E-War Fare
Electronic Warfare: The Next Arena for Nation-State Conflict

Every day society becomes more reliant on digital tools and infrastructure. The world's primary infrastructure (financial, food distribution, health care, life safety, utility, transportation) is now reliant on a digital foundation. That dependence on a single system creates a powerful Achilles heal for the digital age, one that will become increasingly exploited in conflicts between nation-states.

While cyber-attacks sponsored by nation-states are not new there is an increasing trend in their frequency and impact. For example, in 2007, the former Soviet Block nation of Estonia decided to remove a Russian bronze statue from the center of their capital. Within days Estonia faced a massive denial of service attack originating from machines within Russia. [1] While the attack was technically unsophisticated it caused a major disruption in Estonia. With a fair amount of hyperbole, but none the less real concern, the speaker of the Estonian Parliament compared the attack to the devastation from a nuclear strike. [2]

Perhaps the most interesting trend in recent nation-state sponsored cyber attacks is
that their focus now includes civilian infrastructure. It seems that much like nuclear doctrine, states with cyber weapons are posed to launch both cyber counterforce (military targets) and countervalue (civilian attacks) attacks.

In the United States, a good deal of thought has gone into strategies and rules for electronic warfare. In 2007, the Joint Chiefs of Staff issued Joint Publication 3.13.1 that established the first set of rules for the planning, preparation, execution and assessment of Electronic Warfare. [3] The US Air Force seems posed to lead efforts to create offensive cyber-weapons. Just last week the Air Force Research Laboratory announced a new $11 million dollar effort to develop hardware and software to wage cyber-offensives. As Lani Kass, a special assistant to the Air Force Chief of Staff notes, "If you're defending in cyber, you're already too late."[4]

The Air Force clarifies its interest in this regards in their RFP calling for
"... white papers for various scientific studies and experiments to increase our knowledge and understanding of the broad range of capabilities required in support of Dominant Cyber Offensive Engagement and Supporting Technology, to include testing of prototype capabilities. Solutions to basic and applied research and engineering for the problems relating to Dominant Cyber Offensive Engagement and Supporting Technology are sought. This includes high risk, high payoff capabilities for gaining access to any remotely located open or closed computer information systems; these systems enabling full control of a network for the purposes of information gathering and effects based operations. Of interest are any and all techniques to enable user and/or root level access to both fixed (PC) or mobile computing platforms. Robust methodologies to enable access to any and all operating systems, patch levels, applications and hardware are of interest. Also, we are interested in technology to provide the capability to maintain an active presence within the adversaries' information infrastructure completely undetected. Of interest are any and all techniques to enable stealth and persistence capabilities on an adversaries infrastructure. This could be a combination of hardware and/or software focused development efforts.

Following this, it is desired to have the capability to stealthily exfiltrate information from any remotely-located open or closed computer information systems with the possibility to discover information with previously unknown existence. Any and all techniques to enable exfiltration techniques on both fixed and mobile computing platforms are of interest. Consideration should be given to maintaining a "low and slow" gathering paradigm in these development efforts to enable stealthy operation. Finally, this BAA's objective includes the capability to provide a varietyof techniques and technologies to be able to affect computer information systems through Deceive, Deny, Disrupt, Degrade, Destroy (D5) effects. Of interest are any and all techniques including enabling D5 effects to computers and their networks; integration of effects with Access, Stealth and Persistence and Cybint capabilities; command and control of effects; and determining effects' link to operational impact. In addition to these main concepts, we desire to have research efforts in the supporting areas including (but not limited to): Information Assurance through Flattened Computer Architectures in special application/user environments; NGPSec: Secure Next Generation Protocol Suite to investigate feasibility and determine whether reinventing the network protocol stack can be done and the resulting success quantified; Proactive Botnet Defense Technology Development specifically as applies to new ideas/concepts for practical application; Carbon nanotubes for high density interconnects and RF applications, to allow for incorporating novel IA designs into computer architectures through nanotube interconnects with nanotube based RF peripherals (antennas).[5]

While proclaiming the threat of a cyber-apocalypse is over hyped it seems seems certain that: 1) Cyber space will become overtly militarized with nations making substantial investments to develop weapons and counter-measures, 2) Cyber attacks will likely fail to make any distinction between civilian and military assets and will instead aim to fully incapacitate an adversary, 3) Future military conflict will involve not just guns and bombs but keyboards and monitors.