military who are publicly devoted to Cyber warfare activities, the Air Force Cyber Command and 67th Network Warfare Wing. The stated mission of the AF Cyber Command is to develop a major command that stands alongside Air Force Space Command and Air Combat Command as the provider of forces that the President, combatant commanders and the American people can rely on for preserving the freedom of access and commerce, in air, space and now cyberspace.

Although less is known about the NSA, the National Security Agency has recently become a major player in the emerging network defenses segment of the US military. Generally speaking NSA's cyber mandate is to "help monitor" U.S. federal agency computer networks to protect them against attacks. Unofficially they have been know to proactively engage in network defenses including botnet based activities. NSA's official mission, as set forth in Executive Order 12333, is to collect information that constitutes "foreign intelligence or counterintelligence" while not "acquiring information concerning the domestic activities of United States persons". NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the USA.

The topic of cyber warfare is not a new one, in 1996 Richard Harknett wrote a paper title "Information Warfare & Deterrence" In this famous paper, Harknett appears to be advocating for what he describes as absolute deterrence. He notes, “The essence of the Information Age is the emergence of a new form of organization. The information technology network seamlessly connects all of its parts, creating shared situational awareness throughout an organization. High connectivity supports both enhanced sustainability and greater accessibility. "

At it's heart Harknett has outlined the vision of state sponsored offensive network centric armies, both as a offensive tool but also as a form of mutual deterrence. The problem with mutual deterrence is it quickly becoming difficult to detect the friendlies from the enemies. The recent Georgian war is a perfect example. A large part of the Georgian government web infrastructure was brought down during the Russian / Georgian conflict. Although the Russian's were thought to behind the attack, the actual computers inflicting the demand were seen to be originating from civilian ISP's in the United States, in order for NATO or others combat this barrage, they would in effect have been attacking American computing targets, or "friendlies".

Harknett goes on to say "Deterrence requires that the capability to inflict retaliatory costs be perceived as reliable. Deterrence weakens to the degree that the deterrent capability can be contested by a challenger through degradation or avoidance. The inherent accessibility of information technology invites challenges to a network's connectivity. Deterrent threats relying on such connectivity will be susceptible to technical, tactical, and operational contest. The contestability of connectivity will make deterrence of information warfare difficult. "

What is most interesting is the contrast he draws between that of a Nuclear deterrent which he says "have a degree of ‘reliability of effect’ that makes the costs associated with a nuclear response seem incontestable."

Col. Charles W. Williamson III the deputy staff judge advocate at U.S. Air Forces in Europe’s military justice division recently added his own opinions. He say's "If the standard is absolute deterrence, then I admit intellectual defeat. On the other hand, if the standard is the more conventional meaning — to discourage somebody from taking action — then most of the world is deterred from symmetrical attack on the U.S. because of our conventional weapons dominance."

In a recent post Christofer Hoff added his opinions on "offensive computing";
"There's not been a war yet that has been won with defense alone, so why do we expect we can win this one by simply piling on more barbed wire when the enemy is dropping smart bombs? This is the definition of insanity and a behavior that we don't talk about changing.

"Don't spend money on AV because it's not effective" is an interesting behavioral change from the perspective of how you invest. Don't lay down and take it up the assets by only playing defense is another."

In the modern global computing environment, being a passive participant is no longer an option for most nations, if you are not taking proactive and sometimes offensive network measures you run the risk that your critical infrastructure will be exploited. This very real risk could result in real world casualties. The next big opportunity for the military contractors of the world will be in creating the next generation of distributed computing defense system, ones that can potentially take over a network of civilian compute resources both friendly or hostile. Like it or not, this is the fact we're now facing.
Reblog this post [with Zemanta]

#DigitalNibbles Podcast Sponsored by Intel

If you would like to be a guest on the show, please get in touch.