by J.R. Dunn
WAR IN THE DIRT
Land warfare will change most under America’s new circumstances. Since 1918, when the U.S. came to the support of the beleaguered Western Allies with two and half million troops, the massive American expeditionary force has been an international fact of life. For nearly a century, vast armadas carrying hundreds of thousands of American troops have played a critical role on battlefields as far-flung as North Africa, Italy, Normandy, the Solomons, the Philippines, Korea, and Kuwait. No potential opponent could afford to overlook the possibility of America deploying unmatchable military resources to any spot on the globe in defense of an ally or its own interests.
For the time being, that is over. We simply cannot afford that level of outlay in any situation not involving national survival. The world will be a colder, crueler, and more dangerous place for it. Until at least mid-century, American foreign interventions will be limited and brief. They are likely to follow the model of Afghanistan 2001, with U.S. skill and firepower coming to the assistance of friendly native forces. (But not Libya 2011, which was not an intervention as much as a performance art interpretation of what an intervention might be like.) Larger interventions – though still minor compared to the world wars and the Gulf campaigns – will be restricted to supporting close allies.
It follows that if the U.S. is limited to dispatching battalions rather than divisions or armies, then those battalions will need to have a bigger impact when they reach the battlefield. This is where technology, acting as a force multiplier, will prove crucial.
One promising development involves utilizing information technology to increase a small unit’s C4I (Command, Control, Communications, Computers, and Intelligence) capabilities. A unit in which all troops are in communication, officers have a universal view of the battlespace, everyone knows where everyone else is, and all personnel are continually updated, would have an insurmountable advantage over less well-equipped adversaries. Clausewitz’s “fog of war” would be largely a thing of the past.
That was the thinking behind Secretary Rumsfeld’s plan for a “net-centric Army,” built around a program called Land Warrior. Fifteen years of development and half a billion dollars resulted in a system that was expensive, heavy, fragile, and loathed by many soldiers. A battery-powered CPU ran the system. Communications through a helmet headphone system transmitted encrypted signals up to a kilometer. A screen in front of one eye provided data input, including GPS positions. (Among other things, the screen could show a soldier what was around the next corner. Extending his rifle barrel enabled a digital sight to send a clear picture to the screen. The old dodge of putting a helmet on a stick could be dropped at last.)
But at sixteen pounds the system was too heavy in addition to the standard pack load, and the cost was edging up toward 80K per soldier. In a final attempt to save the program, the Army replaced military spec equipment with off-the-shelf commercial gear. This cut both weight and cost, but proved too fragile for rough military usage. The Army reluctantly canceled the program.
Redesignated the “Ground Soldier Ensemble,” remaining Land Warrior units were sent to Iraq for testing with the 4/9 Infantry Battalion, the “Manchus”. In Iraq, the Army learned a trick known to IT pros worldwide: give it to the kids and let them tinker with it. Within weeks, the Manchus had the Land Warrior equipment stripped down, reworked, and improved (e.g. chemlights were added to the screen to denote friendlies and targets). The new system worked so well that it equipped a full brigade shipping out for Afghanistan, the 5th Brigade, 2nd Infantry. Results there were mixed – the system had been optimized for the Iraqi urban environment as opposed to rural Afghanistan -- but were still promising enough to revive the program.
The new program, called Nett Warrior, retained the improvements worked out in Iraq and Afghanistan. The weight was only 7.6 lbs., the cost roughly 48K per soldier. Three companies were competing for the final contract, with limited production scheduled to begin this year, when at the last minute, confusion enveloped the entire effort. In late July industry sources claimed that Nett Warrior had been canceled. The Army insisted that it had simply been placed on “hold.” Other sources reported that the program was being replaced with a smart phone using Android technology.
It’s difficult to imagine a smart phone providing all the functionality of the Nett Warrior system. Eventually something similar will be required on the 21st-century battlefield. Whether it will be introduced by U.S. forces is anyone’s guess.
Infotech has only begun to influence the evolution of infantry weapons. The most impressive result so far is the XM-25 “smartgun,” a 25 mm grenade launcher that fires programmable rounds in several different varieties – airburst fragmentation, high-explosive, and shaped-charge anti-armor.1 The frag rounds drew the greatest interest. The XM-25’s laser sight provides the exact distance to a target – say, a concrete wall. The round is then programmed to explode a meter beyond the wall – that is, directly above hidden enemy forces.
The XM-25 was tested in Afghanistan beginning in December 2010, to great enthusiasm from the troops, who christened it “the Punisher.” The gun destroyed at least two Taliban machine gun nests (a favorite Taliban tactic is to open up on patrols with heavy PAK machine guns from beyond the range of a squad’s organic weapons, then flee before air support arrives), and broke up four ambushes. So pleased were the troops that they were allowed to continue using the XM-25 after field tests were completed. The gun’s manufacturer ATK was awarded a $65 million contract to begin production.
