Cyberwar

Military applications of network attack and defense

"Network-Centric Warfare" — Terminology with a Convoluted History

Much depends on just what you mean by "network-centric warfare".

Initially (maybe 1996-2000) it seemed to be used recklessly, and was the domain of much wild speculation (science fiction analogies) and dangerous enthusiasm (controlling warships with Windows NT).

After maybe 2000 or so it seems to have really been working, but by then it really should have been called something more like "information-centric" or "communication-centric" warfare.

The point is the sharing of information and how that information is used, not just the fact that there's a networked graphical interface.

The Yorktown Failure — The Blue-Water Blue Screen of Death

In September 1997, the USS Yorktown, a Aegis-class missile cruiser, was left dead in the water for close to 3 hours because of a cascade of failures started by a Windows NT application that didn't prevent a divide-by-zero error. There's a design error here — who made NT a vital part of a warship, and who designed an architecture that allowed the failure cascade? Google finds lots of discussion, ask for:
september 1997 yorktown windows
Also see the Military and Aerospace Electronics article: "Navy Postmortem Tries to Pinpoint What Went Wrong With the 'Smart Ship'", in Military and Aerospace Electronics, March 2001, pp 1,5.

Early enthusiasm for "Network-Centric Warfare"

"What is Information Warfare" is available from the Government Printing Office (by Martin C. Libicki, August 1995, National Defense University series, G.P.O. 1996-405-201:40005). Much enthusiasm and anecdotes, light on technical facts and realism. Note the section where he discusses William Gibson's science-fiction novels and the movie "TRON" as possible models! Well, it's out there, and some people may consider it important.

Two government references that look better are NIST Special Publication 800-12 and NIST Special Publication 800-14.

"Network-Centric Warfare", Vice Adm Arthur K. Cebrowski and John J. Garstka, U.S. Naval Institute Proceedings, Jan 1998, pp 28-35. At least for the USNI publications, this seems to be the article that kicked off the craze.

"IT-21 Intranet Provides Big 'Reachbacks'", Rear Adm Robert M. Nutwell, U.S. Naval Institute Proceedings, Jan 1998, pp 36-38. A pretty good overview.

"Moving the Navy Into the Information Age", Cmdr Michael S. Loescher, U.S. Naval Institute Proceedings, Jan 1999, pp 40-44. He seems to have watched way too much "Star Trek", as the article actually suggests working on "cloaking" and "shielding" as in that sci-fi TV show, plus "omniscience" and "telepathy".

"The Power of e-Sailors", Vice Adm James R. Fitzgerald, U.S. Naval Institute Proceedings, Jul 1999, pp 62-63. A decent overview, at the expense of yet another unneeded neologism...

Early Skepticism and Caution Regarding "Network-Centric Warfare"

"Beware of Geeks Bearing Gifts", Lt Cmdr Eric Johns, U.S. Naval Institute Proceedings, Apr 1998, pp 74-76.

"The Seven Deadly Sins of Network-Centric Warfare", Thomas P. M. Barnett, U.S. Naval Institute Proceedings, Jun 1999, pp 36-39.

"The Smart Ship is Not the Answer", U.S. Naval Institute Proceedings, Jun 1998, pp 61-64. "Using Windows NT, which is known to have some failure modes, on a warship is similar to hoping that luck will be in our favor."

"Network-Centric: Is It Worth the Risk?", Cmdr William K. Lescher, U.S. Naval Institute Proceedings, Jul 1999, pp 58-63.

A very useful and more recent overview of NCW in its broader and more mature sense is a series of articles in AWST, 27 Jan 2003, pp 37-59.

Analysis

The RAND Corporation wrote what looks like a good analysis of cyberwar for the U.S. Air Force.

Seymour Hersh wrote a good article for The New Yorker, "The Online Threat: Should we be worried about a cyber war?"

International Conflict on the Internet

The People's Republic of China

During the NATO attacks on Serbia in the spring of 1999, including the accidental bombing of the Chinese embassy, there were retaliatory attacks against NATO's public web server (instigated from Belgrade) and against a number of U.S. government sites, including Dept of Interior, Dept of Energy, the National Park Service (!), and the U.S. embassy in China (instigated from Beijing and from groups supporting the Beijing government).

