Nextgov/FCW - Authors - John Grady

Commentary: Drones Aren’t Just for Killing and Spying

John Grady — Fri, 11 Oct 2013 14:00:00 -0400

Mention unmanned aerial vehicles, and most Americans think of armed Predators firing missiles at suspected terrorists in Yemen or Taliban fighters in Afghanistan or al-Shabab plotters in Somalia -- somewhere far away where people are trying to do harm. These drones keep American pilots out of harm’s way, transmitting photos or video from a terrorist camp or battlefield to a ground station in Nevada or Kuwait or somewhere in Africa.

Unmanned systems have been largely categorized for military use, including intelligence, surveillance, reconnaissance and attack missions, as well as for security operations. So the perception of drone use is largely shaped by conflicts overseas.

But experts in the UAV industry, practitioners in and outside government, and academics envision other uses for drones. They see these systems as a tangible means to deliver food and medical aid to people trapped in remote regions after natural disasters, like the recent earthquakes in Pakistan and Haiti, or to refugees forced to flee for the lives as war rages in Mali and Niger.

Disaster relief and humanitarian assistance are just the tip of the iceberg. A recent forum hosted by the Reserve Officers Association in Washington addressed the use of drones in peace and stability operations. Attendees noted the possibility of expanded roles for these systems is growing rapidly, which also raises a number of questions: How are they going to be maintained? What happens to the data they collect? Where can they fly and under what conditions?

Lynne Schneider, an Army Reserve civil affairs officer, knows firsthand the wide range of unmanned systems. They not only “keep [nongovernment organizations] out of the way of the bad guys,” she said, but also “we did a huge food drop in Montenegro” following devastating winter storms that isolated dozens of remote mountain communities. Before the UAVs were used, she said, “we didn’t know where the people were; the State Department didn’t know,” nor did the Montenegrin government.

These kinds of efforts require the large government or military UAVs capable of carrying a ton or more of cargo ranging from sensors and cameras to food and water. But Kevin Ofchus, chief executive officer of Atlanta-based Host Nation Perspectives, is passionate about the promise of micro UAVs as well -- like the handheld Tiger Shark. Much of his company’s work with the Ministry of Interior in Afghanistan has involved traditional security missions, such as monitoring borders. But micro UAVs also have been used -- to deliver 1,000 anti-malaria pills to a village, for example. These systems are more affordable for cash-strapped governments and NGOs, and carry smaller payloads than most military missions require.

“It’s a different model of buying that might be in the province of a mid-sized NGO,” when weighing the $250 cost of a quad-helo UAV versus the million-dollar programs at the Defense and Homeland Security departments, said Lin Wells, director of the Center for Technology and National Security Policy at the National Defense University. The Air Force, for example, spends $24 billion a year on UAVs.

Proponents of smaller systems say they don’t need to be as sophisticated as those used for military, law enforcement and border security missions, which require high-definition, wide-area surveillance and the ability to deliver data in real time to users who can analyze it quickly.

While many UAVs can be used to find suitable places for refugee camps or deliveries of vital supplies or agricultural mapping, micro systems can serve as communication conduits in remote areas. Instead of building cell towers, drones can be used to provide WiFi hotspots in areas with no service -- an approach being tested in central California during UAV exercises involving industry and NGOs.

Critics object to “dumbing down” UAVs for nonmilitary or security use, but others say it simplifies issues like training and maintenance. Doug Brooks, former president of the International Stability Operations Association, said “building effective institutions has to be sustainable by local people with their own resources.”

Aside from the technical issues, there are also cultural challenges to deploying UAVs for humanitarian missions. Names like Predator, Reaper, Hunter and Tiger Shark raise fears about how these systems are going to be used. “People can be very suspicious especially in war zones where they only know UAVs” as targeting instruments, said Al Santoli of the Asian-American Institute.

Four times a year inventors, NGOs and others in the UAV industry gather at Camp Roberts, a National Guard post in central California, to test their products in rugged field conditions. It allows them to work “through their problems, and we talk to each other,” said Sam Bendetti, who works on unmanned aerial systems research and development at NDU. “It’s a safe place to fail,” he added, noting that those who come to the exercises understand that it’s “better to be broken there than when you’re deploying.”

These collaborative efforts along with new regulations expected from the Federal Aviation Administration could open the door to a range of nonmilitary uses -- think about fish farming or agricultural mapping -- for unmanned systems here in the United States as well as overseas.

John Grady, former director of communications for the Association of the United States Army, is now retired and writes about defense and national security.

