[Infowarrior] - USAF Aims to 'Rewrite Laws of Cyberspace'

Richard Forno rforno at infowarrior.org
Mon Nov 3 19:47:57 UTC 2008 

Air Force Aims to 'Rewrite Laws of Cyberspace'
By Noah Shachtman EmailNovember 03, 2008 | 12:25:00 PMCategories: Info  
War

http://blog.wired.com/defense/2008/11/air-force-aims.html

The Air Force is fed up with a seemingly endless barrage of attacks on  
its computer networks from stealthy adversaries whose motives and even  
locations are unclear. So now the service is looking to restore its  
advantage on the virtual battlefield by doing nothing less than the  
rewriting the "laws of cyberspace."

It's more than a little ironic that the U.S. military, which had so  
much to do with the creation and early development of internet, finds  
itself at its mercy. But as the American armed forces become  
increasingly reliant on its communications networks, even small,  
obscure holes in the defense grid are seen as having catastrophic  
potential.

Trouble is that even a founding father can't unilaterally change  
things that the entirety of the internet ecosystem now depends on.  
"You can control your own networks, rewrite your own laws," says Rick  
Wesson, CEO of the network security firm Support Intelligence. "You  
can't rewrite everybody else's."

But the Air Force Research Laboratory's "Integrated Cyber Defense"  
program, announced earlier this month, is part of a larger military  
effort to accomplish just that. "The 'laws' of cyberspace can be  
rewritten, and therefore the domain can be modified at any level to  
favor defensive forces," announces the project's request for  
proposals. Some of the rewrites being considered:

     * Making hostile traffic inoperable on Air Force networks.

     * Locating and identifying once-anonymous hackers.

     * Enabling Air Force servers to evade or dodge electronic  
attacks, somehow.

It's part of a larger Air Force effort to gain the upper hand in  
network conflict. An upcoming Air Force doctrine calls for the service  
to have the "freedom to attack" online. A research program, launched  
in May, shoots for "gain access" to "any and all" computers. A new  
division of information warriors is being set up under Air Force Space  
Command. "Our mission is to control cyberspace both for attacks and  
defense," 8th Air Force commander Lt. Gen. Robert Elder told Wired.com  
earlier this year. Apparently.

At the moment, though, online aggressors have the edge on the  
military's network protectors, the Air Force says.

"Defensive operations are constantly playing 'catch up' to an ever- 
increasing onslaught of attacks that seem to always stay one step  
ahead," says the Air Force Research Laboratory's "Integrated Cyber  
Defense" request for proposals. "In order to tip the balance in favor  
of the defender, we must develop a strategic approach to cyber defense  
that transcends the day to day reactive operations."

"[M]ost threats should be made irrelevant by eliminating  
vulnerabilities beforehand by either moving them 'out of band' (i.e.,  
making them technically or physically inaccessible to the adversary),  
or 'designing them out' completely," the request for proposals adds.

"Can we create a cyberspace with different rules?" asks Paul Ratazzi,  
a technical advisor at the AFRL's Information Directorate. "Let's  
challenge those fundamental assumptions on how these things work, and  
see if there's a better way."

For instance, it's extraordinarily difficult to find the hacker behind  
a cyberattack today. Network traffic can be run through dozens of  
different proxies and anonymizers; "botnets" of enslaved computers can  
be controlled from the other side of the world; millions of PCs spew  
out malicious data without their owners ever catching on. AFRL would  
like to see a way to change existing network protocols, to make it  
easier to trace and locate the source of an online threat.

Or perhaps today's protocols can be tailored, to make military  
networks "technically or physically inaccessible" to malicious  
traffic. "We'll start with blue," says Information Directorate chief  
Donald Hanson, using the military term for friendly forces. "If you're  
not blue, you can't come in."

Hanson is also interested in finding ways to dodge electronic attacks,  
rather than figure out new ways to stop them, or lock them out. "A lot  
of our [defenses] up to now have been about defeating an attack," he  
says. "We'd rather avoid it altogether." Digital radios communicate  
today by "frequency-hopping" -- jumping across multiple bands of the  
spectrum. Perhaps the Air Force's online traffic could do something  
similar.

There are some network precedents for the idea, Wesson explains. So- 
called "honeypot" servers are used to lure in hackers with fake  
targets to attack. But the hackers are often aware which IP addresses  
are really honeypots. So hosted servers are used to mask those  
addresses -- and, with a secure network "tunnel," run the traffic back  
to the honeypots. "If you can do that with honeypots, you can do it  
with all kinds of other things," Wesson says.

Hanson refused to comment on that technique. But Ross Stapleton-Gray,  
with the Packet Clearing House research group, isn't sure cyberstrikes  
can be avoided, really. "The way networks work, it's always going to  
be easier for a nimble attacker than a nimble defender," says Ross  
Stapleton-Gray, with the Packet Clearing House research group.  
"There's always a scarcity of bandwidth -- somewhere. There are always  
chokepoints -- somewhere."

More information about the Infowarrior mailing list