Electronic Warfare and Cyber Intelligence Metastasis

Bogeyman 

Experienced member
Professional
Joined
Sep 21, 2020
Messages
1,905
Reaction score
8,202
Points
113
Website
twitter.com
Nation of residence
Turkey
Nation of origin
Turkey
Here, in the technical sense, I will share news and conferences on the subject through the US talking about the synthesis and interpretation of cyber intelligence and electronic warfare.


At a conference on August 21, 2019, the US general in charge of the cyber army was explaining the Electronic Warfare & Cyber Intelligence partnership on a doctrinal basis.


The 10th fleet of the US navy defines the place of cyber command in the navy.
The link also contains very useful information about the nature of intelligence.


US Air Force adds electronic warfare to new intel, cyber office


The U.S. Air Force’s fresh intelligence and cyber entity at the Pentagon is adding electronic warfare to its profile, continuing to build out a more robust information warfare portfolio.

In 2019, the deputy chief of staff for intelligence, surveillance and reconnaissance added in cyber effects operations when creating the A2/6. It’s leader, Lt. Gen. Mary O’Brien, said Tuesday that while cyber and ISR are the primary focus, there are other capabilities that must converge to deliver effects in the information environment.

“It’s imperative to be able to influence the entire electromagnetic spectrum to get after our priorities,” she said Sept. 15 during a panel as part of the virtual Air, Space and Cyber Conference. “Along those lines, earlier this year the Air Force decided to realign the Air Force spectrum management office form Air Combat Command. Starting on 1 October, the Air Force spectrum management officer … is going to be on the A2/6 team.”

The mission of the spectrum management office is to both defend assets in the electromagnetic spectrum and ensure spectrum access for the Air Force and Defense Department activities in support of global missions, O’Brien said.

She noted that the move is part of the multiyear path from Headquarters Air Force to synchronize information warfare.

The Air Force embarked on this path in 2019 when it added cyber effects operations to the A2 portfolio. Next, it merged its cyber- and ISR-numbered Air Forces in October 2019 to create the first information warfare-numbered Air Force, 16th Air Force.


The key distinction between the two is that the Air Staff focuses on the workforce, concepts, training, platforms and tools required so 16th Air Force can focus on actual operations.



The Air Force in 2019 chartered a yearlong study into electronic warfare to gain insight into how adversaries have gained an edge and what opportunities exist for the U.S. to regain its edge. In fact, the leader of that study was selected to be the vice commander at 16th Air Force.

O’Brien noted that the traditional functions of information warfare include cyber, ISR, information operations and electronic warfare, which she noted is now moving toward electromagnetic spectrum operations, which is a more all-encompassing verbiage.


Pentagon updates electronic warfare handbook with new cross-branch approach


The U.S. military has updated its handbook on electronic warfare, changing it to a more all-encompassing, cross-branch approach for planning, executing and assessing operations on the electromagnetic spectrum.

The document, which is dated May 2020 but was not made public until late July, eliminates and replaces the previous joint publication for electronic warfare and provides principles and guidance related to joint electromagnetic spectrum operations, or JEMSO.

The Department of Defense has undergone a renaissance of sorts in the electronic warfare sphere over the past several years. By and large, the department divested much of its electronic warfare capabilities after the Cold War. During counterinsurgency efforts in the last 20 years, the military used blunt jamming tools to thwart improvised explosive devices, which, in turn, inadvertently jammed friendly systems.

In that time, some U.S. adversaries have invested in advanced jamming capabilities and geolocation systems that can target forces based upon their electromagnetic spectrum emissions, which makes large command posts in the counterinsurgency world vulnerable.

Congress in recent years has also sought to right the DoD’s ship in electronic warfare. Last year, among other related moves, Congress created the Electromagnetic Spectrum Cross-Functional Team to help devise a new superiority strategy in this area, which is due to be released later this summer.

This year’s defense policy bill, which still must be reconciled between the two congressional houses, seeks several other changes such as transferring the responsibilities of the electromagnetic spectrum from the commander of Strategic Command to the Joint Chiefs of Staff, and requiring the vice chairman of the Joint Chiefs of Staff to become the senior designated official for electronic warfare.

The changes to the handbook is a sign officials are coming to grips with how critical the electromagnetic spectrum is.

“Just as in the physical domains and in cyberspace, military forces maneuver and conduct operations within the EMS to achieve tactical, operational, and strategic advantage. Freedom of maneuver and action within the EMS are essential to US and multinational operations,” the new document stated.


JEMSO is thought to be a more overarching approach to the electromagnetic spectrum as opposed to just electronic warfare.

The DoD’s last EW guru, William Conley, who left the department in September, put it this way:

“The term EMSO, electromagnetic spectrum operations … is really about how do we do all of those things dynamically through a finite number of apertures but also how do we battle manage all of these different things, which are happening in the electromagnetic spectrum today. It is how all of those come together, how we train operators, how we train commanders to make use of these new and different ways of being able to (a) understand their operational environment, but (b) the command relationships they now actually have and the things they now can control.”

