War and Military
How Weaker Nations Are Taking Cyber Warfare Advantage
Cyber offensive technology (a malware that is employed for military use) gives clear asymmetric advantage which favours weaker states and non-state actors. They may pursue cyber technology in order to gain strength in pursuit of broader goal. This asymmetry is not something new and presents to be an effective tool to level the imbalance of power.
The entry for weaker actors is easier, cheaper, and it does not require much efforts. Presumably, one may need some computers and technical assistance. Offensive capability can also be procured through online criminal market, so that even high-skilled IT personnel may not be required. Furthermore, attribution problem is not yet solved, so it gives an advantage in staying anonymous, therefore, escaping failure costs.
Asymmetric tactics is pursued by actors that do not have constraints on their own concept of morality and war-fighting. Terrorists or insurgents might not have the same reservations about killing civilians or bringing high level of destruction in the event of a cyberattack than state countries. Similarly, those desperate enough but with a strong will to fight, may employ cyber method regardless of high costs.
Terrorists, for example, target innocents indiscriminately. Their goal is to inflict the threat of terror and violence in order to achieve a strategic goal. This consequently poses great challenges for deterrence. As weak actors are becoming stronger, others become more vulnerable.
Nevertheless, gaining cyber capability is not that easy as it may seem. The case of Stuxnet (a malware that attacked a nuclear facility in Iran) does not seem to prove asymmetric advantage, because the attack was apparently conducted by stronger parties with substantial funding and resources. Detailed intelligence on the target, access to the computer network of an opponent, finding vulnerabilities and then employment of cyber capability (all present in Stuxnet case) further complicate an argument about asymmetry. Moreover, the development of Stuxnet code required some high-skilled expertise that may be difficult and inaccessible by non-state actors or weak states.
Additionally, it would take time and financial support to plan, manage, and monitor the development of the code. Therefore, it would require more personnel than just IT specialists. Moreover, considering the target of Stuxnet, nuclear expertise would be required as well. Similarly, knowledgeable experts in other areas would also come in handy: there should be people skilled in how these infrastructures work to cause actual damage. So in case of a lone hacker with radical views, the use of cyber appears to be doubtful, as there are cheaper and easier ways to inflict damage.
At the same time, there are risks of failure and they are too faced by weak actors. If such mission was compromised, and/or a code behaved differently than expected and/or backfired, it would only increase the costs without ringing actual benefits. In this sense, stronger states are more prepared to minimize them than weaker ones.
If a cyberattack fails to reach the end result, weaker actors may have spent substantial amount of money in vain and have not reached the desirable effect. This, in turn, reduces the probability of using cyber in the first place. Weak states may want to invest in other ventures, rather than cyber, to be sure that they can reach the desirable end result. So the true costs of such attack have a high level uncertainty for weak actors as well, however they may not be prepared to bear the failure costs and may not have enough resources to mitigate them.
Another advantage of cyber technology is that the nature of cyberspace and cyberattacks favour an attacker. Offense is becoming easier than defense and guarantees anonymity. The Internet was designed to make connections easy and reliable, plus security was not in the original thinking of creators. Thus, an attacker has an upper hand to reach its target, while staying anonymous and inflicting damage through cyber means.
Today cyber defense is not perfected and has vulnerabilities that can be exploited. Although it has been greatly improved for the last decade, vulnerabilities still remain, especially in the sector of industrial facilities that proved to be slow in adjusting to current cyber threats. For instance there is increased complexity of integrated information systems, hardware devices and component software produced which only increase cyber risks. Moreover, security considerations are left aside because of the demand to design measures in accordance to CIA requirements and other specifications.
Meanwhile, the percentage of industrial computers targeted by cyber perpetrators has grown for more than 7% between July and December 2016 (Kaspersky Lab ICS CERT, 2016). In the first half of 2017, Kaspersky Lab blocked 37.6% attempts on ICS computers. Fortunately, no dedicated malware that affected industrial processes were found (Kaspersky Lab ICS CERT, 2017). Moreover, the Internet remains the main source of infection for computers that are part of industrial infrastructure.
