Network-centric operations are a foundation concept for the U.S. military strategy and probably homeland security. The workshop could focus on improving analysis of various aspects of network-centric strategies.
Some of our present and future adversaries represent Fourth Generation Warfare (4GW). How effective are network-centric operations against 4GW adversaries? Is the strategy more important than the network-centric capabilities?
Both national security and homeland security face these questions. In one case, we consider a squad of soldiers in Afghanistan. In another, we consider the police fighting urban gangs.
–Background Discussion
The website Fabius Maximus is an interesting source of information on 4GW. Fabius Maximus was a Roman emperor and his name is apparently used as a pseudonym by the blogger. A post dated today discusses the situation in Mexico, where the drug cartels have recently made hits on very senior officials in the federal police. There is speculation that Mexico could become a failed state and the process leading to state failure could spill over into the U.S. The article is at
http://fabiusmaximus.wordpress.com/2008/07/24/mexico-5/ <
http://fabiusmaximus.wordpress.com/2008/07/24/mexico-5/> and has links to several related articles.
From the MORS perspective, this article raises several points:
1. What is the best strategy for dealing with this threat? Is an approach analogous to the DoD concept of network-centric warfare appropriate? In my opinion, cyber capabilities are certainly a tool, but they are not a strategy.
2. DHS, a MORS sponsor, should be on the leading edge of countering this threat. What analysis does DHS need to formulate an effective strategy and determine the requirements for cyber support.
3. The probability of Mexico becoming a failed state are not low. The implications for U.S. security are serious. Should MORS focus more attention on this challenge and similar challenges, even if it means less attention on state vs. state conflict?
–
Issues
–
Among the factors that can map closely with vulnerbility, geography and other infrastructure are more relevant that most realize. In the case of Georgia most Internet links are via Russia, some are via Turkey and other neighbors- and topology counts!
New York Times
August 13, 2008
Pg. 1
Before The Gunfire, Cyberattacks
By John Markoff
Weeks before bombs started falling on Georgia, a security researcher in
suburban Massachusetts was watching an attack against the country in
cyberspace.
Jose Nazario of Arbor Networks in Lexington noticed a stream of data
directed at Georgian government sites containing the message:
"win+love+in+Rusia."
Other Internet experts in the United States said the attacks against
Georgia's Internet infrastructure began as early as July 20, with
coordinated barrages of millions of requests - known as distributed denial
of service, or D.D.O.S., attacks - that overloaded and effectively shut down
Georgian servers.
Researchers at Shadowserver, a volunteer group that tracks malicious network
activity, reported that the Web site of the Georgian president, Mikheil
Saakashvili, had been rendered inoperable for 24 hours by multiple D.D.O.S.
attacks. They said the command and control server that directed the attack
was based in the United States and had come online several weeks before it
began the assault.
As it turns out, the July attack may have been a dress rehearsal for an
all-out cyberwar once the shooting started between Georgia and Russia.
According to Internet technical experts, it was the first time a known
cyberattack had coincided with a shooting war.
But it will likely not be the last, said Bill Woodcock, the research
director of the Packet Clearing House, a nonprofit organization that tracks
Internet traffic. He said cyberattacks are so inexpensive and easy to mount,
with few fingerprints, they will almost certainly remain a feature of modern
warfare.
"It costs about 4 cents per machine," Mr. Woodcock said. "You could fund an
entire cyberwarfare campaign for the cost of replacing a tank tread, so you
would be foolish not to."
Exactly who was behind the cyberattack is not known. The Georgian government
blamed Russia for the attacks, but the Russian government said it was not
involved. In the end, Georgia, with a population of just 4.6 million and a
relative latecomer to the Internet, saw little effect beyond inaccessibility
to many of its government Web sites, which limited the government's ability
to spread its message online and to connect with sympathizers around the
world during the fighting with Russia.
It ranks 74th out of 234 nations in terms of Internet addresses, behind
Nigeria, Bangladesh, Bolivia and El Salvador. Cyberattacks have far less
impact on such a country than they might on a more Internet-dependent
nation, like Israel, Estonia or the United States, where vital services like
transportation, power and banking are tied to the Internet.
In Georgia, media, communications and transportation companies were also
attacked, according to security researchers. Shadowserver saw the attack
against Georgia spread to computers throughout the government after Russian
troops entered the Georgian province of South Ossetia. The National Bank of
Georgia's Web site was defaced at one point. Images of 20th-century
dictators as well as an image of Georgia's president, Mr. Saakashvili, were
placed on the site. "Could this somehow be indirect Russian action? Yes, but
considering Russia is past playing nice and uses real bombs, they could have
attacked more strategic targets or eliminated the infrastructure
kinetically," said Gadi Evron, an Israeli network security expert. "The
nature of what's going on isn't clear," he said.
The phrase "a wilderness of mirrors" usually describes the murky world
surrounding opposing intelligence agencies. It also neatly summarizes the
array of conflicting facts and accusations encompassing the cyberwar now
taking place in tandem with the Russian fighting in Georgia.
In addition to D.D.O.S. attacks that crippled Georgia's limited Internet
infrastructure, researchers said there was evidence of redirection of
Internet traffic through Russian telecommunications firms beginning last
weekend. The attacks continued on Tuesday, controlled by software programs
that were located in hosting centers controlled by a Russian
telecommunications firms. A Russian-language Web site, stopgeorgia.ru, also
continued to operate and offer software for download used for D.D.O.S.
attacks.
Over the weekend a number of American computer security researchers tracking
malicious programs known as botnets, which were blasting streams of useless
data at Georgian computers, said they saw clear evidence of a shadowy St.
Petersburg-based criminal gang known as the Russian Business Network, or
R.B.N.
"The attackers are using the same tools and the same attack commands that
have been used by the R.B.N. and in some cases the attacks are being
launched from computers they are known to control," said Don Jackson,
director of threat intelligence for SecureWorks, a computer security firm
based in Atlanta.
He noted that in the run-up to the start of the war over the weekend,
computer researchers had watched as botnets were "staged" in preparation for
the attack, and then activated shortly before Russian air strikes began on
Saturday.
The evidence on R.B.N. and whether it is controlled by, or coordinating with
the Russian government remains unclear. The group has been linked to online
criminal activities including child pornography, malware, identity theft,
phishing and spam. Other computer researchers said that R.B.N.'s role is
ambiguous at best. "We are simply seeing the attacks coming from known
hosting services," said Paul Ferguson, an advanced threat researcher at
Trend Micro, an Internet security company based in Cupertino, Calif. A
Russian government spokesman said that it was possible that individuals in
Russia or elsewhere had taken it upon themselves to start the attacks.
"I cannot exclude this possibility," Yevgeniy Khorishko, a spokesman for the
Russian Embassy in Washington, said. "There are people who don't agree with
something and they try to express themselves. You have people like this in
your country."
"Jumping to conclusions is premature," said Mr. Evron, who founded the
Israeli Computer Emergency Response Team.
Insert other issues here:
Current or Proposed Analysis Approaches
Insert analysis approaches here:
Comments (0)
You don't have permission to comment on this page.