The U.S. military understands it is already engaged in ongoing “peacetime” cyber conflict against state and nonstate opponents intending to harm the United States and its allies and partners. Various motives drive this conflict, and it takes many different forms, ranging from espionage and theft of intellectual property to what are effectively cyber privateering and piracy.
U.S. Cyber Command (CyberCom) was created as the combatant commander for this conflict in cyberspace and appears to be effective against the most devastating attacks. However, the problem of cyberspace attack extends deeply into the social, technological, and economic infrastructures of modern Western nations. Considering the potential impact, cyber vulnerabilities—most of them self-inflicted—appear almost overwhelming.
Yet, to some extent the U.S. military perceives its forces and systems to be partially immune from these “civilian” vulnerabilities, since it has “secure” communications, networks kept apart from the public internet, extensive encryption, (some) hardened and shielded electronics, and air gaps between weapon systems and outside digital threats. Vigilance by CyberCom and the military’s individual cyber commands against attack also contributes to this perception. But is it accurate?
Four Questions
Attacks in commercial cyberspace prompt four questions concerning the vulnerabilities of military systems. Some of these questions are being addressed within the Department of Defense (DoD) by the Defense Information System Agency (DISA) and the services. However, the scope of these vulnerabilities requires multiple answers and efforts to mitigate each concern.
The first question (1) is to what extent is the tradeoff of security for efficiency creeping into the military through the adoption of current business practices and from the small and inorganic threats that it routinely encounters in “peacetime” systems operations and maintenance?
The second (2) is whether the sum of the threats is so vast as to require the maintenance of a reserve force of less digital-dependent legacy systems to ensure the fleet can continue to fight in the highly cybered and electromagnetic spectrum-contested combat environment that will characterize a conflict against a technological near-peer adversary.
The implications of the previous questions lead to the issue (3) of whether there are so many digital threats as to prevent the U.S. Navy from successfully achieving the distributed maritime operations (DMO) concept on which it expects to anchor its future fleet architecture.
Finally, (4) in the quest to incorporate autonomous systems into the fleet and force, will the contested cyberspace and electromagnetic environment drive the United States toward autonomous systems that operate under the concept of mission command because it will be impossible to keep the ‘human-in-the-loop’ in a conflict against a technological near-peer?
Trading Security for Expediency and Efficiency
U.S. Naval Academy professor Martin Libicki shared his initial thoughts on cyber vulnerabilities throughout society by explaining his initial unconcern in 1991. “I was confident,” he writes, “that the threat from cyberspace could be contained, in part because I believed that people, aware of the threat, would not willy-nilly connect critical systems (such as those that supply electric power) to the Internet. I was wrong.”1
“Willy-nilly” is a quaint way of describing what was done, and not done. Cyber vulnerabilities were accepted for the purpose of expediency. In the commercial environment, these vulnerabilities result from the desire to maximize profit. As one company used interlinked information technology to reduce costs, their competitors soon followed. Protecting networks against threats that may never materialize cuts into profits. In the consumer environment, vulnerabilities result from the desire for convenience. Electronic banking certainly saves physical trips to the bank but opens accounts to cyber theft. In open democracies, these desires create disadvantages for competition in “great systems conflict.”2
In the search for efficiency, the U.S. military has adopted business practices involving a heavy dependence on cyberspace. One reason the military views itself as partially immune is that it believes these practices are confined to administrative and maintenance functions. However, both administration and maintenance affect the integrity of operational systems. Penetration into networks can start small, but then spread into more complex nodes. Technological near-peers may decide to avoid the risk of exposure by limiting their attempts to directly penetrate major military systems, leaving that to proxy hackers. Rather, they would logically focus on smaller targets—the supply chain for military parts, for example.
Consider the potential effects of a hack into parts manufacturing that simply adjusts specifications by a nearly undetectable measure. Perhaps the change in specifications is so slight as to have no initial effect on the overall system. However, over time operating stresses on the compromised part might cause it to fail catastrophically at a critical moment. One can assert that such a part—particularly a vital one—would be thoroughly inspected prior to insertion. But what if the defect is so small as to require specialized (meaning expensive and logistically difficult) inspection? What if the part is provided via just-in-time delivery methods (which themselves can be hacked and tracked) for inoperative systems that are required to operate immediately? How thorough can an inspection be?
Small and Inorganic Threats
To facilitate the accounting of weapons into and out of storage and avoid the time consumed by personnel filling out paper forms, many U.S. Army and Air Force units elected to embed radio frequency identification (RFID) in their small arms weapons. However, once in the field, hackers demonstrated the ability to detect the weapons from 200 feet using homemade equipment. Thus, the DoD has wisely limited the use of RFID weapons. (The U.S. Marine Corps rejected the idea from the start.) Nevertheless, it is possible that similar cybered administrative programs could produce operational vulnerabilities.