The new joint publication describes JEMSO on a continuum from “peacetime” to armed conflict.

“During peacetime, JEMSO are conducted to ensure adequate access to the EMS and may include deconflicting use of the EMS between joint users and coordinating with a host nation (HN). As a crisis escalates toward armed conflict, JEMSO shift from EMS access coordination to EMS superiority, with coordinated military actions executed to exploit, attack, protect, and manage the electromagnetic operational environment (EMOE),” it stated.

The document described joint force responsibilities, organization, service support and intelligence support, as well as multinational support, organization, planning, operations, execution and assessment of electromagnetic spectrum operations.

One of the critical differences the document seeks to inject into the way the DoD conducts these operations is increased coordinated among the armed services.

“Instead of these mission areas being planned and executed in a minimally coordinated and stovepiped fashion, JEMSO guidance and processes prioritize, integrate, synchronize, and deconflict all joint force operations in the EMOE, enhancing unity of effort. The result is a fully integrated scheme of maneuver in the EMOE to achieve EMS superiority and joint force commander (JFC) objectives,” it stated.

 

Bogeyman 

Experienced member
Professional
Joined
Sep 21, 2020
Messages
1,905
Reaction score
8,202
Points
113
Website
twitter.com
Nation of residence
Turkey
Nation of origin
Turkey

The 47th Cyberspace Test Squadron of the US Air Force has specialized in testing the cyber vulnerabilities of warplanes.


For the operational framework of the fleet

A news about the operationalization of the fleet


96th Cyberspace Test Group Change of Command - 6-12-2020
 

Bogeyman 

Experienced member
Professional
Joined
Sep 21, 2020
Messages
1,905
Reaction score
8,202
Points
113
Website
twitter.com
Nation of residence
Turkey
Nation of origin
Turkey

Bogeyman 

Experienced member
Professional
Joined
Sep 21, 2020
Messages
1,905
Reaction score
8,202
Points
113
Website
twitter.com
Nation of residence
Turkey
Nation of origin
Turkey

zCyber-Attack.jpg

Cyber Attack​


Different wireless or wireless/wired networked systems, both military and civil infrastructures, require different frequencies to operate effectively.
They may use standard protocols and routing rules or ad-hoc infrastructures and the information exchanged can be clear or encrypted.
In all the cases, they can be modelled as a network of computing systems.
For a number of years, military operations have used electro-magnetic attacks to disrupt enemy radars on the battlefield.
Today the access and manipulation of the EMS and/or the data and information carried by EMS let us foresee many additional capabilities involving Electronic Warfare (EW) and Cyber Warfare (CW) together.

1-14-1536x672.png


Figure 1: Traditional EW and CW

Traditionally, Electronic Warfare (EW) and Cyber Warfare (CW) were considered as independent disciplines.
However, because communication systems have moved to commodity hardware and radar and navigation systems began to depend on wireless networked operations, the boundaries between the two fields have begun blur.
Convergence between EW and CW mitigates the differences creating a new parallel for common ops. They together can provide effects that deny or degrade spectrum allowing for the control and exploitation of the network.

2-12.png

Figure 2: convergence between EW and CW

EW and CW can cooperate to accomplish Cyber missions in the Electro Magnetic Environment (EME).
They can be used in conjunction and thus may be viewed as two sides of the same coin, which is often indicated as Cyber EW or Cyber Electromagnetic Activity (CEMA).
“The synchronisation and coordination of cyber and electromagnetic activities, delivering operational advantage thereby enabling freedom of movement, and effects, while simultaneously, denying and degrading adversaries’ use of the electromagnetic environment and cyberspace” *

*CEMA Capability Integration Group (CIG)

3-6.png


Figure 3: CEMA Overview

Information Operation layers
We can define three different layers of information operations with increasing complexity:
PHYSICAL LAYER, where the information overlaps with the physical world.
Targets for attack in this layer: physical emissions
INFRASTRUCTURAL LAYER, that has the task to encode, route, encrypt and deliver the information to the correct endpoint: the “consumer”.
Targets for attack in this layer: frames, packets, sessions, signalling and control.
COGNITIVE LAYER, where human decision-making takes place.
Targets for attack in this layer: perceptions, emotions, awareness and understanding

4-3-1536x553.png

Figure 4: Communication layers

Any of these layers can be separately attacked. Of course by increasing the complexity of the layer also the complexity of the attack will increase, but also the covertness of the attack will decrease accordingly. This means that if the attack is made to the physical or low protocol layer it will be easily discovered while it will be very difficult or even impossible to discover an attack to the content of the information.