DARPA has produced a similar item, a cybernetic gunsight that enables snipers to hit a target with the first shot. An internal CPU calculates distance, wind velocity, humidity, and other variables, and adjusts the sight accordingly. Several operational prototypes are being tested in Afghanistan.
Yet another DARPA program hopes to provide small units with their own air support in the form of drones. The USAF has never been happy with the ground support role, involving as it does low and slow approaches against dug-in enemy forces. Infantry, for their part, are often less than delighted with the amount of time required for an aerial response. DARPA would overcome this by providing a soldier – a Joint Terminal Attack Controller (JTAC) -- with a data link to an accompanying drone (either hovering overhead or in a nearby vehicle) which could be called in immediately in case of trouble. Raytheon is working on armaments for such drones in the form of the Small Tactical Munition (STM), a 13-pound GPS-guided bomb. It’s very likely that these will see combat in Afghanistan, if they haven’t already.
More than 2,000 robots have been employed in combat in Afghanistan, making it in a sense the first robot conflict. A third of these are Explosive Ordnance Disposal (EOD) machines such as the Talon and the PackBot, which are deployed under remote control to detonate or defuse bombs and IEDs. (Technically, these aren’t actually robots but telefactors, but who knows the difference?) Others include mine-clearing machines such as the M-160, a “flail” that clears ground by slamming chains as it passes. These machines have performed valuable work and have saved no small number of lives.
What we don’t find are actual fighting machines – the “warbots” of SF lore. (At this point, it’s mandatory that Terminator be mentioned. Okay –Terminator.) The problem lies in autonomy. Groundbots, as opposed to aerial drones, are simply incapable, at this point in development, of operating without close human supervision. In the early days of AI research, it was assumed that abstract problem-solving would be the major roadblock to creating useful machine intelligence. But problem-solving through sheer data-crunching presents little difficulty. The real challenge turned out to be everyday matters that we accomplish without a second thought thanks to countless subroutines developed over millions of years of evolution, things on the order of stepping over a rock or climbing stairs. Encountering the smallest distraction or obstacle can trigger what amounts to a cybernetic breakdown – not something you want in an armed machine. So while robot manufacturers such as Foster-Miller have armed their bomb-disposal units with shotguns, machine guns, and grenade launchers, these SWORDS (Special Weapons Observation Remote Reconnaissance Direct Action System) units are operated only by remote control. The same is true of more advanced systems such as MAARS (Modular Advanced Armed Robotic System), an anti-personnel robot that can fire anything from pepper spray to 40 mm grenades2. MAARS features both a mechanical fan to prevent it from swinging its gun toward friendly forces and software delineating no-fire zones. (These are strictly necessary. Robot weapons have already killed innocent victims. In 2007, a computerized Oerlikon antiaircraft gun belonging to the South African Defense Forces suffered a software glitch that caused it to fire wildly in all directions. The gun killed nine soldiers and wounded fourteen others before it ran out of ammunition.)
So it’ll be a long time before we see actual combat robots. But there are other roles that robots can play. One example is Big Dog, a quadraped robotic mule (I don’t know where they got “dog” either) designed to carry heavy loads over rough ground. Big Dog is another DARPA project, built by Boston Dynamics with assistance from other robotics manufacturers. It can carry over 300 pounds at five miles an hour (slightly faster than walking speed), and is capable of climbing hills. Films of the beast in action reveal disturbingly lifelike activity3. A larger model, Alpha Dog, with a hundred pounds greater payload, is also being tested.
Even more disturbing is a second DARPA/Boston Dynamics program, the Cheetah, another four-legged robot featuring a head and a flexible spine4. The Cheetah is designed to run faster than any human and operate in a semi-autonomous mode as it stalks and runs down enemy forces. The possibilities of these things accompanying troops into battle are not difficult to envision.
“I get there first with the most men.” That was how Nathan Bedford Forrest explained his Civil War cavalry victories. Getting there first has been standard American policy ever since, whether it involved railroads, trucks, mechanized units, or helicopters. Maintaining this advantage will provide a necessary edge in decades to come.
One innovative means is the military exoskeleton. DARPA has spent over $50 million in recent years developing an exoskeleton, the XOS, that will enable infantry to carry heavy loads over long distances at high speeds without arriving exhausted. Such suits could provide troops with ballistic protection and would certainly solve the Nett Warrior weight problem. Videos of the system reveal troops moving with surprising agility5. The sole drawback is the lack of a compact power source. (Another design, the HULC, supports only the soldier’s legs while leaving the arms free. HULC has much lower power requirements.) While it might be impractical and too expensive to fit out all Army soldiers with exoskeletons, it would certainly benefit specialized troops such as mountain units.
