Signals & Space Monthly Cyber Security Briefing:

February 2017

Prepared by the CyberWire (Wednesday, February 8, 2017)—Since cyberspace has become effectively a third global commons, joining the sea and space, it's natural that policymakers, strategists, and legal experts should turn to the norms that have evolved in the two older domains for guidance. With that, China's recent seizure and return of a US autonomous undersea vehicle (AUV) in the South China Sea is interesting and disturbing. The AUV was operating in what the US and most other countries regard as international waters. Observers think that the Chinese government is establishing a precedent that would justify its seizure of other assets. Those would include, prominently, satellites. And since kinetic interference with satellites remains expensive and physically challenging, that precedent if successfully established could easily by extension be taken to license cyber interference.

Where there's a bug, there's a vulnerability: launch IV&V.

On January 22 the Sunday Times reported that a service practice test launch of a British Trident missile failed. Conducted in the Eastern Range off Florida in late June 2016, the firing from HMS Vengeance went awry. "Something went wrong after the missile left the sea from the submerged submarine," as the Times puts it. There was, of course, no live warhead aboard the missile, and so there was no nuclear incident, but the launch failure is disturbing. It was the first such trial the Royal Navy had conducted in four years, and any failure is taken to call the reliability of the British nuclear deterrent into question. Reports indicate that it was an in-flight failure as opposed to a misfire or hangfire.

The magazine Computing notes that the test was conducted after Vengeance had completed an overhaul that included an upgrade to her IT systems, which presumably included her fire control systems. Computing calls it "highly probable" that the mishap was due to improperly installed or configured IT, and notes other reports that Windows XP continues in use aboard Royal Navy warships. The diagnosis is a priori speculation on Computing's part, but even so the possibility of buggy launch control software shouldn't be overlooked. The incident should serve to draw fresh attention to independent verification and validation of launch systems and sofware, and to the cyber security of the same.

Cyber warfare: capabilities and casus belli.

Russia continues its denial (accepted by essentially no one) that it maintains organizations whose mission is offensive cyber operations. The US Intelligence Community has formally attributed several hacking incidents, notably those surrounding intrusions into political party and campaign networks during the 2016 election season, to the Russian government, and the new Administration has been swift to commit itself to consideration of retaliation in kind. (The previous Administration had made similar noises, even, in its final month, to open consideration by then-Secretary of Defense Carter of non-cyber retaliation for cyber attacks. Such retaliation, it was noted, could in priniciple occur anywhere along the spectrum of conflict, from diplomatic demarche through sanctions and criminal proceedings to kinetic military operations. The outgoing Administration also noted that the Department of Defense had successfully "deterred" a range of cyberattacks.) 

That said, the circumstances of such retailiation remain problematic, the norms governing armed conflict remaining unclear in their application to cyberspace. The new Secretary of Defense, James Mattis, has cautioned against the danger of blundering into cyber war. Recognizing a casus belli in cyberspace is even more difficult than doing so in the kinetic world: missile lauches, for example, are relatively unambiguous events, and even those are susceptible to misinterpretation or false alarms. The situation in cyberspace is far murkier.

In any case, the US military services are increasing the amount of cybersecurity play in their training exercises (the Air Force is paying particular attention to cyber in the Red Flag air combat exercises), and cyber units continue, regularly, to achieve initial operational capability. Some observers see a coming renaissance of wargaming in the Department of Defense, with cyber operations assuming greater prominence.

Cyber industrial espionage is still out there.

The latest round of Shamoon, the destructive malware first seen deployed against Saudi Aramco in 2012, reappeared late last year and again early this year in fresh Saudi targets, notably government ministries and the petrochemical sector. It had been largely cleared up by the end of this month, but Saudi Arabia remains on high alert, and it's worth recalling that the aerospace and aviation sectors have provided Shamoon's operators with their secondary target set. Aerospace remains a perennial target of industrial espionage.

Industry notes.

Raytheon announced that it had successfully tested the ground control system of the next-generation GPS satellite. It completed the factory qualification test of the Launch and Checkout System at its Aurora, Colorado facility in "cyber-hardened environment," and essential step toward verifying compliance with US Air Force requirements. 

US Cyber Command continues to make progress toward establishing its own procurement capability: it's authorized to spend $75 million on cyber without further approval from any higher headquarters.

Orbital ATK has a beef with DARPA. The company (seconded by four members of the US House of Representatives) argue that the Pentagon research agency's RSGS (Robotic Servicing of Geosynchronous Satellites) program would violate national space policy guidelines that discourage Government competition with commercial space concerns. Orbital sees the DARPA program as unfair competition with its own Mission Extension Vehicle 1.