There were also attacks against U.S. and NATO systems from China. Federal Computer Week, 1 Sep 1999,

April-May 2001 — A US Navy EP3 intelligence gathering aircraft landed on Hainan Island after a mid-air collision with a Chinese fighter, leading to scattered attacks using "Kill USA" and "China Killer" programs. New Scientist, 23 Feb 2008 pp 24-25.

October 2007 — The US Department of Homeland Security's U.S. Immigration and Customs Enforcement agency reported that it had launched more than 540 investigations into illegal exports of controlled U.S. technology to China since 2000. Homeland Security Affairs, (Journal of the Naval Postgraduate School Center for Homeland Defense and Security), vol V, No 1, Jan 2009.

January 2008 — The US Air Force said, "China has been positively identified as a source of campaign-style cyber attacks on Department of Defense systems."

January 2008 — The US Air Force said that papers in Chinese military journals and textbooks discuss ideas for war against the US in a confrontation over Taiwan, including communication jamming and computer malware.

February 2008 — The Australian government announced that Chinese hackers were launching targeted attacks to gather information from sensitive military secrets to the prices Australian companies will seek for resources such as coal. The Age, 10 Feb 2008.

11 February 2008 — US officials arrested a former Boeing engineer on charges of stealing trade secrets from the space-shuttle program, Delta IV rocket and other projects and sending them to agents of the Chinese government. Orlando Sentinel, 12 Feb 2008.

12 February 2008 — The Washington Times had a story on Chinese espionage.

15 February 2008 — The Washington Post had a story on Chinese espionage:

3 March 2008 — The US Defense Department said that attacks in 2007 against computer networks operated by governments and commercial institutions around the world "appear" to have originated within China:

• DefenseLink story
• 2007 Report To Congress of the U.S.-China Economic and Security Review Commission
• Government Executive, 4 Dec 2007.
• Government Executive, 3 Mar 2008.
• Government Executive, 6 Mar 2008.
• Federal Computer Week, 4 Mar 2008.

24 March 2008 — Tibet protest groups have been targeted for attack with hostile e-mail attachments sent from Chinese servers. BBC World News, 24 Mar 2008.

25 March 2008 — "A Chinese-born engineer convicted of conspiring to pass U.S. military secrets to the People's Republic of China was sentenced Monday to 24 years and five months in federal prison." Information Week, 25 Mar 2008.

10 April 2008 — Business Week ran a cover story "The New E-spionage". Summary: many prolific sources based in PRC launch spear-phishing attacks on government workers and contractors. The To: and From: fields look relevant, content is relevant. Message has spyware attachment that will capture keystrokes and harvest data files, sending product back to PRC. Plus capability for remote access of the system. BYZANTINE FOOTHOLD has been a US project to detect, track, and disarm intrusions on critical government networks. "Poison Ivy" was the name given to PRC code by commercial infosec companies.

6 May 2008 — "Over the past one and a half years, officials said, China has mounted almost daily attacks on Indian computer networks, both government and private, showing its intent and capability." Times of India, 6 May 2008.

3 Nov 2008 — The Diplomatic Security Daily publication of the U.S. Department of State reported the sophisticated threat assigned code word Byzantine Candor, with a subset of that known as Byzantine Hades.
BC = Byzantine Candor,
CNE = Computer Network Exploitation,
USG = United States Government,
DoS = Department of State (and not Denial of Service!), and
CTAD = Cyber Threat Analysis Division. As millions of copies of the Wikileaks file contain, that report said:

I do not understand what is meant by:
and all the host names of the addresses contained Asian keyboard settings as well as China time zone settings.
Yes, the DNS PTR records might contain non-ASCII characters in the host names, and "Asian keyboard settings" might be a clumsy way of saying that. But "China time zone settings"? That says to me that they were looking at e-mail headers.

20 Nov 2008 — A U.S. Congressional advisory committee releases a report warning that Chinese attacks on civilian, government, and military networks are rising. This was also reported in Information Week.