A key element of American strategy for the past half-century has been vertical envelopment – the use of helicopter-borne air assault forces to spearhead attacks. While it has unquestionably proven itself, the helicopter does have drawbacks, including vulnerability, fragility, and a relatively slow airspeed. Helicopters have proven the Achilles heel of many operations, including the 1980 Iran hostage rescue mission (nearly half the choppers involved turned back due to mechanical failures), and this year’s Osama bin Laden raid. The recent deaths of thirty members of Seal Team Six in Afghanistan when their Chinook transport was shot down in what may have been a prearranged ambush underlines these shortcomings.
The military has attempted to supplement or replace the helicopter since the 1950s with little success. The Marine Corp’s V-22 Osprey is one example6. Despite years of development and billions in costs the Osprey’s introduction to operations has been mixed. One serious shortcoming involves the fact that most Ospreys are unarmed. A version fitted with a chin turret was cancelled. A handful instead feature belly-mounted miniguns. Since the aircraft is simply too fast for helicopter escort, it is generally restricted to noncombat operations, quite a limitation for a military aircraft.
A partial solution to the helicopter dilemma has been offered by veteran manufacturer Sikorsky, which achieved a long-sought breakthrough in helicopter technology with its X-2 program7. The X-2 mates a coaxial rotor system, in which two separate rotors turn in opposite directions on the same mast, with a rear propeller that can push the chopper up to 250 mph, almost twice as fast as conventional helicopters. The X-2 nearly matches the Osprey in performance without the heavy, sensitive mechanical linkages used in the Osprey’s flip-rotor system. The company is developing a military version, the S-97. Introduction of this helicopter may well revolutionize air assault tactics.
Even more innovative vehicles are in the works. DARPA has been bitten by the ancient aircar bug on behalf of the Marines in the form of the unfortunately named Transformer (TX) program, an effort to design a Humvee-class vehicle that can drive on roads and cross-country but in rough terrain take off and fly over obstacles much the same as a light helicopter8. The Transformer (TX) will be operated by a cybernetic “autonomous flying system” being developed at Carnegie-Mellon that would enable even the most unskilled driver to take to the air without extensive training.
The Israeli company Urban Aeronautics has developed a vehicle it calls the AirMule (not the AirDog, fortunately), a ducted-fan lifter intended to carry wounded soldiers off the battlefield swiftly and in comfort9. The AirMule is pilotless, guided solely by an onboard computer system. Such a vehicle could also carry supplies and weapons. Flight tests have been successful, with the Defense Department expressing considerable interest.
Will these designs go anywhere? Similar vehicles with various arrangements of fans, turbines, and so forth have been investigated for decades with few worthwhile results. But designers can take heart in the success of the new Martin Aircraft “jetpack.”10 The jetpack has been a reality since the 1960s, although its flight duration of roughly 30 seconds rendered it essentially useless. But the new model – not a rocket-propelled system at all but a man-sized ducted-fan vehicle – has overcome that drawback. Tethered manned tests and a computer-guided unmanned distance flight have revealed no basic problems. These vehicles would come in quite handy on future Abbotabad-type missions.
Yet another old dream has a chance of becoming reality. Ithacus was a 1960s proposal for an intercontinental rocket transport carrying several hundred infantrymen to any spot on earth on a few hours notice11. Our lack of rocket-dispatched troops has gnawed at DARPA, and serious thought has gone into a solution. A program called Sustain (Small Unit Space Transportation and Insertion) overseen by the National Security Space Office has defined the mission and outlined a concept of operations for such a system. Picture something along the lines of an upgraded White Knight/Spaceship One system, a small suborbital module launched by a mother craft with effectively global range. Such a vehicle might carry as few as a dozen troops, which suggests special operations as the chief mission. An active Sustain system is probably decades down the line, but it will come. Imagine what the Seals would do with a capability like that.
Not even military field uniforms will remain untransformed. Research has begun on the creation of “biometric” fatigues that will monitor a soldier’s vital signs and immediately signal a medic if he is hit. With use of electrically active materials, these fatigues could tighten at the joints to form a tourniquet. Advanced models might even give injections.
Camouflage is another element aching to be upgraded. Camo gear custom-tailored for a particular area is already in the works. Photos of the area would be used as a pattern, to create a perfect site-specific camouflage that would be printed out using “direct to garment” technology.
It’s even possible that camouflage as such would no longer be necessary. Consider the “invisibility cloak” invented by researchers at the University of Tokyo12. Microprocessors project the view on either side of the garment on the surface of the opposite side, with the wearer fading into the surroundings. While less than convincing close up, from a distance in a dim environment it might work rather well. Such “optical camouflage” would have no end of military uses.
We can picture the American soldier on a future battlefield – so speak; he’s a little hard to see. He is in direct contact with the rest of his unit, with a bird’s-eye view in his helmet visor of exactly what lies ahead, armed with a gun that doesn’t miss. He is accompanied by one, and perhaps more, four-legged robots moving eerily through the brush, transmitting imagery as they go. Overhead a barely-visible wraith glides in near-silence, providing recon and air support.
