By Forrest Hare, Solutions Architect, Cyberspace Operations
Exemplified by articles in the Journal of Electronic Defense, there are still advocates for keeping the electronic warfare and cyberspace communities separate. Many who fight in the electromagnetic environment wish to remain apart from the cyberspace operations community. On the cyberspace operations side, there is an equally limited call for partnership or integration.
In fact, the congressional Electronic Warfare Working Group has made little mention of the interplay between electronic and cyber warfare in its requests to the Department of Defense for briefings and assessments, perpetuating a singularity of focus.
The sentiment against integration seems driven by culture and budgets rather than doctrine and physics.
On the electronic warfare (EW) side, the primary issues appear to be:
- The preference to associate with the rated operations community and focus on integration with tactical combat operations.
- The view that the cyber operations community is the "stay-at-home team," since it is less likely to be forward deployed.
- The complex approval processes to employ cyber capabilities in a conflict that would hamstring the EW community.
- The continuous fight for sustainment funding.
On the cyber operations side, the primary issues to be:
- The imperative on rapid software development, which results in a continuous cat-and-mouse game between defensive operations, computer network exploitation, and offensive cyber operations.
- The continuously adaptive pace of the domain, since the fight occurs 24/7 on a global scale.
- The complex EW acquisition process that would hamstring cyber operators, since it is often tied to major weapons programs.
- The overtasking to improve cybersecurity, support combatant command operations, and now secure homeland defense, leaving limited resources to expand the community's vision.
While these issues continue to hamper closer integration, the cyber landscape continues to evolve in directions that compel the two communities to knock down stovepipes.
With billions of Internet of Things (IoT) devices to be in operation by 2025, the IoT will truly make cyberspace a ubiquitous and indispensable part of the nation's infrastructure. The DoD is also interested in improving situational awareness and real-time decision-making via the connected battlefield--the so-called Internet of Battlefield Things (IoBT). Of importance to both the EW and cyber communities is that virtually all of these devices rely on radio frequency (RF) pathways to get to the Internet.
The requirement to field ever-shrinking devices and keep costs minimal drives limited budgets for device security. IoT devices frequently have weak or no encryption, and they have no means of receiving patches or life-cycle support.
For remotely installed devices, such as those on the smart grid, additional challenges such as timely battery replacement and lack of shielding from unwanted RF energy make them particularly vulnerable to energy depletion attacks.
Battery-powered network devices have low energy budgets, and development of very-low-cost, long-duration batteries has not kept pace. Adversaries can exploit this Achilles heel as an attack vector, draining devices in a matter of hours. Exhausting enough nodes in a network can disrupt, disable, and even shut it down.
A jamming attack hits a device's physical layer and most directly affects it, by keeping it in a listening mode or by causing retransmission that drain its battery. Once an attacker meets the EW link equation (proximity versus power), it can extend the duty cycle, making the device stay on.
Attackers can exploit the media access control (MAC) layer with a ghost attack. Garbage messages sent over the device's RF channel force it to keep authenticating them and remain awake.
Adversaries are aware of these interdependencies and are moving out with integrated EW-cyber capabilities. One example is the Russian Orlan-10 UAV, which has been used to insert propaganda SMS messages directly to Ukrainian soldiers by impersonating cell towers and hijacking communications. This and other platforms can easily be modified to attack IoT devices with similar techniques and results.
It is time for our focus to change. We must put aside tribal concerns and focus on synergies. A good way to start is by launching a joint doctrine or multi-service tactics write that codifies existing best practices and explores new opportunities for collaboration. Another idea is a DARPA challenge to strengthen innovation with industry and academia. Finally, coming back to Congress, if the budget directs it, it will happen.
MORE FROM FORREST HARE: Defending Low-Key Cyberattacks Is No Less Urgent
About the author: Forrest Hare, PhD, is a solutions architect for SAIC, joining the company after retiring as a colonel in the U.S. Air Force. He is an adjunct professor at George Mason University and Georgetown University, where he instructs on national security policy for cyberspace. With William Diehl, PhD, his co-author and a professor of electrical engineering at Virginia Polytechnic Institute and State University, Hare recently presented on nonintrusive cyber weapons at the Cyber/Electronic Warfare Convergence Conference held by the Palmetto Roost Chapter of the Association of Old Crows.