18 Apr 2009 — Newsweek magazine reports on "Ghostnet".

Some calm thinking on the Chinese hacking threat — Bruce Schneier's essay for the Discovery Channel pointed out that the truth is a lot more complicated. Much is from patriotic Chinese citizens, plus a lot of automated attacks run on compromised systems that just happen to be located in China.

Estonia

April 2007 — The "Bronze Soldier" statue was moved from central Tallinn to a military cemetery. To Estonians, the statue was a symbol of almost 50 years of Soviet occupation. To Russia and to Estonians of Russian descent (about 25% of population of 1,300,000) the move was an insult to the memory of soldiers who fought the Nazis in WWII. There was street violence 26-28 April.
http://news.smh.com.au/estonia-convicts-first-cyberwar-hacker-prosecutors/20080124-1nro.html

9 May 2007 — Government web sites lost external connectivity due to a massive DDOS atack. Many of the attacking hosts were in Russia, some belonged to the Russian government, but official government involvement, support, or even awareness couldn't really be gauged.

24 Jan 2008 — Dmitri Galushkevich, an ethnic Russian, was convicted Jan 2008 for his involvement. Fined 17,500 kroons (1120 Euros, 1620 US$) for his part in attack against website of Reform Party of Prime Minister Andrus Ansip, one of many DDOS attacks on Estonian government and businesses.
http://news.smh.com.au/estonia-convicts-first-cyberwar-hacker-prosecutors/20080124-1nro.html

2 April 2008 — "Almost a year after falling victim to a "cyber-war" blamed on Russian hackers, the Baltic state of Estonia is now piloting NATO's efforts to ward off future online attacks on alliance members. After this week's NATO's summit in Romania, Estonia and seven other alliance partners will set up the "Cyber Defence Centre of Excellence" in Tallinn next month. The United States, Germany, Italy, Spain and Estonia's fellow ex-communist NATO member states Latvia, Lithuania and Slovakia will spearhead the project."
http://news.theage.com.au/estonia-to-drill-natos-future-cyberwar-defenders/20080402-234p.html

11 March 2009 — The pro-Kremlin youth group Наши, or Nashi, meaning Ours, claimed responsibility for making the attack on behalf of the Kremlin:
http://blog.wired.com/defense/2009/03/pro-kremlin-gro.html
http://www.theregister.co.uk/2009/03/11/russian_admits_estonian_ddos/

Finland

27 May 2009 — The Finnish military announced plans to establish "a cyberwar unit charged with protecting government data communications". It sounds more like pure defense and threat monitoring, made to sound more exciting with the buzzword "cyberwar"....

Georgia

August 2008 — Russian military forces move into Georgia, citing requests for help from ethnic Russian communities in Georgian breakaway regions of South Ossetia and elsewhere. At the same time, DDOS attacks orchestrated out of Russia blocked access to Georgian government web sites. I don't know everyone's feeling on this, but if armored vehicles are rolling down the street in front of my home, and I see combat aircraft overhead and hear incoming artillery rounds, my inability to look at the Georgian equivalent of whitehouse.gov is going to be of relatively little concern...

This seemed to be another case of "Russian patriotic citizens rise up" and do the attack on their own, where the government does not direct them but neither does it stop them or even disapprove.

• "Russian Hacker Forums Fueled Georgia Cyber Attacks", Washington Post, 16 Nov 2008.
• Russian coder takes credit for hacking Georgian sites including http://www.parliament.ge, the Georgian parliament's site: Wired.com, 23 Oct 2008.

October-November 2008 — Major news organizations start seriously questioning the accepted view of the military action is nothing but Russian aggression and Georgian self-defense, as Georgian targeting of civilians and other details come to light:

• BBC News, 28 Oct 2008.
• New York Times, 7 Nov 2008.
• Los Angeles Times, 17 November 2008

See the "Russian Cyberwar on Georgia" report for lots of details on the military action, the Internet attacks, and the coverage: http://hostexploit.com/

