Two recent stories provide evidence that, two years after the discovery of the Stuxnet virus, the world’s leading governments are coming out of the closet about their plans for offensive cyber operations.
The first comes by way of the U.S. Air Force, which published a Broad Agency Announcement on August 22 that solicited proposals for what the Air Force described as Cyberspace Warfare Attack capabilities for the Air Force. The Air Force says it has $10 million to spend on hardware and software that can be used to “destroy, deny, degrade, disrupt, deceive, corrupt or usurp” adversaries (sp) ability to use the cyberspace domain for his advantage.” The Air Force is also interested in tools to support cyber operations and other functions as well, including network mapping, intrusion, denial of service and “data manipulation.”
The proposal comes by way of the Air Force Life Cycle Management Center, based out of Wright-Patterson Air Force Base. The proposals will be evaluated based on their scientific and technical merit, as well as by the capabilities and experience of the individuals making the proposal. Winning submissions will receive grants of between $25,000 and $500,000 and be given three to 12 months to develop a prototype.
The announcement comes just days after a Marine Lieutenant General, Richard P. Mills, made the most public acknowledgement to date that the U.S. military has incorporated cyber attacks into its kinetic operations against opponents in Afghanistan. Speaking at a conference in Baltimore, Mills said, as a commander in Afghanistan, he was “able to use my cyber operations against my adversary with great impact.” U.S. forces were also under what Mills described as “almost constant” attempts to infiltrate the military’s network.
But the U.S. Military isn’t alone in going public with its requests for offensive cyber weapons. Reports by the Russian newspaper the Kommersant Daily this week note that country’s Foreign Intelligence Service (SVR) has posted a $1 million order for three systems to monitor and disseminate information through social networks and blogs. The goal is to “influence…mass audience in social networks.”
The specter of debilitating cyber “first strike” capabilities is a major concern for governments in the East and West, including the U.S., Russia, China, and Western European nations. And the talk has gone beyond theoretical possibilities. Recent reports from Israel suggest that country would use debilitating cyber attacks as a first wave in a combine cyber/kinetic attack to take out Iran’s nuclear weapons program. A spread of ultra-sophisticated cyber weapons like Stuxnet, Flame and Duqu was a “Sputnik” moment for many countries, and has prompted a cyber arms race not dissimilar from the space race that Sputnik engendered.
While the overall shape of the U.S.’s cyber offense and defense planning isn’t public, evidence that the military is putting budget behind cyber weapons is everywhere. A recent press release from defense contractor Raytheon, for example, describes a $3.1 million contract from the U.S. Army’s Communications, Electronics, Research, Development and Engineering Center (CERDEC), Space and Terrestrial Communications Directorate to develop something called “MORPHINATOR” – a program that uses cyber maneuvering techniques to thwart potential attackers in high-threat environments.
MORPHINATOR, or “Morphing Network Assets to Restrict Adversarial Reconnaissance.” Cyber maneuvering is described as a way of “dynamically modifying aspects and configurations of networks, hosts and applications in a manner that is undetectable and unpredictable by an adversary but still manageable for network administrators.” The new system will “place computer network defense technology into a proactive state, thereby shifting the advantage away from the attacker,” said Jack Donnelly, director of Trusted Network Systems for Raytheon’s Network Centric Systems business. “By constantly changing the characteristics of the networks it resides on, MOPRHINATOR provides a more robust and trusted networking solution.”