“MAKE Magazine has put together their 3rd annual ‘State of Open Source Hardware 2008′ — in just a few years, the number of projects has grown from a small handful to an amazing 60+ offerings. Similar to open source software, open source hardware is available with source code, schematics, firmware and bills of materials, and allows commercial use. The most popular project, Arduino, the open source prototyping platform for artists and engineers, has shipped over 60,000 units.” The article is formatted such that the first link for a particular device will usually take you to the project home page. Some will bring you instead to where you can purchase the items, but most still have a “How To” tab which will direct you to guides and instructions on how to build your own gadgets. There are a bunch of interesting devices, from the Game of Life on the outside of a cube to a home-made MP3 player to OpenMoko.
Browsing Posts published in November, 2008
killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military’s recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it. “The ‘malware’ strike, thought to be from inside Russia, hit combat zone computers and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. ‘This one was significant; this one got our attention,’ said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. … [A defense official said] ‘We have taken a number of corrective measures, but I would be overstating it if I said we were through this.’”
The rapid advancement of cyber attacks and the emergence of cyber warfare have caught government and military leaders around the world off guard. Decision making in time requiring defensive measures or military crisis is guided by doctrine and rules of engagement, but in the case of cyber attacks and cyber warfare they do not currently exist. The complexities and unique characteristics of cyber warfare mandate establishing Cyber Attack and Warfare Rules of Engagement (CAWRoE).
Cyber warfare is different than the conventional war in many ways. It is this difference that will challenge the minds of experts around the world when they attempt to create cyber warfare doctrine and ROE. To frame this discussion, below you will find two definitions that put this challenge in context.
Definition – Cyber Warfare & Terrorism – “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” Source: This definition was published in the U.S. Army Cyber Operations and Cyber Terrorism Handbook 1.02. This definition was written by Kevin Coleman back in 2004 for an online article.
Definition – Rules of Engagement – Rules of engagement date at least to the Middle Ages in Europe. In military terms this refers to a directive issued by a military authority controlling the use and degree of force, esp. specifying circumstances and limitations for engaging in combat. The directive delineates the limitations and circumstances under which forces will initiate and prosecute combat engagement with other forces encountered. Source: This definition is based on multiple authorities’ sources and combined to clearly articulate ROE.
NOTE– After months of research, we will soon publish a paper that addresses the question: “What constitutes an act of cyber war?”
History has shown that ROE are often over controlled and regulated by politicians and military leaders. It is anticipated that this will also be the case as it relates to cyber attacks and warfare. In addition, commanders and government leaders at all levels must understand the situation, complexities and uncertainty they face.
The increase in complexity, technical aspects and difficulty in tracing the cyber attacks back to the aggressor will combine to increase the difficulty of creating the ROE for cyber. Careful crafting of cyber ROE is required to diminish ambiguities that could caused delays in actions when the use of force is required and will surely lead to increased implication on the United States.
Cyber attack and warfare rules of engagement will undoubtedly require hundreds of pages to establish a decision framework. That being said, there are a few critical areas that will pose the most significant challenge to policy makers. One of these areas will be the level of confidence in the identification of the entity behind an attack on a nation. Tracing and tracking cyber attacks back to those responsible is not an easy task. Usually this takes months or years not minutes and hours. Current intelligence and surveillance capabilities will provide only minimal assistance in this effort. Although promising research on tracking and tracing cyber attacks is currently underway and advances are occurring on a regular basis, we are far from being able to rapidly identify the party or parties behind the attack with the high degree of confidence and hard evidence necessary to launch an offensive cyber response. At the present time, the newness of cyber attacks and weapons coupled with their potential, but unproven power and the uncertainty about how they might be used, have pushed the decision around the response to cyber attacks all the way to the top and in the hands of the President of the United States.
