Frequently I find the same "hot topic" being discussed simultaneously by a wide range of sources, rehashing the same limited information (e.g., Stuxnet or HBGary). Once in a while, though, I find a little nugget of information that startles me and really makes me wonder why no one else has noticed it.
Strategic Studies Quarterly is not normally in my reading list, but the spring issue is devoted in large part to cyberwar. As you know from my blog, normally I'm skeptical about claims of cyberwar, but this is the military's view of cyberwar instead of reporters or politicians, so I think it's worth reading. Some of the articles are more interesting than others, of course. For example, I think the article Rise of a Cybered[sic] Westphalian Age is fundamentally impractical due to the rapidly changing nature of malicious code. On the other hand, the feature article An Air Force Strategic Vision for 2020-2030 has some very interesting revelations for the computer security field.
In particular, they are very interested in integrating "cyber operations" (hacking) into their battle plans as a component of warfare. For example, this quote from page 12:
Fourth, offensive and defensive cyber capabilities must be fused into air and space platforms. By 2030 cyber capabilities may become the greatest power-projection tools in the Air Force arsenal, serving as both force multipliers and an Achilles’ heel.Later in the article, the authors address some specific challenges for the US military in computer security, including a lack of trained personnel. However, I think the really interesting bit is here:
In the future, cyber will evolve into a weapon of preference, replacing many of the kinetic choices in today’s arsenal. The reduction in aircraft numbers and the ranges required for power projection, particularly in the Pacific, will drive cyberspace to the forefront of Air Force operations. Suppression of enemy air defenses and the ability to corrupt the software of an adversary’s aircraft will become a reality, not just science fiction.At first glance, the idea of an Air Force aircraft that can hack targets seems like a futuristic daydream, but in actuality it's not as bizarre as one might think. Take a look at the WiFi Arial Surveillance Platform (WASP), a WiFi-hacking UAV that was built by a couple of enthusiasts in their garage. Take a look at it's capabilities:
the operator can "control the payload from anywhere in the world -- including mobile devices. It also allows for processor-intensive applications, such as WPA attacks and password cracking, to be offloaded securely in real-time to a remote computing powerhouse utilizing CUDA technology, for mind-blowing performance."This is just a WiFi penetrator, but the possibilities of what Boeing or Lockheed could do with their gigantic budgets is mind-boggling. Fortunately, we don't have to imagine what it might look like. It's already here in the Next Generation Jammer (found via Wired.com)
For military targets, the hacker of tomorrow could be an F/A-18 Growler.
obtained from Wikipedia)
The Aviation Week article is obviously short on details, but if air defense systems use wireless connections to launch their missiles then they would obviously be vulnerable to disruption. There's some evidence that this has actually been done in combat by Israel as early as 2007. More details on Israel's airstrike on Syria can be found here.
This doesn't mean much for civilian computer security folks yet (except for defense contractors), but military technology has a way of working its way down to other uses, such as law enforcement, corporate or criminal. We'll have to wait and see what the future brings, and in the meantime it's simply amazing to know it's possible and actually being done.