Skip to main content

Posts

Cyber Warfare, Asymmetric Advantage, and Limiting Factors

According to The BBC the DPRK successfully hacked the Republic of Korea’s Ministry of Defense. This includes contingency plans developed with the US.

Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.

Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.

The compromised documents include wartime contingency plans drawn up by the US and South Korea.

They also include reports to the allies’ senior commanders.

The South Korean defence ministry has so far refused to comment about the allegation.

Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.

This type of cyber warfare, specifically an act of espionage in the cyber domain, provides the DPRK with an asymmetric informational advantage. This advantage creates a limiting factor for the ROK, the US, and their allies in attempting to deter the DPRK’s actions and activities. A limiting factor is defined in Joint Publication 1-2/Department of Defense Dictionary of Military and Associated Terms as:

A factor or condition that, either temporarily or permanently, impedes mission accomplishment. (from Joint Publication 5-0/Joint Operational Planning)

If the reports about this hack are correct, the US’s military options, which were already constrained by the physical and human geography of the Korean peninsula, have now been further narrowed by enemy action. While US military planning is continuously updated with plans and sequels being adjusted as needed, they are usually based on a consensus understanding of the potential operating environment. This includes an understanding of the challenges and opportunities that arise from everything from the political to infrastructure to the geography of where the US may have to deploy military forces. What the DOD planners will have to do now is go back and review the consensus that the contingency plans were based on to determine if they have the operational space to develop new plans for the same potential operating environment that both achieve the same strategic effects and are significantly different enough to neutralize the asymmetric information advantage that the DPRK now has.



Senate Armed Services Committee on Cyber Security Threats/Russian Hacking of the US During the 2016 Election

Sorry for delay on this, but the Senate Armed Services Committee has just concluded its hearing on cyber security threats, including the Russian influence, desinformatziya, and kompromat operations during the 2016 US elections. Here’s the link to C-SPAN’s video where you can watch the whole thing. And here’s a video embed:

And yes, I know this is the Fox News Youtube feed/embeddable feed. It’s the only one I could find.



The Maskirovka Slips VIII: My Real Fear (Updated)

intel-cognitive-maskirovka-doctrine

(Updated below)

I wasn’t going to do my next Maskirovka post until Sunday night, dealing with the NY Times article about Russian cyber operatives placing evidence of child pornography on their targets computers as part of kompromat operations. But the news that broke earlier this evening, as well as the previous posts and comments, have made me decide to put one up. Specifically my real fear of the true scope of the Russian cyber influence operations. I cannot prove what I’m going to write, it is simply speculation, but it is informed speculation.

My real fear of the Russian cyber kompromat and influence operations is not just that they hacked the DNC, the DSCC, the DCCC and John Podesta’s emails. Nor is it that they then, as Malcolm Nance has stated, modified some of those emails before using Wikileaks to distribute them in pursuit of compromising the Clinton campaign to both sow chaos and make American democracy look chaotic and unappealing and, as has now been reported, install Donald Trump as the President. Rather it is that the Russians used their cyber operatives to hack both the Democratic and Republican parties, including the RNC, Republican Senatorial Committee, Republican Congressional Committee, and various elite and notable GOP members. Both David Corn and Kurt Eichenwald have reported evidence that the President-elect himself was the subject of a kompromat operation, though it is unclear if it was successful.

While it is now well documented that the Russians publicly compromised the Democrats, my real fear is that they’ve privately compromised the Republicans. By doing so they not only make America look bad, and the idea of liberal democracy, both of which are among Putin’s strategic objectives. But they also have leverage and influence over the GOP – the party that now controls both chambers of Congress, the Presidency, and a majority of state legislatures and state houses. Russia has believed that it is in a new Cold War with the US for well over a year. What better way to get an advantage by publicly compromising one political party in the US and privately compromising the other? And this is my biggest fear over the Russian cyber based influence operations in the 2016 Presidential election.

Based on what the Washington Post reported this evening, we are in a cyber war, if not an outright one. And while there has been much discussion as to what war in cyberspace looks like, we had better get in gear and get real serious about moving from concept to doctrine to reality very quickly. All that remains to be seen now is what, if anything, is done in response.

Update at 12:40 AM EST

The New York Times has now reported that Russia did indeed hack the GOP, they just did not release the information. So we do appear to have a public Russian kompromat of the Democrats and a private Russian kompromat of the Republicans. The only question that remains to be seen is what the Russians are leveraging their private kompromat of the Republicans for.

WASHINGTON — American intelligence agencies have concluded with “high confidence” that Russia acted covertly in the latter stages of the presidential campaign to harm Hillary Clinton’s chances and promote Donald J. Trump, according to senior administration officials.

They based that conclusion, in part, on another finding — which they say was also reached with high confidence — that the Russians hacked the Republican National Committee’s computer systems in addition to their attacks on Democratic organizations, but did not release whatever information they gleaned from the Republican networks.

 



The Maskirovka Slips

intel-cognitive-maskirovka-doctrine

(Maskirovka Principles)

Newsweek‘s Kurt Eichenwald has just broken a story pertaining to Russian Intelligence’s hacking, forging, and/or altering documents to influence the US election in collusion with Wikileaks.

Of course, this might be seen as just an opportunity to laugh at the incompetence of the Russian hackers and government press—once they realized their error, Sputniktook the article down. But this is not funny at all. The Russians have been obtaining American emails and now are presenting complete misrepresentations of them—falsifying them—in hopes of setting off a cascade of events that might change the outcome of the presidential election. The big question, of course, is why are the Russians working so hard to damage Clinton and, in the process, aid Donald Trump. That is a topic for another time.

For now, though, Americans should be outraged. This totalitarian regime, engaged in what are arguably war crimes in Syria to protect their government puppet, is working to upend a democracy to the benefit of an American candidate who uttered positive comments just Sunday about the Kremlin’s campaign on behalf of Bashar al-Assad. Trump’s arguments were an incomprehensible explication of the complex Syrian situation, which put him right on the side of the Iranians and Syrians who are fighting to preserve the government that is the primary conduit of weapons used against Israel.

So no, Mr. Putin, I’m not Sidney Blumenthal. And now that you have been exposed once again, get the hell out of our election.

As I wrote back in July, we are in a cyber war, which is part of the new cold war that we find ourselves in.

I’ll have more on some of the current US-Russia impasse (hopefully) in regard to Aleppo tomorrow.


We Are at Cyber War! So What, Exactly Do We Do About It?

As more information is released about the hack on the DNC servers – and I don’t mean the dribbling out of emails with people’s personal identifying information (PII) at Wikileaks – it is becoming much, much clearer that the attacks were broader and deeper than originally estimated. As has been reported, the FBI is investigating the attack as an act of cyber espionage. Specifically, that the hack is a Russian Intelligence cyber operation and US government officials have begun to speculate that it was done to impact the upcoming Presidential election in a manner preferred by the Russian government and Vladimir Putin. This has also been suggested by Clinton campaign officials. CNN has reported this morning that the DNC was warned by US government officials of the weakness of their system during a time period when similar attacks were being made against the White House and other US government systems. Russia seems to be intensifying its attacks against US cyber systems similar to state sponsored active measures used to achieve political effects:

“The release of emails just as the Democratic National Convention is getting underway this week has the hallmarks of a Russian active measures campaign,” David Shedd, a former director of the Defense Intelligence Agency, told The Daily Beast. Shedd said that additional leaks were likely, echoing an opinion expressed by U.S. officials and experts who said that the release of emails on Friday may just be an opening salvo.

It is important to note that despite the compelling, but circumstantial case that Josh Marshall has laid out at TPM, that Putin’s preference for a Trump Administration may be solely rooted in the simple fact that Trump has long espoused views about American involvement in the global system that overlap with Putin’s understanding of Russia’s interests and his strategy for achieving them. In 1987 Trump spent about a $100,000 to pay for ads in several major newspapers attacking the Reagan Administration for allowing our allies and partners – NATO and non-NATO – for taking advantage of us and not treating us fairly. You can see a copy of the ad below:

image1

Trump’s anti-NATO and anti other alliance position is not something that he just adopted last Fall or because one of his advisors with ties to Russia suggested it. Rather it is a very long standing position of his and I’m not sure anyone knows how he came by it. Given two candidates for President of the United States, one who has expressed a willingness to be somewhat more hawkish than the current President in US-Russian relations and the other who has, for at least 30 years, held the position that the US is being taken advantage of by its NATO allies, as well by its non-NATO allies  and partners, it would make sense that Putin would prefer the latter to the former as the next President of the United States. In the most basic terms: Trump has long held views that Putin shares, Putin is smart enough to know this, therefore Putin using his resources to independently try to assist Trump would make perfect sense. Given what we know of both men’s long standing preferences on US involvement with NATO and other alliances there is no need to go looking for dots to connect here on the affinity of one for the other on this issue.

What this leaves us with is a very important concern: what does the US do now to protect the integrity of its electoral system and election infrastructure. Dave Aitel, the CEO of Immunity Inc., in a very thought provoking guest editorial at Ars Technica, makes the argument that the Russian Intel hack on the DNC is very clearly an act of cyber war. And that it raises critical questions about the ability to safeguard the integrity of the upcoming election. Here’s an excerpt, but you should really click across and read the whole thing:

The US government has a decision to make here. If it does not come out strongly against this action by the Russian intelligence services now, then when will it? How is our election system not to be considered “critical infrastructure” that foreign governments are forbidden to interfere with, unless they wish to trigger a serious confrontation with the US? If hacking a presidential campaign and dumping its strategy on the Web is not interference and disruption of a critical institution, then what is? Should we wait until foreign operatives interfere with the primary process? Is the red line only to be drawn around hacking actual voting machines and changing the results?