September 2009 — Aviation Week and Space Technology ran an article (14 Sep 14 2009 pp 54-55) titled: "Cyberwar is Official" and subtitled: "Network attack, digital time boms and information exploitation are now combat standards", quoting an analysis from the U.S. Cyber Consequences Unit (US-CCU), "only parts of which are available to the public". The article describes US-CCU as "an independent organization that does cyber-forensics and analysis for private organizations and government, including the National Security Agency and CIA." It's a non-profit research group with some affiliation to the Tufts University law school, the domain is registered to a guy in Vermont with an AOL e-mail address:

% whois usccu.us
Domain Name:                                 USCCU.US
Domain ID:                                   D7129910-US
[....]
Registrar URL (registration services):       whois.schlund.de
Domain Status:                               ok
Registrant ID:                               SPAG-33246501
Registrant Name:                             Scott Borg
Registrant Address1:                         PO BOX 1390
Registrant City:                             NORWICH
Registrant State/Province:                   VT
Registrant Postal Code:                      05055
Registrant Country:                          United States
Registrant Country Code:                     US
Registrant Phone Number:                     +1.8026493849
Registrant Email:                            scottborg@aol.com

Iran

The Stuxnet worm was detected in June, 2010. In September, 2010, analysts announced that it seems to have been designed specifically to take control of a real-world industrial target, the SCADA software running chemical plants, factories, and electrical power generation and transmission systems. Its infections have been concentrated in Iran, Pakistan, India, and Indonesia, although systems have been infected world-wide. Some believe that it is targeted at a specific facility — Iran's Bushehr nuclear plant. The Christian Science Monitor had a good report on this story, with more technical details than typically found in newspapers. Dark Reading goes deeper into the technical details and the analysis.

Israel

September 2000 — Israeli hackers launch DDOS and deface Hezbollah and Palestinian National Authority's websites. Palestinian authorities respond with call for a "cyber holy war", Israeli government and financial website attacked. [New Scientist, 23 Feb 2008 pp 24-25]

September 2007 — Israeli air strike on suspected nuclear facility in northern Syria reportedly aided by cyber-attack against Syrian radar air defenses. "Non-stealth Israeli fighters slip in and out of Syrian airspace virtually undetected." Yes, but I doubt that Syrian air defense systems were on publicly routable networks.... [New Scientist, 23 Feb 2008 pp 24-25]

Kyrgyzstan

In January 2009 a "russian cybermilitia" launched a distributed denial of service attack against the two biggest Internet service providers in Kyrgyzstan, largely cutting the country off the Internet. A few days later, Kyrgyzstan announced that the U.S. military would have to vacate Manas Air Base. Apparently the DDOS attack was part of the Russian pressure. Click here to see the story at computerworld.com.

Mauritania

November 2008 — The websites of al-Anba' al-Ikhbari and Sahara Media, two news agencies in Maurtiania, are taken down in DDOS attacks. This is after the August 6 military coup replacing the democratically elected president, Sidi Mohamed Ould Cheikh Abdallahi, with a military junta. "Sahara Media has accused "national and foreign parties" of aiming to muzzle the site. Al-Anba', for its part, was far more specific in assigning blame. It said "some parties in the military regime in Nouakchott" are responsible or the sabotage." http://www.menassat.com/?q=en/news-articles/5134-cyber-warfare-comes-mauritania

Myanmar (Burma)

November 2010 — Just before the closest thing to an election in over 20 years, Burma's primary Internet service provider, the Ministry of Post and Telecommunication, was taken down with a massive distributed denial of service attack.

Burma's MPT is limited to a 45 Mbps T3 connection to the outside world, mostly via IPTel (AS 45419). The November 2010 attack was estimated at almost 15 Gbps, a few hundred times the available capacity.

This is much larger than the 2007 DDoS attacks against Georgia (estimated at 814 Mbps) and Estonia.

Arbor Networks' report summarizes it as in the table at right.

