Last week at the invitation of Dr. Derek Reveron, the EMC Chair in Maritime Strategy at the Naval War College, I participated in a panel discussion of Power Projection, and I chose to speak on the topic of the continuing relevance of the aircraft carrier--given that it continues to field an evolving air wing.
The always provocative Dr. T.X. Hammes and Dr. Erik Gartzke were my panel mates, and Dr. Jim Holmes of the War College was our moderator.
My portion of the chat begins at 18:30.
Tuesday, March 31, 2024
AEI/Heritage Project for the Common Defense (Navy and USMC) Weekly Read Board
Navy:
USMC:
Marine, Air Force Congress Wish Lists: About
$7.6 Billion
USMC:
6.
Marine, Air Force Congress Wish Lists: About $7.6 Billion (full
text below)
Marine, Air Force Congress Wish Lists: About
$7.6 Billion
By Roxana Tiron and Tony
Capaccio | March 23, 2024 05:04PM ET
(Updates with Air Force
list starting in first paragraph.)
(Bloomberg) -- The
Marine Corps has about $2.1 billion in needs that weren’t part of the fiscal
2016 Pentagon budget request, while the Air Force has a wish list of almost
$5.5 billion, according to documents the services sent to lawmakers.
Marine Corps priorities
include $1.05 billion for six more Lockheed Martin Corp. F-35B Joint Strike Fighters, $24.5 million for three Bell H-1
helicopters and $180 million for two Lockheed KC-130J aircraft.
For the Air Force, one
of the costliest demands is $1.2 billion for 13 Lockheed C-130J Super Hercules
transport aircraft as part of a recapitalization effort. The Air Force also
would need another $160 million for eight more General Atomics MQ-9 Reaper
drones.
The so-called unfunded
requirements list has been requested by the leaders of the congressional
committees overseeing defense. It gives the military services a second chance
to pitch programs the Pentagon hasn’t had enough resources to fund completely.
The other military services are also expected to send in their needs as
Congress starts writing next year’s defense bills.
“These programs
contained on the list would further enhance our combat readiness and
effectiveness should additional funds above those already requested in the
fiscal year 2016 president’s budget be made available,” General Joseph Dunford,
Commandant of the Marine Corps, wrote to the leaders of the House and Senate
defense panels.
The 2016 budget request
already includes funding for nine F-35B Marine Corps models; 28 H-1 helicopters
and two KC-130J aircraft.
The Pentagon’s official
budget request also includes 29 MQ-9 Reaper drones and 27 C-130 transport
aircraft, including versions for Special Operations and personnel recovery.
Other needs include
$23.3 million airfield security improvements at Marine Corps Air Station in
Cherry Point, North Carolina, and $11.7 million for an enlisted aircrew trainer
facility at Marine Corps Air Station in Miramar, California.
The Air Force listed
$132.3 million for the modification of engines for Boeing Co.’s B1-B bomber aircraft, $3 million for Lockheed F-16
fighter-jet cockpit modernization and $31 million for C-130J fuselage training.
Lawmakers have been
wrestling with defense funding for fiscal 2016 in light of the 2011 Budget
Control Act, Public Law 112-25, which caps national
security spending at $523 billion.
Both the House and
Senate budget blueprints to be considered this week include a proposed boost in
war funding that isn’t subject to the caps. The bills would provide $96 billion
for the overseas contingency operations fund, compared with the $58 billion
President Barack Obama requested for that war fund.
To contact the reporters
on this story: Roxana Tiron in Washington atrtiron@bloomberg.net; Tony Capaccio in
Washington at acapaccio@bloomberg.net To contact the editors
responsible for this story: Katherine Rizzo at krizzo5@bloomberg.netRobin Meszoly, Bennett
Roth
Friday, March 27, 2024
Observations on CS-21R
It’s taken me a few weeks to
find the time to finish reading CS-21R and write up my thoughts. Overall I
believe the document does an excellent job articulating how the Navy, Marine
Corps, and Coast Guard intend to ‘man, train, and equip’ in this era of uneasy
international peace, increasingly revisionist and adversarial great powers,
dramatic technological change, and American self-imposed fiscal paralysis. The
signals CS-21R sends regarding the importance of being prepared both materially
and intellectually for waging major maritime war are exemplary, especially in
the sense that our prospects for preventing such a war depend greatly upon that exact
preparation. Likewise, CS-21R’s discussions of how the cyber and
electromagnetic domains are central to modern warfare—and what steps the sea
services will take to ensure their readiness to fight in those domains—are
simply outstanding.