Today's edition of the CyberWire reports events affecting China, Iran, Russia, Saudi Arabia, the United Kingdom, and the United States.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities (7)

Cyber Trends (1)

Marketplace (5)

Products, Services, and Solutions (2)

Technologies, Techniques, and Standards (4)

Research and Development (2)

Legislation, Policy, and Regulation (11)

Cyber Attacks, Threats, and Vulnerabilities

Trident test fail could have been down to software glitch (Computing) The recent Trident missile which veered off course was fired from a submarine that had just completed an IT system upgrade

The cyber threat in outer space (Bulletin of the Atomic Scientists) In 2011 a draft report to the US Congress stated that at least two US environment-monitoring satellites had suffered interference four or more times in 2007 and 2008. A Landsat-7 Earth observation satellite built by NASA and managed by the US Geological Survey experienced 12 or more minutes of interference in October 2007 and July 2008.

The Lawless Trons of Cyberspace (Center for International Maritime Security)  By LT Travis Nicks, USN Introduction Open borders are here. You likely crossed the Rio Grande before breakfast this morning and you'll sneak into China be

Defense Secretary Nominee Cautions Against 'Stumbling' Into Cyberwar (Nextgov) Retired Gen. James Mattis called for a comprehensive cyber doctrine to respond to cyberattacks when testifying during his Senate confirmation hearing Thursday

Nordic NATO Members Alert to Risk of Russian Cyberattacks (Defense News) Russia has the willingness and capacity to launch serial cyberattacks against Denmark and any neighboring Nordic or Baltic state that it regards as too close to NATO or an imminent threat, according to security intelligence aggregated by Danish defense intelligence services.

‘Fancy Bear’ also growls at Norway (News in English: Views and News from Norway) The same group of hackers that intelligence officials believe swung the US election in favour of Donald Trump has also attacked Norwegian targets within the military and foreign service. Called “Fancy Bear,” computer security experts believe Russia is behind the hacking that’s aimed at political manipulation and destablization of western democracies

Shamoon 2 Variant Targets Virtualization Products (Security Week) A second variant of the Shamoon 2 malware discovered by researchers at Palo Alto Networks has been set up to target virtualization products, likely in an effort to increase the impact of the attack and make recovery more difficult for targeted organizations.

Cyber Trends

Hollywood cybersecurity vs. Vegas cybersecurity (The Christian Science Monitor) The cybersecurity we see in movies and TV often takes some creative license (we’re looking at you, CSI), but the stuff on stage in Vegas conferences can be just as far removed from the day-to-day practice of cybersecurity, too.


Lawmakers, Orbital ATK Denounce DARPA Satellite-Servicing Program (Defense News) Four Republican lawmakers have asked the US Defense Advanced Research Projects Agency (DARPA) to halt a satellite-servicing program, arguing it violates national space policy guidelines that discourage public competition with commercial space activities.

CYBERCOM's new buying power now closer to reality ( CYBERCOM is in the midst of creating its own acquisition office to handle its new spending authority.

Air Force selects Diligent to facilitate transition of COMSEC tracking to Joint program (Yahoo! Finance) Diligent Consulting Inc. (Diligent), announced today that they have been awarded the Air Force (AF) Communications Secure (COMSEC) and Controlled Cryptographic Items (CCI) Accountability and Tracking (COMSEC/CCI) Tool program, a $1,576,455 contract under the NETCENTS-2 Application Services Small Business IDIQ vehicle

ISR firm buys intel community tech provider (C4ISRNET) Defense ISR company Polaris Alpha has acquired Intelesys Corporation, which provides technology for the U.S. intelligence community.

Root9B to Support Chiron on Cyber Operational Training for DoD Under $50M Contract (ExecutiveBiz) Root9B has partnered with Chiron Technology Services to deliver cyber operational training to the Defense Department under the team’s potential five-year, $50 million contract. Root9B will provide cyber operations, incident response, threat emulation and network defense training that will work to prepare cybersecurity teams to defend against evolving cyber threats, the Colorado Springs, Colorado-based firm said Thursday. The...

Products, Services, and Solutions

GPS satellite system passes factory test (C4ISRNET) "Raytheon tested 74 OCX segment requirements at its Aurora, Colorado, factory in a cyber-hardened environment, verifying that the LCS is well on its way to meeting U.S. Air Force requirements," Raytheon said.

Microsoft cloud gets Pentagon's top security rating (FCW) The Pentagon has given the highest security rating for unclassified data to Microsoft's federal cloud offerings, Azure Government and a Defense Department-specific iteration of Office 365. The Microsoft services were granted Level 5 provisional authority to operate certification

Technologies, Techniques, and Standards

Handling Classified Information: Lessons Learned (SecurityWeek) Can we learn from the blunders of U.S officials on their handling of classified information?