Consider the visit of U.S. warships to overseas ports. Assigning ships to ports is considered more of an administrative function—after all, these ports generally have the infrastructure to satisfy the needs of the ship. In the past, warships often shut down their electric generators to do maintenance or reduce the burden on the crew and allow for shore leave. This necessitates connecting the ship to the local electrical grid. If a host country’s electrical system is compromised, there is the potential for introducing the equivalent of malware into a ship. This can be termed an “inorganic” threat since the origin is outside the ship and it is not necessarily tailored to attack a particular weapons system which, by itself, might be hardened. Although the ship may have previously isolated its systems from compromise while operating at sea, it is now vulnerable through a third party ashore.
Although mitigating steps might be taken—the electrical plant could be kept online, the host nation electrical cabling could be tested, resources could be spent to harden all the critical ship systems—these actions require planning, time, and money. The real problems occur when the host nation’s integrated utilities are completely compromised, allowing attackers multiple avenues of entry. Perhaps the national wireless communications system has been penetrated. Cell phones of the crew connecting to the local network would be a potential danger. Is the only solution not to have port visits? What effect will that decision have on potential partner nations?
Cyber Vulnerabilities and Survivable Systems
Current DoD wisdom is to dispose of such legacy systems to eliminate maintenance to free funds for new acquisitions. From this perspective, such legacy systems simply cannot survive on the modern battlefield (or oceans). They also make fine targets (usually stationary) for testing U.S. weapon systems.
However, given the vulnerabilities, it is uncertain whether the most highly digitized/cybered systems can themselves survive on the modern battlefield in a conflict between technological near-peers in which cyberspace and the electromagnetic spectrum will be contested.3 The greater the dependency on wireless communications within the system itself, the greater the need for communications with remote offboard sensors or controls, and the greater the system needs to report its equipment status, the greater the opportunity for cyber/electromagnetic penetration.4 Many modern systems are designed to wirelessly transmit maintenance data to centralized support centers ashore. Hopefully, such transmissions can easily be shut down in war. Even systems that download maintenance information via wire following a mission, such as the F-35B Lightning, store that information in cloud computing, which is vulnerable to interception.
All defense acquisition programs are now required to have a cyber protection plan to mitigate cybered threats to program management, systems design, and supply chain. However, these are focused on mitigation of possible penetration of initial system acquisition. Even in the cases in which these plans are effective—and many are, in reality, but risk assessments—they cannot guarantee protection during the life of a system that has periodic program updates, installation of new combat systems, and the addition of commercial systems, such as low-cost navigation radars, etc.
The most survivable system is the one that remains least vulnerable, or most resilient in dealing with vulnerabilities. This is particularly true of systems that must operate forward, closer to the opponent’s means to conduct the fight in the electromagnetic spectrum. It is now time to examine whether legacy systems might be more survivable in a cyberspace and electromagnetic spectrum–contested environment.
Distributed Maritime Operations
Could these vulnerabilities prevent the U.S. Navy from achieving its goal of distributed maritime operations (DMO), the concept that is expected to drive fleet architecture?
Vulnerabilities within individual platforms start with the digitalization of naval architecture and ship design—plans of which are inevitably shared between the designers via cyberspace. They expand via the automated nature of the materials and parts supply chains, which also rely on cyberspace for the transmission of information.
The vulnerabilities continue to expand if a widely distributed fleet depends on long-haul wireless communication (as it would be under DMO). These communications may be with a highly digitalized maritime operations centers (MOCs) ashore, which themselves might be hardened, but are literally surrounded by a vulnerable and no doubt penetrated civilian utility infrastructure.
To prevent penetration of its networks via its long-range wireless communications, the Navy may have to retain its current, less-distributed battle group concept of operations to allow ships unfettered communications via local networks using line-of-sight UHF signals, or through retransmission nodes by unmanned air or surface platforms. Without some assurance of communication under battle conditions, the overall distributed network will inevitably collapse into local networks—basically independent battlegroups.
Driven to Complete Autonomy?
The Department of the Navy has presented a number of fleet structure plans to the Secretary of Defense and Congress that call for a larger fleet made up of a mix of manned and unmanned ships. Yet, there has been no significant open discussion of the vulnerabilities. How will humans retain control over these systems in a contested and hacked environment?
Furthermore, how will the Navy (and DoD overall) ensure the security of the hundreds of thousands of lines of code created by contracted programmers? How will intrusion be prevented in the wireless networks that will provide both the sensor and commanded information to the unmanned systems? Can encryption keep pace with the measures/countermeasures nature of warfare?