Strengths
Here are the items I found
particularly commendable:
- Continues 2007 CS-21’s emphasis on international maritime security cooperation. Restates importance of working with longstanding allies, building new partnerships with formally non-aligned states, and even cooperating with competitors where possible on enhancing the security of the global maritime commons. Recognizes allies would play essential roles in major maritime combat, and that further interoperability enhancements are therefore required.
- Cements ADM Greenert’s maxim of “Warfighting First.” Sends unambiguous message that fleet design, operating concept development, platform and system procurement, and force-wide training are to be focused on developing the capabilities needed for waging major maritime war.
- Strong emphasis on maintaining peacetime forward naval presence. Details specific forces that will be deployed (whether permanently or rotationally) in specific regions for certain peacetime missions.
- Addresses the global strategic changes since 2007 CS-21. Chinese and Russian behavior called out as major influences on CS-21R. Chinese and Russian maritime warfare capabilities are clear factors (to those versed in modern maritime warfare concepts, emerging defense technologies, competitors’ orders of battle, etc.) driving the required Navy capabilities and competencies outlined in the document.
- Clearly informed by the Joint Operational Access Concept (JOAC) and Air-Sea Battle/Joint Concept for Access and Maneuver in the Global Commons (JAM-GC). Heavy attention to measures for establishing/restoring/maintaining access to theaters of interest whether during peacetime or war. Advances idea that holistic ‘All Domain Access’ is a core Navy function on par with deterrence, sea control, power projection, and maritime security. Whether one agrees with it being a Navy function or not, it unmistakably indicates that Navy leadership is prioritizing development of capabilities, competencies, and operating concepts that will help overcome access challenges.
- Underscores expectation that future combat (especially in the event of major war) will occur under conditions of intense cyber-electromagnetic opposition. Articulates roles of cyberspace operations, electronic warfare, and command and control warfare in obtaining operational access as well as in defeating adversary forces.
- Articulates the minimum overall fleet size as well as the minimum inventories of major power projection combatant types needed to execute the Maritime Strategy (and by implication national grand strategy) in peacetime and war. Note, though, that this force structure is—by definition—likely right up against the strategic “tipping point” as defined in CNA’s March 2010 study of the same name. James Holmes thoroughly dissects exactly this point in an excellent piece at Real Clear Defense this week.
- Strategic deterrence emphasized as a principal Navy mission.
- Recognizes that projection of power ashore can represent all forms of national power; it is not just physical strikes or amphibious assaults.
- Recognizes that sea control is a precondition for performing power projection tasks.
- Expands details regarding how Marine Corps and Coast Guard will be employed to execute the vision as compared to 2007 CS-21.
“Must” Statements
It is quite revealing to look at
what CS-21R lists as imperatives. Unlike “Will” statements that pronounce
intentions, a “Must” statement implies requirements imposed on the sea
services. Of the five “Musts” in the document, three are directly related to
cyberspace operations and electromagnetic warfare:
- “Naval forces must have the resilience to operate under the most hostile cyber and EM conditions.” (Pg. 8)
- “…we must become more comprehensive in our offensive capability to defeat the system rather than countering individual weapons.” (refers to adversary long-range maritime strike systems, Pg. 21)
- “…the Navy and Marine Corps must maintain a fleet of more than 300 ships, including 11 aircraft carriers, 14 ballistic missile submarines (replaced by 12 Ohio Replacement Program SSBN(X)), and 33 amphibious ships, while the Coast Guard must maintain a fleet of 91 National Security, Offshore Patrol, and Fast Response Cutters.” (Pg. 27)
- “[Naval combatants] “must be complemented by reconfigurable platforms such as the Joint High Speed Vessel, National Security Cutter, and auxiliaries including Large, Medium-Speed Roll-on/Roll-off (LMSR) ships, Dry Cargo/Ammunition (T-AKE) ships, Mobile Landing Platforms (MLP), and the Afloat Forward Staging Base (AFSB).” (Pg. 28)
- “The electromagnetic-cyber environment is now so fundamental to military operations and so critical to our national interests that we must treat it as a warfighting domain on par with sea, air, land, and space.” (Pg. 33)
Concerns
There are countless views on
what CS-21R should or should not have contained, should or should not have
said, and so forth. You can’t fully satisfy everyone all of the time, myself
included.