Pair of Air Force Cyber Weapons Systems Ready for War (Fifth Domain) Late last year, the Air Force declared one of its newest cyber weapons tools initially operationally capable. The tool, the Automated Remediation Asset Discovery (ARAD), is a modification to the Air Force Cyber Security and Control System (CSCS), which was itself declared IOC by Air Force Space Command in 2014

Red Flag evolves as ISR, cyber presence increases (U.S. Air Force) The silent warfighters of the intelligence, surveillance and reconnaissance and cyber communities are honing their operational skills and testing new capabilities during Red Flag 17-1 at the Nevada

It’s Game Time (Again) For War Gaming (SIGNAL) The technique is on the rebound as educators prepare digital natives for future conflicts

Research and Development

Vencore supporting DARPA with jam-resistant networks (C4ISRNET) Vencore has been awarded a DARPA prime contract to develop jam-resistant networks.

Blog: Army Cyber Center of Excellence Requests Capability Research (SIGNAL) The Army Cyber Center of Excellence is requesting research papers that address specific areas that answer learning demands or capability gaps that inhibit operational force effectiveness or efficiency. Among other things, the research papers will be used to evaluate emerging concepts against documented Army Signal, cyberspace and electronic warfare capability requirements

Legislation, Policy, and Regulation

How China’s seizure of a naval drone could set a precedent for nabbing a satellite in orbit (Space Review) China’s mid-December abduction of a US Navy unmanned underwater vehicle (UUV) as the vessel was returning to its mothership after a scientific excursion showed that China is willing to play hardball with US hardware. In previous confrontations, China took custody of an EP-3 reconnaissance plane and its crew in 2001, and has harassed multiple unarmed US Navy survey ships with dangerous maneuvers. As part of its “peaceful rise”, China has focused on gaining ground in new domains of strategic interest outside of its traditional focus. As a result, it has adopted assertive and asymmetric strategic postures in the maritime, cyber, and space domains.

How an international treaty signed 50 years ago became the backbone for space law (The Verge) Fifty years ago today, the United States, the Soviet Union, and the United Kingdom opened a treaty for signature that would become the backbone for international space law. It was a United...

Ash Carter on Russia hacking: U.S. could go beyond cyber response (CBS News) Outgoing Defense Secretary Ash Carter has been openly critical of what he says have been Russian efforts to sow seeds of global instability

DoD Cyber Policy Chief: We've Deterred Destructive Cyberattacks (Nextgov) When President Barack Obama took office, one of intelligence officials’ top fears was a “cyber Pearl Harbor,” a catastrophic and destructive cyberattack that resulted in mass casualties and destruction of property

Russia denies existence of cyber attack units (IHS Jane's 360) Amid a growing scandal in the United States over Russian attempts to interfere in the 8 November presidential election, Moscow has denied the existence of both its 'cyber corps' or the assertion that any Russian government entity engages in attacks on foreign computer systems

Trump Administration Highlights Offensive Cyber in First Moments (Nextgov) President Donald Trump’s administration Friday highlighted offensive cyber actions among its first digital messages to the American people

In memo, Mattis signals closer ties between the Pentagon, State Department, intelligence agencies (Military Times) Defense Secretary James Mattis on Friday signaled that his tenure at the Pentagon will bring closer ties between the military, State Department and America's intelligence agencies

Trump pledges to boost U.S. Cyber Command, use 'cyberwarfare' in foreign policy strategy (Inside Cybersecurity) The Trump administration is planning to boost cyber offensive capabilities at U.S. Cyber Command and collaborate with foreign allies to “engage in cyberwarfare to disrupt and disable propaganda and recruiting,” according to the policy statements issued by the White House following President Trump's swearing in ceremony on Capitol Hill

The emergence of the 'cyber cold war' (CNN) A spectre is haunting the West -- the spectre of cyberwar

Cyberwar Has Gone Public, and That's Dangerous (Bloomberg) Compared with the alleged Russian hacks of the Democratic National Committee and other U.S. targets, another important cybertheft that has also been tentatively attributed to Russia is getting far less attention. The revelations are much less titillating than those that have made headlines recently -- they aren't even understandable to most people -- but they may be part of the same cyberwar, one whose rules seem to be changing

Air Force CISO: Adversaries are watching you (C4ISRNET) Peter Kim, Air Force CISO, warned that adversaries are constantly monitoring public and private activity.

Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire or Cosmic AES

Prior Issues

Cosmic AES - Experts in Space and Communications