Home / Blogs

Internet as Non-Kinetic WMD

Anthony Rutkowski

With each passing day, a new public opinion article appears or U.S. government official pronounces how the open internet is abetting some discovered catastrophic effects on our societal institutions. In just one week, the examples include increased information on FSB & GRU attacks on electoral systems and infrastructure, Trump's obliging tactical destruction of societal norms and propagation of the QAnon cult, U.S government agency officials playing "cyber security spin-the-bottle" at press conferences, and the "weaponization" of Facebook noted recently by the Valley's venerable "recoder" in the New York Times. With these constant wacks upside the head, one begins to understand that the internet as it exists in the U.S. is a constantly evolving Weapon of Mass Destruction (WMD) where we wait each day for some new attack to emerge with no end in sight.

What is amazing about all of these contemporary developments is that the DARPA Director who originally approved the development of its internet initiative in the 1970s, Steve Lukasik, has been warning of the dangers of an open internet since it found its way into the public infrastructure in the 1990s. He pulled together an initial expert team in the mid-90s supported by NSA, and spent the next decade hosting extraordinary Red Team specialists and producing innumerable DOD reports on the multiple weaponizations of the open internet for kinetic attacks. Most were FOUO but widely known in the national security community. Several were made publicly available. As perhaps the nation's most prominent national security scientist on detecting and mitigating Weapons of Mass Destruction over a 60 year period, Lukasik knew the subject matter well.

One of Lukasik's last reports in the DOD WMD series was prepared in 2007 for the Defense Threat Reduction Agency (DTRA) and entitled "Mass — Effect Network Attacks: a Safe and Efficient Terrorist Strategy." Over that decade period, he began to shift the focus from "kinetic" WMDs to non-kinetic weapons and the paper "looks fifteen years ahead." It is now eleven years later and strikingly accurate. Non-kinetic WMDs have a significant tactical advantage as they are diffuse without attribution, can be more easily hidden and don't invite kinetic responses.

In the typical meticulous analytical style of DARPA's most highly-regarded Emeritus Director, his analysis proceeds in three steps:

The first, and simplest, part is to collect ideas relating to the future state of network technologies and functionalities and to project trends observed among network users to see how new technology may be used and, more to the point, misused. The second step is to identify a number of possible attacks, enabled under future network environments, that have the potential for producing mass effects. Complementing this perspective of the offense, the third section outlines various kinds of defender responses.

He begins with a note that,

Network vulnerabilities and their consequences have been studied since the first development of network technology by the Department of Defense. In the vastly simpler days of the ARPANET, when links were few and nodes were trusted, the concern was reading or changing packets in transit, and NSA applied their talents to link encryption.

In the last sentence, above, he reveals little-known facts about the DARPA TCP/IP internet platform for its twenty years prior to becoming available to the public in the mid-90s. Namely that it was regarded by DARPA's own leadership as so vulnerable that every connected host computer was tightly controlled, every user well known, all the links encrypted at the bit level for years, managed out of a common Network Operations Center, and every packet of traffic was observed and characterized with derived metadata.

As the report projects the evolution of both the network and applications, it noted that "mass effect" weapons on public institutions would emerge as the weapon of choice about the current timeframe. It also notes that the continued pursuit of "an open internet" would significantly decrease the barriers to intrusion leading to ever more tailored weapon disasters.

The paper describes how the community of cyber attackers would evolve. It notes that "Destructive cyber attacks, being less directly violent, and considerably safer to the perpetrator, may appeal to a larger fraction of the population than those who commit physical violence." It cites other findings that "Cybercrime and the criminals behind malware are getting more and more organized. They can afford to hire professionals, and it is becoming a business for many people."

It is, however, the portrayal of "the future cyberspace battlefield" and the transition to "mass effect attacks" that are especially prescient. Lukasik describes an expansion from economy-oriented network attacks to people-oriented attacks. The latter consist of the following — each of which he describes in considerable detail… in 2007.

  • Destroying trust within populations
  • Wearing down resistance of population to a change in government policy
  • Reputation assassination
  • Destroying confidence in elites

In the conclusion, the report notes that,

Technical vulnerabilities, even when recognized, are only the visible part of the problem. The hidden part of the problem is the level of maliciousness and malevolence that rides on networked technology. Old-time hacking has been augmented by mature, capable, innovative professionals intent on doing real damage to individuals and to institutions.

Perhaps Lukasik's most significant part of the conclusion — and one he has made many times in U.S. national security settings — is that "architectural thinking about networks must abandon the paradigm that everything is best connected to everything. There is a need for an antinetworking discipline to better clarify the tradeoffs." Can Washington, however, ever understand this critical change of direction?

Cyber Whiplash: pushing the Open Internet weapon abroad?

Washington has never been noted for its effective inter-agency coordination, and long been dysfunctional. The Trump Administration has raised the dystopia to levels never before witnessed. As an example, one can get real "cyber whiplash" when in the same month, you have the State Department calling for coordination among allies to deal with internet soft WMD activities, and just five short blocks away, the Commerce Department advocating an Open Internet international policy. The latter, of course, evokes life in an alternative universe where the internet brings a cornucopia of goodness for all, and rails against anyone who would impede the openness.

Amusingly, the Commerce proceeding to "identify the most important issues facing the internet globally" also pushes the great benefit of VPNs while ignoring Russia's FSB and GRU using the same technologies to attack the U.S. It is not clear where this Open Internet Kool-aid will be fed internationally, but the utter obliviousness to major contemporary developments is difficult to comprehend. (Hint: the rest of the world is not this clueless.) What is especially ironic if not amusing is that — as Morozov repeatedly points out — it was cyber-utopians and self-serving Silicon Valley lobbyists in the Clinton and Obama Administrations that created these nationally self-destructive policies. But then, bureaucratic fiefdoms are frequently on auto-pilot.

The Future: closed interoperable internets

The good news is that outside the Washington Beltway of encapsulated delusion, and especially in international industry and multilateral venues today, Lukasik's exhortation for a fundamental change in network security architecture requirements is well understood. There is considerable work on arrays of new security mechanisms and platforms for closed interoperable internets coupled with necessary security controls. A principal example are NFV-SDNs manifested as 5G mobile infrastructure. These new platforms may not remedy some of the damage already done to societal norms and institutions, but they set a direction for technical, operational, and normative solutions.

An additional challenge going forward, however, is the growing cyber-sinophobia that has been dramatically exacerbated by Trump. China is by far the largest market for network-based products and services, and Chinese companies are by far the largest participants in scores of industry and multilateral venues deploying and evolving the essential network security solutions to mitigate internet mass-effect WMDs. Although the manner in which the solutions are deployed in China may not always comport with Western views, they are based on a culture of successful self-preservation of the Middle-Kingdom over many millennia.

The U.S. is now faced with a choice between cooperation in implementing and evolving similar solutions itself or suffering ever more damaging mass effect attacks by domestic and foreign adversaries. The FSB and GRU are no doubt betting on the latter for the immediate future. Hopefully, they are wrong.

By Anthony Rutkowski, Principal, Netmagic Associates LLC
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC