[Infowarrior] - Scenario Puts Energy, Politics in Hackers’ Cross Hairs

[Richard Forno]

Defense News
July 22, 2013

Scenario Puts Energy, Politics in Hackers’ Cross Hairs

By JOE GOULD 

http://www.armytimes.com/article/20130717/NEWS04/307170004/Scenario-puts-energy-politics-hackers-cross-hairs

WASHINGTON — A US Army cyber official warns that the nation faces a possible
cyberwar in which anonymous foreign computer hackers penetrate government
networks and create friction between Washington and its allies, discredit
elected officials, and create political and economic instability if the US
fails to adapt.

In a recent academic thesis, Col. Bryant Glando paints a nightmarish picture
of how attacks against the US might unfold to influence its political
process and national security objectives — without a shot being fired.

To avert catastrophe, Glando argues the Defense Department should elevate
cyber from a primary mission to a core mission area, a new strategic
approach that would provide a military advantage in cyberspace “over all
potential adversaries.”

“The threats are real,” the thesis reads, before paraphrasing military
theorist Carl von Clausewitz. “It is not a matter of if but a matter of when
a nation or non-nation state develops a new type of warfare to exploit an
Achilles’ heel of the United States in order to achieve its own strategic
objectives. The nature of war does not change, but warfare does, and those
who adapt survive, and those who fail suffer the consequences.”

As proposed by Glando, cyberwarfare would have a whole-of­government
approach, as supported by DoD’s definition of a core mission area. The way
it’s organized, he said, “potentially degrades the ability to deter, defend,
and defeat an adversary in, through, and from cyberspace. Why, because this
fundamentally violates the joint principles of unity of command, economy of
force, and mass as defined in US Joint Publication 3-0.”

Soon to become deputy chief of US cyber Command’s J-35 Future Operations
Cell, Glando is the former deputy director of the cyber­space proponent for
Army Cyber Command/2nd Army, based at Fort Belvoir, Va., and a part of US
Cyber Command. In the early 2000s, Glando led an Army task force that was
part of the joint response to “Titan Rain,” a series of cyber espionage
attacks attributed to the Chinese and used to pilfer information from
American government agencies and defense contractors.

The ‘Art of the Possible’

The 10 years since have seen, among other incidents, the 2007 cyberattacks
that swamped Esto­nian websites amid a dispute with Russia; the hacking of
Ossetian media and government websites during the 2008 Georgia-South
Os­setia war; the 2010 Stuxnet malware attack on an Iranian nuclear
enrichment facility; and cyber espionage efforts originating from China,
including spying against military, commercial, research and industrial
corporations.

Peering into the future, Glando’s “art of the possible” scenario sees
country “ABC” launch a sophisticated
3 1 ⁄2-year string of cyberattacks against the US and country “XYZ,” which
it hopes to take over. ABC penetrates the US defense sector, sows
disinformation in the American political system, attacks critical government
services and fuels civil unrest with leaks and tension between Washington
and its allies.

Hackers, presumably from ABC, launch anonymous attacks and, at one point,
steal the plans for the F-35 Joint Strike Fighter. Later, ABC reveals its
plans for a similar jet.

The attacks get personal, exposing the extramarital affair of a US senator
who supports a bilateral defense agreement with XYZ.

In an eerie case of academics imitating life, Glando’s scenario has a new
Pentagon directive for counter-cyber espionage that outrages the public
because it calls for increased monitoring of US public communications.

Disinformation is a key part of the cyberattacks. When the hacker collective
Anonymous leaks the directive online, “Pentagon officials report that some
of the information posted was incorrect or was modified. US public is
outraged and demands justice. Litigation is initiated by a group of
concerned US citizens to prevent this directive from being implemented.”

The month before 2014 elections, unknown hackers gain access to various
political websites, Twitter and Facebook accounts and manipulate the
statements of key political officials on sensitive political issues. Later,
US Senate and House majorities change, spurring a new emphasis on domestic
issues and relations in the Western Hemisphere. Some members of Congress
begin pushing “for a new strategic shift to look inward and are requesting a
review of all bilateral defense agreements.”

Over the next year, a software glitch crashes a US attack helicopter,
America experiences power outages, water and sewage systems in Illinois
suffer power outages and XYZ’s critical infrastructure experiences outages.
Cyberattacks are the implied cause.

The stock market and employment numbers plummet after unknown hackers remove
$2 trillion from electronic circulation.

December 2016 brings the grand finale, as key military systems in XYZ and
the US fail because of software glitches; utilities at US military bases
near XYZ fail, which delays US forces from responding to ABC’s imminent
invasion of XYZ.

At home, a coordinated cyberattack on critical infrastructure within the US
and XYZ shuts down key government services, “creating chaos across the
public and private sectors.”

“Country ABC launches a massive invasion of country XYZ,” the thesis reads.
“The ability of the US to respond with sufficient military power is delayed
due to the crippling effects of a concentrated cyberspace warfare campaign
directed against the United States, its allies and country XYZ.”

Hard and Soft Power

Jeffrey Carr, founder of cybersecurity consultancy Taia Global and author of
“Inside Cyber Warfare,” faulted Glando’s scenario and called the proposed
solution “irrelevant to the actual threat landscape.” He wrote in an email
that the scenario “goes from being vastly understated (a 20-minute power
outage?) to vastly overstated (casting doubt in an electorate’s mind) and
demonstrates a lack of understanding about what’s technically possible, not
to mention realistic.”

Glando responded to the criticism by agreeing that more devastating
cyberattacks are possible, but said in his scenario, the adversary was using
stealthier “brown­outs” to confuse efforts to attribute the attacks and the
response. Otherwise, Glando disagreed that cyberattacks could not be used to
influence an electorate and cited current events.

“During the Arab Spring, modern technology was used to spur dissent, and not
just in a single country,” he said.

Christopher Bronk, a former diplomat with the State Department and a fellow
specializing in information technology policy at Rice University’s Baker
Institute, said cyber operations can enable the application of hard power
and soft power, as suggested by Glando.

“The scenario has it all, the kind of kinetic attacks that makes the oil and
gas industry go kaboom to influence games like, ‘Oh, this country’s going to
lose some senatorial support,’ ” Bronk said.

According to Bronk, the military must make cybersecurity part of its culture
“because computing pervades everything the military does now. It’s all ones
and zeroes, and digital technology is embedded all the way down to a rifle
company.”

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.