Conclusion
Over 140 countries around the world have cyber weapons development efforts underway but lack a comprehensive doctrine and legal framework for responding to cyber attacks as well as using offensive cyber weapons against attackers and adversaries. President-elect Barack Obama’s national security team will have to rapidly establish the rules of engagement as they relate to cyber attacks and all out cyber warfare. His national security team is said to include: Sarah Sewall, Tom Donilon, Wendy R. Sherman, Michèle A. Flournoy, John P. White, Robert R. Beers, Clark Kent Ervin, Gayle E. Smith, Aaron Williams, John O. Brennan and Judith A. (“Jami”) Miscik.The United States Military has an expansive arsenal of sophisticated cyber weapons at its disposal, policy makers have yet to define the rules of engagement that govern when and how to use them. In a briefing earlier this year I said: “This is totally uncharted territory for policy makers. The characteristics of cyber attacks coupled with the operational aspects of cyber weapons make this a unique challenge.”
This remains the case and time is growing short before the next significant cyber attack is launched. Cyber warfare requires new rules of engagement.
The Federal Trade Commission (FTC) won an injunction today against software vendor and keylogger developer CyberSpy. The US district court ruling prohibits CyberSpy from selling or operating its RemoteSpy software package.
[From US court orders keylogger CyberSpy to halt software sales]
Martin Beck and Erik Tews have published details of their attacks on WPA wireless networks. The attack is essentially a variant of the chopchop attack used against WEP secured networks, which surfaced in early 2005 [From Security experts reveal details of WPA hack]
Obama, McCain get a lesson in cybersecurity
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
In the recent Zhuhai airshow (still ongoing), we’ve seen a plethora of UAV/UCAV models coming out. A lot of them seem to be concepts, abandoned projects, but there are a couple of brands standing out: CH-3 and WingLong. If you do search on Google News recently, you might be able to find the condensed version of the Jane’s report on Chinese UAV here.
In the condensed version, they’ve only shown the CH-3 UCAV, here are some of its photos. You can also see the AR-1 ATGM in the second photo
This video is supposedly WingLong, which supposedly mirrors the role of Predator.
If we just judge this UCAV vs Predator, then I guess China has reached a comparable level to Predator.
Some stats on this plane:
maximum speed 240 km/h
ceiling 5000 m
endurance 20 hours
maximum take-off weight 1150 kg
payload 200 kg
Can carry 4 25 kg A2G missile or 2 50 kg PGMs.
Unfortunately, this plane has just finished all of its testings, so it’s more than a decade behind.
Along with the Chinese Global hawk, it looks like CAC is trying to clone the entire US UAV portfolio.They’ve also shown a bunch of AShM, which I’m sure are aimed for the smaller navies in the world, but I will show that in a later post. [From New Chinese UAVs]
There are some fresh details on the Russian submarine accident TheCustodian covered last night. According to several news reports this morning, seventeen of the dead were employees of the Amur Ship-Building Enterprise while only three were sailors. The government released a list of 20 names this morning, all were Russian. While the name of the submarine has not been officially released, it is almost certainly the Akula II submarine Nerpa that recently went to sea for trials and is widely expected to be “leased” to India.
While it is still unclear what kind of gas was involved, the cause of a gas discharge from the fire extinguishing systems appears to be the official story. Much of the speculation this morning in Russia is questioning whether there were enough oxygen masks for everyone on board and whether this was the deciding factor regarding the number of deaths. According to news reports, there were 208 people on board, three times the number that normally serve on an Akula II submarine.
This news report from RussiaToday, in English, is also a useful 5 minute video for getting a feel of the official reporting.
“The reports earlier today on WPA’s TKIP key type being cracked were incorrect. I spoke at length with Erik Tews, the joint author of the paper that discloses a checksum weakness in TKIP that allows individual short packets to be decrypted without revealing the TKIP key. I wrote this up for Ars Technica with quite a bit of background on WEP and WPA. Tews’s paper, co-written with Martin Beck, whom he credits as discovering and implementing a working crack (in aircrack-ng as a module), describes a way to use a backwards-compatible part of TKIP to exploit a weakness that remains from WEP. ARP packets and similarly short packets can be decoded. Longer packets are likely still safe, and TKIP hasn’t been cracked. Don’t believe the hype, but the exploit is still notable.”
[From The Real Story On WPA's Flaw ]
