Winning the Cyber Gage: Intelligence Dominance in the Digital Information Age
In the age of sail, warships sought tactical advantage in engagements by maneuvering to windward of enemy ships. This “weather gage” allowed ships freedom of movement while the enemy’s relative movement was limited. Similarly, in the digital information age, maritime superiority will be determined by the extent to which a force is able to seize the cyber gage. For naval intelligence to effectively support the Chief of Naval Operation’s new strategy, it must first adapt to the realities of the digital information age.[i] Naval intelligence faces additional challenges posed by an increasingly integrated global maritime transportation system, a rapid rate of technological change, an austere budget climate, and a return to great power competition with China and Russia. This future operating environment will demand seizing the digital initiative, the cyber gage, through better intelligence, delivered faster, across a broader social network.
The Future Environment
Future realities will drive operational requirements. The twin forces of globalization and rapid technological change are creating a world in which a majority of people will soon have access to digital information networks through cyberspace. If the rate of Internet growth continues, we can expect an additional 2.5 billion users by 2030.[ii] Autonomous devices are also increasingly linked to the Internet. Devices ranging from home security systems to refrigerators are forming a menacing new galaxy in cyberspace: the Internet of Things (IOT). By connecting billions of people and things worldwide, cyberspace will drive geometric growth in the number of social networks, their complexity, and the ability of individuals to quickly plan and act independently of traditional human institutions. Despite this growth, there will still be a significant portion of human activity that remains offline. While cyber relationships help broaden an individual’s personal network, non-cyber relationships tend to be stronger and therefore more decisive in terms of predicting future behavior. For this reason, human derived intelligence will be a critical tool in providing overall situational awareness and predictive intelligence to operators. The complexity of cyber-enabled social networks has expanded beyond traditional geographical limitations, holding significant policy implications for businesses, governments, and intelligence agencies alike.
The future will also bring increased competition with China and Russia over control of cyberspace. The United States gave up what little control it had over the Internet on October 1st this year when the Department of Commerce relinquished its contract with the Internet Corporation for Assigned Names and Numbers (ICANN).[iii] Additionally, the U.S. controlled portion of the Internet, measured in terms of America’s online presence, will soon be eclipsed. In 2014, Internet users comprised 87.4% of the U.S. population compared to just 40.7% of China and 70.5% of Russia.[iv] If we fast-forward into the near future when Chinese and Russian Internet penetration reaches levels comparable to the United States, we can anticipate another 640,257,000 Chinese users and 243,022,000 Russians online.[v] During this growth, we can expect China’s basic Internet security, measured in terms of secure Internet servers, to languish far behind.[vi] In 2015, the United States had 1,651.1 secure servers for every million people.[vii] Just 10.1 such servers existed for every million people in China. Russia was not much better, with 126.6 servers per million people. Both countries fall below the rest of the world, which averages 208.7 secure servers for every million people. In terms of basic domestic Internet security, the United States will retain a significant edge over the rest of the world well into the future.
Despite China’s “Great Firewall” approach to Internet security, its domestic infrastructure is more vulnerable to cyber warfare than the United States. Much has been made of China’s cyber prowess, with numerous media reports heralding the imminent collapse of America’s Internet frontier due to cyber assaults from abroad. Much of this analysis, however, has confused audacity for enduring capability. Each Chinese hack dissipates the advantage of “zero” day vulnerabilities while the security of our infrastructure improves with each discovered attack. Each assault launched in peacetime helps build the future security of wartime networks.
When it does come, cyber-warfare will resemble a series of lighting-fast sword duels rather than the heavyweight boxing matches characteristic of warfare in the last century. With effective preparation of the battlespace, cyber-attacks can be recognized and quickly parried. Each successful defense can be followed up with a counter strike along the same network access pathway. This can neutralize the original threat vector and provide valuable intelligence to drive future offensive strikes. This contrasts with military engagements in the past. Most 20th century battles more closely resembled heavy weight boxing matches. Industrialized armies relied on massed firepower to pummel opposition into submission through attrition. Stubborn attacks and defense would often prevail. In cyber-based sword fights, however, the fight will be over before you have time to raise the alarm. With three quarters of U.S. Fortune 500 companies hacked in 2015, this is a war we need to win.[viii]
In the future, governments will face significant challenges in exerting control over cyberspace given the borderless nature of Internet connectivity and the unrestrained flood of information it has unleashed. Within this context, the U.S. Intelligence Community (IC) faces the greatest test in its history. To successfully face these challenges, the enterprise must strive to know first so that it may act first.
