[Infowarrior] - Militarizing Your Cyberspace

[Richard Forno]

Tomgram: William Astore, Militarizing Your Cyberspace

http://www.tomdispatch.com/post/174940/william_astore_militarizing_your_cyberspace

Be depressed. Be very depressed. You thought that cyberspace -- a term  
conjured up long ago by that neuromancer, sci-fi author William Gibson  
-- was the last frontier of freedom. Well, think again. If the U.S.  
Air Force has anything to say about it, cyber-freedom will, in the not  
so distant future, be just another word for domination.

Air Force officials, despite a year-long air surge in Iraq,  
undoubtedly worry that Secretary of Defense Robert Gates's "next  
wars" (two, three, many Afghanistans) won't have much room for air  
glory. Recently, looking for new realms to bomb, it launched itself  
into cyberspace. The Air Force has now set up its own Cyber Command,  
redefined the Internet as just more "air space" fit for "cyber-craft,"  
and launched its own Bush-style preemptive strike on the other  
military services for budgetary control of the same.

If that's not enough for you, it's now proposing a massive $30 billion  
cyberspace boondoggle, as retired Air Force Lt. Col. William Astore  
writes below, that will, theoretically, provide the Air Force with the  
ability to fry any computer on Earth. And don't think the other  
services are likely to take this lying down. Expect cyberwar in the  
Pentagon before this is all over. In the meantime, think of  
cyberspace, in military terms, as a new realm for nuclear-style  
strategy, with its own developing version of "first-strike  
capability," its own future versions of "mutually assured  
destruction," its own "windows of vulnerability" to be closed (while  
exploiting those of the enemy), and undoubtedly its own "cyber-gaps."

In fact, it looks like the national-security version of cyberspace may  
soon be a very, very busy place. Noah Shachtman, who covers the  
subject like a rug at his Wired Magazine Danger Room blog, recently  
noted that Comcast, the country's second-largest Internet provider,  
"has just advertised for an engineer to handle 'reconnaissance' and  
'analysis' of 'subscriber intelligence' for the company's 'National  
Security Operations'" -- that is, for the U.S. government. ("Day-to- 
day tasks, the company says in an online job listing, will include  
'deploy[ing], installing] and remov[ing] strategic and tactical data  
intercept equipment on a nationwide basis to meet Comcast and  
Government lawful intercept needs.'") Ain't that sweet.

And it shouldn't be too tough a job. As Shachtman also points out,  
"Since May 2007, all Internet providers have been required to install  
gear for easy wiretapping under the Communications Assistance for Law  
Enforcement Act."

Sigh. Those who don't learn from history are bound to… get ever more  
bloated budgets. Tom

     Attention Geeks and Hackers
     Uncle Sam's Cyber Force Wants You!
     By William J. Astore

     Recently, while I was on a visit to Salon.com, my computer screen  
momentarily went black. A glitch? A power surge? No, it was a pop-up  
ad for the U.S. Air Force, warning me that an enemy cyber-attack could  
come at any moment -- with dire consequences for my ability to connect  
to the Internet. It was an Outer Limits moment. Remember that eerie  
sci-fi show from the early 1960s? The one that began in a blur with  
the message, "There is nothing wrong with your television set. Do not  
attempt to adjust the picture. We are controlling transmission…." It  
felt a little like that.

     And speaking of Air Force ads, there's one currently running on  
TV and on the Internet that starts with a bird's eye view of the  
Pentagon as a narrator intones, "This building will be attacked three  
million times today. Who's going to protect it?" Two Army colleagues  
of mine nearly died on September 11, 2001, when the third hijacked  
plane crashed into the Pentagon, so I can't say I appreciated the none- 
too-subtle reminder of that day's carnage. Leaving that aside, it  
turns out that the ad is referring to cyber-attacks and that the cyber  
protector it has in mind is a new breed of "air" warrior, part of an  
entirely new Cyber Command run by the Air Force. Using the latest  
technology, our cyber elite will "shoot down" enemy hackers and  
saboteurs, both foreign and domestic, thereby dominating the realm of  
cyberspace, just as the Air Force is currently seeking to dominate the  
planet's air space -- and then space itself "to the shining stars and  
beyond."

     Part of the Air Force's new "above all" vision of full-spectrum  
dominance, America's emerging cyber force has control fantasies that  
would impress George Orwell. Working with the Defense Advanced  
Research Projects Agency (DARPA), the Department of Homeland Security,  
and other governmental agencies, the Air Force's stated goal is to  
gain access to, and control over, any and all networked computers,  
anywhere on Earth, at a proposed cost to you, the American taxpayer,  
of $30 billion over the first five years.