Bottom line: the US must have an escalatory policy in place for this type of foreign interference. If we do not respond strongly to Russia’s actions in this election cycle, then we risk weakening our country’s deterrence and opening the door to future attacks, which may be even more disruptive to this country’s most fundamental democratic process—that of electing new leaders. Likewise, we should reach an agreement with other nations that we will not interfere with the nuts and bolts of their electoral processes, either. It’s either that, or we need to invest in robust cyber-protections for all presidential candidates at the federal level, stretching our already understaffed Secret Service.

People in the policy area often consider “cyberwar” actions limited to things that causes physical harm or casualties, or things that can replace a 500 pound bomb. But if you cannot manage your people, or protect the American economy, or elect a new President, you have lost a war.

Aitel’s editorial raises the important question: what do we do about this? We know that our electronic voting machines are vulnerable to hacking. Given that we decentralize our elections to the state and local level, we have 50 states and 3,144 counties that use different electoral systems, processes, and machines. This makes US elections highly vulnerable because there isn’t just one system that needs patching or one process that needs to be reviewed in regard to its security protocols be they cyber, personnel, or material. Florida and Utah have already seen cyber attacks on elections, elections processes/systems, or governmental processes/systems in those states.

One of the real concerns going forward, apart from embarrassing email chains with PII being posted on Wikileaks, is not just that Russian Intelligence can get in and look around and take information out of these systems in the US, but what happens if they decide to mess with what’s there? Voter registration information, voter donation information, electoral results, and more are all stored electronically. The next attack may not be interested in embarrassing staffers and causing a few days of reporting about what they wrote. Rather it might seek to remove voters from the rolls or change the reported results of an election in specific locations before they can be reported. And since our system is decentralized, securing all of it is going to be difficult and expensive.

I’m not a cyber expert. I have taught a course on cyber crime and cyber terrorism and supervised graduate research on these issues, but the technical side of this is not my bailiwick. That said the US, as Aitel identifies, has to respond. And here we are back to where I’m familiar: ends, ways, and means. The end state – the objective to be achieved – is deterrence against these attacks. This deterrence must take two different forms. The first is to get the best possible safeguards in place to protect the numerous and varied systems and processes in place at the Federal, state, and county level in the US. The second is to respond to Russia’s cyber attack in such a way that they get the point that they’ve gone to far and any future attempts will be dealt with quickly and harshly, but without causing an escalation of the cyber warfare or, even worse, moving the skirmish from the cyber domain into the actual Land, Sea, and Air domains. Again, I have no idea how this should be done, let alone what is even possible, but the objective has to fall within these two reinforcing dimensions of defensive and offensive deterrence. Ways and means are a bit tougher to estimate as so much of what is done in this arena is just not known even to the vast majority of people with clearances. We all joke about the NSA being unwilling to send us backups of our hard drives and/or complain that they’re probably listening to our calls, but this is what we have the NSA for! And several other agencies and departments of the US government and counterparts at the state level. The subject matter experts and technical specialists in these departments and agencies must be tasked to develop the ways and means to achieve these ends. Even if its just randomly turning the lights on and off wherever Putin is trying to sleep at any given time or making the meow mix theme song play on a repeating loop every time he turns on the TV, radio, or his iPod until he gets the message that the US can reach out and touch him in the cyber domain as well whenever it wants to.

The other thing that has to happen is that the news media needs to stay on top of this as an important, ongoing event to be investigated and reported on within this year’s election. Americans need to be kept fully informed that for once the often used, but seldom accurate, assertion that someone is tampering with a US election is actually true this time. Americans have been primed for decades to worry about voter fraud and vote tampering because of partisan efforts to use the almost non-existent threat of voter fraud, and the news media’s obsession with scandal, for partisan ends. Staying on top of this story, a story that is about electoral manipulation for a foreign power’s advantage, is right in the news media’s sweet spot.

It was interesting to watch Chris Matthews last night make a parallel comparison to the actual Watergate break in. He explained to his panelists that that was a physical break in on the DNC and this was a virtual break in. When Michael Steele correctly indicated that Watergate was really about the corruption of the President/Presidency, Matthews responded that this is about the corruption of electing a President. A lot of journalists, both reporters and commentators, came up during Watergate and view the news media’s reporting as a clear sign of how to do proper journalism. Many who came up after Watergate do as well – almost too much given the chasing of every possible shiny object as a potential scandal to be reported on creating the next Woodward, Bernstein, and Hersch and giving us “gate” affixed to everything. This story seems to be developing legs and the longer the news media stays on it, the better it will actually be for Americans and the upcoming election. It will keep the pressure on to secure our electoral systems and processes. And it could, if handled correctly, lead to long needed reforms to better secure these systems in the future in order to ensure that every eligible voter that wants to vote and does so, has that vote accurately counted and faithfully restored.



//