In his comments on Bryan
McGrath’s ID post on CS-21R, John McLain (formerly
of OPNAV N51) talks about the numerous revisions that occurred while routing
the draft document up the chain and across organizations for review. I’ve done
my share of document development and routing, and I fully appreciate John’s
point: consensus generally requires tradeoffs and compromises on content. He’s
also quite correct that the process for developing a strategy, tracking its
implementation, communicating its ideas, and adapting it over time as the
strategic environment changes and lessons are learned is just as important as
what the product document actually says.
In hopes of contributing to the
next iteration of this process, I’ve listed my main critiques of CS-21R below:
- CS-21R seems to assume the reader already agrees with the assertion that forward naval presence is of vital importance to U.S. grand strategy. Though the document summarizes major benefits that flow from presence, it surprisingly does not go to the lengths previous publicly-released U.S. Maritime Strategies did to underscore the case. The 1986 publicly-released Maritime Strategy document was remarkably specific in explaining conventional deterrence’s dependence upon forward presence (examples: limited time available for mobilization, sheer distances to reach theaters of interest, immediate and short-term military balances in theater with emphasis on warfighting capabilities, and need for broad escalation management options). 2007 CS-21 did so as well, albeit to a lesser degree given the strategic environment of the time. The question of whether or not CS-21R should have been more detailed on this topic is not academic, as it is clear that many of America’s political leaders and opinion elites either do not appreciate what is at risk as forward naval presence (and domestic Coast Guard coverage) declines—or loudly refute these risks exist. I would argue that no good opportunity to increase the visibility of one’s case to those open to being convinced (especially by countering critics’ arguments) should ever be rejected.
- Despite exceptional discussions of how forward presence will be achieved despite insufficient force structure to meet full Combatant Commander demands, there is limited discussion of how this presence will trade against the rest of the fleet’s surge readiness (even if the 2011 Budget Control Act ceilings are repealed). The Optimized Fleet Response Plan is explained, but the issues it mitigates are alluded to rather than spelled out. A non-navalist reader might come away with the incorrect impression that there were no serious trades between forward presence and fleet readiness/reset.
- On that note, there is no discussion of the steps or resources needed to reset the fleet from the maintenance/manning shortfalls of the past decade and the more recent optempo crisis. This is one of the highest priority issues articulated in Navy leadership’s Congressional testimony as well as public statements, but it is surprisingly not addressed in CS-21R.
- CS-21R acknowledges conventional deterrence has requirements, variables, and implications that are distinct from those concerning nuclear deterrence. But unlike the publicly-released 1986 document or 2007 CS-21, CS-21R doesn’t connect how everything else it articulates is informed by basic conventional deterrence principles or otherwise promotes deterrence credibility. The discussions of how naval combatants support conventional deterrence is implicitly power projection-centric; the wording creates an impression that conventional deterrence centers on strike capabilities (and land-attack at that). The importance of sea control to deterrence by denial (examples: war at sea operations, protection of vital sea lanes for allies economic sustenance as well as reinforcement of our and their forward defenses) is overlooked. Additionally, CS-21R does not explain how the forces allocated to each theater of interest will support deterrence beyond simply ‘showing the flag;’ their latent warfighting roles within a theater deterrent are left implicit.
- Beyond platforms supporting strategic deterrence (SSBNs) or heavy conventional power projection (e.g. carriers, amphibious warships), it is left unclear how the rest of the fleet’s platforms trade against each other. SSN and LCS-FF acquisitions are arguably the Navy’s highest priority non-capital combatant programs right now per Navy leadership talking point emphasis, but neither is mentioned explicitly in that context. Nor is there any allusion to what will be sacrificed or what risks will be accepted to make those procurements possible. These considerations will become increasingly important in preparing U.S. maritime strategy for the fiscal pressures that will emerge during the final years of this decade and stretch into the 2020s…regardless of whether the 2011 Budget Control Act ceilings are lifted.