Norway

February 2008 — "Russian agents in Norway have reached levels as high as during the Cold War, warns the Norwegian Police Security Service (PST). Many other countries also have spies in Norway, climbing to a record number following a quiet period during the 1990s. [PST chief] Holme said unnamed sources indicate that Russian espionage activity is at an "all-time high", and other countries have also stepped up their activities in Norway. Russia and other countries are said to be interested in Norway because of its strategic geographical position and its offshore technological expertise." http://www.aftenposten.no/english/local/article2244756.ece

North Korea

According to The Daily NK, a South Korean publication focused on the north, North Korea's Moranbong University, directly managed by the Operations Department of the Workers' Party, is that countries leader in technical developments in computer warfare. Moranbong is said to have been founded in 1997 to train experts in data processing, cryptanalysis, hacking, and other skills, along with martial arts and shooting. It's a five-year university that only selects 30 freshmen per year, each of which is made a military first lieutenant. Moranbong is supposed to have taken the place of Mirim University. Moranbong is in Jung district, just across from the Number 3 Government Building housing the United Front Department, Liason Department, and Operations Department. The article has a dateline of 13 July 2009, Shenyang, China, presumably where they contacted their North Korean source by telephone. http://www.dailynk.com/english/read.php?cataId=nk01500&num=5161

Meanwhile, the North Korean government is making money with the help of Fox "News" owner Rupert Murdoch:
"Programmers from North Korea's General Federation of Science and Technology developed a 2007 mobile-phone bowling game based on the 1998 film [The Big Lebowski], as well as Men in Black: Alien Assault, according to two executives at Nosotek Joint Venture Company, which markets software from North Korea for foreign clients. Both games were published by a unit of News Corp., the New York-based media company, a spokeswoman for the unit said."

U.S.A. / South Korea / "North Korea" — July 2009

4 July 2009 — Distributed Denial-of-Service (DDOS) attacks against U.S. government servers including whitehouse.gov and treasury.gov on the U.S. national holiday, the same day that North Korea launches a series of medium-range missiles, are blamed on North Korea.
7 July 2009 — The same DDOS attacks move to South Korean servers, including the Ministry of Defense and the presidential Blue House, increasing the baseless theorizing that North Korea must be behind it.
8 July 2009 — Widespread coverage in Wired magazine and elsewhere reports that the DDOS seems to have been run by a sloppy hacker using five-year-old worm code: http://www.wired.com/threatlevel/2009/07/mydoom/
10 July 2009 — Typically clueless U.S. legislator Peter Hoekstra, of Michigan, insists that the U.S. should conduct a "show of force or strength" against North Korea for its supposed role: http://www.wired.com/threatlevel/2009/07/show-of-force/
Lesson: Many legislators are idiots.
See Bruce Schneier's calm analysis that this is nothing new, just "kids playing politics": http://minnesota.publicradio.org/display/web/2009/07/10/schneier/

Military-Industrial Espionage

NACIC, the National Counter-Intelligence Executive (http://www.ncix.gov/), has warned of Internet activity by foreign intelligence entities. BNA Daily Report for Executives, 6 January 1997, pg A15.

The CIA named countries thought to be involved in industrial espionage or offensive information warfare, and noted that several had been providers of Y2K fixes to U.S. firms (Network World 13 Sep 1999 pg 10):

Viruses and Hacking

NATO revealed that the Anti-Smyser-1 virus infected systems at its Pristina, Kosovo facility early in 2000. Affected systems mailed copies of a nine-page classified document detailing NATO rules of engagement for land operations in Kosovo to "random Internet users' mailboxes" — SC Magazine, Aug 2000, pg 18. Well, I doubt they were really random, but instead were entries in someone's address list. Who put classified documents on Internet-connected PCs susceptible to viruses??

A group of hackers broke into U.S. Department of Defense computers in the fall of 1997. It was well-publicized, they claimed to have stolen GPS controlling software to sell to terrorists, but DOD said it was just some administrative data.

During the 1991 Persian Gulf War, a group in Eindhoven, Netherlands broke into computers at 34 U.S. military sites and stole information about troop movements, missile capabilities, etc. They offered it to the Iraqis, but they figured it had to be a hoax. London Telegraph, 23 Mar 97.

Government / Military Threat Reports and Warnings

The DOD urged the naming of an "information czar" and an "information warfare" center within the U.S. intelligence community back in 1997. WSJ, 6 January 1997, pg B2.

