Why Integrated Electronic-Cyber Warfare Is Crucial

Why Integrated Electronic-Cyber Warfare Is Crucial

Adversaries are moving out with capabilities to attack IoT devices

11-06-2019
Forrest Hare
CYBER

Exemplified by articles in the Journal of Electronic Defense, there are still advocates for keeping the electronic warfare and cyberspace communities separate. Many who fight in the electromagnetic environment wish to remain apart from the cyberspace operations community. On the cyberspace operations side, there is an equally limited call for partnership or integration.

In fact, the congressional Electronic Warfare Working Group has made little mention of the interplay between electronic and cyber warfare in its requests to the Department of Defense for briefings and assessments, perpetuating a singularity of focus.

The sentiment against integration seems driven by culture and budgets rather than doctrine and physics.

On the electronic warfare (EW) side, the primary issues appear to be:

  • The preference to associate with the rated operations community and focus on integration with tactical combat operations.
  • The view that the cyber operations community is the "stay-at-home team," since it is less likely to be forward deployed.
  • The complex approval processes to employ cyber capabilities in a conflict that would hamstring the EW community.
  • The continuous fight for sustainment funding.

On the cyber operations side, the primary issues to be:

  • The imperative on rapid software development, which results in a continuous cat-and-mouse game between defensive operations, computer network exploitation, and offensive cyber operations.
  • The continuously adaptive pace of the domain, since the fight occurs 24/7 on a global scale.
  • The complex EW acquisition process that would hamstring cyber operators, since it is often tied to major weapons programs.  
  • The overtasking to improve cybersecurity, support combatant command operations, and now secure homeland defense, leaving limited resources to expand the community's vision.

While these issues continue to hamper closer integration, the cyber landscape continues to evolve in directions that compel the two communities to knock down stovepipes.

With billions of Internet of Things (IoT) devices to be in operation by 2025, the IoT will truly make cyberspace a ubiquitous and indispensable part of the nation's infrastructure. The DoD is also interested in improving situational awareness and real-time decision-making via the connected battlefield -- the so-called Internet of Battlefield Things (IoBT). Of importance to both the EW and cyber communities is that virtually all of these devices rely on radio frequency (RF) pathways to get to the Internet.

Potentially billions of IoT devices could be vulnerable to different types of electronic-cyber attacks.

The requirement to field ever-shrinking devices and keep costs minimal drives limited budgets for device security. IoT devices frequently have weak or no encryption, and they have no means of receiving patches or life-cycle support.

RELATED: Transforming Battlefields Into IoT-Enabled Domains

For remotely installed devices, such as those on the smart grid, additional challenges such as timely battery replacement and lack of shielding from unwanted RF energy make them particularly vulnerable to energy depletion attacks.

Battery-powered network devices have low energy budgets, and development of very-low-cost, long-duration batteries has not kept pace. Adversaries can exploit this Achilles heel as an attack vector, draining devices in a matter of hours. Exhausting enough nodes in a network can disrupt, disable, and even shut it down.

A jamming attack hits a device's physical layer and most directly affects it, by keeping it in a listening mode or by causing retransmission that drain its battery. Once an attacker meets the EW link equation (proximity versus power), it can extend the duty cycle, making the device stay on.

Attackers can exploit the media access control (MAC) layer with a ghost attack. Garbage messages sent over the device's RF channel force it to keep authenticating them and remain awake.

Adversaries are aware of these interdependencies and are moving out with integrated EW-cyber capabilities. One example is the Russian Orlan-10 UAV, which has been used to insert propaganda SMS messages directly to Ukrainian soldiers by impersonating cell towers and hijacking communications. This and other platforms can easily be modified to attack IoT devices with similar techniques and results.

It is time for our focus to change. We must put aside tribal concerns and focus on synergies. A good way to start is by launching a joint doctrine or multi-service tactics write that codifies existing best practices and explores new opportunities for collaboration. Another idea is a DARPA challenge to strengthen innovation with industry and academia. Finally, coming back to Congress, if the budget directs it, it will happen.

MORE FROM FORREST HARE: Defending Low-Key Cyberattacks Is No Less Urgent

 

Posted by: Forrest Hare

Cyber Operations / Solutions Developer

Forrest Hare works in the cyber practice within SAIC’s Strategy, Growth, and Innovation group, developing and implementing solutions for both cybersecurity and knowledge modeling for federal government customers. One of his primary focuses is on developing machine-readable, semantically computable knowledge models that integrate operations in all defense domains, including air, land, sea, space, and all components of cyberspace, such as the electromagnetic spectrum. He develops ontology-based knowledge models for defense intelligence to improve intelligence information for all-source analysis.

Hare joined SAIC after retiring as a colonel in the U.S Air Force. His last assignment was deputy center chief at the Defense Intelligence Agency’s Asia/Pacific Intelligence Center. Over his 28-year career in the Air Force, Hare had assignments in targeting, signals intelligence, information operations, and cybersecurity policy. While assigned to the Air Force headquarters staff, he was a member of the Air Force Chief of Staff’s cyberspace task force, which defined the service’s role in the cyberspace warfighting domain.

Hare, a Ph.D., is an adjunct professor at George Mason University and Georgetown University, where he instructs on security and technology, intelligence operations, and national security policy for cyberspace. He is also a member of the Open Cybersecurity Alliance’s Project Governing Board, which promotes open standards for cybersecurity products. Hare is a Certified Information Systems Security Professional.

Hare earned his bachelor’s degree in geography and economics from the U.S. Air Force Academy, his master’s degree in geography from the University of Illinois Urbana-Champaign, and his doctorate degree in public policy from George Mason University. He lives with his wife and dog in northern Virginia most of the time as well as in “ski-country” Colorado. He practices and instructs aikido and enjoys triathlons when there’s no snow.

Read other blog posts from Forrest Hare >

< Return to Blogs