- CS-21R’s discussion of sea control recognizes that the condition reflects local margin of superiority, but it does not note that this condition is generally temporary. It also does not note that sea control is not something sought in and of itself, but rather is sought for discrete operational purposes.
- Strategic sealift is mentioned but its criticality is not underlined. America’s ability to wage war overseas depends on strategic sealift; this message should not be left implicit.
- Standing peacetime European maritime security and deterrence is clearly being left to European militaries, with contributions from the four BMD-capable DDGs in Rota and forces transiting through EUCOM en route to other theaters. This may be all that is possible given the U.S. Navy’s fleet size and the operational demands in East/Southeast/Southwest Asia. It is also likely consistent with current Defense Planning Guidance. It strikes me as odd, though, for this to be the case in the theater in which the risk of major war is presently highest and conventional deterrence credibility is accordingly most needed. In this light, it is even odder that the section defining how and why the Navy will achieve presence in the European theater does not mention the Russian threat at all (especially when Russian revanchism was mentioned in the global security environment section). Europe is primarily referred to as a bridge for projecting power into other theaters or as a locus for maritime security efforts; in other words a means to an end rather than a set of allies (and a representation of values) that we are committed to defend. Given the fact that European militaries (and especially navies) are struggling for funding and are already far less capable than the U.S. Navy, it is questionable whether this element of CS-21R will endure long if Russian coercion against NATO continues to increase. If this is the case, then there is a gap in CS-21R regarding how trades with presence/operational requirements in other theaters will be managed.
- The 1986 publicly-released Maritime Strategy was a product of the pre-Goldwater/Nichols era, and so its discussion of how the Navy would move pieces around on the global chessboard in a general war does not carry over into the Combatant Commander-dominant era in which CS-21R resides. But the 1986 document also explained how the Navy’s basic operating concepts provided specific means for achieving strategic ends in a generic major war. It outlined how each element of the fleet would operate together (as well as with Joint and allied forces) within combined arms campaign constructs. That’s still germane today under ‘man-train-equip,’ and it can be argued that it’s a crucial missing piece for justifying the force structure articulated by CS-21R as well as explaining to non-experts (and especially some critics) how a modern combined arms maritime force works.
o Example:
strike is the single explicitly articulated mission for aircraft carriers in
CS-21R, even though their roles supporting sea control are arguably just as
important. The caption addressing the E-2D Hawkeye’s role in the Navy
Integrated Fire Control-Counter Air concept (pg. 20) speaks indirectly to the
carrier’s central sea control roles; it is surprising that this was not echoed
in the document’s main body narrative.
o Example:
very limited discussion of how the sea services are supported by the Air Force
(beyond aerial refueling and intelligence/surveillance/reconnaissance) and the
Army (beyond Integrated Air and Missile Defense), or how the Navy supports
those services (beyond kinetic and non-kinetic fires, plus
intelligence/surveillance/reconnaissance). This could have been used to further
connect how CS-21R connects with JOAC and JAM-GC.
My critiques should not be
interpreted to detract from the exceptional work done by the CS-21R development
team. They have powerfully communicated the message that readiness to deter—and
if necessary wage—major war is once again America’s sea services’ paramount
priority. They have heralded the idea that 21st Century seapower
will depend in great part on the ability to fight in the cyber and
electromagnetic domains. They have upheld the notion that maritime security cooperation
remains central to the functioning of the international system.
Job well done.
The views expressed herein are solely those of
the author and are presented in his personal capacity. They do not reflect the
official positions of Systems Planning and Analysis, and to the author’s
knowledge do not reflect the policies or positions of the U.S. Department of
Defense, any U.S. armed service, or any other U.S. Government agency.
Wednesday, March 25, 2024
SASC Chair McCain Strong on UCLASS
The support of the SASC Chair for a stealthy(enough) penetrator means that both the HASC Seapower Chair Rep. Randy Forbes (R-VA) and Senator McCain (R-AZ) are firmly in the camp of those ( like me) who believe the Navy's professed preference for an ISR privileged UCLASS is the wrong choice (see here, here , here, here).
