ANN ARBOR – Over the next few weeks, MITechNews.Com will be
publishing excerpts from cybersecurity expert Richard Stiennon’s latest book,
called There Will Be Cyberwar. The book makes the case that the US military
rushed to “network everything” and, like most organizations,
neglected to secure its most critical systems. CHAPTERTWO Cautionary Tale.
The foregoing fictional scenario (as outlined in Chapter
One) is meant purely as an exercise in predicting the worst case outcome of a
situation that has evolved over the past two decades. The US military, and
indeed most advanced military organizations, have moved to a network-centric
war fighting stance with little or no thought, until very recently,1 to the
incumbent vulnerabilities that entails.
In 2011 Leon Panetta, then US Secretary of Defense, joined
the chorus of those newly awakened to the reality of the threat of cyberattack
against critical infrastructure when he warned of an impending “cyber Pearl
Harbor.” But Panetta got his metaphor wrong. An attack against critical
infrastructure of the type he and many Cassandras rail on about, one that shuts
down the power and communication grids, would be more akin to a terrorist
attack than a military surprise attack. The metaphor Panetta should have used
was a “cyber 9/11.” A “cyber Pearl Harbor,” if the metaphor were to be
correctly applied, would entail a military defeat via cyber means, which the
previous chapter attempted to dramatize. In other words, an adversary’s use of
computer network attack (CNA) and exploitation (CNE) to gain a tactical
advantage that leads to a lost battle, a change in military standing, or even a
shift in the geopolitical balance, would be most comparable to the destruction
of the Pacific Fleet at Pearl Harbor, on December 7, 1941.
This book takes us on a journey from the development of the
Internet, to the exciting days of the new information age, and then to the
discovery of the power of networking by the US military. The history of the
development of attacks against vulnerabilities in the commercial world has a
parallel in the domain of governments, militaries, and war fighting; a parallel
that allows us to project into the future. That future vision includes a
humiliating military defeat at the hands of a more capable digital adversary.
One such scenario, played out in the introduction, was chosen for a particular
reason.
The 1995-96 Taiwan Straits Crisis
The history of China and Taiwan is short and consistent.
When Mao Zedong finally won the Communist revolution against the Chinese
Nationalists in 1949, Chiang Kai-Shek fled with his forces to the adjacent
island of Formosa and established a new country, Taiwan. Since then China’s
stated goal has been to reunify the two countries. Whether it will be a
peaceful reunification (like that of Hong Kong in 1999) or a violent
reunification, contributes to the long lasting tension between the two
countries. During the Korean War there were multiple armed invasions of Taiwan
from China.
In 1991 Taiwanese President Lee Teng-hui angered China with
his statements about reunification, leaning away from the One China rhetoric
that both countries generally stuck to. Then in 1994 Lee was traveling from
South America when his flight was diverted to Honolulu to refuel. The Clinton
Administration, cognizant of the delicate situation, bowed to Chinese pressure
and refused to grant Lee a visa, forcing him to stay overnight in the plane.
Tensions began to rise in 1995 when Lee was invited to speak at his Alma Mater,
Cornell University. Congress passed a resolution requiring the State Department
to grant him a visa. This was during the lead up to the first fully democratic presidential
elections in Taiwan and China took a dim view of the situation. Lee spoke at
Cornell in June 1995.
China announced missile tests in a region near Taiwan and
began maneuvers on the mainland across the Straits from Taiwan in Fujian
Provence. They carried out a series of missile launches into the sea to the
North of Taiwan in July. The Clinton Administration took steps to demonstrate
that the United States was willing to intercede if China threatened an
invasion. In March of 1996 two aircraft carrier battle groups were deployed to
the vicinity.
This is where Admiral Archie Clemins comes into the story.
Clemins was the Vice Admiral of the US Navy’s 7th Fleet. Only two years before,
upon achieving flag rank, he had been assigned to the training division of the
US Pacific Fleet under Admiral Frank Kelso. He was also dual-hatted as head of
N6, the information technology arm of the Pacific Fleet.
As an “IT guy,” Clemins began to carry a laptop with him, an
unusual sight in the 1993 Navy. It was an Apple PowerBook, probably a 160 with
4 MB of memory and a 40 MB hard drive. It was one of the earliest flip top
portable computers and had a grayscale LCD screen. It weighed 6.8 pounds.
His Powerbook was his constant companion, even on trips to
the Pentagon. He found that people, specifically Admiral Robert J. Kelly,
Commander of the Pacific Fleet based in Hawaii, were asking him for copies of
the notes he took on his portable. He was living the Information Revolution of
the time. “That started the use of computers, we, at Training Group Pacific,
led everybody, with desktop computers.”
Shortly after taking on the Pacific Fleet role based in San
Diego, Admiral Clemins got a call from the Navy’s Assignment Officer who asked
how he liked the weather in San Diego and if he would like to transfer to the
Pentagon? The previous week Admiral Keslo, head of Naval Operations, had
announced a major reorganization of the Navy and Clemins had been chosen to
lead the effort.
As Clemins pulled together a small team within the Pentagon
he made sure that they used technology to its best advantage. Clemins credits
this use of computers for the success his team had in accomplishing the Navy
reorganization in 12 months instead of the 18 months originally slated for it.
Clemins was then appointed Deputy Commander of the Atlantic
Fleet at Norfolk to accomplish the same reorganization. “The more I did this
the more I came to believe this [computer technology] was the way we were
going.”
From Norfolk, Clemins was promoted to commander of the 7th
Fleet where he had served as chief of staff years before. He was determined to
bring the fleet into the Information Age: “You have to remember the ships of
the time, ’93-94 are still moving information at teletype speed.” That meant at
most 80 messages a day of 40 lines each. All messages would go directly to the
Commanding Officer (CO) who would route them to the appropriate department or
personnel.
Clemins’ first task was to assemble a team. He drew from
surface, air, and submarine commanders. This was 1995, the year Windows 95 came
out, the first commercial operating system with embedded TCP/IP networking
capability. Mark Lenci, the submarine captain that Clemins tasked with
retrofitting the 7th Fleet, had little experience with networking. His only
qualification: he had an AOL account. But no one in the command ranks was an
expert and Clemins chose a team that could learn quickly and get things done.
When Lanci reported to duty aboard Clemin’s command ship, the USS Blue Ridge,
he recalls Clemins saying “let’s go take a walk.” On the flight deck he
explained his vision of NCW.
“I don’t know what a WAN (wide area network) is but I know
we need one. Get the smart guys together here in the Pacific. We are going to
do it.” And they were going to do it with commercial off the shelf products
(COTS).
Conclusion of Chapter Two Next week
Excerpted from There Will Be Cyberwar: How the Move to
Network-Centric War Fighting Has Set the Stage for Cyberwar by Richard
Stiennon.Purchase it today from Amazon in print ($14.90) or Kindle ($9.99)
formats. http://www.amazon.com/There-Will-Be-Cyberwar-Network-Centric/dp/0985460784/