     Here, the Air Force is advancing the now familiar Bush-era idea  
that the only effective defense is a dominating offense. According to  
Lani Kass, previously the head of the Air Force's Cyberspace Task  
Force and now a special assistant to the Air Force Chief of Staff, "If  
you're defending in cyber [space], you're already too late. Cyber  
delivers on the original promise of air power. If you don't dominate  
in cyber, you cannot dominate in other domains."

     Such logic is commonplace in today's Air Force (as it has been  
for Bush administration foreign policy). A threat is identified, our  
vulnerability to it is trumpeted, and then our response is to spend  
tens of billions of dollars launching a quest for total domination.  
Thus, on May 12th of this year, the Air Force Research Laboratory  
posted an official "request for proposal" seeking contractor bids to  
begin the push to achieve "dominant cyber offensive engagement." The  
desired capabilities constitute a disturbing militarization of  
cyberspace:

         "Of interest are any and all techniques to enable user and/or  
root access to both fixed (PC) or mobile computing platforms. Robust  
methodologies to enable access to any and all operating systems, patch  
levels, applications and hardware…. [T]echnology… to maintain an  
active presence within the adversaries' information infrastructure  
completely undetected… [A]ny and all techniques to enable stealth and  
persistence capabilities… [C]apability to stealthily exfiltrate  
information from any remotely-located open or closed computer  
information systems…"

     Stealthily infiltrating, stealing, and exfiltrating: Sounds like  
cyber-cat burglars, or perhaps invisible cyber-SEALS, as in that U.S.  
Navy "empty beach at night" commercial. This is consistent with an Air  
Force-sponsored concept paper on "network-centric warfare," which  
posits the deployment of so-called "cyber-craft" in cyberspace to  
"disable terminals, nodes or the entire network as well as send  
commands to ‘fry' their hard drives." Somebody clever with acronyms  
came up with D5, an all-encompassing term that embraces the ability to  
deceive, deny, disrupt, degrade, and destroy an enemy's computer  
information systems.

     No one, it seems, is the least bit worried that a single-minded  
pursuit of cyber-"destruction" -- analogous to that "crush… kill…  
destroy" android on the 1960s TV series "Lost in Space" -- could  
create a new arena for that old Cold War nuclear acronym MAD (mutually  
assured destruction), as America's enemies and rivals seek to D5 our  
terminals, nodes, and networks.

     Here's another less-than-comforting thought: America's new Cyber  
Force will most likely be widely distributed in basing terms. In fact,  
the Air Force prefers a "headquarters" spread across several bases  
here in the U.S., thereby cleverly tapping the political support of  
more than a few members of Congress.

     Finally, if, after all this talk of the need for "information  
dominance" and the five D's, you still remain skeptical, the Air Force  
has prepared an online "What Do You Think?" survey and quiz (paid for,  
again, by you, the taxpayer, of course) to silence naysayers and  
cyberspace appeasers. It will disabuse you of the notion that the  
Internet is a somewhat benign realm where cooperation of all sorts,  
including the international sort, is possible. You'll learn, instead,  
that we face nothing but ceaseless hostility from cyber-thugs seeking  
to terrorize all of us everywhere all the time.

     Of Ugly Babies, Icebergs, and Air Force Computer Systems

     Computers and their various networks are unquestionably vital to  
our national defense -- indeed, to our very way of life -- and we do  
need to be able to protect them from cyber attacks. In addition,  
striking at an enemy's ability to command and control its forces has  
always been part of warfare. But spending $6 billion a year for five  
years on a mini-Manhattan Project to atomize our opponents' computer  
networks is an escalatory boondoggle of the worst sort.

     Leaving aside the striking potential for the abuse of privacy, or  
the potentially destabilizing responses of rivals to such aggressive  
online plans, the Air Force's militarization of cyberspace is likely  
to yield uncertain technical benefits at inflated prices, if my  
experience working on two big Air Force computer projects counts for  
anything. Admittedly, that experience is a bit dated, but keep in mind  
that the wheels of procurement reform at the Department of Defense  
(DoD) do turn slowly, when they turn at all.

     Two decades ago, while I was at the Space Surveillance Center in  
Cheyenne Mountain, the Air Force awarded a contract to update our  
computer system. The new system, known as SPADOC 4, was, as one Air  
Force tester put it, the "ugly baby." Years later, and no prettier,  
the baby finally came on-line, part of a Cheyenne Mountain upgrade  
that was hundreds of millions of dollars over budget. One Air Force  
captain described it in the following way:

         "The SPADOC system was… designed very poorly in terms of its  
human machine interface… [leading to] a lot of work arounds that make  
learning the system difficult… [Fortunately,] people are adaptable and  
they can learn to operate a poorly designed machine, like SPADOC, [but  
the result is] increased training time, increased stress for the  
operators, increased human errors under stress and unused machine  
capabilities."