It’s tempting to think of such a figure as being invincible. But we need to keep in mind that his opponents, whether terrorists or legitimate troops, will have access to many of the same technological advances. Our soldiers have not yet encountered enemies armed with weaponry of that class, but that day is coming. We will need to work at it to remain ahead.
Space is the sad story of the 21st century. The idea that the U.S. would be moving into the millennial epoch with no manned program at all would have been unimaginable as little as ten years ago. No other single development so clearly reveals how much we have declined in power and expertise.
Does the collapse of American manned spaceflight threaten U.S. security interests? Not directly – US warfighting capabilities are based on orbital satellite assets, mostly in geosynchronous orbit but to a lesser extent in Low Earth Orbit (LEO). These include communications, GPS, reconnaissance and surveillance, and strategic early warning satellites. The U.S. could not mount even the most basic military campaign without its satellite network.
None of these systems is related to any manned program. But the fact that the U.S. has abandoned manned spaceflight for the foreseeable future (and let’s not kid ourselves about planned “asteroid missions.” That program will last only as long as the next federal budget crunch) will only serve to encourage our rivals in exploiting the “new high ground” of near-earth space.
This is certainly true of China. The Chinese manned program is going great guns, and they fully intend to carry out a Lunar mission in the early 2020s, long before the U.S. can mount a return to space. More to the point, they have shown no hesitation about engaging in orbital warfare. On January 11, 2007, a Chinese ballistic missile destroyed a defunct weather satellite in polar orbit at an altitude of 500 miles13. This strike generated something on the order of 300,000 pieces of debris, rendering that particular orbital plane unusable and threatening satellites at other altitudes. The Chinese simply shrugged off what was generally viewed as an act of thuggery matching the Soviet Union at its worst.
This newly-revealed satellite vulnerability may well have influenced the development of the USAF’s X-37B, a reusable unmanned “Space Maneuver Vehicle” operational since April 201014.
The X-37B has a convoluted development history, beginning as the USAF’s X-40A before being melded with NASA’s X-37 program. When that program was cancelled in 2006 (which seems to be the fate of most NASA programs these days), the Air Force in cooperation with the ever-dependable DARPA came to the rescue, adapting it as the X-37B. The premature shutdown of the STS Space Shuttle program left the X-37B as America’s only operational reusable spacecraft. (There has been no end of rumors about “black” spaceplanes operating out of Groom Lake under code names such as “Aurora” and “Senior Citizen.” These should be taken with a grain of salt. It’s difficult to see why valuable funding would be spent on the X-37B – much less the X-51 or Falcon HTV – if they actually existed.)
The X-37B is basically a mini-shuttle, roughly 29 feet long, with a wingspan of just under 15 feet and an operational weight of 11,000 pounds. Its launch vehicle is the Atlas V. It can remain in LEO for up to 270 days. It is a multimission vehicle, capable of placing small payloads in orbit, examining satellites, or reconnaissance. It has flown several missions since its introduction, their nature remaining secret, and their execution more than a little confusing to skywatchers.
The X-37B represents at a least a partial solution to satellite vulnerability. While payload is limited, DARPA is known to be developing a series of “minisatellites” of very small dimensions and weight. It is probable that at least some of these can act as emergency replacements for satellites damaged or destroyed during wartime. Apart from this, the X-37B can also act in the same role, using equipment within its payload bay.
The X-37B is the model for U.S. military space operations for the near future. Upgraded versions likely under development today will increase payload, time in orbit, and operational altitudes. Armed versions are not out of the question. It is probable that the first orbital strikes will involve combat drones. Since the U.S. has a dramatic head start in drone technology, it is unlikely that China or anyone else will be able to sweep us from orbit.
Space, of course, is crucial to any workable nuclear defense system in the form of projectile or laser satellites of the type researched as part of the Reagan-era Strategic Defense Initiative (SDI). The U.S. has low-keyed such systems for years, largely for political reasons. We have chosen to rely instead on 1960s era technology, a limited number of ABM missiles stationed at Fort Greely, Alaska. We may yet pay an ungodly price for this oversight. Both nuclear weapon and ballistic missile technology are becoming cheaper and more widespread. It is by no means difficult to picture a vicious dictator of the Saddam or Qaddafi type utilizing such weapons under any number of circumstances. At the moment, a defense is out of our hands. It will be decades before we will be able to afford a space-based defensive system. Until then, we must depend on luck to protect us. I’m sure that everyone feels as secure about that as I do.
Cyberwarfare is pure novelty, with everyone feeling their way across a bizarre and unknown landscape. The problem for the U.S. is that we tend to view such developments with a little more equanimity than we should, on the grounds that nobody handles new tech quite as well as we do. This attitude has turned around to bite us on several previous occasions. (See “Pearl Harbor.”)
There’s a distinct contradiction in the U.S. stance toward cyberwarfare: the U.S. is the leading state in offensive cyberwarfare, while our defensive preparations are pitiable.
