The United Nations, in its long-running deliberations over fostering the development of norms of conduct in cyberspace, was in October presented with two competing visions of what such norms should look like. One, a Russian proposal backed by China and other authoritarian governments, follows the general line laid out by the Shanghai Cooperation Organization. It would repose significant authority to control online content with governments. This proposal is countered by one from the US, backed by the EU, the Five Eyes, and Japan, that advocates freer flow of information and greater respect for individual rights. The Russian proposal concentrates on notions of "cyber sovereignty" and ironically (in the view of the West, cynically) deplores the spread of disinformation across the internet.
Cyber vulnerabilities in US weapons programs.
A Government Accountability Office report found widespread issues with US weapons programs' cybersecurity. The GAO found that, despite moves in recent years to embed cybersecurity throughout Defense systems' lifecycles, efforts to do so have failed to keep up with the rapidly expanding attack surface growing connectivity ("the Internet of Battlefield things") now presents. The GAO used a variety of methods in its study, including red team testing. It freely admits that its results only scratch the surface of the problem, but the GAO is confident that "nearly all" military systems now under development are vulnerable to cyberattack. The methods such attacks might use, the report suggests, are depressingly familiar and not necessarily particular high-tech. They're things like easily guessed administrative passwords and other lapses in basic hygiene. The Department of Defense is conducting its own audit that will focus on cybersecurity issues in Defense programs.
Crewed launch services.
The emergency abort of a Soyuz flight to the ISS this month raises the level of urgency surrounding alternatives to the Russian system, currently the only one carrying crews into low earth orbit. Shortly after launch from Baikonur on October 11th, faulty sensors apparently caused side-mounted boosters to separate improperly at the time of first and second stage separation. The boosters collided with the main vehicle, causing the catastrophic loss of Expedition 57. The crew module separated safely and returned the two flight engineers, NASA's Nick Hague of NASA and Roscosmos's Alexey Ovchinin safely to the ground,
Russian authorities say they've identified and fixed the problem, and that Soyuz flights to the ISS will resume on December 3rd. NASA says it believes them, and that it intends to continue to fly astronauts on the Soyuz as planned and scheduled. But the incident has drawn attention to the importance of fielding other systems that can put crews into space. NASA says the first crewed mission of a SpaceX craft to the International Space Station will be flown in June 2019, and SpaceX competitors Blue Origin and Stratolaunch continue to advance development of their own commercial vehicles. Stratolaunch has been conducting successful taxi tests with its vehicle carrier and launch platform, the world's largest aircraft. The twin-boomed ship would deploy rockets at altitude, an approach which the company sees as promising efficiencies traditional ground launches don't.
Blue Origin and Virgin Galactic are racing to see which company will be the first to put paying passengers into space (suborbital flights first). Virgin Galactic's Richard Branson said, on October 9th, that uncrewed test flights of the company's spacecraft were "weeks, not months" away, and that crewed flights should follow shortly thereafter. Blue Origin's Jeff Bezos has done a good bit of talking recently about his ambitions to send people to Mars permanently, where they would live out their natural lives in artificial habitats. That project isn't weeks away, but optimistic estimates put it only a few decades out.
On a sombre note, we mark the passing of Stratolaunch founder Paul Allen died at 65 after a long struggle with cancer on October 15th.
There's also some speculative design work in progress. Upstarts SpaceX and Blue Origin have made a good bit of public noise about their intention of flying crews to the moon or Mars within the next two decades, and traditional aerospace company Lockheed Martin is working on a concept for a lunar lander. It seats four, would be equipped and provisioned for a stay of two weeks on the lunar surface, and could also be used for expeditions to Mars.
Cargo launch services.
SpaceX continues to burnish its growing reputation for affordable launches with routinely reusable vehicles. It will fly a Falcon first-stage for the third time in mid-November, and in early October succeeded in landing a Falcon back at Vandenberg Air Force Base in California.
The US Air Force says it's considering using suborbital rockets to deliver cargo anywhere on earth within about an hour. The Service has been in talks with Blue Origin and Virgin Orbit (corporate sister of Virgin Galactic) about the possibility of such systems. Suborbital delivery would obviously be valuable where the need for speed outweighed considerations of cost. Another consideration to be worked out would be finding ways of letting jittery adversaries know that the launch their sensors just observed was carrying only (let us say) much-needed socks for the infantry as opposed to the thermonuclear weapons its suborbital trajectory might suggest. In any case, Richard Branson likes the idea.
US Space Force developments.
The US Space Council has sent a proposal for the formation of a Space Force to the President. The Air Force estimates it would cost $13 billion to establish the new service, but some in Congress think that figure, while cautiously high, may not fully address start-up costs. The new service would initially be formed with elements of existing organizations: Air Force Space Command, the Space and Naval Warfare Systems Command, the Naval Satellite Operations Center, and the Army’s 1st Space Brigade. It would not include the National Reconnaissance Office, and its relationship with a Space Combatant Command would need to be worked out.
An internal Defense planning document obtained by Defense One lists the new Service's mission: "space situational advantage; battle management command and control of space forces; space lift and range operations; space support to nuclear command and control; missile warning; satellite communications and position, navigation and timing." It would be responsible only for joint space operations.
Contrary to earlier speculation that Space Force would be formed within the Department of the Air Force and remain there in the way the Marine Corps remains part of the Department of the Navy, more recent thinking suggests that the new Service would have its own Department and its own seat on the Joint Staff. It might also have its own National Guard.
Russian espionage and information operations.
Concerns over Russian information operations continued during the run-up to the US midterm elections. The threat is seen more as influence aimed at disrupting and weakening American civil society than direct hacking of voting systems (although that, too, remains a worry). The principal mode of influence operations has been online trolling, and on October 19th the US Department of Justice indicted a Russian national in connection with crimes involving the 2018 elections. Elena Alekseevna Khusyaynova, of St. Petersburg, is accused of managing the finances of the troll farm that's distributed disinformation through bogus online personae.
The EU complained of Russian intrusions into the networks of the Organisation for the Prevention of Chemical Warfare (the body that was investigating GRU nerve agent attacks in Salisbury, England) but in the end deferred sanctions the UK and the Netherlands advocated.
Chinese espionage and information operations.
On October 30th the US Department of Justice unsealed an indictment of ten individuals, two of them Chinese intelligence officers, the other eight collaborators. The ten are charged with industrial espionage carried out against thirteen US aerospace firms.
China has been more active in cyber espionage than in information operations, but US officials have raised concerns about a perceived growth in Chinese interest in influence operations.
Multi-domain capabilities become real, while remaining aspirational.
The example of Russian hybrid warfare, blending conventional, deniably unconventional, cyber, and information operations continues to shape US tactics, techniques, procedures, and technology. The Services are looking at an increasing convergence of cyber and electronic warfare, and are reaching out to industry for near-term responses to the very active and effective electronic attack US forces in Syria are encountering.
Nuclear forces and nuclear arms control.
The US has decided, in what it characterizes as a response to Russian cheating, to withdraw from the Intermediate-range Nuclear Forces (INF) treaty. The Russian evasion of treaty provisions has been particularly egregious over the past six years. US objections to Russian activities prohibited by the treaty go back to the previous Administration, and have become particularly acute since Russia's testing in 2014 of a prohibited ground-launched cruise missile.
Bilateral efforts at nuclear arms control continue, with the US and North Korea resuming talks on denuclearization.
JEDI contract updates, and Silicon Valley-Pentagon tension.
The US Defense Department's massive JEDI cloud contract remains controversial with industry. Some prospective bidders, most recently IBM, have filed protests in advance of proposal submission. The discontent in their case stems from concerns that the RFP unreasonably favors certain companies by adopting a single-vendor approach. IBM will face tough competition from both Microsoft and Amazon, and it hasn't concealed its view that the RFP was written to be wired for Amazon. The Defense Department insists that no vendor is favored.
