Observations on Anti-Ballistic Missile Defense from a Cyber Technologist
Have a look at the diagram at the top of this article: It shows a missile being launched from China aimed at (by my estimate) the Dixie National Park in Southwestern Utah. Luckily, however, a US anti-ballistic missile (ABM) system launches a Spartan counterstrike, replete with neutron flux to disable incoming nuclear warheads. This perfectly timed counterstrike, with its trajectory from horizon geometry, intercepts and kills the missile somewhere over the Pacific.
One might connect this cool black-and-white sketch to recent events, since the Department of Defense has now begun testing ground-based interceptors to protect us from incoming North Korean missiles (see https://www.cnbc.com/2017/06/03/us-missile-defense-triggers-alarm-from-russia-china.html). But the reality is that this sketch comes from a 1967 article in Life Magazine, where then-Defense Secretary McNamara predicted future success for this method. The diagram was drawn fifty years ago.
Since that article, our nation has tried repeatedly to build an intercept defense. I personally watched two prominent attempts as a young computer security engineer in the 1980’s supporting the we-can-shoot-anything-down Strategic Defense Initiative (SDI) program under Reagan, as well as the ok-maybe-we-can’t-shoot-everything-down Global Protection Against Limited Strike (GPALS) Program under President George H.W. Bush. Neither system worked.
During that era, computing pioneer David Parnas took a public stance against the Reagan defense, arguing that the complexity of SDI was more than any system or software engineer could overcome. He was criticized for his comments, with observers whispering that Star Wars was an important poker chip in our negotiations with Russia. That might have been true then, but despite some silly public rhetoric, neither the Russians, Chinese, or North Koreans will lose any real sleep over our present ABM efforts.
If you have trouble visualizing how hard it is for an ABM system to detect, locate, track, and neutralize an incoming missile, then just imagine the problem of decoys. Picking the live missile from a barrage of well-designed dupes is not an easy task. Furthermore, a serial progression of multiple strikes from different launch points would be even tougher, perhaps impossible, to stop. We should continue doing research, but these are expensive programs that receive almost no serious public scrutiny or informed debate.
For those of you stubborn enough to have made it this far in my narrative, let me offer my two cents on what we should do as a nation: Stealth cyber offensive hacking methods (and I know you know this) are likely to be ten-thousand times more effective at disarming ballistic missile strikes. They will also cause our adversaries considerable loss of sleep. Furthermore, such emphasis is likely to be ten-thousand times less expensive than these fancy laser weapon experiments we’re shooting up into the atmosphere. We should shift our emphasis 100%. We need to software-define our missile defense.
By way of analogy, I believe that just as data centers are unplugging all the hardware, turning off the lights, and going virtual, and just as telecommunications networks are unplugging all the routers, turning off the lights, and going virtual, I think it is finally time for our nation’s defense to give up – once and for all – on this dream of shooting counterstrikes into the sky, so that we can truly focus on a virtualized, cyber operations-based defense that will really protect the Dixie National Park in Utah from North Korean incoming.
Also, I believe that such defenses do not need to be classified. If you know what you are doing in this arena, then you do not need to hide your capability behind closed SCIF doors. We should be developing cyber counter-strike tools, funding open research, encouraging graduate students in this area, performing public tests, and on and on. I simply do not see any advantage to this type of defense being hidden in a closet at Fort Meade.
That’s a whole lot to digest, my friends – but I hope you will let us all know what you think.
Professional Project Manager AT&T
7 年Our Country will not be prepared for the future of attacks. It is to busy with minor issue and not the big picture.
Cybersecurity Professional
7 年In both cyber strategy and in nuclear strategy, the important distinction to consider is that you don't have a technical problem as much as you have an adversary problem. Risk reduction options should be evaluated not only in the context of the technology (making a specific attack method more or less difficult to achieve, reducing impact) but also in the context of what effect it has on your adversary's perception, decision calculus, and ultimately motivation. As a general rule commercial companies tend focus their risk treatments around the technology whereas governments, who have a much broader set of options, often find it more cost effective to influence the adversary (that's not to say they don't do both). Cyber examples of the later include establishing international and legal norms, treaties, and all that statecraft stuff that industry isn't often aware of. Some argue for cyber MAD/cyber deterrence. I think Rhea's article is one of the clearest evaluations of that approach that I've seen: https://www.thecipherbrief.com/article/techcyber/myth-cyber-deterrence "Also, I believe that such defenses do not need to be classified." Classification systems exist to identify the controls required to safeguard information. If a government spent the money and effort to develop these capabilities but didn't protected them, then what assurance would anyone have that theses capabilities would be available and effective if they were needed? Aside from the operational impact, just thinking about budgetary impact alone is discomforting. "I simply do not see any advantage to this type of defense being hidden in a closet at Fort Meade." You're going to have to help me here with this one. If there was such a capability, where should it be stored from your perspective? I'm not sure Warehouse 13 is a better option ;)
Please continue to call me Gene, as everyone except LI and my 1st grade teacher has done.
7 年We can't afford to rely on any single defense against something as destructive as ICBMs. I could not agree more with regards to your point regarding cyber investment in defense, but, just as no hard kill capability will ever be 100% effective, neither will a cyber defense. In military and network defense, we talk about defense in depth, in layers, and the same approach is needed here. Cyber methods would constitute one layer, a hard kill capability another, and, well, something we've not considered yet as additional layers. Nor does the cost have to be impractical. If we accept that no layer would be 100% effective, we can also accept less than perfect yet practical weapons in each layer, with the net result being as close to 100% as we’re ever likely to get.
Cyber Security / Technology Executive and Growth Leader with EOS experience
7 年Israel in conjunction with the US has demonstrated the value of ABM technology, albeit also demonstrating the extremely high operational cost. To your point, scaling that up to US sized requirements is pretty daunting. Israel has also demonstrated the value of cyber in that realm as well. I think you need a layered approach, and as you point out, better crowdsourcing of research and development in these areas.
Associate Director-Technology at AT&T
7 年Crowdsourcing of national defense is being done by enemy states, much in the fashion you've described, but it would be new to the United States. I hope it would cause much sleeplessness and consternation to those who intend us harm.