American offensive cyberwarfare capabilities are embodied in the Stuxnet worm, which most experts view as a collaboration between the U.S. and Israel15. Stuxnet was not so much an example of malware as a new order of cybernetic weapon, an extremely complex program with numerous capabilities, some of them never before seen in a virus16.
Stuxnet was first detected in July 2010, although it had been active for at least six months previously. At first it was treated like any other malware outbreak, but in short order IT security experts realized they were dealing with something extraordinary. Stuxnet targeted not only one particular model of equipment – Seimens SCADA industrial control systems – but only those operating in a certain frequency range and sold by two particular vendors that had defied sanctions placed on Iran. It utilized not just one but four distinct “zero-day exploits” (previously unknown software vulnerabilities). It was able to hide in a computer’s rootkit while also propagating throughout any internal network it was introduced into. It was apparently able to communicate with outside servers while also being modified in situ.
All this was aimed at the Iranian nuclear program, transparently devoted to the development of nuclear weapons. Iran refined weapons-grade uranium at its Natanz site utilizing a gas centrifuge array run by a Windows network driving Seimens SCADA units. Stuxnet caused the centrifuges, whirling at several thousand rpms, to first speed up and then, some weeks later, drastically slow down while at the same time assuring watching techs that all was well. This treatment not only destroyed the centrifuges but also contaminated the uranium being processed at the time. Although an Iranian disinformation campaign claims that little damage was done, a large number of centrifuges were wrecked – the Federation of American Scientists puts the number at 1,000. Further damage was caused to the Bushehr reactor, setting back its ignition by some months. Rumors of a “serious nuclear accident” at Natanz have also circulated.
Effects are still being felt, with tens of thousands of Iranian computers still infected. An assassination campaign targeting Iranian nuclear scientists has further battered the program, which staggers on, awaiting the appearance of Son of Stuxnet.
At some point in September (if not earlier) somebody planted a virus in a supposedly secure computer system at Creech Air Force Base, home of one of the most critical – and successful – contemporary American military assets. Creech is the control center for America’s drone fleet, where the Predators and Reapers are flown (through satellite linkages) against our country’s Jihadi enemies. It’s the last place anyone would want to find a virus. But find it they did17.
The virus in question is a keylogger, malware that saves every keystroke made on an infected computer. By such means an interested party can reconstruct the instruction stream for the system in question. Somebody is really interested in how our drone fleet is operated.
How did this virus get into the network? Like many critical IT systems, the Creech network is isolated from the Internet through “air gap.” There are no connections, either by pipeline or broadband, between the Creech infranet and the Net at large. So somebody used the Bradley Manning method. They walked in with an infected flash drive or disk, popped it in, and that was all she wrote. Whether it was deliberate or accidental remains unknown. Whatever the case, it indicates a seriously flawed infotech security protocol.
To make things even worse, the security staff attempted to flush the virus without informing anyone in the armed forces cybersecurity hierarchy, either the 24th Air Force or Cyber Command. The Pentagon’s cybersecurity experts were kept in the dark for two weeks while the Creech team stumbled around fruitlessly. The 24th Air Force had to read about the virus in Wired.18
At last report, the virus was still infesting the system. But, we’re assured, nobody’s really worried about it. Isn’t that a relief?
With such unparalleled success in the offensive mode, how do we explain the pathetic state of American cyberdefenses? The record of successful hacking sprees directed against U.S. government and military targets leaves the impression that anyone can break in, take whatever they want, and saunter off at their leisure, much the same as a member of flash mob hitting a convenience store. In addition to the Creech exploit, during only the past year:
This is only the tip of the iceberg. U.S. defense-related computer systems were attacked 6 million times in 2006. By 2010, this had grown to 6 million attacks a day. How many of these are successful is unknown. Obviously, someone is deliberately targeting American military cybernetic assets.
“Someone” could be any number of potential enemies or even allies. Some attacks originate from Russia or other former Soviet states. But in the vast majority of cases, “someone” is Chinese.
China possesses the largest and most organized cyberwarfare force in the world. While not capable of the sophistication of a Stuxnet-type attack, what the Chinese can accomplish through massed numbers and brute force beggars the imagination. On April 8, 2010, the state-owned China Telecom rerouted 15 percent of the world's Internet traffic through Chinese servers for 18 minutes23. What they did with all that data remains unknown. Last July, China hacked every last member of South Korea's Cyber World social network – 35 million people, virtually every Internet user in the country24.
The Chinese have accomplished these feats through a state-sponsored hacker militia called the “blue army.”25 In truth, it is probably no militia at all but instead a full-fledged military command. The size and composition of the blue army remain unknown. It is headquartered in Jinan, where many of the most egregious hacking attempts have been traced. China is the sole nation to possess such a cybernetic military force.