Of additional interest is McCain's advocacy in the letter of the Navy continuing to make use of the UCAS-D X-47B for testing and concept development. McCain cited the fact that after April, there would be no unmanned vehicles operating from carriers for several years.
This is a great first step. The carrier airwing MUST continue to evolve if the Navy is going to stay in the power projection business. Three additional enhancements to the airwing are required:
- The return of organic refueling capability--not just for the carrier air wing, but also for refueling of transiting land based vehicles.
- The return of a sea control aircraft capable of extended ASW and ASUW missions (a la the S-3B).
- And of considerable importance--a large, likely unmanned "truck" capable of carrying multiple, small, long range, weaponized UAV's. This vehicle would fly to less dense portions of an adversary strike/reconnaissance complex and disgorge its payload, which would form up with other similarly launched groups of vehicles to create a swarming mass of dozens or scores of vehicles to saturate an opponent's air defenses, in advance of other, larger, less stealthy but more powerful weapons time to arrive shortly after.
Tuesday, March 24, 2024
Russia Responds to Atlantic Resolve
Under Operation Atlantic Resolve, the U.S. has been rotationally deploying relatively small land-based force packages into Eastern Europe that are intended to signal American commitment to defending NATO’s boundary members against Russian aggression (while arguably also serving as deterrence tripwires). It's been pretty confusing trying to sort out what is being deployed where. Although last Thursday I noted the reported deployment of the 3rd Infantry Division’s entire 1st Armored Brigade Combat Team (BCT) to the Baltics, per the latest Atlantic Resolve fact sheet only a few hundred personnel and vehicles will actually be positioned in the Baltics. Furthermore, these vehicles will be consolidated with U.S. Army Europe’s prepositioned stocks in Germany at the end of the BCT’s deployment; they will not be left in the Baltics. According to LTG Ben Hodges, Commander of U.S. Army Europe, however, that does not preclude redistributing those vehicles to prepositioning sites in the Baltics or other Eastern European NATO members at a later date.
Russia’s
response to all this is hardly surprising or unexpected. From Agence France-Presse via Defense News last
Thursday:
Putin on Monday [3/16] ordered drills for more
than 40,000 troops in regions spanning the country, from the Arctic to the far
east to the volatile southern Caucasus, and ordered nuclear bomber jets to be
deployed in Crimea a year after its annexation by Moscow.
Russia's chief of the general staff, Valery
Gerasimov, said Thursday that the "number of troops taking part in the
exercises has gone up to 80,000, and the number of aircraft has increased to
220," quoted by RIA Novosti state news agency.
Troops in the western and central regions and
military aircraft were scrambled for exercises, Gerasimov said.
The drills are the latest in a succession of
large-scale military maneuvers that Moscow has ordered as relations with the
West have plunged to a post-Cold War low over the crisis in Ukraine.
"I've been
watching the Russian exercises...what I cared about is they can get 30,000
people and 1,000 tanks in a place really fast. Damn, that was impressive."
Conventional
deterrence by denial rests heavily on creating a perception that a fait accompli isn’t possible, or that
achieving one would be very costly and risky. This is why forward presence is
so critical to deterrence credibility. The challenge becomes even harder when
the adversary can mobilize and deploy an order of magnitude faster than the
defender can.
Pavel
Felgenhauer, a longstanding and often well-sourced Russian military analyst, notes at the Jamestown Foundation’s Eurasia Daily
Monitor that:
This week (March 16-21), the
Russian military began massive, “sudden” military exercises (“vnezapnaya
proverka”). The authorities initially announced that the “sudden exercises” are
intended to check out the battle readiness of Russia’s Northern Fleet and the
possibility of reinforcing it with forces from other military districts.
According to the Russian Ministry of Defense, 38,000 soldiers, 3,360 military
vehicles, 41 navy ships, 15 submarines and 110 aircraft are involved in the
exercise. The mass deployment of air and naval forces in the Barents Sea
practices ensuring the safety of Russian nuclear missile-armed submarines,
which have to be defended at all costs before they launch their hundreds of
nuclear warheads at the United States. The military plans to land marines and
paratroopers on the shore of the Kola Peninsula close to the Norwegian border
and on the polar archipelagos of Novaya Zemlya and Franz Josef Land.
