Among the challenges the exercises revealed were that the number of precision-guided munitions available across the force were short of the war plans and it would be difficult to sustain a large troop presence.
“Could we probably beat the Russians today [in a sustained battle]? Sure, but it would take everything we had,” one defense official said. “What we are saying is that we are not as ready as we want to be.”
One classified “tabletop exercise” or “TTX”—a kind of in-office war game—“told us that the wars [in Iraq and Afghanistan] have depleted our sustainment capability,” a second defense official explained, using military jargon for the ability to maintain a fight. The exercise was led by the Department of Defense and involved several other federal agencies.
In recent months, the top officers of the military have begun to call Putin’s Russia an “existential threat” to the United States. The results of those exercises—and Russian-backed forces’ latest advance in Ukraine—didn’t exactly tamp down those fears.
Igor Baikalov, chief scientist at data analytics firm Securonix, is nevertheless concerned. He told us if the Department of Homeland Security and the Federal Bureau of Investigations are ruling out a cyberattack as the cause of outages at United Airlines, the NYSE, and the WSJ — all happening in the span of a few hours on Wednesday morning — then our technological foundation is in a really bad shape.
“It’s our critical infrastructure we’re talking about. To have vital transportation, financial, and media companies, that are heavily dependent on technology, experience disrupting ‘glitches’ in their busiest hours is something that only global war game scenario can envision,” Baikalov said. “It’s just not something that one plans for in real life.”
NYSE President Tom Farley said an SEC (U.S. Securities and Exchange Commission) software update that morning could have triggered the outage. With that in mind, Baikalov asked a pointed question: Was it really that much cheaper to deploy system-wide changes right before the opening bell, and bring the whole thing down, than to execute a careful deployment overnight, with sufficient time for testing and reversing the changes if needed?
“I mean, these are serious companies with smart people doing expensive stuff — it’s not some low-life Internet of Things — how could the basic principles of information security be so ignored? Perhaps,” he said. “I stick with the conspiracy theory of nation-state retaliation for the market crash — or alien invasion.”
But what if the big attack on America is one in which our military can’t defend us at all?
More and more, that seems not only like a possibility, but a probability.
In fact, we’ve seen some dress rehearsals for this kind of war recently.
What this means is that enemies are prepared, willing and able to exploit vulnerabilities of our civilian government infrastructure to avoid a direct head-on confrontation with our strength – our fighting forces.
It has come recently in the form of a devastating, albeit limited, cyber-attack by China in which this privileged trading partner and recipient of hundreds of billions in direct U.S. government aid exploited Washington’s negligent, virtually non-existent digital security policies to score perhaps the biggest intelligence asset in the history of the world – the names, addresses, Social Security numbers and background information on every single U.S. government employee, civilian and military, in the U.S.
It was a breathtaking and astonishing attack, albeit, given the U.S. government’s sheer incompetence, it was more like a surrender than an ingenious triumph by an enemy.
Construction of the underground tunnels began in July 1944, mobilizing troops and Korean forced laborers. A room for the chief commander, Adm. Soemu Toyota, and key departments were up and running in a few months.
Only in the chief commander’s room, cement on the walls was smoothed out, the floor was covered with tatami mats and there was a door. He climbed up and down 126 stairs between the two command centers — above and below ground. His room was slightly elevated so that the floor remained dry, and there was even a flush toilet.
The tunnel command center also had ventilation ducts, a battery room, food storage with ample stock of sake, in addition to deciphering and cable and communications departments. Marks on the ceiling remain from where overhead lights hung. The tunnels housing the command center and its facilities under the campus are 30 meters underground and stretch about 2.6 km in length.
The conditions for those leading the war contrasted with those of ordinary people, who hid in small mud shelters as firebombs rained down from the sky, Akuzawa said.
Hisanao Oshima, who was there from February to May 1945 as a communications crew monitoring Morse code, still cannot forget the moments when he lost signals from kamikaze fighters. “The sound stops, and that means he crashed. I just cannot get that out of my head,” he said in an interview with NHK.
It is really neat for this to exist so close to where I live. If a chance to take a tour of these tunnels ever came up I would surely jump on it in a heartbeat.
I know there is an entire network of underground military tunnels running all over the Kanagawa-to-Tokyo area. Tunnels can be entered in Yokosuka Naval Base and drives all the way up to multiple locations in Yokohama and other Kanagawa bases as well, such as Camp Zama, Atsugi, Yokohama North Dock, and more. While I am sure they are insect and rat infested to disturbing levels, it would be a fascinating underground – literally – look at some Japanese history we rarely read or hear about.
Until now only when someone possessed a chemical, biological or nuclear weapon, it was considered to be a weapon of mass destruction in the eyes of the law. But we could have an interesting — and equally controversial — addition to this list soon. The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology has proposed tighter export rules for computer security tools — first brought up in the Wassenaar Arrangement (WA) at the Plenary meeting in December 2013. This proposal could potentially revise an international agreement aimed at controlling weapons technology as well as hinder the work of security researchers.
At the meeting, a group of 41 like-minded states discussed ways to bring cybersecurity tools under the umbrella of law, just as any other global arms trade. This includes guidelines on export rules for licensing technology and software as it crosses an international border. Currently, these tools are controlled based on their cryptographic functionality. While BIS is yet to clarify things, the new proposed rule could disallow encryption license exceptions.
The new proposal is irking security researchers, who find exporting controls on vulnerability research a regulation of the flow of information. You see, these folks need to use tools and scripts that intrude into a protected system. If the proposal becomes a law, it will force these researchers to find a new mechanism to beat the bad guys.
Some policy wonk in the United States government obviously has no practical knowledge of how the internet functions. Just because the United States may classify such tools as weapons of war will not make their acquisition difficult. The internet is global, and thus such tools will merely become available in nations without the same controls as the United States.
This is not to mention that cyber security – aka hacking – tools do not cause physical damage unlike, you know, actual weapons. Bombs, assault rifles, tanks, biological weapons, and whatnot all cause actual kinetic devastation, and can kill people. Hacking tools not so much. Even though industrial control systems may be compromised, it is doubtful their being breached can cause real harm, Stuxnet notwithstanding.
It is no surprise the US government would like to control the distribution of tools potentially capable of attacking the nation. However, this is sure to harm security research on attack techniques, which ultimately leads to new and unique defense mechanisms. We need the ability to conduct cyber security research inside the US, so shoring up these tools will surely have disastrous effects on academia and cyber defense research in general.