As for anonymity factor, attribution remains a technical problem up to date. In case of Stuxnet, it is believed that it was initiated by the Unites States of America and Israel which both were interested in impairing Iran’s nuclear program. According to Sanger, one of the journalists who intensively covered the topic of Stuxnet as a US cyber weapon[1], Stuxnet has been a part of a highly covert US operation, code-named “Olympic Games”, which had already begun under the Bush administration. In any case, attribution is still lacking and Stuxnet was not attributed, so it is hard to speculate about the particular parties involved.
Asymmetric threat does not seem to be supported by Stuxnet case as there were substantial resources and financial capabilities involved to plan this operation. However, the possibility of employing cyberattacks in the future by non-state actors and weaker states cannot be ruled out as one case study is not sufficient enough to generalize. In case of cyberattacks by non-states, the damage may be limited, but cyber could be still used to compliment other weapons. In any case, this asymmetric threat does impede final deterrence on the world stage and should be taken in consideration in future security affairs.
After all, Stuxnet – the first use of offensive computer program – might have been an imperfect test-run of cyber means and more advanced are yet to come. One always fails before achieving success; this is what happened to pretty much any other weapon in history. More dangerous attacks may be mounted in the future, but for now these are all speculations.
[1] Sanger, D. (2012). Obama Ordered Wave of Cyberattacks Against Iran. The Ney York Times, [online] Available at: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html [Accessed on 17.02.2018].
War and Military
How are Light Armored Vehicles Protected on the Battlefield?
When most people picture a military armored vehicle, they immediately think of the Main Battle Tank, a key player in battlefields around the world. But the Main Battle Tank is not the primary mobile platform for servicemen and women. Instead, that is the Light Armored Vehicle: a military vehicle that’s speedier and more agile than a tank, while offering far greater levels of armored protection, firepower, and maneuverability than a civilian vehicle such as a 4×4.
In order to be fit for purpose, Light Armored Vehicles must measure up to rigorous measures, including STANAG 4569, an assessment that shows their ability to deal with kinetic energy, artillery, and IED attacks. But how exactly do modern Light Armored Vehicles protect themselves on the battlefield? Here are five of the key attributes shared by today’s most popular vehicles.
It’s all about the armor
A Light Armored Vehicle’s name suggests that, well, it’s lightly armored. In fact, that’s something of a misnomer. A Light Armored Vehicle may not be quite the heavy-duty bruiser that a Main Battle Tank is, but don’t make the mistake of thinking that a vehicle such as this doesn’t boast some impressive protection in case it’s hit during an attack. While its armor plating is not as formidable as a Main Battle Tank, the standard model LAV-25 (the Light Armored Vehicle most widely used by the U.S. Army and Marines, alongside other armies around the world) still boasts light gauge high hardness welded steel armor that offers effective protection against small arms rounds, without adding unnecessary weight.
Its impressive suspension system also promises improved survivability against IEDs. Some of the current models of LAVs have been in service since the 1980s. But there have been upgrades, such as the LAV-25 A2, which offers increased external and internal ballistic armor upgrades, including protection from fearsome 14.5 mm armor-piercing rounds. When the LAV-25 models are superseded sometime this decade, armor-driven survivability will be one of the big areas that will get an overhaul. New breakthroughs in materials science are opening up fresh avenues for exploration in armor that is lighter weight, but tougher than existing forms of armor plating currently in use.
Blast-resistant seating
The increased use of improvised explosive devices (IEDs) as part of asymmetric warfare is a trend that has transformed battlefields over the past two decades. To protect the lives of crew travelling in Light Armored Vehicles, along with other combat vehicles, special blast-attenuating seats have been installed. Some manufacturers produce potentially lifesaving seating options to fit all crew positions, including commander, gunner, driver and troop seats.
Smart sensors
Protection can mean armoring. It can also mean ways to avoid risking taking hits in the first place. Fortunately, smart sensors have come on a long way in recent years — and make this second option more viable than ever. Modern Light Armored Vehicles increasingly boast sensors designed to sense, classify, track, and defeat incoming threats. One example is their impressively sensitive radar and jamming technologies. These can be used to counter threats like drones by severing the link between the drone and its controller, causing them to crash out of the sky. This may be vital in scenarios where an attack may involve weaponry a Light Armored Vehicle would not be able to adequately defend against with its existing armor. Sensing the threat ahead of time means being able to take proactive steps to counter and avoid it.