According to a defense ministry
source, the “sudden exercise” was intended to send a message to the North
Atlantic Treaty Organization (NATO) that Russia is ready for war and can
counter with force the deployment of limited US and other NATO forces to the
Baltic, Romania, Poland and Bulgaria. Moscow, apparently, did not give Western nations
any prior notification about the exercise (Vedomosti, March 17).
Neither side has had experience with brinksmanship on par with the darker moments of the Cold War in over a generation. That does not bode well for crisis stability, to put it mildly.
--Updated 3/24/15 7:38AM EDT to correct typo in 6th paragraph--
The views expressed herein are solely those of the author
and are presented in his personal capacity. They do not reflect the official
positions of Systems Planning and Analysis, and to the author’s knowledge do
not reflect the policies or positions of the U.S. Department of Defense, any
U.S. armed service, or any other U.S. Government agency.
Monday, March 23, 2024
Honeypots: An Overlooked Cyberweapon
Most discussions of the use of ‘cyber’ as ‘fires’ supporting conventional forces focus on penetrating an enemy’s systems or networks to ‘see’ or manipulate what he ‘sees,’ disrupt or corrupt his communications, disable or damage select systems, and so on. However, there is no assurance that the specific system or network vulnerabilities attacks are designed to exploit will still be available when needed during combat. Vulnerabilities are discovered and patched all the time (though practically speaking, it is impossible to identify every single vulnerability that actually exists in a complex system). An adversary can also change his network topology or close off access points needed by the attacker at inopportune times. Lastly, an exploit is a precious thing: a single use may alert the adversary to a particular vulnerability and may even help the adversary discover new techniques or components that he can reuse in his own arsenal of exploits. Penetrative cyberattacks cannot be assured under all conditions, and may not be worth burning a relevant exploit under some conditions. This hardly means that they are impossible or not worth the costs. It does mean that we must be sober about their combat potential.
It is a given that adversaries will attempt their own wartime
penetrative cyberattacks on our military systems and networks. We generally
view this as a defensive problem. We often forget that their attacks can also
provide us with (passive) offensive opportunities.
Counterintelligence operations and military deception efforts
have long used the tactic of feeding disinformation to an adversary’s intelligence
collection apparatus. This generally involves knowing at least some of an
adversary’s preferred intelligence collection points as well as what kind of
‘evidence’ is best suited to sell the adversary the desired deceptive ‘story.’
Or if it isn’t clear how to convincingly sell a story, the deceiver can conceal
accessible ‘real’ information (or make it appear fake) by surrounding it with
‘haystacks’ of false information.
The tactic made a seamless transition into the network age
via the honeypot
concept. One of the earliest honeypot examples I know of dates back to 1986
when astronomer Cliff
Stoll populated one of the mainframes he administered at Lawrence Berkeley
Laboratory with entire
directories of fake files made to appear related to the Strategic Defense
Initiative to help entrap a KGB-sponsored hacker. Stoll had monitored the
hacker for quite some time, so he knew exactly what kinds of disinformation
would serve as ideal bait. As computing and networking technology has advanced,
so have the
honeypots (and honeynets).
Honeypots could be outstanding assets for helping to thwart
an adversary’s military surveillance and reconnaissance efforts. I outlined how
this might be done in my 2013 maritime
deception and concealment article; a peer reviewer suggested that I call
the technique “Computer Network Charade” (CNC) to line up with the Defense
Department computer network operations terminology of the time:
CNC
takes advantage of the fact that timely fusion of intelligence into a
situational picture is exceptionally difficult, even when aided by data mining
and other analytical technologies, since a human generally has to assess each
piece of “interesting” information. Once counterintelligence reveals an
adversary’s intelligence exploitation activities within friendly forces’
networks, CNC can feed manipulative information tied to a deception story or
worthless information meant to saturate. This can be done using the existing
exploited network elements, or alternatively by introducing “honeypots.”