     My second experience came a decade ago, when I worked on the Air  
Force Mission Support System or AFMSS. The idea was to enable pilots  
to plan their missions using the latest tools of technology, rather  
than paper charts, rulers, and calculators. A sound idea, but again  
botched in execution.

     The Air Force tried to design a mission planner for every  
platform and mission, from tankers to bombers. To meet such disparate  
needs took time, money, and massive computing power, so the Air Force  
went with Unix-based SPARC platforms, which occupied a small room. The  
software itself was difficult to learn, even counter-intuitive. While  
the Air Force struggled, year after year, to get AFMSS to work,  
competitors came along with PC-based flight planners, which provided  
80% of AFMSS's functionality at a fraction of the cost. Naturally,  
pilots began clamoring for the portable, easy-to-learn PC system.

     Fundamentally, the whole DoD procurement cycle had gone wrong --  
and there lies a lesson for the present cyber-moment. The Pentagon is  
fairly good at producing decent ships, tanks, and planes (never mind  
the typical cost overruns, the gold-plating, and so on). After all, an  
advanced ship or tank, even deployed a few years late, is normally  
still an effective weapon. But a computer system a few years late?  
That's a paperweight or a doorstop. That's your basic disaster. Hence  
the push for the DoD to rely, whenever possible, on COTS, or  
commercial-off-the-shelf, software and hardware.

     Don't get me wrong: I'm not saying it's only the Pentagon that  
has trouble designing, acquiring, and fielding new computer systems.  
Think of it as a problem of large, by-the-book bureaucracies. Just  
look at the FBI's computer debacle attempting (for years) to install  
new systems that failed disastrously, or for that matter the ever more  
imperial Microsoft's struggles with Vista.

     Judging by my past experience with large-scale Air Force computer  
projects, that $30 billion will turn out to be just the tip of the  
cyber-war procurement iceberg and, while you're at it, call those  
"five years" of development 10. Shackled to a multi-year procurement  
cycle of great regulatory rigidity and complexity, the Air Force is  
likely to struggle but fail to keep up with the far more flexible and  
creative cyber world, which almost daily sees the fielding of new  
machines and applications.

     Loving Big "Cyber" Brother

     Our military is the ultimate centralized, bureaucratic,  
hierarchical organization. Its tolerance for errors and risky or  
"deviant" behavior is low. Its culture is designed to foster  
obedience, loyalty, regularity, and predictability, all usually  
necessary in handling frantic life-or-death combat situations. It is  
difficult to imagine a culture more antithetical to the world of  
computer developers, programmers, and hackers.

     So expect a culture clash in militarized cyberspace -- and more  
taxpayers' money wasted -- as the Internet and the civilian computing  
world continue to outpace anything the DoD can muster. If, however,  
the Air Force should somehow manage to defy the odds and succeed, the  
future might be even scarier.

     After all, do we really want the military to dominate cyberspace?  
Let's say we answer "yes" because we love our big "Above All" cyber  
brother. Now, imagine you're Chinese or Indian or Russian. Would you  
really cede total cyber dominance to the United States without a  
fight? Not likely. You would simply launch -- or intensify -- your own  
cyber war efforts.

     Interestingly, a few people have surmised that the Air Force's  
cyber war plans are so outlandish they must be bluster -- a sort of  
warning shot to competitors not to dare risk a cyber attack on the  
U.S., because they'd then face cyber obliteration.

     Yet it's more likely that the Air Force is quite sincere in  
promoting its $30 billion "mini-Manhattan" cyber-war project. It has  
its own private reasons for attempting to expand into a new realm (and  
so create new budget authority as well). After all, as a service, it's  
been somewhat marginalized in the War on Terror. Today's Air Force is  
in a flat spin, its new planes so expensive that relatively few can be  
purchased, its pilots increasingly diverted to "fly" Predators and  
Reapers -- unmanned aerial vehicles -- its top command eager to ward  
off the threat of future irrelevancy.

     But even in cyberspace, irrelevancy may prove the name of the  
game. Judging by the results of previous U.S. military-run computer  
projects, future Air Force "cyber-craft" may prove more than a day  
late and billions of dollars short.

     William J. Astore, a retired lieutenant colonel (USAF), has  
taught at the Air Force Academy and the Naval Postgraduate School. He  
currently teaches at the Pennsylvania College of Technology. A regular  
contributor to Tomdispatch, he is the author of Hindenburg: Icon of  
German Militarism (Potomac, 2005). His email is wastore at pct.edu.

Copyright 2008 William J. Astore