April 4, 2008 9:18 AM PDT

U.S. reveals plans to hit back at cyberthreats

U.S. reveals plans to hit back at cyberthreats
Related Blogs

Air Force general invites geeks to the Cyber Command


February 11, 2008

"Eventually all of the [US] Army's networks will be Linux-based"


February 4, 2008

Air Force fighter to use speech recognition


October 17, 2007
The U.S. Air Force Cyber Command is developing capabilities to inflict denial of service, confidential data loss, data manipulation, and system integrity loss on its adversaries, and to combine these with physical attacks, according to a senior U.S. general.

Air Force Cyber Command (AFCYBER), a U.S. military unit set up in September 2007 to fight in cyberspace, is due to become fully operational in the autumn under the aegis of the U.S. Eighth Air Force. Lieutenant general Robert J. Elder Jr., who commands the Eighth Air Force's Barksdale base, told ZDNet.co.uk at the Cyber Warfare Conference 2008 that Air Force is interested in developing its capabilities to attack enemy forces as well as defend critical national infrastructure.

"Offensive cyberattacks in network warfare make kinetic attacks more effective, (for example) if we take out an adversary's integrated defense systems or weapons systems," Elder said. "This is exploiting cyber to achieve our objectives."

However, this is a double-edged sword, as adversaries will also attempt to develop similar capabilities, especially considering the U.S. military's heavy use of technology, said Elder.

"Terrorists and criminals are doing the same thing. We depend so heavily as a military on the use of cyber, we have to be cautious about it," Elder said. "Cyber gives us a huge advantage, but adversaries look at our capabilities and see areas they can undermine. We need to protect our asymmetric advantage--on the one hand by having people further exploit cyber, and on the other by having mission assurance."

This problem is made more pressing by the military's reliance on the public Internet to perpetrate cyberattacks. The infrastructure the U.S. military uses to both launch and defend against cyberattacks runs through the public Internet system. Military networks such as the Global Information Grid are linked to U.S. government and critical national infrastructure systems, which in turn are linked to the public Internet. Adversary systems are subverted by the U.S. military through public channels--however, this also leaves the U.S. military open to attack through the same channels, said Elder.

"The infrastructure on which the Air Force depends is controlled by both military and commercial entities and is vulnerable to attacks and manipulation," Elder said.

Other causes for military concern include possible supply-chain vulnerabilities, where vulnerabilities are introduced into chipsets during manufacturing that an adversary can then exploit, and electronics vulnerabilities.

"We need to make sure chips aren't manipulated--we're worried about information assurance just like everyone else," Elder said.

Other problems being faced by the Cyber Command are centered around different Air Force and military units needing to improve their channels of communication before the autumn.

"We have 10,000 people to do this, but the problem is they are stovepiped," Elder said.

"Stovepiping" has two complementary meanings. In IT terms it describes information held in separate databases which is difficult to access due to its multiple locations. In intelligence-gathering terms--the Eighth also serves as the U.S. Air Force information operations headquarters--"stovepiping" refers to information which has been passed up the chain of command without undergoing due diligence.

Elder said that, while he was satisfied with AFCYBER's covert operations capabilities and its demonstrable ability to remotely destroy missile defense systems, he wished to further develop its attack capabilities.

"IT people set up traditional IT networks with the idea of making them secure to operate and defend," Elder said. "The traditional security approach is to put up barriers, like firewalls--it's a defense thing--but everyone in an operations network is also part of the (attack) force. We're trying to move away from clandestine operations. We're looking for real physics--a bigger bang resulting in collateral damage."

U.S. Cyber Command also needs to develop the means to quickly pinpoint exactly where an attack is coming from, to be able to retaliate, and also to deter potential attackers.

"We haven't done a good job in the cyberdomain just yet," Elder said. "We have to demonstrate the capability to do (rapid forensics) then message that to our adversaries. For deterrence we have to clearly identify the attacker. We're working on rapid forensics to determine who the adversary is."

While cyberespionage was inevitable, said Elder, knowledge of the U.S. military being able to pinpoint the source of cyberattacks could deter assaults on critical national infrastructure that use Supervisory Control And Data Acquisition (Scada) systems.

"We're not going to deter cyberespionage, but we might be able to deter attacks on Scada networks," Elder said.

As well as developing forensics tools, Cyber Command is coding tools to check for incursions, including a "Cyber Sidearm", which will monitor activity on the Combat Information Transport System--the U.S. Air Force cybernetwork.