The Chinese inadvertently raised the curtain on the blue army this past August in a propaganda documentary on the glories of the Chinese military. At one point background footage revealed a military computer screen actually set up to carry out a cyberattack by way of a subverted University of Alabama IP address. The screen displayed the name of the software and a window saying “Choose Attack Target” along with a list of addresses. What was the actual target? The Falun Gong, the spiritual sect that the Chinese Politburo for obscure reasons has chosen to persecute as a national enemy. (The footage also reveals that the blue army is not very sophisticated, more or less operating on the level of what we call “script kids,” newbies using prewritten code, as opposed to actual hackers.)
What is the blue army up to? Reconnaissance, probing, data theft, spying, recruiting for botnets (they had taken over as many as 750,000 zombie computers even five years ago), and loading viruses and logic bombs for later use.
Targeting the Infrastructure
A major target exists in the U.S. utilities infrastructure. The control systems of much of America’s technical infrastructure, including power, electricity, water, and sewage, has been made Internet accessible to save money and time on maintenance and operations. Since anything on the Internet can be hacked by one means or another, we have effectively handed a switch to our foreign enemies marked, “Flick this to shut down America.”
The indispensable McAfee released a report last April prepared by the Center for Strategic and International Studies (CSIS) and titled "In the Dark: Crucial Industries Confront Cyberattacks."26 The CSIS interviewed 200 IT security execs for utility companies handling oil, gas, electricity, water, and sewage in 14 countries, including the U.S., Canada, Japan, and South Korea. Over 70 percent of the security chiefs reported that they had discovered malware introduced into their networks during 2010, nearly double the number for 2009. Over 40 percent considered their companies vulnerable, and 30% did not think their security was sufficient. Another 40 percent expected a major attack within the next year.
This threat is about to grow exponentially worse with the introduction by many utilities of smart grid technology. A smart grid is an Internet-based system that enables remote monitoring and regulation of home, office, or building utilities by either the owner or the utility company itself. Many of these will allow customer Internet access of a company’s systems, which will transform security against hackers from “very difficult” to “absolutely impossible.” Three-quarters of America’s electrical companies are using, installing, or planning smart grids.
Imagine trying to carry out a military campaign with your country’s utilities flatlined, rioting and violence rampant in what used to be your cities, starvation beginning, and epidemic disease about to swoop in. Enemy strategy writes itself: slip a “blue stuxnet” worm into the U.S. utility net, watch the country dissolve into chaos, wait until American military assets head for home to confront the catastrophe, then take over Taiwan, the Spratleys, and whatever else catches your eye. Afterward, you offer your assistance to the U.S. in purging its systems in exchange for a promise to abandon the Western Pacific. Or just sit back and enjoy the spectacle, whichever you prefer.
This is not as farfetched as it seems. In 2007 Estonia was crippled by a massive Distributed Denial of Service (DDoS) attack by a group calling itself the Nastri. (A DDoS attack overwhelms a network by sending large numbers of information packets (requests, e-mails, messages, etc.) until the network’s capacity to handle them is exceeded. It has nothing directly to do with MS-DOS connections with the outside world.) The attack shut down government websites along with public news sites and came close to bringing down the entire Estonian net. The Nastri was almost certainly supported by Russian military and security assets. (The reason for the strike? The Estonians had dared to move a Soviet-era war memorial. )
The same thing occurred when the Russian Federation came to the assistance of its oppressed Ossetian brothers in the swift and brutal Georgia invasion of August 2008. The Georgian net was brought down completely, crippling the government response to Russian aggression and cutting off Georgian connections with the outside world.
It’s not out of the question that such strikes have already occurred in the U.S. The Cleveland blackout of 2003 affected over 50 million people in both the U.S. and Canada. At the time it was explained away as tree branches falling on power lines. Today many IT security professionals believe it was a Net-based utility strike, a beta test of a new app, originating nowhere else but from China. (The first elements to go were power company computers, which had their alarm systems shut off while local power systems were methodically sabotaged.) Much the same has been said about the 2008 Florida blackout.
(Ironically, it was the U.S. that kicked off this style of cybersabotage with a 1982 CIA attack on the Siberian natural gas pipeline that the Soviets were using to gain precious foreign currency and also influence potential Western European customers27. A “logic bomb” inserted into the control system wrecked the pumps, caused the pipeline to back up, and at last blew it up in an explosion visible from orbit.)
The Bogus Chip Problem
If all this wasn’t bad enough, we also have the subverted chip problem, which finally caught the attention of government security agencies only a quarter-century after it was first proposed in a novel by a pair of Frenchmen (Softwar [Le Guerre Douce] by Thierry Breton and Denis Beneich). An unknown but large number of chips and other hardware utilized in military and security devices were produced under contract by companies located within the borders of our friend China. The implications are appalling. Any one of tens of thousands of such chips could be hardwired to short out, shut down the system, send everything in the files to Jinan, or order the weapon it’s operating to attack the White House one dark night. Homeland Security does not even want to talk about this (their spokesman admitted to the problem at Congressional hearings this summer only after furious prodding)28. While it’s theoretically possible to sort out subverted chips (a chip with an extra logic circuit will show a minute but detectable difference in impedance, for one thing), the only practical solution is to replace every last suspect chip with one made in a secure U.S. facility. This will be slow, expensive, and, by the very nature of things, incomplete.
It’s not merely Junior hacking on a basement PC. So what is the response of the authorities, military and otherwise? The National Security Agency’s (NSA) plans are of course unknown but likely to be potent and well considered. Homeland Security’s Computer Emergency Response Team (CERT) appears to have taken on the role of an über-McAfee or Norton, issuing detailed alerts that will be carefully read after an attack occurs. The FBI has established InfraGard, billed as an “industry-Bureau partnership” intended to protect the country’s infrastructure networks29. But InfraGard depends on voluntary industry reportage and does not seem particularly well staffed or funded.
As for the military, U.S. Cyber Command’s primary mission was to defend military systems from foreign attack – not government or domestic networks. So it was a relief when last spring the Pentagon released its long-awaited cybersecurity plan30. The Defense Department for the first time declared cyberspace to be “a domain of war,” in which cyberattacks breaching a certain threshold of damage or destruction equivalent to that of a real-world military action would trigger a full response from the U.S. military. This represented a long-overdue shift from the law-enforcement paradigm, in which cybersecurity was a problem for the FBI and the Justice Department, to a matter of national defense, with matching levels of resources and urgency. It also expanded military cybernetic responsibilities from defense of military systems to defense of all systems, government, business, and civilian, on a national level.
The plan climaxes with a statement of a frankness that would never be found in any civilian governmental document: “The department and the nation have vulnerabilities in cyberspace. Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity.”
While we can’t be certain this plan caused any sleepless nights in Jinan, it does represent a useful step toward a doctrine of cyberwarfare, which the U.S. still lacks. And who knows? It may well bring to an end such probes and tests as those that caused the Cleveland blackout.
In the realm of practical solutions, a number of actions suggest themselves, most of them simply adapting standard IT security practice to the national level.
Air Gaps Work; Use Them – every critical or secret network, whether governmental, military, or industry, must be isolated from the Internet. No exceptions.
Personnel Discipline – no more Bradley Mannings wandering in and out of secure facilities with CD-Roms labeled “Lady Gaga.” If someone is carrying a diskette, a CD, a flash drive, a memory stick, or anything else capable of holding data, sooner or later it will be plugged in.
No Smart Grids – these systems have been promoted to save money. How much in the way of savings makes up for a national catastrophe? The air defense system around New York City was shut down in large part to save money too. Smart grids need to be reexamined in light of the threat they embody. The concept must be reworked to remove any possibility of manipulation by hackers or foreign powers. Otherwise, it needs to be thrown onto the “attractive but dangerous tech” pile, along with dirigibles, the (original) Orion spacecraft, and light-water nuclear reactors.
Dump Subverted Hardware – immediate replacement is required. The entire inventory needs to be destroyed and all devices and circuits that could even possibly have utilized such a part must be replaced in toto. This is the only method of obtaining security in this case.
B Team Analysis – we require a “B Team” to examine, analyze, and report on the entire American IT system on a national security basis. This team should not only comprise government personnel, but also military officers, representatives of the staffs of Microsoft, McAfee, the Register, and the computer department of Carnegie-Mellon, the kids who walk around wearing Guy Fawkes masks, and if possible, the ghost of Colonel Boyd.
Establish a Cybermilitia –We require an independent cyberservice comprised of network defenders in large numbers. Perhaps the best solution would be an actual civilian militia after the model of the old Civil Air Patrol (CAP). The Net has to be guarded actively and constantly. One problem lies in the neo-anarchist posturing common among the IT community, but not everybody acts that way and even fewer actually believe it. Our IT strength lies with wild kids all across the country. We need to think about using them.
A Full Military Doctrine – not only to defend the U.S. and its cybernetic assets, both military and civilian, but to destroy, if necessary, any cybernetic threat to the nation’s well-being whether national or rogue. Cybersecurity needs to be transferred to military control -- unless we’re satisfied to have it handled by the same type of mentality that paws two-year-olds in airports.
This is only the beginning. We are at about the same point with cyberwarfare as was reached by air power in 1940 – before the huge raids of WW II, before supersonic jets, intercontinental bombers, radar networks, SAMs, or nuclear weapons. Cyberwarfare is leaving its infancy and is just out of the silk scarf and leather helmet stage. What awaits us is hidden within the bright glare of future days, but we can be sure at the very least that it will be fascinating, unexpected, and very deadly.
