Insights

07
Apr 2016

Staying one step ahead in the cyber battlefield

 

Following on from last month’s article (http://www.trltech.co.uk/insights/cyber-convergence.aspx) , Vice President of L-3 TRL Technology, Steve Mason (http://bit.ly/1nji9IE) , gives his views on the issues raised by the convergence of electronic warfare (EW) and cyber technology.

Knowledge wins wars. Look back through history and you’ll find evidence of many conflicts being decided when one belligerent attained information their adversary didn’t have. When you combine this concept with modern advances in technology, the result is a rapidly evolving battlespace with data and information systems at its core.

Modern theatres of conflict are interconnected like never before. Every combat platform –airborne strategic intelligence, surveillance and reconnaissance (ISR) assets, tactical unmanned systems, even infantry soldiers – is a data node in this interwoven fabric, creating a battlespace version of the Internet of Things (IoT). 

Each node is an autonomous system – a stand-alone network of devices sensing, storing and sending their data. Huge amounts of information races through this system at incredible volume, velocity and variety, and combatants with the ability to analyse this deluge of data – while preventing their adversary’s ability to do the same – have an enormous tactical and strategic advantage. It also presents a significant threat, in that the nodes can become a target and source of information leakage – not to mention their reliance on radio links that are vulnerable to attack via conventional EW techniques. 

This new battlespace paradigm creates both enormous opportunities and crippling threats for modern warfighters.

COTS vs bespoke solutions

The investment in communication and computing technologies by commercial companies has overtaken military defence spending in these areas. This shift has created today’s mobile phone networks, smartphones and a proliferation of internet-based technologies – and this, in turn, has resulted in a global information infrastructure that is relied upon in times of conflict as well as times of peace. 

The innovation and speed of development of COTS (commercial off-the-shelf) technology now far outstrips the pace of military developments, providing adversaries with easy access to disruptive technologies.

There are significant cost savings involved in using COTS rather than developing bespoke military communication and computing systems, and contemporary fighting forces are under pressure to realise those efficiencies. But the use of COTS presents a wider attack surface that puts sensitive information or even combat systems at risk. Bespoke systems are the most secure, as they are far more challenging to system-characterise, vulnerability analyse and exploit. But bespoke systems are expensive and often lack the ease of use and low barriers to entry of COTS systems. The answer is to ensure that COTS systems are sufficiently hardened to cyber-attack in order to minimise their attack surface or use hybrid COTS/bespoke systems which does the same.

The importance of the electromagnetic spectrum

Traditional electronic warfare (EW) can be defined as:

“...any action involving the use of the electromagnetic spectrum or directed energy to control the spectrum, attack an enemy, or impede enemy assaults via the spectrum...”

There is a common defining factor in that definition: the electromagnetic spectrum. It’s easy to see why: systems can only be interconnected when there is a medium acting as the tether. In modern conflict, the radio frequency spectrum has been that medium. EW uses the electromagnetic (EM) spectrum to deny or degrade an adversary’s ability to transmit critical sensitive information. 

Jamming has been an important part of battle strategy for many years, and while modern jamming technology is complex at a high level, the concept remains simple: deliver enough energy onto the adversary’s frequency to deafen them. In this case, the spectrum itself is the target.

Contemporary EW exists in a more congested spectrum and requires a more sophisticated approach. Today’s spectrum can be a rich source of crucial situational awareness and knowledge of an adversary’s intent. Simple barrage jamming is now rarely effective, with adversaries simultaneously communicating via HF and VHF all the way up to 4G and beyond. It’s also vital to be aware of enabling blue-force communications, C2, C4 and ISR, while guarding against remote-controlled improvised explosive devices (RCIEDs). 

Today, it is important to combine jamming with monitoring, understanding and disrupting an adversary’s use of the spectrum using modern EW tools.

While EW is concerned with exploiting the spectrum, and primarily operates over the air, cyber aims to deny the adversary’s ability to employ its information or warfighting platforms at a deeper level. It seeks access to back-end systems or subsystems, to prevent them performing certain functions, to deny access to the system, to delete, obtain or replace data, or even to destroy the system itself. 

In this case, the spectrum is not the target, it’s the means of delivering the effect. The network or system behind the spectrum is the target.