Perhaps these vulnerabilities will literally drive the U.S. military to autonomy, and the half of the fleet that is unmanned will not be under direct control of “humans in the loop.” To overcome the vulnerabilities, autonomous systems rather will need to operate under the principles of “mission command”—sent out to operate independently and perhaps return to relay what they accomplished.5 This, of course, can be facilitated with developments in artificial intelligence (AI).6
Such would require policy changes in DoD. Moreover, such would require doctrinal changes in current naval warfare planning centered on fleet MOCs—perhaps moving us back to the realities of World War II unrestricted submarine warfare, in which the submarines were sent on patrol to sink enemy shipping with the group or fleet commander only aware of their success or failure when or if they came back. There are technical fixes to try—perhaps burst transmissions relayed via satellite to and from the autonomous platforms. If the burst transmissions can be localized by the enemy, however, the autonomous systems become easier targets. That is exactly how the (manned) Kriegsmarine submarines lost the battle of the Atlantic—through their communications.7
At the same time, artificial intelligence (AI) brings its own vulnerabilities. As Sun Tzu proclaimed, “all of war is deception.” Deception is a fundamental element of cybered conflict. However, the commercial AI community has not yet designed AI systems to detect deception in the data with which they depend. It will inevitably fall on the defense and intelligence community to determine (with their own funds and resources) how AI can deal with deception.
Little Hope for an Equal Field/Sea of Combat
What about potential U.S. Navy opponents; are they not vulnerable as well?
It is uncertain whether Russia successfully cut its domestic internet from the global web in tests in 2019 and 2021.8 What is certain is that Vladimir Putin’s Russia, the Chinese Communist Party, and other authoritarian governments have much greater direct control over their respective infrastructures. Undoubtably, the U.S. military (and allies) can penetrate the military networks of these states. However, their potential ability to isolate civilian cyberspace from the global network reduces the avenues of penetration.
In Western democracies, adopting methods by which civilian infrastructure can be hardened and made more resilient is not a choice within the purview of Western militaries, even if they are providing the first lines of cyber defense. What is within their purview is an examination of their systems, procedures, doctrine, and force designs to determine the vulnerabilities that could result in a conflict with a technological near-peer adversary. Without this, there is little hope for an equal field or sea of combat.
Perhaps adopting mitigation techniques or asymmetric choices might even tilt the field in the favor of the West. But in societies built on a world of cyber insecurity, the vulnerabilities of every future choice must be discussed. A good start would be for the Navy to examine and answer the four questions identified.
1. Martin C. Libicki, Cyberspace in Peace and War (Annapolis, MD: Naval Institute Press, 2016), 1.
2. Chris Demchak, “Achieving Systemic Resilience in a Great Systems Conflict Era,” The Cyber Defense Review 6, no. 2 (Spring 2021), 51–69.
3. This is the basic theme of the fictional novel 2034: A Novel of the Next World War by Elliot Ackerman and ADM James Stavridis, USN (Ret.) (New York: Penguin Press, 2021).
4. There are proposals for methods of determining whether military aircraft have been hacked. See for example Marcus Weisgerber, “New Tech Aims to Tell Pilots When Their Plane Has Been Hacked,” Defense One, 4 October 2019.
5. On a naval context, see Robert C. Rubel, “Mission Command in a Future Naval Combat Environment,” Naval War College Review 71, no. 2 (Spring 2018), 109–122; LCDR Graham Scarbro, USN, “’Go Straight at ‘Em’: Training and Operating with Mission Command,” U.S. Naval Institute Proceedings 145, no. 5 (May 2019); LT Matthew Connor, USN, “Mission Command Is Essential to Mission Success,” U.S. Naval Institute Proceedings 146, no. 4 (April 2020).
For a discussion of mission command in a U.S. Army contest, see COL James D. Sharpe Jr. and LCOL Thomas E. Creviston, USA (Ret.), “Understanding Mission Command,” Army; Donald E. Vandergrift, Adopting Mission Command: Developing Leaders for a Superior Command Culture (Annapolis, MD: Naval Institute Press, 2019). For a Joint Staff view, see Deployable Training Division, Joint Staff J7, Mission Command, 2nd ed., January 2020.
6. For a discussion of mission command and AI, see ADM Scott H. Swift, USN (Ret.), and Antonio P. Siordia, “Mission Command and Speed of Decision,” in Sam J. Tangredi and George Galdorisi, eds, AI at War: How Big Data, Artificial Intelligence, and Machine Learning Are Changing Naval Warfare (Annapolis, MD: Naval Institute Press, 2021), 135–149.
7. It must be acknowledged that signal intelligence was aided by the breaking of German naval codes, sometimes allowing the allies to know the planned operational locations in advance.
8. On the 2021 test, see “Russia Disconnects from Internet in Tests as It Bolsters Security-RBC Daily,” Reuters, 22 July 2021; “Russian Tests Way to Disconnect from Worldwide Internet,” Voice of America, 25 July 2021.