War and Military
Attribution and the problem of retaliation in cyberspace
If a country is hit with a computer program and there is destruction/death involved, there is usually retaliation, a counter attack and an appropriate response. An opposing side is given a chance to respond to the enemy by means it deems necessary, especially if there is a lot of damage involved. In terms of conventional weapons it is clear who attached the target, yet cyberspace is another niche with its challenges.
Attribution in cyberspace has been a question for a long time. Although terrorist attacks attribution is somewhat difficult, cyberspace introduces a more complicated process. Anonymity is a challenge as perpetrators may easily hide their identities. Moreover, an attack can be launched from a number of computers, operated by different people and placed in different places across the world. According to Clarck and Landau, challenge lies in several dimensions: 1) identify a computer from which the attack was launched; 2) identify a person, who had been operating the computer at the time of the attack; 3) identify a main actor, who gave an order and/or an actor behind the attack (2010).
According to the technology consultant at the security company Sophos[1], perpetrators in cyber may use compromised computers that belong to unsuspecting innocent people to break in someone’s computer. A hack may be coming from China, but it may be under control of someone who is situated in another country. This was the case with the DDoS cyberattacks that happened in Estonia 2007 (it involved more than 80, 000 hijacked computers from around 178 countries). Moreover, even if an attacker is supposedly found, it is easy to blame it on a third party, saying that a computer has been hacked. This, consequently, gives rise to a plausible deniability.
Although technology is being developed in order to analyze and solve the problem of attribution, it is still a challenge because of the basic design of the Internet. In theory, nonetheless, it is possible to solve the problem. According to Feaver, in the future the language of computer networks will be replaced by the Internet Protocol version 6 (IPv6), which will raise the amount of computer addresses from four billion to an infinite number. That means that everything and everyone could be associated with a unique number. IPv6 may additionally support Internet Protocol Security for authentication of the Internet traffic (Ibid.).
However, at this point of time technological analysis should always be accompanied by intelligence and information analysis. This helps to identify attackers, understand more about capabilities and intentions, and whether the attack was sanctioned by the government. Strategic and political considerations will be essential too.
A damaging cyberattack may easily lead to escalation of the situation, which is another implication for a balance in international relations. In case of Stuxnet, a malware that affected a nuclear facility in Iran, if it achieved its believed goal to disrupt a nuclear infrastructure, it could have brought a high-level of destruction with many people dead. In this case, Iran would have probably retaliated with kinetic means, rather when relying on unreliable cyberattacks (unless they had the technology). However, as attribution was still lacking, it is not clear whether they would opt for this option.
Thus, attribution poses certain problems when it comes to the question of retaliation. When it is not clear who attacked, it is hard to prosecute or retaliate in response. Attribution also created additional challenges in decision-making, considering the speed of a cyberattack. Even if attribution is positive, it is still hard to understand what procedures are to be followed. If there are no casualties and no physical destruction, it is easier to opt for sanctions rather than a military retaliation. Moreover, if attribution is later established to be incorrect, there may be serious consequences.
On another note, the use of cyberattacks may have further complications, if the countries involved are nuclear. In case of major destructive consequences after a cyberattack, a country would be left with a choice whether to retaliate in kind or to employ conventional weapons, especially if they do not have a cyber capability.
What happens when an attacker is not identified but consequences are drastic? More importantly, if it is “believed” to be identified (yet without certainty), will a country retaliate? These questions are still yet to be answered, as there has been no precedent on such a scale. What is clear, cyberattacks present additional challenges in global security that should be undoubtedly addressed.
[1] Cluley, G. (2011). China denies hacking high-tech weapon maker. Naked security by Sophos, [online] Available at: https://nakedsecurity.sophos.com/2011/09/20/china-denies-hacking-high-tech-weapon-make/ [Accessed on 3.02.2018].
War and Military
How are Light Armored Vehicles Protected on the Battlefield?
When most people picture a military armored vehicle, they immediately think of the Main Battle Tank, a key player in battlefields around the world. But the Main Battle Tank is not the primary mobile platform for servicemen and women. Instead, that is the Light Armored Vehicle: a military vehicle that’s speedier and more agile than a tank, while offering far greater levels of armored protection, firepower, and maneuverability than a civilian vehicle such as a 4×4.
In order to be fit for purpose, Light Armored Vehicles must measure up to rigorous measures, including STANAG 4569, an assessment that shows their ability to deal with kinetic energy, artillery, and IED attacks. But how exactly do modern Light Armored Vehicles protect themselves on the battlefield? Here are five of the key attributes shared by today’s most popular vehicles.
