News: SPAWAR Leadership on Information Warfare and the Growing Cyber Threat
Story by Tina Stillions
SAN DIEGO - “Information Dominance will become a recognized warfare area on par with other traditional warfare areas and is becoming one of our most powerful assets,” said Space and Naval Warfare Systems Command (SPAWAR) Chief Engineer Rear Adm. James Rodman during a panel discussion on information and non-kinetic warfare and the growing cyber security threat.
“We need to look at the warfare arena differently,” said Rodman. “We need to know what arrows we have in our quiver and then define those non-kinetic elements so that we can treat them in a more level set environment.”
SPAWAR Commander Rear Adm. Patrick Brady echoed Rodman during his follow on keynote address discussing the importance of technical authority in information warfare during the 35th Annual C4ISR Symposium April 23-25 in San Diego.
“The value of a unified technical authority is that it helps us identify security gaps in our networks,” said Brady. “It creates better situational awareness, more resilient information technology (IT) architectures and standardized platforms so that we can gain a better understanding of the impact of cyber vulnerabilities on our critical warfighting systems.”
To support this cyber imperative and achieve power in an information warfare arena, a greater level of information sharing will be required.
As in the civilian world, the Navy continues to operate in a highly interactive environment regarding global networks, interconnected applications and services. To help combat the emerging cyber threat, the Department of the Navy routinely interacts with the other services, government agencies, allied and coalition partners, commercial organizations and universities to combat the security challenges faced in the world of networks, the cloud and cyberspace.
This is cyber warfare in the information age, a form of non-kinetic warfare on a virtual global battlefield that will change warfare as we know it. It is low-intensity warfare that is often systemic in nature, such as a hacker setting loose a virus on a network system. Though it may not cause an immediate and direct impact to loss of life, it can still wreak havoc on the lives of individuals and organizations that encounter it, including the Department of Defense (DOD).
SPAWAR Systems Center Pacific Commanding Officer, Capt. Joseph Beel reiterated by stating that warfighting is about effects.
“Whether there is a kinetic or non-kinetic effect to achieve, in the long run it is cheaper, less risky and better to use a non-kinetic effect,” said Beel. “Information warfare is really where you bring in the potential for non-kinetic effects.”
That kind of non-kinetic impact makes information warfare the ideal warfighting arena.
“When the United States went into Iraq in the 90s, if we wanted to take down the enemy’s air traffic control and defense systems, we could bomb them, which we did very effectively,” said Beel. “The difference today is that everything is so networked. With Information Warfare, the capability may exist to take them down by introducing a virus into some sort of cyber attack scenario, without risking bombers or sending people ashore for battle.”
The DOD makes more than one billion Internet connections daily and passes 40 terabytes of data. DOD networks are scanned and probed by cyber adversaries on average six million times per day, so identifying weak links and potential attacks can be a challenge. Many lessons have been learned over the years about the value of information sharing.
According to Rodman, had DOD been able to connect the dots more quickly prior to 9/11, some of the events might have been prevented.
“There is a tremendous need to make the availability of information seamless so that the warfighter can access it more quickly,” said Rodman. “To achieve that level of power, we need to find a better way of sharing information.”
The rapid elasticity of the cloud makes it a seductive choice; however, there is the potential for loss of privacy and an increased risk to security should information get into the wrong hands. Whereas in the past a threat was isolated to a single server system, a cloud-based environment makes it easier to compromise everyone, and all types of data hosted at a particular location are vulnerable on the back end of a breach.
The Navy frequently adapts commercial software for operational purposes; however, in doing so there is the potential for hackers to compromise systems, which could then threaten national security. Better training and certification of Navy IT systems and operators through a technically rigorour process is vital to combating that kind of threat, according to Brady.
“Technical authority’s focus on standardization and variance reduction makes it easier to certify systems and reduce the training burden on operators so they can focus on cyber warfighting,” said Brady. “SPAWAR’s technical authority initiative is instrumental to the Navy’s cyber posture and to our warfighting effectiveness in a non-kinetic environment. It puts SPAWAR in the lead to develop architectures and systems with built in defense in depth attributes.”
Though it can be challenging to identify or classify the typical cyber threat, most run the gamut from non-professional to nation-state sponsored hackers; sometimes it is an internal threat of lax security choices on the part of the IT user. Whether malicious or unintentional, the threat is never static and the complexity of today’s systems and networks presents significant security challenges for the Navy’s producers and consumers of IT.
“We have to look at information like we did with aviation when it first started in the twenties. If you look at how naval aviation evolved, we are in the stand up phase right now with regard to Information Dominance and information warfare,” said Rodman. “Because it’s still in its infancy, we have to examine it and determine how we will mature the warfare area. In some cases, we will see that we may be able to use information to destroy our adversary’s capabilities so that we never get to the kinetic part of warfare.”
Despite doubt about the potential for a digital Pearl Harbor, the threats are real and the potential for destruction great. The nation’s virtual and physical infrastructures fall under the national security umbrella and will require greater cooperation between industry and government to fight the growing cyber menace in the information warfare arena. Whether a virtual Sea Treaty is necessary or possible will depend largely upon the cooperation of a yet undefined population of information owners and those users who give up their privacy information freely in a virtual world. How that information is protected and defended will continue to evolve and will keep SPAWAR on the leading edge.
As the Navy's Information Dominance systems command, SPAWAR designs, develops and deploys advanced communications and information capabilities for the warfighter. With more than 8,900 acquisition professionals located around the world and close to the fleet, the organization is at the forefront of research, engineering and support services that provide vital decision superiority for the warfighter.