NAVAL CYBER POWER ON THE HIGH SEAS.
Sailors used to mark the edges of their maps with the warning Here There Be Monsters. They weren't entirely wrong.
Modern navies must sail the high seas while simultaneously navigating the cyber domain. On the edge of the map, ships are highly-dependent upon shore facilities, space-based sensors, and global communication infrastructure. Safe navigation requires an intelligence picture that is timely, accurate, actionable and extents well beyond the horizon.
HISTORY OF DISRUPTIVE TECHNOLOGY
The birth of modern signals intelligence (SIGINT) dates from the Russo-Japanese War of 1904–1905. The British ship HMS Diana stationed in the Suez Canal intercepted Russian naval wireless signals being sent out for the mobilization of the fleet, as the Russian fleet prepared for conflict with Japan. In 1941, the US intercepted and broke Japanese coded messages - forewarning of the attack on Pearl harbor.
SIGINT and Electronic Warfare (EW) sonar and Radar played a pivotal role in WWII naval warfare. Sonar was successfully used to detect hunt and sink enemy submarines. Radar systems were placed into service on the Royal Navy cruisers and battleships in 1938. The first U.S. radar was installed on USS New York in 1939. By the time the Japanese attacked Pearl Harbor on 7 December 1941, radar units had been installed on selected ships as well as shore-based facilities. Navy radars confirmed the early detection of Japanese zeros. Even then, technical intelligence was misunderstood and ignored.
MODERN NAVAL INTELLIGENCE
During the cold war, nations turned on a Sound Surveillance System (SOSUS), launched a Global Positioning System (GPS), manned a supplementary radio system, conducted communications intercept and radio frequency direction finding, dropped sonobuoys and hunted submarines using airborne magnetic anomaly detection systems.
Fast-forward to today, where we have: synthetic aperture space based radar, Electronic Intelligence (ELINT), deep sea listening, overhead Imagery Intelligence (IMINT), 21st Century SIGINT, netcentric warfare and an astronomical rise of open source and commercial Intelligence (OSINT/CSINT). Cyber sensors provide enhanced situational awareness of the seas.
Meanwhile, technological convergence and network connectivity creates perfect storm of critical interdependency hyper-connectivity and pervasive exposure for a navy.
RULES AND NORMS
The Royal Canadian Navy (RCN) protects Canadian sovereignty and interests at sea, at home and abroad. Whether during times of conflict or peace, the RCN promotes global stability, enforces international law and helps protect both the Canadian and world economies.
Normative behaviour governing cyberspace is often compared to the Law-of-the-Sea, conventions-of-naval warfare and deterrence. The ocean is vast and covers 225 million square kilometres, some 72 per cent of the Earth's surface. In contrast, cyberspace is universal. The oceans had long been subject to the freedom of-the-seas doctrine - a principle put forth in the 17th century, essentially limiting national rights and jurisdiction over the oceans to a narrow sea belt surrounding a nation's coastline. The rest of the seas were declared a commons free for all and belonged to none. Similarly, the cyber commons is not limited sovereign touch points. Consider that, Internet Service Providers (ISP) have been established on private Islands; Microsoft and China have both experimented with underwater datacenters on the ocean floor; and Edge computing data centres are now operational in outer space.
These days, a ship is like a floating data centre. Naval high-value platforms are just end-points on Internet-of-Everything, that are connected across the planet to our adversaries at the speed-of-light, vulnerable to their virtual hypersonic missiles. Technological convergence of Information Technology (IT) and Operational Technology (OT) greatly expands the attack surface. Meanwhile, ships leave a digital exhaust, which is exploited by Ubiquitous Technical Surveillance from seabed to space. There is nowhere to hide on the planet.
The threat landscape, which a sailor used to consider, has expanded well beyond the physical horizon and dimension.
A great-power struggle for primacy in the modern era is being played out on the high seas and cyberspace directly between sovereign fleets and through proxy competition and conflict such as agents, piracy and cyber privateers operating under letters-of-mark by nation states.
We have seen: GPS jamming, meaconing and deception of NATO ships by Russia; remote compromise and takeover of a warship’s operational systems; the systemic long-term compromise of naval stations; and the shaping of supply chain malicious implants. There is a real prospect that the ship can be compromised during the building phase or from shore bases such as was demonstrated by the human-facilitated cyber espionage case involvement the Trinity Halifax Naval Facility. The cyber attacker has strategic advantage over a defender. This presents intractable problems for a defence-centric reactive strategy.
POTENTIAL SOLUTIONS TO COMPLEX CHALLENGES
Cyber mission assurance can only be achieved by first securing the supply chain over the design, build, deployment and operational timeframes guided by a standards like the Cybersecurity Maturity Model Certification (CMMC), verifiable through security testing and attack surface analysis. Effective defence needs to go beyond just standards.
Next, we need to be able to effectively manage, monitor and protect systems using advanced cyber defence technology, talent and tradecraft including the remote threat hunting over thin bandwidth and local capabilities under radio silence, and the real capacity to counter advanced persistent threats, preemptively when necessary.
Herein, are substantial challenges with the current capability development framework and its ability to maintain currency with pacing threats. Canada’s adversaries are driving increased innovation cycles in intelligence and cyber operations. However, Canadian programs are often limited to the speed-of-procurement and historic operational needs, which often lacks the vision and knowledge required to maintain a proactive posture. A future-proof naval cyber strategy is part of the answer.
FUTURE NAVAL WARFARE
The Future Security Environment 2040 foresees:
1. A Blue Ocean strategy for cyber operations;.
2. An integrated global information environment, and
3. The convergence of disruptive technologies like: artificial Intelligence, six-generation mobile communications, quantum computing, secure cloud, autonomous machines, over-the-horizon sensors, weapons and subsequent complex emergent effects.
FUTURE NAVAL CYBER STRATEGY
Security engineering by design will be a guiding principal of ship-building that is enabled by integrated operational partnerships with industry. A warship represents a trillion dollar multi year-investment. The Canadian Centre for Cyber Security recommends that at least 15% of an IT budget be allocated to security, and more if operating in contested environments.
An integrated Common Operating Picture (COP) will include situational understanding of both the cyber and cognitive domains. This has a number of components:
1. Overwatch of Blue Force naval assets and information everywhere on the planet;
2. Informed by precise Red Force adversary intelligence and understanding of offensive tradecraft; and
3. Intelligence-led cyber operations, targeting, fires and effects.
A modern navy would be able to execute defensive and offensive cyber power independently, and jointly with other commands or allies, strategically with national agencies and with the private sector. Command-level cyber and intelligence capability would embrace both OSINT and CSINT to accelerate this vision.
Sailing past the edge of the map into the cyber domain contains both leviathans and a new world.
Author: Dave McMahon is the Chief Intelligence Officer of Sapper Labs – a sovereign, Canadian veteran-owned Defence company specializing in intelligence and cyber operations.