Other prospective providers, like Google, have dropped out of the competition entirely. Google's decision to no-bid JEDI reflects an internal company dispute over whether Google ought to be doing any business with the military at all. "Not in accord with our values," is how Mountain View explained its decision to pass on the Pentagon cloud opportunity. Since JEDI is hardly a weapon system, those values are probably to be taken as either a fairly strong form of pacifism or as a corporate rejection of US Defense policy. Other tech giants, Microsoft and Amazon among them, have publicly affirmed their support for US Defense efforts and their interest in continuing to pursue it. Amazon's Jeff Bezos has been among the more vocal advocates of cooperation between Big Tech and the Department of Defense. Critics have not been slow to point out that Google's pacifistic stance has not inhibited it from working closely with the Chinese government on a wide array of tools for censorship.
Department of Defense pulls back from proposed changes to the way it pays contractors.
Facing very strong push-back from industry, the Deputy Defense Secretary Shanahan cancelled a proposed policy that would have adversely affected contractors' cash flow. The National Defense Industrial Association, the Professional Services Council, and the Aerospace Industries Association all objected, as did individual companies and a significant number of members of Congress.
Today's edition of the CyberWire reports events affecting China, France, Iran, Iraq, the Democratic Peoples Republic of Korea, the Republic of Korea, Russia, Somalia, Syria, the United Kingdom, and the United States.
US helps Syrian partners regroup for ISIS ‘last stand’(Military Times) The U.S.-led coalition against the Islamic State group says it is helping local Syrian partners regroup after a major setback over the weekend as the militants fight for their last pocket in Syria, near the Iraqi border.
Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities(US Government Accountability Office) In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected. DOD's weapons are more computerized and networked than ever before, so it's no surprise that there are more opportunities for attacks.
The Coming Storm: Ethics in the Next War(Real Clear Defense) As the U.S. military transitions from a strategy-level focus on violent extremist organizations (VEO) to great power competition, Americans would do well to establish reasonable expectations for the future.
Thales Group reports boost in space revenue(SpaceNews.com) Government demand for space systems drove a “recovery of space orders” for Thales Group this year, offsetting a slump in commercial telecom satellites, Chief Financial Officer Pascal Bouchiat said Oct. 18.
BAE % Wins Spot on Massive Pentagon Research IDIQ(WashingtonExec) BAE Systems is one of 15 companies to win a spot on a massive $28 billion Defense Department R&D contract, the company announced. Under the 9-year Under the 9-year IDIQ contract, BAE Systems is cleared to compete for task orders expected to exceed $15 million.
IBM files formal JEDI protest a day before bidding process closes(TechCrunch) IBM announced yesterday that it has filed a formal protest with the U.S. Government Accountability Office over the structure of the Pentagon’s winner-take-all $10 billion, 10-year JEDI cloud contract. The protest came just a day before the bidding process is scheduled to close. As IBM put it …
Lockheed Martin's Lunar Lander Seats 4 Astronauts(PCMAG) It's a reusable craft capable of carrying 2,000lbs of cargo as well as four astronauts and is designed to stay on the surface of the Moon for up to 14 days at a time. If it gets beyond the concept stage the lander could also one day visit Mars.
‘Internet of Battlefield Things’ Transforms Combat(Wall Street Journal) A variety of intelligent and semi-intelligent things are starting to talk to each other and work together on the battlefield, says Dr. Alexander Kott, chief scientist of the United States Army Research Lab.
RIP INF: The End of a Landmark Treaty(The National Interest) Donald Trump did not have to withdraw from the INF Treaty. But now that he has set the wheels in motion, what does that mean for America's national security?
Pence's little-noticed speech marked a new US realism toward China(Washington Examiner) A seismic shot across the bow, Vice President Mike Pence’s Oct. 4 speech on U.S.-China policy garnered surprisingly little coverage. But historians may well mark it as a significant turning point in great power relations. Pence’s address to the Hudson Institute heralded a dramatic shift in…
EU paves way for Russia sanctions over chemical weapons(Deutsche Welle) A new framework to allow sanctions over chemical weapon use could see restrictions placed on Russia over the poisoning of former spy Sergei Skripal. Potential sanctions could involve travel bans and asset freezes.
Nielsen outlines how US reassessing cyber risk(Fifth Domain) U.S. leaders are changing how they view threats in cyberspace and now expect that a nation state or criminal actor with cyber capabilities will use those tools against the United States, Secretary of Homeland Security Kirstjen Nielsen said Oct. 3 at the Atlantic Council.