The best defense is a good offense
Smart sensors are one proactive way for Light Armored Vehicles to protect themselves. Another is using offensive weapons. The LAV-25 boasts a two-person powered turret fitted with a 25 mm M242 “Bushmaster” chain gun. Internally, it features firing ports which can allow six fully-equipped infantrymen to defend the vehicle using personal weapons. There is additionally a 7.62mm machine gun in co-axial mounting for carrying out anti-infantry defense. If required, a second 7.62mm machine gun can also be mounted along the turret roof. Variations of the LAV-25 can be — and have been — fitted with anti-tank guided missiles, superior unmanned turret, mortars, 5-barreled Gatling cannons, Stinger missiles, smoke grenade dischargers, and more. Though Light Armored Vehicles are not intended to replace a Main Battle Tank, these vehicles can more than hold their own in the field of combat when required. And, as many a good strategist has noted, the best defense is a good offense.
Tires
Compared to the tracks used by Main Battle Tanks, Light Armored Vehicles far more closely resemble civilian 4x4s. But the rigors of travelling in warzones is very different to the requirements of driving on even the toughest of terrains in the civilian world. One of the key points of protection for a Light Armored Vehicle is its ability to easily traverse difficult terrain. That comes in handy when you’re avoiding threats such as IEDs which make travelling along ordinary roads prohibitive. Features such as Central Tire Inflation Systems (CTIS) help these military vehicles with better all-wheel drive performance and mobility. Many have a “limp home” feature that can allow them to carry out limited travel even in the event of major tire leaks. That avoids the risk inherent with a Light Armored Vehicle being rendered totally disabled on the battlefield.
Technology
Concerns and Limitation of Cyber Warfare
The discovery of Stuxnet, a malware that targeted a nuclear facility, was somewhat revolutionary and groundbreaking. It targeted ICS which monitor and run industrial facilities. Before that, most of malicious programs were developed to steal information or break-in into financial sector to extort money. Stuxnet went beyond went and targeted high-level facilities. It is not hard to imagine what damage it could have inflicted if the worm were not detected. What is more worrisome, the technology is out. It might not be perfect, but it is definitely a start. Regardless of the intentions behind Stuxnet, a cyber bomb has exploded and everyone knows that cyber capabilities indeed can be developed and mastered.
Therefore, if they can be developed, they will probably be. The final goal of Stuxnet was to affect the physical equipment which was run by specific ICS. It was done in order to manipulate computer programs and make it act as an attacker intended it to act. Such a cyberattack had a particular motivation; sabotage of industrial equipment and destruction could have been one of the goals. So, if they were indeed the goals, it might have been an offensive act, conducted by an interested party, presumably, a state for its political objective. Yet, there are certain limitations when it comes to so-called “cyber weapons” (malware that might be employed for military use or intelligence gathering).
One of the main concerns of cyber offence is that code may spread uncontrollably to other systems. In terms of another physical weapon, it is like a ballistic missile that anytime can go off-course and inflict damage on unintended targets and/or kill civilians. Cyber offensive technology lacks precision, which is so valued in military. For example, in ICS and SCADA systems one may never know what can backfire because of the complexity of the system. The lack of precision consequently affects military decisions. When launching a weapon, officers should know its precise capabilities; otherwise, it is too risky and is not worth it.
In case of Stuxnet, the program started replicating itself and infected computers of many countries. For this moment we do not know if it were planned in that way. However, provided that that target was Natanz facility, it is unlikely. Symantec Corporation started analyzing the case only with external help; it did not come from Natanz. This exacerbates the case if a country decides to launch an offensive cyberattack.
If the military planning cannot prevent cyber technology to go awry or to go out in the public, it brings more disadvantages than advantages. Moreover, given a possibility of the code being discovered and broke down to pieces to understand what it does, it may potentially benefit an opposing party (and any other interested party along the way). This is unacceptable in military affairs.
Similarly, when the code is launched and it reaches the target, it can be discovered by an opponent. In comparison to nuclear, when a bomb explodes, it brings damage and destruction, but its technology remains in secret. In case of cyber, it may not be the case, as when a malware/virus is discovered, it can be reverse engineered to patch vulnerability. By studying the code, an enemy would find out the technology/tactics used that could be unfavourable in the long-run for the attacker.
Additionally, it should be said that not every malware is meant to spread by itself. In order to control the spread, vulnerability can be patched, meaning updating the software which had that vulnerability. An anti-malware can also be introduced; this will make the computer system immune to that particular vulnerability. Nonetheless, if the malware spreads uncontrollably, there is nothing much that an attacker can do. It is not possible to seize the attack. In this scenario, an attack may only release information about this certain vulnerability so that someone else can fix it. However, a state is highly unlikely to do so, especially if the damage is extensive. It would not only cost the state diplomatic consequences, but also it might severely impact its reputation.
An AI-enabled cyberattack could perhaps fulfill its potential. That means involvement of artificial intelligence. AI systems could make digital programs more precise, controlling the spread. In contrast, it could also lead to a greater collateral damage, if a system decides to target other facilities that may result in human death. Similar concerns are raised in the area of autonomous weapon systems in regard to the need of leaving decision-making to humans and not to technology. AI technology has a potential to make existing cyberattacks more effective and more efficient (Schaerf, 2018).
Aforementioned concern leads to another and affects the end result. When a certain weapon is employed, it is believed to achieve a certain goal, e.g. to destroy a building. With cyber capabilities, there is no such certainty. In the
Alternatively, the true costs of cyberattacks may be uncertain and hard to calculate. If that is so, an attacker faces high level of uncertainty, which may also prevent them from a malicious act (particularly, if nation states are involved). However, the costs and the benefits may always be miscalculated, and an attacker hoping for a better gain may lose much more in the end (e.g. consider Pearl Harbour).
Another concern refers to the code becoming available to the public. If it happens, it can be copied, re-used and/or improved. Similar concerns in regards to proliferation and further collateral damage emerged when Stuxnet code became available online. An attacker may launch a cyberattack, and if it is discovered, another hacker can reverse engineer the code and use it against another object. Moreover, the code can be copied, improved and specialized to meet the needs of another party. Technology is becoming more complex, and by discovering a malware developed by others, it also takes less time to produce a similar program and/or develop something stronger. (For instance, after Stuxnet, more advanced malwares were discovered – Duqu and Flame).
Furthermore, there are other difficulties with the employment of cyber offensive technology. In order to maximize its result, it should be supported by intelligence. In case of Stuxnet, an offender needed to pinpoint the location of the facility and the potential equipment involved. It has to find zero-days vulnerabilities that are extremely rare and hard to find[1]. Cyber vulnerability is all about data integrity. It should be reliable and accurate. Its security is essential in order to run an industrial infrastructure.
After pinpointing vulnerability, security specialists need to write a specific code, which is capable of bridging through an air-gapped system. In case of Stuxnet, all of abovementioned operations required a certain level of intelligence support and financial capability. These complex tasks involved into development were exactly the reason why Stuxnet was thought to be sponsored and/or initiated by a nation state. If intelligence is lacking, it may not bring a desirable effect. Moreover, if cyber offense is thought to be used in retaliation, malicious programs should be ready to use (as on “high-alert”) in the event of necessity.
Regardless of some
advantages of cyber offence (like low costs, anonymity etc), this technology
appears to be unlikely for a separate use by military. There is a high level of
uncertainty and this stops the army of using technology in offence. Truth is
when you have other highly precise weapons, it does not make sense to settle
for some unreliable technology that may or may not bring you a wanted result.
Yet, other types of
cyberattacks like DDoS attacks can give some clear advantages during military
operations and give an attacker some good cards in case of a conflict. When
such attacks used together with military ground operations, they are much more
likely to bring a desired result.
[1] For better understanding, out of twelve million pieces of malware that computer security companies find each year, less than a dozen uses a zero-day exploit.
War and Military
Swedish subs: a relic of the past?
As part of the program to replace its four Walrus-class submarines, the Dutch government is examining offers submitted by four European companies. It will announce by the end of the year which two competitors have been selected for the next negotiation stage.