"We've been working to get the functionality built--we're supposed to have it in the next couple of months," Elder said.

U.S. Eighth Air Force said it was seeking partnerships with both public- and private-sector organizations to "secure cyberspace." The Department for Homeland Security's Strategy to Secure Cyberspace includes establishing a public-private architecture to gauge and respond to cyberthreats, and increase information-sharing between public- and private-sector organizations and the military.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
adversary, cyberthreats, cyberattack, military, supply chain

12 comments

Join the conversation!
Add your comment
Truth Justice and the American way
I have a target that is sapping the productivity and profitability
of large segments of the American economy: the spam industry.
Well beyond the threat posed by Chinese and Russian equivalent
of the 8th... is the daily effects of our friends pushing
mortgages, viagra, teen porn, pirated sw, and body
enhancement products.

Can we get the Pentagon to hone their skills on this aspect of
the Internet first? I mean, if they are going to conduct a cyber
Iraq, this time let's give them ample opportunity to plan out all
the contingencies after the initial shock and awe (or was that a
political blunder that caused the mess we're in, and the
Pentagon was ignored with their post-shooting plans?).

Clearly there has to be some kind of planning for this kind of
warfare. We can't leave the security of the free world up to
Microsoft and Symantec, can we?
Posted by afterhours (215 comments )
Reply Link Flag
Re: "Clearly there has to be some kind of planning
... for this kind of warfare. We can't leave the security of the free world up to Microsoft and Symantec, can we?". Not really, Sometimes no plans are really good plans. What if being in the Middle East is more like not having to start preparing to go in twenty five - fifty years from now; then, the children, grand children and great grand children might ask themselves why on Earth their fore-parents did not make it easy for them. There is a saying: Failing To Prepare Is Preparing to Fail!
Posted by Commander_Spock (3123 comments )
Link Flag
Too much sense.
You're trying to make sense of the situation. The gov't doesn't want a "new" task to accomplish. That'd be stupid. It would require them to work and would enable the quality of their work to be fairly judged. haha - that's ridiculous! This isn't about helping out the citizens. This is about the air force grubbing, scaremongering, and/or saying whatever is necessary to increase their budget and give them more power. They'll say whatever is necessary and beyond. Solve a real problem? haha - just ****, pay more taxes, pay no attention, and whatever else you do FEAR WHOM WELL TELL YOU ARE TERRORISTS BECAUSE THEY'RE EVERYWHERE INCLUDING UNDER YOUR BED.
Posted by scdecade (329 comments )
Link Flag
"The U.S. Air Force Cyber Command" Huh!
Since there is the U.S Space Command... when will the U.S. Space Command's own unit be ready to move to battle station.

Two To Beam Up Scotty!

Commander_Spock.
Posted by Commander_Spock (3123 comments )
Reply Link Flag
Get your facts straight
US Space Command ceased to exist a number of years ago. It was replaced by US Strategic Command
Posted by Radarwizard (1 comment )
Link Flag
Where is the rest of DOD in this conversation
Anyone notice all of the Air Force propaganda lately regarding cyberspace? Also notice no mention of any other services or DOD agencies? Reason is the Air Force is going against the rest of DOD in this arena, my guess is they are fighting for future relevance and funding. Air Force, please explain!
Posted by htc96 (2 comments )
Reply Link Flag
Re: "Where is the rest of DOD in this conversation"
If there are not "energy" resources (petroleum, hydro-power...) to power the "systems" one hundred or so years from now what will the scenarios be then. Therefore, where are the "economists" with their "economic projections" for the world one hundred (100) or so years from now. Wow! ;-)
Posted by Commander_Spock (3123 comments )
Link Flag
The Air Force has control over this arena because we are not concerned with "ground pounder" activities. Simple as that.
Posted by ckurowic (447 comments )
Link Flag
this not the infomation super highway its the advertisement interactive media and the will do what ever they please with your private data theres not much differance between US and THEM
Posted by hemidog 990 (1 comment )
Reply Link Flag
Your comment was incoherent, hemidog. And what else should I expect with someone who swears allegiance to a power plant whose "efficiency" is 9 miles per gallon.
Posted by ckurowic (447 comments )
Link Flag
I am in the U.S. Air Force and found most of these comments not only ignorant, but insulting as well. None of you have any idea what we are all about do you? I suppose I should not be upset with what a few mindless, senseless, and ungrateful forum posters have to say.
Posted by ckurowic (447 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.