Some people in DOD, or working for the defense/intel community, think future conflicts will be the domain of digital terrorists. Mafia-based states (like many in the ex-USSR), quasi-governmental organizations (IRA, ETA, HAMAS), or followers of warlords (Somalia, Chechnya, Myanmar) could launch highly disruptive attacks in which modern states would be at a disadvantage. AWST, 27 Apr 1998, 54-56.

As early as 1997:

• "The U.S. military's growing dependance on a closely linked web of computers is a 'recipe for a national security disaster'." Only one of 150 attacks against DOD computer systems is detected. NSA says more than 120 countries have or are developing computer attacks. AWST, 20 January 1997, pp 60-61.
• The director of the NSA warned (again) of threats of "cyber attacks" from foreign governments and quasi-governmental organizations. AWST, 10 Feb 1997, pg 20-21, plus a series of reports on CNN in March 1997.

The article, "Nation's 'Infosec Gaps' Given New Scrutiny Post-Sept 11", is quite realistic and practical as information warfare material goes, AWST, 28 Jan 2002, pg 59.

Offensive Information Warfare / Information Operations

The USAF formed the 609th Information Warfare Squadron in early 1996 — AWST, 29 April 1996, pg 52.

The USAF Information Warfare Team was formed at Rome AFB in 1996. Director of CIA John Deutch said, "We have evidence that a number of countries around the world are developing the doctrine, strategies, and tools to conduct information attacks." AWST, 12 Aug 1996, pg 65-66.

In 2007-2008 the USAF made all sorts of conflicting claims about what it was going to do. Looks like political turf battles...

• September 2007 — U.S. Air Force Cyber Command (AFCYBER) is set up, due to become fully operational in the autumn as part of the U.S. 8th Air Force. See the ZDnet article.
• 24 June 2008 — No, not based at Barksdale AFB, but spread across nine locations:
  • Barksdale AFB, LA, 36 billets
  • Scott AFB, IL, 69
  • Langley AFB, VA, 58
  • Lackland AFB, TX, 43, also the location of AF Information Operations Center and the 67th Network Warfare Wing
  • Tinker AFB, OK, 5
  • Davis-Monthan AFB, AZ, 20
  • Wright-Patterson AFB, OH, 13
  • Hanscom AFB, MA, 7
  • Griffiss ANGB (Rome Labs), NY, 2
  • Peterson AFB, CO, 7
• 11 February 2008 — "... the Cyber Command is dedicated to the proposition that the next war will be fought in the electromagnetic spectrum, and that computers are military weapons." General William Lord, Barksdale AFB, provisional chief of USAF Cyber Command. See the Wired story.
• 4 March 2008 — "Air Force Gen. Kevin Chilton, commander of U.S. Strategic Command, told lawmakers last week that his office is working with the Joint Task Force for Global Network Operations, the Joint Functional Component Command for Network Warfare and the Joint Staff to develop the National Military Strategy for Cyberspace Operations." See the Federal Computer Week story.
• 13 August 2008 — No, wait, no Cyber Command after all. Several governors had been trying to get it based in their states, but it seems to have died a victim of vagueness of mission. See the Wired story, or the Information Week story.
• 7 October 2008 — No, wait, there will a Cyber Command. "Top Air Force leadership has decided to pursue forming Cyber Command to defend Defense Department networks and to launch cyberattacks against foes after putting the project on hold in August." [....] "Last month, sources said the Pentagon decided that the U.S. Strategic Command in Omaha, Nebraska, should create and run a joint Cyber Command, a move that seemingly dashed any hopes the Air Force had to own Defense's cyber responsibilities." See the NextGov story.
• 7 November 2008 — No, wait, no USAF leadership: "For a while, there, the Air Force was selling itself as the only service that could lead the military through a cyber war. Now, the Pentagon chiefs have made it clear: They're not buying. All of the military services are going to have a role in fighting online. 'It rebuffs the Air Force grab for predominance in cyber operations,' a Pentagon official tells Inside Defense. Last fall, the Office of Secretary of Defense pushed back an even more intense effort by the Air Force to grab control of the military's unmanned air force." See the Wired story.
• 13 November 2008 — "The general in charge of the U.S. Air Force's cyberwarfare effort says plans for his unit have been scaled back because staff who would have been used to set up a cybercommand will be allocated to the service's new nuclear command instead. Air Force Cyber Command was to be established as a major command alongside the service's space, air-combat and other commands — last month. However, those plans were suspended over the summer after Defense Secretary Robert M. Gates fired the Air Force's civilian and military leaders because of lapses in the security of the nation's nuclear arsenal. Last month, plans for a full-fledged major command for cyberwarfare were scrapped." See the Washington Times story.
• 4 December 2008 — From Inside the Pentagon, 4 Dec 2008: "Defense Secretary Robert Gates has placed operational control over the entire range of military cyberspace activities in the hands of the Pentagon's premiere offensive cyberwarfare unit, according to a Nov. 12 memo obtained by InsideDefense.com.
  The move, effective immediately, puts the Ft. Meade, MD-based Joint Functional Component Command-Network Warfare in charge of the Joint Task Force-Global Network Operations. The Arlington, VA-based JTF-GNO is tasked with defending the military?s networks.
  Both organizations are part of U.S. Strategic Command. National Security Agency Director Army Lt. Gen. Keith Alexander is also the JFCC-NW commander. Similarly, the JTF-GNO chief serves as the director of the Defense Information Systems Agency."
• 22, 24 April 2009 — Plans are announced to create a new military command for Pentagon computer network defense and U.S. offensive capabilities, NSA Director to head this "Pentagon Cyber Command" and direct U.S. information operations.
  Story 1 and story 2 from the Wall Street Journal.
• Shortly thereafter — I gave up trying to keep this up to date. It has been a long series of excited announcements leading to nothing. A Cyber Command was formed, headquartered at the NSA's Fort Meade, but then it was announced just a day or two before it was become operational on 1 October 2010 that no, that wasn't going to happen after all. The Register reported: "Issues responsible for the delay include difficulties finding suitably qualified staff among America's uniformed legions, and also the fact that it isn't even clear what 'operational' means for a cyberforce."

What they call information warfare (IW) or information operations (IO) is out there, but good luck finding much in the open literature. Just a few brief mentions, like a few sentences in AWST 12 May 2003 pp 62-63. Also be aware that the U.S. Department of Defense uses "information operations" to mean offensive information warfare, including denial of service attacks against data and network connectivity, and more subtly, rendering data or network connectivity worthless by degrading the other side's confidence on it. But at the same time, the Central Intelligence Agency instead uses "information operations" to mean obtaining data statically stored on systems or transiting networks, in order to analyze it and obtain an understanding of the other side's plans.

More recently, see Digits of Doom, in AWST, 24 Sep 2007, pg 74, suggesting that the U.S. military had started attacking jihadist web sites in the preceding few months. The article mentions:

• USAF Cyberspace Command, including the 67th Network Warfare Wing
• US Army's 1st Information Operations Command and its Information Dominance Center
• Joint Functional Component Command for Network Warfare (JFCC-NW), a part of U.S. Strategic Command and a joint operation with the National Security Agency.
  "Some of its missions include disrupting and invading networks, mining computer bases for intelligence, manipulating data as an element of information warfare and monitoring enemy command-and-control systems."
• "Even with that resume, 'these aren't the only groups involved,' says a senior electronic attack specialist. 'Some are less obvious, but more capable.' In fact, the staff of Deputy Defense Secretary Gordon England has, for some time, been studying the use of deception operations against terrorist networks."

In other stories:

