Saturday, August 26, 2017

What's the thinking on the USS John F McCain? Directed Energy?

During the Presidential primaries, we authored an intelligence assessment regarding the North Korean potential for an Electro Magnetic Pulse (EMP) floated over a city in the US and detonated, leaving electronics for miles on their death beds. Last week we published a piece on GPS Spoofing in the Black Sea, showing three ships nearly 25 miles away from where GPS put them —in an inland Russian airport. And tonight I'm seeing a number of youtube videos talking about directed energy weapons (DEW) having been used (speculation of course) against the John F. McCain. The video shown below is one of many, now speculating on the idea that a DEW may have been used against the JFMc.


Regardless of your thinking on this (I happen to believe that human error could not have caused this crash), the idea that an EMP or DEW may have been employed in this incident should not be that far fetched.

You see, (ahem) years ago, we had this thing called TEMPEST. TEMPEST was essentially the hardening of computing gear by wrapping it in grounded shielding, sealing seams with braided wire, and ensuring that all of our communications gear was protected from both eavesdropping, and external interference. Just hours before the McCain collision, we reported on GPS spoofing by someone in Russia against three ships in the Black Sea, showing their position nearly 25 miles off, and inland at an airport. This report of course caused my phone to explode. Reporters everywhere wanted to know if I thought this could have been the cause of the collisions in both the Fitzgerald and McCain. I have no idea, but, it's not out of the realm of possibility that someone from shore could have offered a stronger GPS signal that that of the birds, thereby causing the onboard systems —either on the warships or on the commercial vessels, to associate with it, rather than the satellites.. much like your laptop associating with a stronger wireless access point when you're sitting in a coffee shop. And after linking with shipboard receivers with a false signal, showing the ships on very different courses than originally thought. 

I'm not saying it happened, but it isn't crazy either.  A DEW —directed energy attack, is similar except the attacker doesn't care about about modifying GPS, their goal is to scramble or block electrons, leaving scopes unreliable.

So, is this a cyber attack? What's the thinking? We think it is, but not from the network. In this case, assuming a DEW was employed, it could easily overwhelm non-TEMPEST bridge instruments… I'm not much into speculation, but damn. 

Why do we care? 

First, we lost lives on two ships.  Second, About 20 years ago I gave a talk at a SANS conference where I retold a story that had appeared in a WSJ article. It goes like this… a nondescript van drives through the financial district in NYC, and as it passes, computers monitors flicker and die and electronics mysteriously fall off line. I told the story, coupled with (slightly fictionalized) accounts of incidents I'd worked, both as one of the first Internet Storm Center (then called the GIAC) watch standers, and from my work in the Navy.  I was given poor reviews, with one calling me out as a snake oil salesman. Until a few years ago, I gave that exact talk at the Navy War College for Admiral Hogg's Strategic Studies group. 

DEW and EMP are a threat to cyber, and the world knows how much we rely on it.

If your cyber threat intelligence shop isn't considering the likelihood and impact these external threats, and if you're not thinking about how you might deal with a catastrophic electronic event caused by more than just skids, hactivists, or APT, without thinking risk and resilience for a larger scale attack, you might be missing something in your enterprise risk management plan.

If you'd like to read our assessments, call me or join our Read Board community.

For now, I'm off. 

Have a great weekend.
Jeff


No comments: