The Washington Post is out with an article today about the Pentagon’s “accelerating efforts to develop a new generation of cyberweapons capable of disrupting enemy military networks even when those networks are not connected to the Internet”:
Last year, to speed up the development of cyberweapons, as well as defensive technology, then-Deputy Defense Secretary William J. Lynn III and Marine Corps Gen. James Cartwright, then vice chairman of the Joint Chiefs of Staff, placed $500 million over five years into the budget of the Defense Advanced Research Projects Agency (DARPA), one of the Defense Department’s premier research organizations.
The agency also has launched new cyber-development initiatives, including a “fast-track” program.
“We need cyber options that can be executed at the speed, scale and pace” of other military weapons, Kaigham J. Gabriel, DARPA deputy director, said in testimony last month to Congress [more following the link].
Pentagon officials, meanwhile, are developing a congressionally mandated strategy for the rapid acquisition of cyberweapons that can keep pace with threats and technology.
Officials are researching cyberweapons that can target “offline” military systems in part by harnessing emerging technology that uses radio signals to insert computer coding into networks remotely.
“To affect a system, you have to have access to it, and we have not perfected the capability of reaching out and accessing a system at will that is not connected to the Internet,” said Joel Harding, an independent consultant who is a former military officer and former director of the Information Operations Institute.
Even if an operator gains access, he said, “unless you already have custom-written code for a system, chances are we don’t have a weapon for that because each system has different software and updates.”
In some cases, as with command-and-control systems, military assets rely on Internet connections, making them theoretically easier to target.
Without that connectivity, an attacker would have to rely on other means — for instance, physically inserting into those systems portable devices such as thumb drives or computer components that have been altered.
But such approaches lack the control and predictability that military commanders desire, experts say.
The amount of disclosed spending by the Pentagon on cybersecurity and cybertechnology — offensive and defensive — is $3.4 billion this year. The U.S. Cyber Command, based at Fort Meade, was created in 2010 and has a budget of $154 million this year.
U.S. officials say that existing cyberweaponry has the potential to disable components of a weapon system, although it is not likely to destroy the system.
Cyber tools might be used in conjunction with other tactics and weapons. Cybertechnology might, for example, enable an attack by delaying enemy recognition of it until it is underway.
“It will probably never be just a standalone cyberattack on a network,” said Lt. Gen. Charles R. Davis, commander of the Electronic Systems Center at Hanscom Air Force Base, who buys the tools and software that support the Air Force’s offensive and defensive cyber activities.
Cybertechnology was not a significant factor in military operations 10 years ago, Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said during an Atlantic Council discussion in December. ”Cyber is a significant factor today.”
The Stuxnet computer virus that reportedly disabled some 900 centrifuges in an Iranian uranium-enrichment plant in 2009 and 2010 — while it has been dubbed by control-system expert Ralph Langner as the world’s “first digital warhead” — lacked the precision, predictability and control that a military commander would need during combat, experts said.
“If I’m trying to knock down an air defense system, I have to know precisely what’s going to happen and when it will happen,” said a former military official. “It’s a fundamentally different approach than Stuxnet.”
DARPA plans to focus an increasing portion of its cyber research on “offensive capabilities to address military-specific needs,” Gabriel said recently in testimony before the House Armed Services subcommittee on emerging threats and capabilities.
Within the Pentagon, more money is being spent on defending against cyberattacks than on preparing to deploy offensive cyber operations, officials say. That is appropriate, they say, when adversaries are trying to develop similar cyberweapons to use against U.S. military targets that may not be secure against attack and when Pentagon networks are probed thousands of times daily.
But more money needs to be spent on developing cyperweapons, say some former officials. “You’ve got to start moving investment to the offensive side,” Cartwright said.
Pentagon spending on cybertechnology is growing even as other areas of its budget are shrinking, officials say.
“I am still not remotely satisfied with where we are in cyber,” Deputy Secretary of Defense Ashton B. Carter said at the Credit Suisse and McAleese and Associates defense conference in Arlington this month.
“I dare say,” he said, “we’d spend a lot more if we could figure out where to spend it.”
Read the full article here.
And check out the Department of Defense’s recently-issued military strategy – Sustaining U.S. Leadership: Priorities for 21st-Century Defense – which calls for an increased investment in technological innovation, including areas of cybersecurity and intelligent systems.
(Contributed by Erwin Gianchandani, CCC Director)