Massive amounts of such faked material as documents, message traffic, e-mails,
chat, or database interactions can be auto-generated and populated with unit
identities, locations, times, and even human-looking errors. The material can
be either randomized to augment concealment or pattern-formed to reinforce a
deception story, as appropriate. A unit can similarly manipulate its network
behavior to defeat traffic analysis, or augment the effectiveness of a decoy
group by simulating other units or echelons. All this leaves the adversary the
task of discriminating false content from any real items he might have
collected… this
hypothetical CNC tactic is envisioned for the Nonsecure Internet Protocol
Router Network (NIPRNet) and perhaps also the Secure Internet Protocol Router
Network (SIPRNet). It is not envisioned for operational or tactical data-link
or distributed fire-control networks.
Regardless
of CNC method, it can be determined whether or not planted disinformation has
been captured by the adversary. The commonalities of CNC with many
communication-deception tactics are not coincidental. In fact, civilian mass
media, social networks, and e-mail pathways can also be used as disinformation
channels in support of forward forces.
CNC’s
relative immaturity means that its viability must be proved in war games,
battle experiments, and developmental tests before it can be incorporated in
doctrine and operational plans. CNC may well prove more useful for concealment
(saturating adversary collection systems and overwhelming decision makers with
sheer volume and ambiguity) than for outright deception. A potentially useful
way to estimate its combat efficacy would be to study historical cases of
equivalent communications deception. For example, in spring 1942,
U.S. naval intelligence used a false, unencrypted radio message about Midway
Island’s water-purification system to elicit enemy communications activity that
helped verify that Midway was indeed the Imperial Japanese Navy’s next target.
There is little conceptual difference between this episode and how CNC might be
used in the future. (Pg. 94, 111-112)
CNC (or whatever else you might prefer to call it) therefore
represents a form of anti-intelligence/surveillance/reconnaissance.
Another potential use of honeypots is to attack the
adversary’s warfare systems or military support infrastructure indirectly and
over time. As CFR’s
Adam Segal pointed out earlier this month, during the early 1980s French
intelligence granted the CIA use of a KGB defector-in-place to funnel
disinformation into the Soviet program to collect information on sensitive
Western technologies. This ‘Farewell
dossier’ not only led to the rolling up of the KGB’s technology transfer
operations against European targets, but also ended up inducing the Soviets to
use flawed designs and defective components in a wide range of military and
industrial systems. It
has long been rumored that a section of the Trans-Siberia oil pipeline
suffered a massive explosion in 1982 due to ‘tailored’ industrial control
software exposed to KGB collection assets.
Segal is absolutely correct about how Farewell could apply in
the network age. If a given opponent is striving to advance its national
technology base by stealing U.S. data, then it makes great sense to use
honeypots and honeynets to pump false information to the opponent. The
opponent’s use of such reverse-engineered technologies in his own systems could
create vulnerabilities the U.S. could exploit. Similarly, if an opponent’s
collections against U.S. military technologies are intended to find exploitable
vulnerabilities for use in the event of a crisis or war, then the U.S. could
disclose false vulnerabilities in order to induce the opponent to waste
precious resources developing and stockpiling worthless exploits. Even if
planted data was discovered by the opponent to be deliberately misleading, his
realization of the scale of the use of honeypots might cause him to doubt the
legitimacy of other 'true' data collected by his hacking and exfiltration
operations. The return on investment could be incalculable.
Honeypots and honeynets may not be as direct as penetrative
cyberattacks, and their effects would most definitely not be immediately
observable. All the same, they would likely be more available in war as they
would have the advantage of the adversary ‘running straight into the weapon.’
The nascent Long Range Research and Development Planning Program (LRRDPP) under
the ‘Third Offset Strategy’ initiative ought to encourage development of
technologies that could support creation of honeypots and honeynets that
exhibit highly realistic behaviors and can automatically generate massive
amounts of highly realistic but misleading, useless, or fault-laden information
while simultaneously distracting attention from a network's actual elements of
value.
The views
expressed herein are solely those of the author and are presented in his
personal capacity. They do not reflect the official positions of Systems
Planning and Analysis, and to the author’s knowledge do not reflect the
policies or positions of the U.S. Department of Defense, any U.S. armed
service, or any other U.S. Government agency.
Subscribe to:
Posts (Atom)