Last June, Swedish Saab Kockums and Dutch partner Damen unveiled an initial design of submarine as part of their proposal to replace the Dutch Royal Navy’s fleet. During the European naval show in October, they further revealed technical details about their offer. Despite these announcements, Saab Kockums appears far from being able to draft more than drawings as it lacks the technology and manpower required to build submarines.
Kockums, a Swedish shipyard now known as Saab Kockums, made international headlines back in the 1990s when it closed a major deal with the Australian Navy to design their submarines fleet. Since then, the company seems to have become an empty shell.
In 2005, to strengthen its market position, Kockums joined its German competitor TKMS. Their partnership soon deteriorated as Kockums failed to attract new clients and retain old ones. The A26-class Kockums was developing did not sell well on the international market. Designed in the early 1990s, this sub class was considered outdated and too pricy. In 2013, after 20 years of cooperation, Kockums lost a contract with Singapore. Although TKMS eventually managed to win that contract thanks to another subsidiary, it led to increased tensions between the two companies.
In 2014, Russia’s realpolitik and the Ukrainian crisis led the Swedish government to reconsider its naval capabilities. The government realized the capacity to build submarines was of strategic importance, calling for Swedish companies to maintain an adequate level of competency. The Parliament decided to renew its subs fleet and promote local skills by ordering two updated ersatz of the A26-class to Kockums. However, the Swedish government failed to agree on the price with TKMS, ending the negotiation. At the height of the crisis, Swedish military authorities stormed Kockums’ laboratory in Sweden to retrieve technology that, according to them, belonged to the army. After that incident, deemed unusual by military experts, TKMS entered talks with Saab to sell Kockums. The sale was eventually closed later that year.
Over the past decades, U-boots have evolved from a fighting device to a diplomatic, sovereignty and intelligence tool. It is now used to locate enemies, deploy elite troops, collect data and send political messages. They require cutting-edge technology and constant research and development. Of all naval solutions, designing subs poses the greatest technical challenges and hence require special skillsets. Not keeping up with the fast-changing evolutions can quickly become the death knell of subs’ designers. Though Kockums prove to be a competitive submarine maker in the 1990s, not constructing subs over the last two decades means they have lost their technical and technological expertise. The price at which the company was sold is quite revealing. First thought to be worth 1 billion kronor, Kockums was sold for 340 million kronor (US$ 50,4 million).
The Dutch Navy is internationally recognized for the role its subs played in reducing piracy in the Gulf of Aden. It is part of the few countries able to furtively navigate oceans. The construction of its new submarine fleet is scheduled to start in 2021 and be operational by 2027. Saab Kockums is offering its updated A26-class and it might not be able to meet the deadlines. The A26-class has never been built before and, even if its design has been updated, the scope of the technical adjustments needed for this class to function smoothly is not yet known. With the technology used in naval solutions rapidly evolving, it might as well be less time-consuming to develop an entirely new class rather than update an ancient model.
Moreover, there are doubts about Saab Kockums’ capacity to continue its activities in a few years from now. The company already inked several deals with the Swedish Navy. However, to be able to keep up with the investments needed in research and development, Saab Kockums must succeed on export markets. If it fails to secure multiple deals abroad, it will eventually go bankrupt. With such scenario, betting on them might not be the smartest move.
The future does not look bright for Saab Kockums. Though signing with the Dutch Navy could temporarily be good news for them, without sustainable investments in research it will go down like a lead zeppelin!
-
Blog Management12 months ago
What Is Your Website Content Missing? Three Things To Add ASAP
-
Business9 months ago
Learn English quickly and effectively with the Callan Method
-
Sports10 months ago
A-Champs Reaction Training Lights: Your Path to Soccer Excellence
-
Travel10 months ago
Discovering Valencia and the Valencian Community: an unforgettable holiday experience
-
Travel9 months ago
Discover the finest tours across Morocco: an adventure oasis
-
Sports9 months ago
Body Armor Plates – Essential Considerations for Selecting the Right Protection
-
Travel7 months ago
Immerse Yourself in Nature: Explore Forest Bathing with a New Guidebook
-
Europe7 months ago
Barcelona and Athens: cities that will leave an everlasting impression