In the recent past, the United States military attempted to keep their cyberwarfare program under wraps but now it appears that this approach has been abandoned completely.
Considering all of the malware popping up in the Middle East which is regularly traced back to the United States and Israel including Stuxnet, Flame, Duqu and the possibly related Mahdi,
this isn’t all too surprising. The West’s cyberwarfare efforts are
rapidly becoming common knowledge so I’m not shocked to see the Air
Force opening up about their goals.
In a solicitation posted on the Federal Business Opportunities
website, the Air Force reveals that they are seeking some quite
astounding capabilities as part of the Cyberspace Warfare Operations
(CWO) program.
Under this $10 million effort, which is mostly focused on short
programs ranging from three to twelve months, the Air Force is seeking,
“The employment of cyberspace capabilities to destroy, deny, degrade,
disrupt, deceive, corrupt, or usurp the adversaries ability to use the
cyberspace domain for his advantage.”
The objectives for the program include, “Technologies/concepts for
developing capabilities associated with Cyberspace Warfare Attack (i.e.,
to disrupt, deny, degrade, destroy, or deceive an adversary’s ability
to use the cyberspace domain to his advantage.)”
This seems to be a wide-ranging effort including, but in no way
limited to: “Mapping of networks (both data and voice); Access to
cyberspace domain, information, networks, systems, or devices; Denial of
service on cyberspace resources, current/future operating systems, and
network devices; Data manipulation; Ability to control cyberspace
effects at specified times and places.”
According to the Wired blog Danger Room,
the military “wants its Trojans and worms available, ASAP,” not only to
be available to the top brass but also to the “operational commander.”
This means that cyberattacks will not only be launched with
permission of the president or top officials, as large-scale traditional
strikes tend to be, but they can also “be launched at only the most
strategically important moments.”
In other words, if a lower-level commander decides it would be
beneficial to deploy malware for one reason or another, the military
believes that this ability should be part of their standard arsenal.
A major goal of this program seems to be to allow attacks before a
traditional battle even begins, which seems somewhat nonsensical since
by most metrics cyberattacks could be considered an act of war depending
on the target and the severity of the attack.
This is evidenced by the Air Force seeking, “Cyberspace
technologies/capabilities employing unique characteristics resulting in
the adversary entering conflicts in a degraded state.”
As Danger Room points out, discussing these goals in public seems
quite amazing indeed, even if the terms are quite vague, because
currently the Obama administration is actually investigating leaked
information to the press about the U.S. cyberwarfare program against
Iran.
This led to a bill
dealing with so-called “unauthorized disclosure,” more commonly
referred to as a “leak” which created new punishments for individuals
who leak classified information of some kind.
I see this as somewhat similar to the government’s approach to the
drone assassination program which they speak openly about at times then turn around and claim they can’t discuss in court.
Indeed, some in the U.S. military are actually bragging about their
cyberwarfare activities, like Lieutenant General Richard Mills, who led
coalition forces in southwestern Afghanistan in both 2010 and 2011.
At a recent technology conference, Mills openly bragged about having his troops hack into communications of alleged militants.
“I can tell you that as a commander in Afghanistan in the year 2010, I
was able to use my cyber operations against my adversary with great
impact,” said Mills, according to the Associated Press.
“I was able to get inside his nets, infect his command-and-control,
and in fact defend myself against his almost constant incursions to get
inside my wire, to affect my operations,” Mills added.
According to Mills, they have also recently assembled a team of
Marines stationed at the headquarters of the National Security Agency
(NSA), focused on giving the Marine Corps “an offensive capability.”
They also established a second company of Marines who “will be
designed to increase the availability of intelligence analysts,
intelligence collectors and offensive cyber operations and place them in
the appropriate unit, at the appropriate time, at the appropriate
place, so that forward deployed commander in the heat of combat has full
access to the cyber domain.”
In addition, work on “Plan X” has already begun with a $600,000 contract to Invincea, a cybersecurity firm based out of the Washington area.
This is interesting because the project wasn’t supposed to get underway until the 20th of September, while obviously work has already begun.
Invincea would not comment directly on the “Digital Battlefield
Understanding Study and proof-of-concept demonstration” that they are
going to produce for DARPA, but a military document stated that Invincea
submitted an “unsolicited proposal” on June 26.
In under a month their proposal was approved, supposedly because,
“Invincea is the only source who possesses the particular commercial
software and knowledge necessary to rapidly address technical insights
in modeling a cyber battlespace and optimizing digital battle plans.”
There are no signs of this trend slowing down in the slightest since,
as Danger Room rightly notes, “These days, the build-up of America’s
online arsenal has become the subject of all sorts of open talk and
deal-making.”
(Image credit: U.S. Air Force photo/Tech. Sgt. Cecilio Ricardo)
(Image credit: U.S. Air Force photo/Tech. Sgt. Cecilio Ricardo)
No comments:
Post a Comment