December 2009
The Real Face of Cyberwar? (11 December 2009
Intercepting U.S. Surveillance Videos (18 December 2009

The Real Face of Cyberwar?

11 December 2009

Anyone who reads the papers sees stories — or hype — about cyberwarfare. Can it happen? Has it already happened, in Estonia or Georgia? There has even been a Rand Corporation study on cyberwarfare and cyberdeterrence. I wonder, though, if real cyberwarfare might be more subtle — perhaps a "cyber cold war"?

A case in point is the recent release of hacked — stolen — emails on climate change from the University of East Anglia. A British publication, The Independent, has published a story saying that Russian secret services may have been behind the hack, for diplomatic reasons.

This time, if it was indeed the FSB behind the leak, it could be part of a ploy to delay negotiations or win further concessions for Moscow. Russia, along with the United States, was accused of delaying Kyoto, and the signals coming from Moscow recently have continued to dismay environmental activists.

We comonly associate warfare with armies that use so-called "kinetic weapons" against each other and against the opposing country. That need not be the only form warfare can take. Zhou Enlai, for example, once remarked that "diplomacy is a continuation of war by other means." In the science fiction realm, Poul Anderson wrote a story "State of Assassination" (also known as "A Man to My Wounding") about war being replaced by a state of assassination. Instead of brute force attacks with atomic weapons, countries have switched to killing each others' leaders. But one side has gone a step further, and started targeting others.

As the Rand report has pointed out, "certainty in predicting the effects of cyberattacks is undermined by the same complexity that makes cyberattacks possible in the first place" (p. xiv). The report goes on to stress how unclear the effects of a massive cyberattack would be. Perhaps this sort of narrowly-targeted operation, in support of "diplomacy" is the real future of warfare.

Tags: security

Intercepting U.S. Surveillance Videos

18 December 2009

The other day, the Wall Street Journal broke the story that Iraqi insurgents were intercepting video downloads from U.S. Predator drones. Wired's Danger Room Blog reports that it's not just drones' transmissions that are at risk, it's most U.S. warplanes. CBS News says that the Pentagon has known about the problem for at least 10 years. This is a shocking breach of security. What happened? From the outside, it appears to be a combination of factors. I suspect it was a combination of three factors: the difficulty of doing video encryption when the platform was designed; key management; and cost.

The Predator has been around for about 15 years. Video rate encryptors weren't very common in 1995; it's quite possible that adding one would have added significantly to the cost and weight of the aircraft; that in turn would translate to significantly increased cost. Was it worth it?

In 1995, the U.S. did not perceive itself as facing major enemies. The U.S.S.R. was no more; Russia was still perceived as friendly, though that relationship was strained by the Balkan campaign. Besides, its military was in disarray. China wasn't seen to be rising as fast as it is now. Who was left as a military foe? Just a bunch of 3rd world countries and rag-tag insurgents, right? Surely they couldn't intercept U.S. military communications…

That may or may not have been true back then. But lots of ground stations were built to that spec, creating a huge installed base of inherently insecure gear. And times changed.

As we all know, sophisticated electronics are a lot more common now, as is the expertise to develop them. Even if the Iranians — the party blamed for developing the interception technology — couldn't do it in 1995, perhaps they can today. Certainly, there's plenty of evidence of advanced Iranian electronic warfare capability, as well as their willingness to export it to their friends. The ability to intercept, then, is now commonplace; the ability to upgrade quickly is gone.

Another possible problem is key management. Suppose the signals were encrypted. How do you distribute the decryption keys? The video downlink is broadcast; it's not just a matter of two peers exchanging keys. There are a number of ways to do the key management, but the simple ones are vulnerable to a single ground station being compromised and the complex ones are, well, complex. Depending on how it's done, there may also be an operational problem: do the soldiers in the field have the training to load the received keys into the units, while properly protecting them from capture? If that task is hard enough (and I of course have no knowledge of how NSA would design the gear, or even if it would be external), the tradeoff might be very simple: how many lives would be lost because of key management flaws versus lives lost because of intercepted traffic? Of course, the answer to that question depends critically on the ease of interception, and that has changed over the years.

There seems to be some disagreement about whether the drones' signals are being picked up directly or via a satellite link. Danger Room speaks of line-of-sight transmission; CBS says that the Predators can switch to satellite uplinks and that it was satellite downlinks that were intercepted because the military is buying time on commercial satellites.

I'm not impressed by the argument that there's no problem if low power, line-of-sight signals are used. If the Predators are flying at 1500 meters, line of sight — in flat terrain — covers a radius of just under 140 km. And a good antenna can compensate for low transmission power.

In any event, there's a problem now. Saying, as the Air Force has, that "As we identify shortfalls, we correct them as part of a continuous process of seeking to improve capabilities and security" isn't helpful.

Tags: NSA