]]>

Op-ed: Hagel's Gospel on Defending Networks

John Grady — Fri, 21 Jun 2013 08:00:00 -0400

When Defense Secretary Chuck Hagel’s plane landed at Joint Base Pearl Harbor-Hickam in Honolulu in late May on his way to meet with leaders of the U.S. Pacific Command he met with troops and warned of one of the United States’ greatest enemies: hackers. He preached about the need for a “rules of the road” gospel covering all cyber activities -- especially when it comes to threats from China.

“Cyber threats are real,” he said. “They’re terribly dangerous.”

May was a sobering month in terms of cybersecurity.

After The Washington Post reported Chinese hacking attacks on an extraordinary range of weapons systems, Defense Department officials took the equally extraordinary step of saying the Pentagon has full confidence that U.S. weapons programs are “secure and reliable.” But, the article noted, a 2012 Senate Armed Services Committee investigation that found as many as 1 million individual counterfeit parts are embedded in military aircraft.

The Post article also cited chilling revelations from an analysis by the Defense Science Board, a group of civilian advisers to the Pentagon. The board concluded the Defense Department has hardened its networks and large prime contractors are moving in that direction under Pentagon guidance, but subcontractors in the supply chain have not taken the necessary steps to detect and protect. These smaller suppliers have found defensive measures are “increasingly expensive and decreasingly effective,” the report said.

Even if subcontractors shore up network security, what are other nations and their defense contractors doing to protect their data?

Earlier in May, the Defense Department sent a report to Congress saying the Chinese government appeared to be using cyber espionage to modernize its military.

If that were not enough, the Commission on the Theft of American Intellectual Property cited China as the world’s largest source of proprietary data theft in a report by retired Adm. Dennis C. Blair, former director of national intelligence, and Jon M. Huntsman Jr., former ambassador to China, the panel's co-chairmen.

“Nearly every U.S. business sector -- advanced materials, electronics, pharmaceuticals and biotech, chemicals, aerospace, heavy equipment, autos, home products, software and defense systems -- has experienced massive theft and illicit reproduction,” Blair and Huntsman said in an op-ed the day before the report was released. “So far, our national response to this crisis has been weak and disjointed.”

The U.S. government is certainly throwing taxpayer dollars into cyber initiatives.

The Pentagon is seeking $4.7 billion in its fiscal 2014 budget request to “defend networks, degrade adversary cyber capabilities and support defense of national infrastructure.” Defense officials have pledged to work more closely with civil authorities and internally with the National Security Agency and Cyber Command, which is pushing to elevate its status to that of a combatant command.

The $800 million increase in cyber budgeting will go largely to train and develop 40 mission teams, 25 direct support teams and 68 protection teams to assist the Homeland Security Department in securing federal and critical commercial systems by 2016, according to budget documents.

How it is all going to work is another thing.

“You can’t defend everything,” even inside the Pentagon, Franklin Kendall, a former undersecretary of Defense, told attendees at a recent Joint Warfighting Symposium in Virginia Beach, Va., who said the emphasis has been on building offensive cyber capabilities, which has implications in the private sector as well.

Collateral damage is the biggest challenge, Vice Adm. Robert Parker, the Coast Guard’s Atlantic Area commander, said at the symposium. “You just don’t know what happens downstream when the military goes on the offensive,” he said.

More intriguingly, Parker raised the issue of whether the armed services should “have a role in escorting data” in a 21^st century version of the World War II convoys carrying materiel and troops to Europe. He said that is a possible niche that Homeland Security, which includes the Coast Guard, and Cyber Command could develop.

A far more perplexing debate is surfacing in the private sector, according to Kendall. “Should a company have the right to self-defense?” he asked, raising the question of how far organizations should go to defend themselves. This is the murkiest quandary hiding in a swamp of risks.

The intellectual property commission warned against retaliation against hackers in the private sector, even if companies are attempting to take back what is rightfully theirs. “An action against a hacker designed to recover a stolen information file or to degrade or damage the computer system of a hacker might degrade or damage the computer or network of an innocent third party,” Blair and Huntsman said in their report.

During his stop in Hawaii, Hagel said: “Another very important component to this is our allies and our partners, because we live in a world -- and you all know this -- where one country's just not big enough, strong enough, good enough, wealthy enough to handle it all. We can't do it, especially cyber. And cyber is one of those quiet, deadly, insidious unknowns you can't see, it's in the ether. It's not one big navy sailing into a port or one big army crossing a border or squadrons of fighter planes crossing a border. This is a very difficult, but real and dangerous threat. And there's no higher priority for our country than this issue.”

On his way to the NATO ministerial meeting in Brussels and in Singapore, where he met with Chinese military officials, the Defense chief pledged to make cyber his highest priority. President Obama also raised cyber espionage issues with Chinese President Xi Jinping during their recent talks in California.

Engaging the Chinese is a start. Working with allies, hardening networks and passing laws qualifying who can do what and when in cyberspace also are essential. Such initiatives will lead to those critical rules of the road, but getting there will not be easy.

John Grady, retired director of communications for the Association of the United States Army, writes about defense and national security.

]]>

Channeling the 'offensive mind-set' in cybersecurity

John Grady — Wed, 28 Nov 2012 12:56:40 -0500

To protect critical networks and national security, the House and Senate are weighing cyber defense legislation and the Obama administration is considering regulations requiring information sharing between government agencies and private businesses. But who should be in charge -- even inside the Pentagon -- remains a big question in all this dithering.

The answer depends on how you look at cybersecurity: in terms of offense or defense, military or law enforcement. Also, how do you look at cyber strategically, tactically and operationally in the Pentagon, at the Homeland Security Department, FBI, Federal Reserve, and in the civilian realm at places like JP Morgan Chase, Dominion Power and Washington Gas?

“You have to have an offensive mind-set to better focus on defense,” retired Marine Corps Gen. James Cartwright said during a recent appearance at the U.S. Naval Institute. “DoD is in the business of offense. [Yet] we’re still trying to protect everyone’s computer.”

Cartwright said when he was vice commander at U.S. Strategic Command in 2004, the emphasis was on cyber, electromagnetic pulse and directed energy weapons rather than creating a unified cyber command, which was established in 2010. The thinking was clear enough. These weapons expanded the tools available to the president if diplomacy failed.

The Defense Department’s use of these weapons constituted the “away game,” not the “home game,” in which law enforcement and other government agencies, as well as businesses, protected themselves against hackers.

But who should govern the use of cyber weapons?

In a recent speech to the Business Executives for National Security in New York, Defense Secretary Leon Panetta said using cyber capabilities offensively must be grounded in the laws of war. The department, he added, is bolstering its defenses, working on new capabilities and “acting aggressively to get ahead of the problem” with foreign actors such as China, Russia and Iran.

“Everybody sees cyber as the Internet . . . about who is stealing intellectual capital, of denying your Web page, or whatever it is,” said Cartwright, who holds the Harold Brown chair at the Center for Strategic and International Studies. While this was not the focus of Strategic Command, he added, “it may be where we end up going.”

Cybersecurity is a tough sell for the military services and the defense industry. Cartwright pointed out that the F-35 Joint Strike Fighter, for example, has no defense against cyberattack. “Any aperture [taking in information] is a potential target,” he said, not just civilian infrastructure, and strike fighters have plenty of apertures.

Lt. Gen. Rhett Hernandez, the first to head the Army’s Cyberspace Command, has been preaching cyber gospel to operational commanders ever since his organization was stood up two years ago. His mantra: “Think in a two-domain sense -- land and cyber.” Commanders don’t reflexively use that approach in planning their next mission.

One operational leader who has bought into the Army’s cyber gospel is Lt. Gen. Donald Campbell, who just relinquished command of III Corps at Fort Hood, Texas. He insists it is a commander’s job to understand cyber capabilities on the battlefield. “You can’t throw it to the staff,” he said at the Association of the United States Army’s annual meeting in October, explaining how he employed cyber defenses during a major training exercise this year focusing on the oil rich Caspian Sea region of Central Asia.

During the exercise, Campbell said, “our ability to see ourselves” was critical as the battle changed quickly and the opposing force attempted to disrupt command, control and communications networks. “The network is a weapons system,” he added.

Campbell also employed social media to explain to civilians in the area what the allies were doing, although he admitted “it was hard to measure” the effect.

Campbell said in his new position as leader of U.S. Army Europe and Seventh Army, Germany he will insist commanders participate in cyber training scenarios at Hohenfels Training Area and Graefenwhoer in Bavaria as they now do at the National Training Center at Fort Irwin, Calif., and the Joint Readiness Training Center at Fort Polk, La.

But in the switch from active defense to offense in cyber space, another big question for service leaders is: How do we know we are successful? And not all agree on what’s the right approach.

“It really comes down to what are those reactions that make sense that we can do defensively -- analogous to the missile shoot-down,” Gen. Keith Alexander, director of the National Security Agency and Cyber Command, told the Senate Armed Services Committee this spring. But the rules of engagement for cyber warfare haven’t been updated since 2005.

“If you are to go after a computer in foreign space or some other thing . . . that would now take, I think, the president and the [Defense] secretary to step in and start making decisions, versus us taking that on,” Alexander added. “And I think that’s probably where we’ll end up, and that makes a lot of sense from my perspective.”

On the battlefield, the question of who should make those decisions is not so easily answered. There, it’s often the soldier getting shot at who knows best when to fire back.

John Grady, retired director of communications for the Association of the United States Army, writes about defense and national security.

]]>

Analysis: Cyberwarriors face a hard truth

John Grady — Fri, 25 May 2012 11:40:21 -0400

A $200 million budget increase wouldn’t have seemed like much in the thousands of Defense Department line items a few years back. But with long-term cuts totaling $487 billion over the next 10 years, the denizens of cybersecurity would gladly count their blessings with $3.4 billion to spend in fiscal 2013. They are living in a world of fiscal fact, not science fiction.

The capabilities of cyber are fast approaching what until recently seemed possible only in a sci-fi thriller. Cyber technology “will become both a standalone warfighting instrument with global reach, and it will also be a ubiquitous enabler of the joint force,” Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said at a recent Joint Warfighting Conference in Virginia Beach, Va. “It will be both part of the 20 percent [of the military complex] that's new and part of what allows the other 80 percent of the force to be used differently."

The possibilities and the vulnerabilities of cyberwarfare repeatedly came to the surface during the three-day military conference.

Marine Corps Lt. Gen. George Flynn, director of force development on the Joint Staff, sized up the drawbacks of the high-tech battlefield. “The first risk would be if we don’t have the ability to communicate amongst ourselves” after the network fails in a cyberattack, he said. “The second risk is if our partners are not able to join the network. Another risk is that our pursuit of advanced technology proves to be unaffordable.”

Take the F-35 Joint Strike Fighter for example, priced at more than $200 million per aircraft. “We built the F-35 with absolutely no protection for it from a cyber standpoint,” said retired Marine Corps Gen. James Cartwright, former vice chairman of the Joint Chiefs of Staff. Even if cyber defenses were built into the aircraft over the course of its 30 years in the inventory, someone, somewhere would be able to break its code. “Every aperture out there is a target,” he said.

According to Royal Navy Vice Adm. C.A. Johnstone-Burt, chief of staff for NATO’s Allied Command Transformation, future warfare will involve more partners -- not fewer -- including nongovernmental organizations. Keeping those partners technologically in step, especially the military, will be increasingly important.

But marching together in the same direction is difficult, even within the U.S. military. The services’ “silos of excellence,” as Army cybersecurity director Maj. Gen Steven Smith put it, prevent everyone from viewing the battle space in the same way with the same understanding.

Army Maj. Gen. Mark Bowman, director of command, control, communications and computers on the Joint Staff, acknowledged the challenge. “We are pushing for all the services working together [with] shared infrastructure and shared situational awareness and a single security architecture,” he said. It starts with enterprise email, Bowman explained, a seemingly small step aimed at building a joint information environment, a huge leap.

But what happens when the network and Global Positioning System tools are taken out by jamming or some other form of attack? The risks run high in what Dempsey called the degraded environments of military wargaming. “GPS is terrific when it’s working,” he said. “But if it gets jammed, we have to be ready to continue the mission.” That means training officers and enlisted members what to do in those circumstances.

“We do not fully understand the power of the network” in military operations or installing it in the curriculum of the services’ training base,” said Lt. Gen. Keith Walker, deputy commanding general at the Army’s Training and Doctrine Command. Top brass at the conference compared the challenge of educating today’s officers in cyberwarfare to educating yesterday’s officers to deploy air power effectively. “We have to put some brainpower to it,” said Air Force Maj. Gen. Thomas Andersen, director of the Curtis E. LeMay Center for Doctrine Development and Education, adding that the key is determining “what we can control and what we can’t control.”

Preparing for cyberwarfare and thinking through the second and third order of effects “is as much a matter of leadership and training as it is engineering,” Dempsey said, noting that such knowledge is crucial for commanders at the brigade level. Cyber rules of engagement were last updated in 2005.

Cybersecurity is larger than the military. It includes figuring out what kind of cyber capability is needed to defend the nation’s financial institutions, law enforcement, homeland security, electric grid and other utilities. “We’ve got to develop capabilities now and work out the authorization policy later,” said Lt. Gen. Richard Mills, the Marine Corps’ deputy commandant for combat development and integration, noting that cyber should be considered a weapon inside the command-and-control system.

Flynn agreed, saying cyber is a new domain in warfare, which makes the homeland a part of the battle space. “Space and cyber now join sea, air and land as contested space,” he said.

One small budget boost for cyberwarfare; one giant challenge for reinventing the rules of engagement.

John Grady, retired director of communications for the Association of the United States Army, writes about defense and national security.

]]>