It’s all about the armor
A Light Armored Vehicle’s name suggests that, well, it’s lightly armored. In fact, that’s something of a misnomer. A Light Armored Vehicle may not be quite the heavy-duty bruiser that a Main Battle Tank is, but don’t make the mistake of thinking that a vehicle such as this doesn’t boast some impressive protection in case it’s hit during an attack. While its armor plating is not as formidable as a Main Battle Tank, the standard model LAV-25 (the Light Armored Vehicle most widely used by the U.S. Army and Marines, alongside other armies around the world) still boasts light gauge high hardness welded steel armor that offers effective protection against small arms rounds, without adding unnecessary weight.
Its impressive suspension system also promises improved survivability against IEDs. Some of the current models of LAVs have been in service since the 1980s. But there have been upgrades, such as the LAV-25 A2, which offers increased external and internal ballistic armor upgrades, including protection from fearsome 14.5 mm armor-piercing rounds. When the LAV-25 models are superseded sometime this decade, armor-driven survivability will be one of the big areas that will get an overhaul. New breakthroughs in materials science are opening up fresh avenues for exploration in armor that is lighter weight, but tougher than existing forms of armor plating currently in use.
Blast-resistant seating
The increased use of improvised explosive devices (IEDs) as part of asymmetric warfare is a trend that has transformed battlefields over the past two decades. To protect the lives of crew travelling in Light Armored Vehicles, along with other combat vehicles, special blast-attenuating seats have been installed. Some manufacturers produce potentially lifesaving seating options to fit all crew positions, including commander, gunner, driver and troop seats.
Smart sensors
Protection can mean armoring. It can also mean ways to avoid risking taking hits in the first place. Fortunately, smart sensors have come on a long way in recent years — and make this second option more viable than ever. Modern Light Armored Vehicles increasingly boast sensors designed to sense, classify, track, and defeat incoming threats. One example is their impressively sensitive radar and jamming technologies. These can be used to counter threats like drones by severing the link between the drone and its controller, causing them to crash out of the sky. This may be vital in scenarios where an attack may involve weaponry a Light Armored Vehicle would not be able to adequately defend against with its existing armor. Sensing the threat ahead of time means being able to take proactive steps to counter and avoid it.
The best defense is a good offense
Smart sensors are one proactive way for Light Armored Vehicles to protect themselves. Another is using offensive weapons. The LAV-25 boasts a two-person powered turret fitted with a 25 mm M242 “Bushmaster” chain gun. Internally, it features firing ports which can allow six fully-equipped infantrymen to defend the vehicle using personal weapons. There is additionally a 7.62mm machine gun in co-axial mounting for carrying out anti-infantry defense. If required, a second 7.62mm machine gun can also be mounted along the turret roof. Variations of the LAV-25 can be — and have been — fitted with anti-tank guided missiles, superior unmanned turret, mortars, 5-barreled Gatling cannons, Stinger missiles, smoke grenade dischargers, and more. Though Light Armored Vehicles are not intended to replace a Main Battle Tank, these vehicles can more than hold their own in the field of combat when required. And, as many a good strategist has noted, the best defense is a good offense.
Tires
Compared to the tracks used by Main Battle Tanks, Light Armored Vehicles far more closely resemble civilian 4x4s. But the rigors of travelling in warzones is very different to the requirements of driving on even the toughest of terrains in the civilian world. One of the key points of protection for a Light Armored Vehicle is its ability to easily traverse difficult terrain. That comes in handy when you’re avoiding threats such as IEDs which make travelling along ordinary roads prohibitive. Features such as Central Tire Inflation Systems (CTIS) help these military vehicles with better all-wheel drive performance and mobility. Many have a “limp home” feature that can allow them to carry out limited travel even in the event of major tire leaks. That avoids the risk inherent with a Light Armored Vehicle being rendered totally disabled on the battlefield.
Technology
Concerns and Limitation of Cyber Warfare
The discovery of Stuxnet, a malware that targeted a nuclear facility, was somewhat revolutionary and groundbreaking. It targeted ICS which monitor and run industrial facilities. Before that, most of malicious programs were developed to steal information or break-in into financial sector to extort money. Stuxnet went beyond went and targeted high-level facilities. It is not hard to imagine what damage it could have inflicted if the worm were not detected. What is more worrisome, the technology is out. It might not be perfect, but it is definitely a start. Regardless of the intentions behind Stuxnet, a cyber bomb has exploded and everyone knows that cyber capabilities indeed can be developed and mastered.
Therefore, if they can be developed, they will probably be. The final goal of Stuxnet was to affect the physical equipment which was run by specific ICS. It was done in order to manipulate computer programs and make it act as an attacker intended it to act. Such a cyberattack had a particular motivation; sabotage of industrial equipment and destruction could have been one of the goals. So, if they were indeed the goals, it might have been an offensive act, conducted by an interested party, presumably, a state for its political objective. Yet, there are certain limitations when it comes to so-called “cyber weapons” (malware that might be employed for military use or intelligence gathering).
