Information Warfare: January 23, 2002

Archives

The United States Cyberwar Command- The United States Space Command is responsible for American military satellites and space operations. But, as of October, 1999, it was put in charge of providing tools, procedures and consulting to defend Department of Defense computer networks from network attacks by hackers, terrorists, and criminals. In milspeak, it took charge of the Department of Defense Joint Task Force - Computer Network Defense (JTF-CND). In early 1999, JTF-CND was organized after, as the military put it, "after exercises and real-world events demonstrated the need for a single coordinating agency with the authority to direct actions necessary for the defense of vital national computer networks. It was recognized then that JTF-CND was an interim solution and would be eventually assigned to a unified command."

It has long been recognized that satellites are vulnerable to hackers, for the only way to send commands to satellites is via radio. Most of this communications is now done via coded messages, but codes can be cracked, or espionage can obtain the codes. In either case, you won't find out about it until there's a war, and all of a sudden someone else has either taken over your satellites, or disabled them. And it's not just the military satellites that are at risk. There are nearly 800 satellites up there and we know they are vulnerable. In the 1980s, a hacker calling himself "Captain Midnight" took over a transponder used by HBO and substituted his own message. In 1999, there was an unconfirmed story about a hacker who took over a military communications satellite in an unsuccessful extortion attempt. 

The loudest wake up call was a wargame conducted in 1997. The exercise, called Eligible Receiver, used white hat hackers from the National Security Agency to show how it was possible, given then current conditions, to hack many 911 systems and shut them down. It was also revealed that the electrical power grid control systems of some major cities were also vulnerable to similar penetration and disruption.

JTF-CND was set up in the headquarters of the Defense Information Systems Agency (DISA), and, with about a hundred personnel, operates a 24/7 watch for major hack attacks. There was already a network of intrusion detection and reporting systems in place, and now someone was responsible for watching all of them and organizing a defense if there was a major attack. 

NIPRNET (Non-classified Internet Protocol Router Network) is the military network connected to the internet and has over two million servers. This is where most of the problems are and what attracts the hundred or so intrusion attempts made each day. Most are script kiddies goofing around, but 10-20 of these attempts are deemed serious enough to warrant further investigation. Although unclassified, NIPRNET contains a lot of logistics (supplies, including requests for stuff), personnel matters (addresses, phone numbers and even credit card numbers). Separate from NIPRNET is SIPRNET (Secure Internet Protocol Router Network). This net is not connected to the Internet and encrypts it's data. This network is rarely attacked and penetrations are few, if any (all discussion of SIPRNET attacks are classified.)

Space Command set up four levels of alert, from the lowest, "Infocom Alpha," to the most serious "Infocom Delta." What exactly the military does at each of the four levels of alert is classified. But it is know that Infocom Alpha includes things like; changing passwords, restricting cell phone use, updating keys used to encrypt classified communication lines, doing an extra back up of important documents, urging military personnel to update virus protection on their home computers, reviewing security checklists and, of course, reporting suspicious activity. During the Chinese-American "hacker war" of early 2001 (after the EP-3 incident), Space Command went to Infocom Alpha. 

In October, 2001. the Space Command took over responsibility for offensive computer warfare. This included developing highly classified computer attack systems and tools. Space Command will develop, test, and "package" these offensive tools for use in future use. Space Command notes that the only way to build an air defense system these days, or at least one that has any chance of slowing down U.S. air attacks, requires using computer networks. The same goes for command and control systems for ground and naval forces. Thus the emphasis on developing weapons that can disable these computer systems. While this is less destructive warfare, using electronic signals rather than bombs, it is also more effective. As always, the key to effective network weapons is finding weaknesses before the enemy user does. This is a constantly changing situation, as foreign network managers themselves discover their vulnerabilities and fix them. If a cyberwar attack fails because of this, then you use the bombs. But every cyberwar attack that succeeds means that fewer U.S. warplanes and pilots are put at risk. And those smart bombs are expensive as well, so cyberwar can be cheaper.