Cyber: the fifth domain or the glue?

Modern militaries around the globe are starting to recognise cyber as the fifth domain of any theatre of operations. But cyber cuts across all domains of operation. It could be argued that cyber is less of a domain and more of a glue, binding together the four traditional domains – land, sea, air and space – and creating both opportunities and threats. 

Many consider cyber capabilities to be similar to nuclear, in that it could act as a deterrent to aggression and belligerence. Yet when you consider the challenge of attribution in cyberspace and the fact that hundreds of thousands of offensive cyber activities take place daily on the internet, it’s hard to argue the similarities. Cyber events are the new norm.

As well, some believe cyber capabilities will replace traditional kinetic capabilities. In the same way that air forces cannot take and hold ground, it seems absurd to assume that cyber alone could win in any battlespace. Rather than being a dominating force in its own right, cyber is a force multiplier for other military capabilities, and is best employed when synchronised with other, more conventional military effectors.

Integrating cyber into today’s battlespace

Embedding modern EW and cyber into the DNA of any fighting force will be a challenge, but not a new one. In the early 20th century, the military had to embrace the entirely new concept of waging war in the air, and while the integration of air warfare into military doctrine wasn’t without its challenges, it still happened. Cyber will be no different, and modern military forces are already beginning to incorporate cyber force elements into their training programmes to ensure a state of readiness when needed.

Modern EW and cyber capabilities also differ greatly from the more traditional warfighting capabilities of a modern fighting force. Using a cyber means to exploit an adversary’s network or system, gain unauthorised access, attain code execution and deliver some sort of cyber payload to that system doesn’t come in a box that can sit on the shelf and wait for it to be employed; these capabilities need to be constantly adapted to ensure that the user has a degree of assurance that the capability will perform its task when it is needed. 

The act of delivering a cyber payload over-the-air via radio-frequency bearers relies on contemporary EW techniques and capabilities, and it’s likely that tactical operations will continue to rely on specialist military units to deliver the effect. At a tactical level, traditional EW and cyber complement one another.

Yet synchronising cyber and kinetic activities is challenging. Gaining access to a targeted network or system can take days if not weeks – and after all that effort it could still be decided that it’s not a viable attack vector. This creates a challenge for theatre commanders who need freedom to manoeuvre in their battlespace. This can be mitigated to some degree by having detailed contingency plans, the outcome of which are constantly adapted so they are ready when needed.

Merged cyber and modern EW capabilities can deliver both tactical and strategic effects, giving warfighters a wider range of options. Take an intelligence, surveillance and reconnaissance (ISR) system, for example. An adversary might jam its command and control system, making it easier to shoot down; a tactical outcome.

Alternatively, they might use the ISR asset’s C2 channel to exploit the host airbase network, gain access to the base logistics system, and ensure that no fuel is delivered to the airbase in the run-up to kinetic activities, thus denying the adversary use of their entire ISR asset fleet – a strategic, theatre-wide outcome.

Developing capabilities for the future

The EM spectrum will remain a key medium for both cyber and EW capabilities, and therefore the ability to target a wide variety of systems using the EM spectrum remains vital. Having the capability to target – among others – WiFi, WiMax, 2G/3G/4G/5G systems, satellite-based communication or navigation systems, point-to-point ground-based communication systems, and bespoke C2 channels continues to be a developmental focus. Of course, as digital networks are seen to be vulnerable, agile adversaries may well revert to analogue HF and VHF communications that are less susceptible to cyber strategies, again highlighting the need for both EW and cyber capabilities. 

The line between where the internet ends and military systems begin is blurring. Modern military forces must embrace the concept of carrying out cyber operations via the internet, and developing future cyber or EW capabilities must span all lines of capability development.

Knowledge wins wars, and modern militaries who invest in constantly evolving electronic warfare and cyber capabilities – and know how to use them – will win every time.

About L-3 TRL

With 30 years of experience at the forefront of technological development, L-3 TRL is an official supplier to Her Majesty’s Government, and part of the Cyber Growth Partnership (CGP). Our cutting-edge, best-of-British technology is accredited and approved by CESG, and we have achieved two Queen’s Awards for innovation.

For more information, visit www.l-3com.com/trl