One of the main concerns of cyber offence is that code may spread uncontrollably to other systems. In terms of another physical weapon, it is like a ballistic missile that anytime can go off-course and inflict damage on unintended targets and/or kill civilians. Cyber offensive technology lacks precision, which is so valued in military. For example, in ICS and SCADA systems one may never know what can backfire because of the complexity of the system. The lack of precision consequently affects military decisions. When launching a weapon, officers should know its precise capabilities; otherwise, it is too risky and is not worth it.
In case of Stuxnet, the program started replicating itself and infected computers of many countries. For this moment we do not know if it were planned in that way. However, provided that that target was Natanz facility, it is unlikely. Symantec Corporation started analyzing the case only with external help; it did not come from Natanz. This exacerbates the case if a country decides to launch an offensive cyberattack.
If the military planning cannot prevent cyber technology to go awry or to go out in the public, it brings more disadvantages than advantages. Moreover, given a possibility of the code being discovered and broke down to pieces to understand what it does, it may potentially benefit an opposing party (and any other interested party along the way). This is unacceptable in military affairs.
Similarly, when the code is launched and it reaches the target, it can be discovered by an opponent. In comparison to nuclear, when a bomb explodes, it brings damage and destruction, but its technology remains in secret. In case of cyber, it may not be the case, as when a malware/virus is discovered, it can be reverse engineered to patch vulnerability. By studying the code, an enemy would find out the technology/tactics used that could be unfavourable in the long-run for the attacker.
Additionally, it should be said that not every malware is meant to spread by itself. In order to control the spread, vulnerability can be patched, meaning updating the software which had that vulnerability. An anti-malware can also be introduced; this will make the computer system immune to that particular vulnerability. Nonetheless, if the malware spreads uncontrollably, there is nothing much that an attacker can do. It is not possible to seize the attack. In this scenario, an attack may only release information about this certain vulnerability so that someone else can fix it. However, a state is highly unlikely to do so, especially if the damage is extensive. It would not only cost the state diplomatic consequences, but also it might severely impact its reputation.
An AI-enabled cyberattack could perhaps fulfill its potential. That means involvement of artificial intelligence. AI systems could make digital programs more precise, controlling the spread. In contrast, it could also lead to a greater collateral damage, if a system decides to target other facilities that may result in human death. Similar concerns are raised in the area of autonomous weapon systems in regard to the need of leaving decision-making to humans and not to technology. AI technology has a potential to make existing cyberattacks more effective and more efficient (Schaerf, 2018).
Aforementioned concern leads to another and affects the end result. When a certain weapon is employed, it is believed to achieve a certain goal, e.g. to destroy a building. With cyber capabilities, there is no such certainty. In the
Alternatively, the true costs of cyberattacks may be uncertain and hard to calculate. If that is so, an attacker faces high level of uncertainty, which may also prevent them from a malicious act (particularly, if nation states are involved). However, the costs and the benefits may always be miscalculated, and an attacker hoping for a better gain may lose much more in the end (e.g. consider Pearl Harbour).
Another concern refers to the code becoming available to the public. If it happens, it can be copied, re-used and/or improved. Similar concerns in regards to proliferation and further collateral damage emerged when Stuxnet code became available online. An attacker may launch a cyberattack, and if it is discovered, another hacker can reverse engineer the code and use it against another object. Moreover, the code can be copied, improved and specialized to meet the needs of another party. Technology is becoming more complex, and by discovering a malware developed by others, it also takes less time to produce a similar program and/or develop something stronger. (For instance, after Stuxnet, more advanced malwares were discovered – Duqu and Flame).
Furthermore, there are other difficulties with the employment of cyber offensive technology. In order to maximize its result, it should be supported by intelligence. In case of Stuxnet, an offender needed to pinpoint the location of the facility and the potential equipment involved. It has to find zero-days vulnerabilities that are extremely rare and hard to find[1]. Cyber vulnerability is all about data integrity. It should be reliable and accurate. Its security is essential in order to run an industrial infrastructure.
After pinpointing vulnerability, security specialists need to write a specific code, which is capable of bridging through an air-gapped system. In case of Stuxnet, all of abovementioned operations required a certain level of intelligence support and financial capability. These complex tasks involved into development were exactly the reason why Stuxnet was thought to be sponsored and/or initiated by a nation state. If intelligence is lacking, it may not bring a desirable effect. Moreover, if cyber offense is thought to be used in retaliation, malicious programs should be ready to use (as on “high-alert”) in the event of necessity.
Regardless of some
advantages of cyber offence (like low costs, anonymity etc), this technology
appears to be unlikely for a separate use by military. There is a high level of
uncertainty and this stops the army of using technology in offence. Truth is
when you have other highly precise weapons, it does not make sense to settle
for some unreliable technology that may or may not bring you a wanted result.