Better Intelligence Delivered Faster
The basic nature of intelligence in the 21st century will not change. It will remain sensitive information collected and evaluated in response to the requirements of decision-makers. The process of intelligence, however, must experience drastic change if it is to remain relevant in the digital information age. To be successful, future intelligence must know first so that decision makers can act first. Knowing first will be complicated by a deluge of information, most of it incomplete, erroneous, inaccurate or irrelevant. Intelligence analysis will be challenged to find the right needle among needles in a universe of haystacks. Also of critical importance, this information must be known faster with a greater degree of evidentiary certainty than was standard in the industrial age. This is necessary given the need for quick action by decision-makers operating within significant legal and policy limitations. To be successful, the processes inherent in the intelligence cycle – requirements, collection, processing, analysis and dissemination – must meet shorter timelines, while sifting through ever-larger datasets in support of new customers facing complex policy end games. To address these realities, the IC must create broader social networks across both the government and private sector that can fuse the expertise, resources and legal authorities needed to attack future problems. The wars in Iraq and Afghanistan underscore the importance of developing broad networks to achieve objectives. The national security establishment learned the hard way that it takes a network to defeat a network.
Broader Social Networks
General Stanley McChrystal, former commander of Joint Special Operations Command (JSOC), identified the importance of flexible, wide-ranging social networks while fighting in Iraq in 2004: "there were geographical blinks and technological ones: the distance between Washington and Baghdad could slow decisions, and occasionally bandwidth problems obstructed the transfer of data. More often, though, the blinks were social. Cultural differences between the Task Force’s different tribes got in the way of communicating. Overcoming this would require completely rethinking the conventional organizational approach to distributing information." [ix]
The IC, created by the National Security Act of 1947, was a child of the industrial era designed to fight the Soviet Union. It developed a stratified bureaucracy to fight a hulking but largely static enemy hiding behind the Iron Curtain. This structure needs to be changed to fight new enemies in the digital information age. As alluded to in the Iraq vignette above, organizations must broaden social networks to effectively deal with information flow in the modern era.
Naval intelligence can lead the way in developing a new IC model to address the challenges of the future. It has a proud history of organizational innovation. The Navy's transition from wind to steam power in the 19th century provides a case study. This dramatic shift was primarily the result of technological innovation. Ships were no longer shackled by the whims of wind-power. Gone were the days of seeking the weather gage. Ships could now steam in any direction and maintain a steady speed of advance. A new limitation developed from the use of steam, the need for coaling stations located at strategic points around the world.
Naval intelligence adapted to this operational shift by establishing the Office of Naval Intelligence (ONI) in 1882. In an era of nascent globalization, ONI needed to develop a system of Naval Attaches located at strategic refueling stations. Both the human intelligence and practical logistical support provided by this network helped the Navy achieve strategic and operational advantage over adversaries for over a hundred years. This principle remained the same throughout the 20th century. The current century, however, has ushered in game-changing challenges with cognitive and technological implications.
To thrive in this new dynamic environment, naval intelligence needs to develop what General Stanley McChrystal calls a "team of teams”.[x] This organizational hybrid blends the strengths of small teams: agility, adaptability, and cohesion with the benefits of large organizations: scale, large resources, and power. Central to this concept is the idea of putting a stake in the heart of bureaucracy. It unites multiple small teams together by establishing a clear commander’s intent, sharing information across the organization to create a commonly held situational awareness, and by pushing decision-making down to the lowest possible level. General McChrystal’s “team of teams” is essentially an emboldened task force, supercharged for the digital era.
The U.S. cyber defense community is already significantly behind the curve. At the conclusion of the annual joint-interagency cyber exercise Cyber Guard 2016, the Deputy Commander of Cyber Command, Lt. General James K. McLaughlin reported that his command lacked the ability to successfully counter cyber attacks on critical infrastructure due to conflicting policies and a lack of training.[xi] Furthermore, the proper training environment will not be ready until 2019. There is no time to wait; we must act now.
To build a cyber intelligence team of teams, we must first be willing to delegate responsibilities, and authority to act down to lowest level possible. This will be excruciatingly painful for lawyers, senior military leaders, and civilian oversight, but this change is essential. Cyber trained enlisted personnel in the naval services are technically proficient and are in the right place to execute decisions. Once the commander’s intent is promulgated, non-specialist officers and lawyers need to “lay aft.” Their role is to help build and support the team, develop the technical skills of their people, and provide the legal authorities the enlisted workforce needs to do their job. There are lots of smart Cyber operators in the naval services, but skills are perishable after just a few months. Recurring training is critical to hone skills and keep pace with technological development. Recruiting and retention incentives must be maximized to build a cyber workforce capable of executing the CNO’s strategy.
While waiting for this new structure to form there are steps we can take immediately to surge cyber forces to the gunwale. During the early days of the American Revolution, the Continental Navy faced long odds in its fight against the numerically superior British fleet. To fill this capability gap the Continental Congress issued commissions to private merchant vessels, privateers, which authorized active defense against British ships. It further gave privateers the legal ability to go on the offensive and seize enemy vessels and property for compensation. These commissions, known as letters of marque, also regulated how privateers were to conduct their attacks and which targets were off limits. After a successful engagement, privateers would have their prizes adjudicated by special admiralty courts to ensure they followed the requirements enumerated in their letter of marque.[xii] The founding fathers viewed privateering as an essential part of America’s national security. George Washington, Thomas Jefferson, and Benjamin Franklin all supported the practice by holding stock in such enterprises or encouraging operations.[xiii] The privateering system was extraordinarily effective. Of the 796 British ships captured during the war, approximately 600 (76%) were seized by Privateers or armed Merchants operating with letters of marque.[xiv] The toll on British commerce played a direct roll in pressuring Parliament and King George to end the war.[xv] Privateering remained an essential part of the young Republic’s security and was enumerated as a Congressional power in the Constitution alongside the power to declare war.[xvi] This same letter of marque model should be applied to the Cyber domain.[xvii]
The U.S. based hacking community has grown significantly over the last decade in terms of size and sophistication and represents a prime source of future recruits. The annual DEFCON conference held in Las Vegas now attracts over 20,000 attendees providing a forum to discuss new exploits, share best practices, and train the next generation of hackers.[xviii] By way of comparison, CYBERCOM currently fields just 3,000 personnel, half of its desired end strength.[xix] With legally issued letters of marque, American hackers could work in concert with U.S. efforts to counter the rise of cyberspace threats to national security. By partnering with the American hacker community, CYBERCOM could increase its effective force six-fold. The outlines of a cyber marque regime have been proposed elsewhere and should be pursued.[xx]
Foreign governments are already leveraging the hacker community to significant effect inside the United States. For example, the Chinese based group C0d0s0 is seizing servers in rural Wisconsin and using them as launch pads for attacks on U.S. financial interests.[xxi] The U.S. government has taken the role of bystander in this situation. However, private sector companies, known as threat intelligence providers (TIP), are able to fill the gap for a price. Charging six figure fees for threat warning and remediation, these services are limited to large corporations that can pay. The rest of cyberspace remains vulnerable.
A cyber marque regime could flip this business model on its head and make illicit foreign entities foot the bill. Small, legal hacker start-ups could unleash the full weight of American ingenuity by launching hack-back attacks on foreign networks. Property seized would deter future attacks and could fund future privateering operations. These start-ups would likely seek out smaller businesses not protected by TIPs with the understanding that both parties could profit from the venture.
Modern day prize courts could adjudicate the status of seized property and ensure that activity was conducted legally. As a flexible policy tool, letters of marque could be tailored to fit specific requirements and targets. As a form of contract, they could be issued individually and tailored for particular situations. The threat of issuing letters of marque would both deter and disrupt the activities of pseudo-state groups like C0d0s0. If given the chance, U.S. based private sector hackers would rise to the challenge motivated by a sense of patriotism and financial reward. As with the American Revolution, this new breed of privateer could turn the tide of cyberspace war in our favor.
To deliver better intelligence faster, naval intelligence needs to upgrade the traditional intelligence model. Analysis must be both faster and more accurate. Intelligence must be disseminated to all stakeholders under the “need to share” principle and the entire intelligence cycle needs to compress timelines by removing information stovepipes. If implemented, these changes will foster a common situational awareness across the IC that will better posture the nation to address threats in cyberspace.
To broaden social networks, naval intelligence needs to modernize the World War II era intelligence bureaucracy. It should develop the “team of teams” task force model championed by General McChrystal. By developing a mechanism to fuse intelligence requirements with a clear commander’s intent, it can better address dynamic threats emerging in cyberspace.
