Post on 22-Jan-2017
There Will Be Cyberwar
or
The Internet of Military Things (IoMT)
Richard StiennonChief Research AnalystIT-Harvest
twitter.com/cyberwar
Keynote, CyberSecurity World, Washington DC, October 28, 2015
Book Launch: October 29, National Press Club 4 PM. All welcome
twitter.com/cyberwarhttp://www.amazon.com/There-Will-Be-Cyberwar-Network-Centric/dp/0985460784
Purchase on Amazon
The Revolution in Military Affairs
• Roman centuries • Long bow and battle of Crecy• Napoleon’s staff command• Machine guns• Mechanized armor, blitzkrieg
The Modern RMA
• Operation Desert Storm leads to:
• Russian assessment of precision weapons ISR, C&C as force multiplier, which leads to
• Andrew Marshall
IT-Harvest Confidential
Andrew Marshall: Enigmatic Strategist
Andrew W. Marshall (born September 13, 1921) just retired director of the United States Department of Defense's Office of Net Assessment.
1996 Taiwan Straits Crisis "Admiral Clemens was able to use e-mail, a very graphic-
rich environment, and video teleconferencing to achieve the effect he wanted", which was to deploy the carrier battle groups in a matter of hours instead of days.” -Arthur Cebrowski
USS Nimitz and USS Independence deployto Taiwan.
Admiral Archie Clemins
Father of Network Centric Warfare
Clemins’ Apple Powerbook 160
9.8 inch greyscale LCD Display
Up to 14 MB RAM (smaller than this slide deck)
40MB SCSI Hard Disk Drive
8 pounds
USS Blue Ridge command ship of the US Navy 7th Fleet
A Lasting LegacySame Inmarsat satellite constellation still in use
N21 initiative launched
Pentagon Office of Force Transformation led by Arthur Cebrowski
Arthur Cebrowski: Evangelist
“Network Centric Warfare should be the cornerstone of transformation. If you are not interoperable you are not on the net.You are not benefiting from the information age”.
The NCW Dream
Total Situational Awareness eliminates “the fog of war”
Red Team - Blue Team identification
Central Command and Control. Distributed battle command.(The Global Information Grid, or GIG)
Networked Intelligence, Surveillance Reconnaissance (ISR) -a sensor grid
IT-Harvest Confidential
Network Centric Warfare
Everything connected (like the Internet)
Satellite-Planes-Drones-Ground-Sea based sensor grid
Instant communication over a Global Grid
Deja vu all over again
We’ve seen this story payed out before in the enterprise.
First, network everything. Take advantage of connectivity and ubiquity to re-invent commerce, social interactions, and communications.
Second: succumb to attacks from hackers, cyber criminals, hacktivists, and nation states.
Finally: Layer in security
How the Military Failed in SecurityApril 1, 2001 a Navy EP-3E was forced down and captured by China. Top secret OS compromised
In 2008 China blatantly flooded communication channels known to be monitored by the NSA with decrypted US intercepts, kicking off a major re-deployment. SEVEN years too late.
How the Military Failed in SecurityFirst, the Pentagon email servers p0wned 2007
Then terabytes of data exfiltrated to China from the Defense Industrial Base. The target? Joint Strike Fighter design data.
Military IT Security Failures
The Wake Up Call
BUCKSHOT YANKEE
Agent.btz introduced via thumb drive in a forward operations command (Afghanistan?)
EVERY Windows machine re-imaged in the entire military (3 million +) at a cost of $1 Billion.
Drone madness 1
Drone madness 2
Drone madness 3
IT-Harvest Confidential
SATCOM Vulns
• “We uncovered what would appear to be multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms.” -IOActive
Software Assurance maturity came after most new weapons platforms were sourced.
One Air Force study of 3 million lines of code revealed:
One software vulnerability per 8 lines of code
One high vulnerability per 31 lines of code
One critical vulnerability for 70 lines of code
The F-35 Joint Strike Fighter
“JSF software development is one of the largest and most complex projects in DOD history.”
-Michael J. Sullivan, Director Acquisition and Sourcing Management for the DoD:
The F-35 Joint Strike Fighter• Nine million lines of onboard
code could mean 128,000 critical vulns
• 15 million lines of logistics code could mean another 214,000 critical vulns
• What could possibly go wrong?
Taiwan Straits Crisis. 2018?
GPS hacks deflect jets away from tankers
Mission tasking subverted
Communications intercepts mislead commander
Radar jamming masks enemy movement
Result? Military defeat
A Working Definition of Cyberwar
The use of network and computer attack to support the operations of a military force.
IT-Harvest Confidential
Cyber Pearl Harbor Defined
An overwhelming defeat of US forces due to
enemy information dominance.
And it look like this…
IT-Harvest Confidential
email: richard@it-harvest.com
Twitter: twitter.com/cyberwar