[Infowarrior] - US reveals plans to hit back at cyber threats

Wed Apr 2 17:18:05 UTC 2008

US reveals plans to hit back at cyber threats
02 Apr 2008 15:12
http://news.zdnet.co.uk/security/0,1000000189,39378374,00.htm

The US Air Force Cyber Command is just as interested in attack as defence,
according to a senior general
The US Air Force Cyber Command is developing capabilities to inflict denial
of service, confidential data loss, data manipulation, and system integrity
loss on its adversaries, and to combine these with physical attacks,
according to a senior US general.

Air Force Cyber Command (AFCYBER), a US military unit set up in September
2007 to fight in cyberspace, is due to become fully operational in the
autumn under the aegis of the US Eighth Air Force. Lieutenant general Robert
J Elder, Jr, who commands the Eighth Air Force's Barksdale base, told
ZDNet.co.uk at the Cyber Warfare Conference 2008 that Air Force is
interested in developing its capabilities to attack enemy forces as well as
defend critical national infrastructure.

"Offensive cyberattacks in network warfare make kinetic attacks more
effective, [for example] if we take out an adversary's integrated defence
systems or weapons systems," said Elder. "This is exploiting cyber to
achieve our objectives."

However, this is a double-edged sword, as adversaries will also attempt to
develop similar capabilities, especially considering the US military's heavy
use of technology, said Elder.

"Terrorists and criminals are doing the same thing. We depend so heavily as
a military on the use of cyber, we have to be cautious about it," said
Elder. "Cyber gives us a huge advantage but adversaries look at our
capabilities and see areas they can undermine. We need to protect our
asymmetric advantage - on the one hand by having people further exploit
cyber, and on the other by having mission assurance."

This problem is made more pressing by the military's reliance on the public
internet to perpetrate cyberattacks. The infrastructure the US military
uses to both launch and defend against cyberattacks runs through the public
internet system. Military networks such as the Global Information Grid are
linked to US government and critical national infrastructure systems, which
in turn are linked to the public internet. Adversary systems are subverted
by the US military through public channels - however, this also leaves the
US military open to attack through the same channels, said Elder.

"The infrastructure on which the Air Force depends is controlled by both
military and commercial entities and is vulnerable to attacks and
manipulation," said Elder.

Other causes for military concern include possible supply-chain
vulnerabilities, where vulnerabilities are introduced into chipsets during
manufacturing that an adversary can then exploit, and electronics
vulnerabilities. 

"We need to make sure chips aren't manipulated - we're worried about
information assurance just like everyone else," said Elder.
Other problems being faced by the Cyber Command are centred around different
Air Force and military units needing to improve their channels of
communication before the autumn.

"We have 10,000 people to do this, but the problem is they are stovepiped,"
said Elder. 

"Stovepiping" has two complementary meanings. In IT terms it describes
information held in separate databases which is difficult to access due to
its multiple locations - the UK equivalent term would be "siloed". In
intelligence-gathering terms - the Eighth also serves as the US Air Force
information operations headquarters - "stovepiping" refers to information
which has been passed up the chain of command without undergoing due
diligence. 

Elder said that, while he was satisfied with AFCYBER's covert operations
capabilities and its demonstrable ability to remotely destroy missile
defence systems, he wished to further develop its attack capabilities.
"IT people set up traditional IT networks with the idea of making them
secure to operate and defend," said Elder. "The traditional security
approach is to put up barriers, like firewalls - it's a defence thing - but
everyone in an operations network is also part of the [attack] force. We're
trying to move away from clandestine operations. We're looking for real
physics - a bigger bang resulting in collateral damage."

US Cyber Command also needs to develop the means to quickly pinpoint exactly
where an attack is coming from, to be able to retaliate, and also to deter
potential attackers.

"We haven't done a good job in the cyber-domain just yet," said Elder. "We
have to demonstrate the capability to do [rapid forensics] then message that
to our adversaries. For deterrence we have to clearly identify the attacker.
We're working on rapid forensics to determine who the adversary is."
While cyber-espionage was inevitable, said Elder, knowledge of the US
military being able to pinpoint the source of cyberattacks could deter
assaults on critical national infrastructure that use Supervisory Control
And Data Acquisition (Scada) systems.

"We're not going to deter cyber-espionage, but we might be able to deter
attacks on Scada networks," said Elder.

As well as developing forensics tools, Cyber Command is also coding tools to
check for incursions, including a "Cyber Sidearm", which will monitor
activity on the Combat Information Transport System - the US Air Force
cyber-network. 

"We've been working to get the functionality built - we're supposed to have
it in the next couple of months," said Elder.

US Eighth Air Force said it was seeking partnerships with both public- and
private-sector organisations to "secure cyberspace". The Department for
Homeland Security's Strategy to Secure Cyberspace includes establishing a
public-private architecture to gauge and respond to cyberthreats, and
increase information-sharing between public- and private-sector
organisations and the military.

Story URL: http://news.zdnet.co.uk/security/0,1000000189,39378374,00.htm 