Yet, other types of
cyberattacks like DDoS attacks can give some clear advantages during military
operations and give an attacker some good cards in case of a conflict. When
such attacks used together with military ground operations, they are much more
likely to bring a desired result.
[1] For better understanding, out of twelve million pieces of malware that computer security companies find each year, less than a dozen uses a zero-day exploit.
War and Military
Swedish subs: a relic of the past?
As part of the program to replace its four Walrus-class submarines, the Dutch government is examining offers submitted by four European companies. It will announce by the end of the year which two competitors have been selected for the next negotiation stage.
Last June, Swedish Saab Kockums and Dutch partner Damen unveiled an initial design of submarine as part of their proposal to replace the Dutch Royal Navy’s fleet. During the European naval show in October, they further revealed technical details about their offer. Despite these announcements, Saab Kockums appears far from being able to draft more than drawings as it lacks the technology and manpower required to build submarines.
Kockums, a Swedish shipyard now known as Saab Kockums, made international headlines back in the 1990s when it closed a major deal with the Australian Navy to design their submarines fleet. Since then, the company seems to have become an empty shell.
In 2005, to strengthen its market position, Kockums joined its German competitor TKMS. Their partnership soon deteriorated as Kockums failed to attract new clients and retain old ones. The A26-class Kockums was developing did not sell well on the international market. Designed in the early 1990s, this sub class was considered outdated and too pricy. In 2013, after 20 years of cooperation, Kockums lost a contract with Singapore. Although TKMS eventually managed to win that contract thanks to another subsidiary, it led to increased tensions between the two companies.
In 2014, Russia’s realpolitik and the Ukrainian crisis led the Swedish government to reconsider its naval capabilities. The government realized the capacity to build submarines was of strategic importance, calling for Swedish companies to maintain an adequate level of competency. The Parliament decided to renew its subs fleet and promote local skills by ordering two updated ersatz of the A26-class to Kockums. However, the Swedish government failed to agree on the price with TKMS, ending the negotiation. At the height of the crisis, Swedish military authorities stormed Kockums’ laboratory in Sweden to retrieve technology that, according to them, belonged to the army. After that incident, deemed unusual by military experts, TKMS entered talks with Saab to sell Kockums. The sale was eventually closed later that year.
Over the past decades, U-boots have evolved from a fighting device to a diplomatic, sovereignty and intelligence tool. It is now used to locate enemies, deploy elite troops, collect data and send political messages. They require cutting-edge technology and constant research and development. Of all naval solutions, designing subs poses the greatest technical challenges and hence require special skillsets. Not keeping up with the fast-changing evolutions can quickly become the death knell of subs’ designers. Though Kockums prove to be a competitive submarine maker in the 1990s, not constructing subs over the last two decades means they have lost their technical and technological expertise. The price at which the company was sold is quite revealing. First thought to be worth 1 billion kronor, Kockums was sold for 340 million kronor (US$ 50,4 million).
The Dutch Navy is internationally recognized for the role its subs played in reducing piracy in the Gulf of Aden. It is part of the few countries able to furtively navigate oceans. The construction of its new submarine fleet is scheduled to start in 2021 and be operational by 2027. Saab Kockums is offering its updated A26-class and it might not be able to meet the deadlines. The A26-class has never been built before and, even if its design has been updated, the scope of the technical adjustments needed for this class to function smoothly is not yet known. With the technology used in naval solutions rapidly evolving, it might as well be less time-consuming to develop an entirely new class rather than update an ancient model.
Moreover, there are doubts about Saab Kockums’ capacity to continue its activities in a few years from now. The company already inked several deals with the Swedish Navy. However, to be able to keep up with the investments needed in research and development, Saab Kockums must succeed on export markets. If it fails to secure multiple deals abroad, it will eventually go bankrupt. With such scenario, betting on them might not be the smartest move.
The future does not look bright for Saab Kockums. Though signing with the Dutch Navy could temporarily be good news for them, without sustainable investments in research it will go down like a lead zeppelin!
-
Health12 months ago
The technological advances in physical and occupational physiotherapy that you should know about
-
Business11 months ago
Know The Differences between Static and Dynamic QR Codes
-
Blog Management10 months ago
What Is Your Website Content Missing? Three Things To Add ASAP
-
Business7 months ago
Learn English quickly and effectively with the Callan Method
-
Travel9 months ago
Discovering Valencia and the Valencian Community: an unforgettable holiday experience
-
Sports8 months ago
A-Champs Reaction Training Lights: Your Path to Soccer Excellence
-
Travel7 months ago
Discover the finest tours across Morocco: an adventure oasis
-
Sports7 months ago
Body Armor Plates – Essential Considerations for Selecting the Right Protection