The Long Run
We’ve established that it’s possible, with some thought, effort, and money well spent, for the U.S. to get through its upcoming trials in relatively good shape. We must also rely to some extent on luck and the bottom not falling out completely. There are truly catastrophic scenarios in which a technological edge would provide us with little or nothing – a full-scale nuclear strike, an attack with tailored microorganisms (I’ve often wondered why most scenarios dealing with biowar, whether fictional or otherwise, are limited to one bug. Surely there would be two or three, one picking up where the other left off?), the destruction of the American – or global – Internet (this has been established as at least theoretically possible), a technological singularity gone wrong (or, for that matter gone right)31. But these are events for which no preparation would ever be enough. We make rational plans for plausible contingencies, and apart from that, we hope.
One other point relates to how we got into this sorry mess, which was easily foreseeable, and subject to some level of prevention –yet no such effort was made by anyone on any part of the political spectrum.
Why are we surprised by so many crises and stumble into useless wars that do not support our national interests and gain us nothing? Why do we tend to act too late, why we are so often unprepared? Why does the most powerful national entity in recorded history consistently look like eight kinds of jackass on the international stage? The reason is simple: the U.S. lacks, and has always lacked, a grand strategy.
The concept of grand strategy is often overlooked. It is the strategy of the long term, the strategy of nations rather than armies, the strategy that sets the overall goals and tells everyday military and diplomatic strategy how to reach them. The most successful states possess a grand strategy worked out and tested over generations that protects the nation and pushes forward its interests. It is usually very simple and can be stated in sentence or perhaps two. The grand strategy of Rome was: keep the barbarians on the other side of the Rhine, the Parthians on the other side of the Euphrates. The grand strategy of the British Empire was: do not allow any single power to gain total control of Europe. Both empires maintained these strategies throughout their peak periods, Rome for close to four centuries, the British even longer, if we count the Anglo-French wars of the 13th and 14th centuries.
When at last the Romans gave up, and began letting in barbarian tribes as a reward for acting as allies, the end was plainly coming. The British held on until the last ditch, going into what amounted to national bankruptcy in the 20th century to twice prevent Germany from controlling Europe.
An American grand strategy is a necessity for this century. We could do without it during the splendid isolation of our early years, when the Monroe Doctrine was our sole strategic necessity. Our entry into world affairs with WWI was not accompanied by any reconsideration of national priorities in response to new strategic realities. We have spent much of the past century trying to skitter back into isolation rather than face up to our global responsibilities. After WWII we did have a strategy against the USSR – containment – but it was situational, not universally accepted, and failed when applied in other parts of the world.
A grand strategy will guarantee this country’s status into the 21st century and beyond. We need to consider what such a thing would look like – how it would serve our national interests, how it would utilize our technological advantages, how it would express the American character, American hopes, and American ideas.
Because the U.S. will be back. Our decline will not be permanent. Our enemies are deeply flawed and skating ever closer to the edge. Iran has an imploding population, a vanishing resource base, and a government of madmen (as the recently Quds Force assassination conspiracy reveals clearly enough). It will not be the same place in twenty years. China also faces a population crash thanks to its grotesque birth-control policies, centripetal tendencies involving abused minorities, and the inevitable showdown between political tyranny and economic freedom. The Russians will eventually learn the lesson of Al Capone: that blatant gangsterism will take you only so far. They are all facing problems the U.S. has already overcome or simply does not have.
We are demographically healthy, with an expanding but not exploding population. Our economy will return to full health once the mania for federal intervention is left behind. We will benefit from recent trade agreements that create a Greater American free-trade zone that encompasses every nation on the Pacific coast of the Americas, an 8,000-mile-long chain that is likely to become the richest trade bloc in the world32. Also acting in our favor is the beginning of a resource boom perhaps without parallel in our history. One example will suffice: the Marcellus Shale formation of the Northeast contains from 84 trillion to 410 trillion cubic feet of natural gas33. That’s trillion with a “t.” (It also contains billions of gallons of liquid natural gas and ethane.)That alone makes the U.S. the natural gas equivalent of Saudi Arabia, Iraq, Kuwait, and Iran combined, and there’s more where that came from. We will begin to see the impact of our new resource base over the next twenty years, with full expression by mid-century.
It is not yet twilight for the United States. Our current drift is an interlude and not an epilogue. We are an old nation (with the second-oldest government on earth, behind the UK) but we are a young country. It is customary for the young to make mistakes, pick themselves up, and go on. We have made a lot of mistakes, but none of them are fatal. We are coming into our maturity, when we will do things differently. The American Century is dead and gone –bring on the American Millennium.
# # # # # # #
Copyright © 2011 by J.R. Dunn
J.R. Dunn is a novelist, editor, and political commentator active both in print and online. His SF novels include This Side of Judgment, Days of Cain, a powerful time travel novel dealing with the the Holocaust, and Full Tide of Night. He is the associate editor of The International Military Encyclopedia and is a contributing editor on military affairs to the American Thinker. His latest nonfiction book is Death by Liberlism, from Broadside.