• AWST reported that IW/IO was successfully used by the USAF against Iraq during 1991 and against Yugoslavia during the Kosovo conflict of early 1999.
  • AWST, 26 Feb 2001, pp 52-53. "The first attack was limited to reading the e-mail of Iraqi commanders. But by the next conflict the tools were much more sophisticated. False messages and targets were injected into Yugoslavia's complex computer-integrated air defense system."
  • AWST, 12 April 1999, pp 24-26. "'We shut their eyes [radar] down through jamming,' [an Air Force official] said. 'Also, Air Combat Command has been conducting a lot of information warfare activity. By that I mean getting into their computer system and screwing it up. We're trying to use that capability. By getting into the microwave net, you can insert viruses and deceptive computer communications.'"
  • AWST, 23 Aug 1999, 31-32. That article describes attacks on radar and military messaging systems. There were other reports about U.S. attack on Yugoslav banks holding Slobodan Milosovic's deposits.
  • AWST, 30 Oct 2000, pp 67-68. EC-130H Compass Call systems intended to penetrate air defense computer systems, planting false messages and targets, did quite well as per a USAF/USN analysis. But the EC-138E Commando Solo TV/radio broadcast aircraft are of decreasing relevance now that direct-broadcast satellite TV systems are common throughout the world.
• AWST has had several articles, including series of articles in some issues:
  • There was an overview, several articles in the 19 Jan 1998 issue, pp 52-60.
  • A series of articles in late 1999: 8 Nov 1999, pp 81-83; 15 Nov 1999, pp 93-96; 15 Nov 1999, pp 102-103.
  • A series of articles in an issue concentrating on information warfare: 26 Feb 2001, pp 50-64.
  • In a discussion of the 1 Oct 2002 transition of U.S. Space Command into the new Strategic Command (StratCom), "Command officials are advocating StratCom be designated the IO integrator for regional info operations, providing a global perspective and coordinating with other government agencies." 14 Oct 2002, pg 63.
  • Also see AWST 4 Nov 2002 pg 30, and 25 Nov 2002 pg 58.
• Network World repeated some info found in AWST and elsewhere, v17, no47 (20 Nov 2000), pp 1, 16.
• The USAF Fact Sheet.
• The U.S. Air Force Information Operations Center.
• The U.S. Navy Naval Network Warfare Command.
• The USAF formed the 609th Information Warfare Squadron in early 1996, basing it at Shaw AFB, SC. AWST, 29 April 1996, pg 52; AWST, 3 Aug 1998, pg 23. A second squadron is being formed in California by the Air National Guard. AWST, 21 Sep 1998, pg 65.
• In July 1998, the U.S. DOD and intelligence community are interested, but at least as far as anyone is saying, ethical and operational problems remain. Could disinformation turn against us? Where is the line between "prepping the battlefield" and an act of war? What about peacetime uses? The Director of the CIA director said don't worry, "we're not asleep at the switch in this regard," and a Senate staff member on an oversight community says, "The Defense Department has next to nothing to say about this in an unclassified form." See the Washington Post, 8 July 1998, A1, A10, there may still be on-line copies at:
  • Washington Post article
  • DOD talk #1 on cyber defense.
  • DOD talk #2 on cyber defense.
  • Federal Computer Week had stories in 1998 and 1999.
• U.S. News had something 13 July 1998.
• Offensive information operations were part of an exercise in 1998, involving NSA, DISA, and the Air Intelligence Agency. AWST, 21 Sep 1998, pg 65.
• China and other countries were already doing it in 1998, according to the directors of the CIA and NSA. Information Week, 6 Jul 1998.
• The National Infrastructure Protection Center (NIPC) is intended to detect and analyze attacks. Housed within the FBI, staffed by FBI, CIA, NSA, Secret Service, DOT, and other agencies. Network World, 14 Sep 1998, pp 8,74.
• In July 2002 President Bush signed National Security Presidential Directive 16, ordering the government to develop rules for information warfare — establish when and how to attack enemy computer networks, select targets, define who should authorize and launch the attacks. Washington Post, 6 Feb 2003.
• In Feb 2003 the U.S. DOD Strategic Command Joint Task Force - Computer Network Operations (JTF-CNO) was being reororganized into two task forces. One for network defense, the other for computer network attack (CNA). Federal Computer World, 7 Feb 2003.
• Nonsense has happened in the past, and will continue. A 1991 InfoWorld magazine joke turned into an urban legend, reported seriously by U.S. News and World Report, regarding the NSA sending virus-laden printers to Iraq. Nonsense: http://www.vmyths.com/hmul/7/3/

Back to the main Security Page

Home Unix/Linux Networking Cybersecurity Travel Technical Radio Site Map Contact

Tweet