5-1-1536x665.png


Figure 5: Classes of Cyber-attacks to a communication system


The payload can consist in Viruses, Computer Worms ,Trojan Horses and Spyware and can be activated inside the first networked computer (“n-click”) and then bounced back to the other servers and computers/computing systems via the wired and wireless networks.
The nodes of networked systems physically reside in one of the warfare domains (air, land, sea, space), but the ability to achieve the mission objectives cannot be separated from the ability to control and to have freedom of action in cyberspace that, in this sense, is transversal to all other domains.
The design, development and execution of a Cyber EM operation needs:
Detailed knowledge of the target:
◦ key to address when attacking the application layer
◦ multidiscipline intelligence
Being trusted part of the network:
◦ key to inject, manipulate or modify the information transmitted inside a wireless network
Crack the COMSEC and TRANSEC network protections:
◦ different levels of complexity in term of robustness and resilience
◦ success NOT ensured a-priori
◦ expertise, tools, methodology of REVERSE ENGINEERING
Deal with preparation and verification issues:
◦ Digital laboratory
◦ Numerical simulation, digital RIG, HW in the loop
Deal with validation issues:
◦ open air test range facility

7.png


Figure 6: Cyber-attack mission summary

As seen in Figure 6 a Cyber Attack Mission can be summarized in five subsequent phases:
7-1.png

Figure 7: Data Collection



Phase 1 (Data collection):
The first phase is an Intelligence mission concentrated to the capture of data relevant to the analysis of the opponent communication network.
The Coordination Centre deploys the assets (platforms and sensors) according to the operational conditions.
A picture compilation is synthesized in real time locally in each sensor/platform, whose contributions are available in the distributed data space and correlated/fused in the Coordination Centre (OBSERVE).
Partial view of the same picture are distributed to the platforms, according to their role in the operation (ORIENT), so that short loop adjustments of the mission can be decided at platform level and contribute to the refinement of the picture (DECIDE & ACT).
The mission is also supported by one or more unmanned platforms that must go very close to the opponent network acting as fake stations to enter in the network and acquiring all the information needed.


8.png

Figure 7: Data Collection



• Phase 2 (Data Analysis):
A CETL (Cyber Evaluation Test Laboratory) composed by DMISS (Data Mining Intelligence and Surveillance) and DIGILAB allows to perform the following activities:
◦ Reverse Engineering: process of analyzing the target communication device to identify its components and their interrelationships and to investigate how it works to understand the weak points of the architecture (hardware and software) and produce a set of data (device vulnerability)
that feeds (among others) the DATA analysis activity.
◦ DATA Analysis: process of analyzing the opponent communication networks in order to state what is the protocols they are using to communicate (Protocols Structure Analysis), locate the nodes of the intercepted network (Geolocation Analysis) and reconstruct the network topology (Hierarchical Analysis). These activities are all preliminary to the Vulnerability Analysis and Assessments that are necessary to perform an attack at the opponents’ infrastructures.


9.png

Figure 8: Reverse Engineering and Data Analysis


• Phase 3 (Payload preparation):
This is another activity performed by CETL.
It consists of the process for testing advanced cyber technologies in laboratory environment with realistic and quick replica of interconnected networks to test securely new cyber payloads.
CETL is capable of rapid re-configuration, of emulating a large diversity of networks, and has the flexibility to handle multiple activities simultaneously at different classification levels.
CETL provides a broad range of uses, such as advanced cyber research and development of new capabilities, analysis of effectiveness, cyber training and exercises and is exploited in three subsequent phases for complete environment realistic simulation and cyber applications validation:
◦ a numerical simulation network
◦ A digital RIG
◦ A complete RIG with real HW in the loop


10.png

Figure 9: Payload preparation



• Phase 4 (Payload test):

CECR (Cyber Electronic Combat Range) is an open-air test range dedicated to military exercises and tests for Cyber EW systems.
CECR is used for Cyber Payload Test in order to achieve its Validation.
The test range provides a mixed environment of real, emulated and simulated elements in order to grant the operators a place where to test different capabilities of cyber electronic warfare systems that include:
◦ Detection of network attacks (passive protection);
◦ Techniques of network protection (active protection), for example, reconfiguration of network devices;
◦ Techniques of attack to adversary network’s nodes;
Even if the test range is open-air, elements of the network may be linked to wired network (emulated or simulated): essentially, they operate as gateways between wireless and wired portion of a network. Attacks through these elements may have an impact on systems connected to the network.


• Phase 5 (Cyber-Attack execution):
11.png

Figure 11: Cyber Attack


In this phase the cyber-attack mission is executed, the threat vector is an unmanned platform (or a swarm of unmanned platforms).
A special mission aircraft acting as “mission C2” and flying at very high altitude and at a safe distance from the playground in order to have a good visibility of the Electromagnetic Order of Battle (EOB) can manage the attack mission.
The attack platforms fly at a very low altitude (in order to be as less detectable as possible) towards the playground.
The mission C2 can download updated mission data packages in the attack platforms (real time information) and can act as early warning giving to the mission platforms the indication of incoming threats (according to the EOB and to the platform course).
In addition, the unmanned platforms are boosted by AI that can compensate the residual inaccuracy in mission programming with its flexibility to dynamically changing behavior during the mission course.

 
Top Bottom