To fully leverage the talent and capability of the nation, naval intelligence should encourage a test of the cyber marque regime. U.S. Navy Fleet Cyber Command, Coast Guard Cyber, Department of Homeland Security, and the Maritime Administration Office of Security should establish a working group to develop a process for employing a limited test of the cyber marque concept. It could be organized around defense of U.S. equities in the global maritime transportation system. The Navy’s position in the Department of Defense and the Coast Guard’s role in the Department of Homeland Security afford statutory authorities that could be leveraged to bridge the foreign/domestic divide. The Maritime Administration could provide additional expertise and facilitate dialogue with industry. This initiative could largely fund itself, given the self-sustaining financial model of cyber marque operations. Such an advantage would not be lost on Congress in the current austere budget environment.
To gain the initiative in the digital information era, all hands are needed on deck. As in the dark days of the early Republic, the ingenuity and enterprise of all Americans should contribute to the common defense. The IC, along with the DOD and DHS should partner with private citizens to develop a robust cybersecurity sector. The naval services have an opportunity to chart this course. With a common situational awareness and team of teams structure, we can win the cyber gauge and achieve intelligence dominance in the digital information era.
The views and opinions expressed are those of the author and not necessarily the positions of the U.S. Navy, Department of Defense, or the U.S. Government.
[ii] International Telecommunication Union (ITC); “ICT Facts &Figures 2015;” http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2015.pdf.
[iii] National Telecommunications &Information Administration; “Fact Sheet: The IANA Stewardship Transition Explained;” https://www.ntia.doc.gov/other-publication/2016/fact-sheet-iana-stewardship-transition-explained
[iv]World Bank Internet Database; http://data.worldbank.org/indicator/IT.NET.USER.P2/countries/1W-CN-US-RU?display=graph
[v]World Bank Internet Database; http://data.worldbank.org/country/china#cp_wdi; http://data.worldbank.org/country/russian-federation.
[vi] Secure servers are servers using encryption technology in Internet transactions.
[vii] World Bank Internet Database; http://data.worldbank.org/indicator/IT.NET.SECR.P6/countries/1W-US-CN-RU?display=graph
[viii] Nate Fick; “No More Cyber Maginot Lines: We need to Hunt Down Hackers Before They Strike;” http://www.defenseone.com/ideas/2016/06/no-more-cyber-maginot-lines-we-need-hunt-down-hackers-they-strike/128823/
[ix] General Stanley McChrystal; Team of Teams: New Rules of Engagement for a Complex World (2015).
[x] General Stanley McChrystal; Team of Teams: New Rules of Engagement for a Complex World (2015).
[xi] Patrick Tucker; “The US Military Can’t Train To Fend Off the Worst Cyber Attacks on Infrastructure – Yet;” DefenseOne.com; http://www.defenseone.com/technology/2016/06/us-military-cant-train-fend-worst-cyber-attacks-infrastructure-yet/129317/.
[xii] Major Christopher M. Kessinger, “Hitting the Cyber Marque: Issuing a Cyber Letter of Marque to Combat Digital Threats,” The Army Lawyer DA PAM 27-50-483; August 2013.
[xvi] U.S. Constitution: Article 1, Section 8, Clause11; http://www.archives.gov/exhibits/charters/constitution_transcript.html
[xvii] Florian Egloff. “Cybersecurity and the Age of Privateering: A Historical Analogy,” Oxford University Cyber Studies Programme Working Paper Series – No 1 (Oxford: March 2015); Major Christopher M. Kessinger, “Hitting the Cyber Marque: Issuing a Cyber Letter of Marque to Combat Digital Threats,” The Army Lawyer DA PAM 27-50-483; August 2013.
[xviii] Darian Acosta; “I spent the Week With Over 20,000 Hackers in Las Vegas – Here’s What I Saw;” http://www.techinsider.io/what-i-saw-at-defcon-23-2015-8
[xix]Aliya Sternstein; “US Cyber Command Has Just Half the Staff It Needs;” http://www.defenseone.com/threats/2015/02/us-cyber-command-has-just-half-staff-it-needs/104847/
[xx] Major Christopher M. Kessinger, “Hitting the Cyber Marque: Issuing a Cyber Letter of Marque to Combat Digital Threats,” The Army Lawyer DA PAM 27-50-483; August 2013.
[xxi] Nicole Perlroth, “The Chinese Hackers in the Back Office,” New York Times, 11 June 25, 2016.