48°43'21.5"N 7°20'10.7"E

Signals exploitation isn’t the oldest profession, but it’s a far older trick than people tend to imagine. History is replete with examples of famous messengers thwarting interception; the whole concept of running 26.2 miles is named after one such incidence. But hiding messages inside the message of others, through technological means? Surely, that must be a modern phenomena.

It is, if we accept a definition of modern that extends back as far as the 1830s.

Consider, if you will, the story of the Blanc Brothers, traders in Bordeaux with a vested interest in receiving financial information about the markets in Paris before any of their competitors. As relayed in a tale that swept the internet last year, the brothers took advantage of an existing signal network, the Chappe Optical Telegraph.

I’m Kelsey D. Atherton, reporting from Socorro, New Mexico, and I’m going to talk about adversaries in the loop.

While simplistic by modern standards, the Optical Telegraph could relay messages in minutes over great distances. The infrastructure itself was extensive; human operators crewed towers spaced every six to nine miles, where they received signals, transcribed them, and then relayed them to towers further down the chain using the positioning of a wooden crossbeam with indicators on each end. The hack, as comically detailed in depth at the Sophos Naked Security blog, involved a conspiring tower agent and the edit function in the message relay system.

By transmitting a signalling message, followed by a “please disregard” code, the Blanc brothers were able to hitch-hike data on a military intelligence network, a plot that worked from 1834 to 1836 until their accomplish got sick and had to turn the station over to a new operator, who wanted no part of the plot and instead revealed it to authorities. Without a law on the books specifically against hacking the network, the brothers walked and, presumably, abandoned the crime.

What was extremely novel 185 years ago is now the default assumption of people managing communication networks. The fidelity and integrity of signals, the possible paths of injection through human compromise, the harmful code self-erasing to avoid detection, all of this is the baseline of risk in 2019.

It is also a parable of the limitations of security through obscurity. The messages remained undetected in part because no one sought to look for them, but also in part because there was no audit by interested parties to see if, hey, maybe the logs reveal something that the end message obscures. Obscurity as a security strategy at best buys time, but it isn’t a guarantee even of that. With more eyes on the code, it’s possible the Blancs would have been found before their accomplice gave the game away.

Obscurity, after all, only works when people don't know what to look for.

° 1. THEATER OBSCURITY

The Chappe Telegraph system was advanced for its day, but it was a finite series of nodes and operators. Nearly two centuries later, the scale of networks and nodes are fast and almost incomprehensible. All of this doesn’t make the task of the Pentagon’s Protecting Critical Technology Task Force any easier.

In remarks delivered at the Fifth Domain Cybercon, task force director Major General Thomas Murphy outlined a multifaceted approach to changing the culture of security for everyone from the military to major contractors to research universities to third-party suppliers. Much of this is in accord with the Cybersecurity Maturity Model Certification program, an attempt to grade and rate security practices.

One of Murphy’s more novel ideas was to ask for legislation that lessens the transparency inherent in the contract process. As Murphy explained it, right now the open publication of contract details and grants, and presumably the press that comes along with the open details, provides adversaries a road map for exploiting research in the United States.

It is an appeal to security through obscurity, in the face of infinite vulnerability. It remains unclear if Congress will view the response as relevant to the threat.

° 2. A BOARD OF MANEUVER

What is the point of an autonomous robot in battle? At the AI and Autonomy Symposium, put on by the Association of the United States Army in Detroit from November 20th to the 21st, a range of speakers grappled with the promise of such machines. One of the more interesting concepts explored was the idea that autonomous machines, free to navigate in electromagentically denied environments, give commanders the option of AI maneuver. It’s a way for humans to control and risk useful tools without putting lives on the line.

AI maneuver is, still, in the early stages of utility as a concept. Past its life expectancy, but present in the symposium, is the notion that the board game Go provides any special insight into the strategic culture of any adversaries.

° 3. PUT A GRENADE LAUNCHER ON IT

One new area of vulnerability and possibility in battle is the fact that air support keeps coming in smaller and smaller packages. Consider the Cerberus GL, a backpackable tricopter whose long and narrow body is specifically designed to mount a weapon underneath. With possibilities ranging from shotgun to single bomb to grenade launcher, the Cerberus is marketed as a reusable alternative to single-use loitering munitions. It is not hard to imagine that, on the battlefields of the 2020s and 2030s, the decision to call in a missile strike or air support may devolve down to the squad level, and involve entirely infantry-carried weapons.

° 4. STOP BACKRONYMITY

The absurd backronym of the fortnight is back, and this issue we have a doozy! From the office of Virginia Senator Mark Warner, we have the Stop STUPIDITY Act, with STUPIDITY an acronym for “Shutdowns Transferring Unnecessary Pain and Inflicting Damage In The Coming Years.” While a bit further afield than our typical military fare, the bill is designed for the continued funding of all government at the previous year’s level, except the executive and the legislative, in the event of gridlock approving new funding. Should the bill fail, Warner might want to try STATUS QUOO, or the Sustained Temporary Allocation of Traditionally Understood Supply Quantities Until Ordered Otherwise.

That’s all for this week, my Tomorrow Warthogs. Any questions about the recent conferences I attended, or particular insight into the combat effectiveness of Disney’s new X-Wing drones, email me at email me at katherton@c4isrnet.com.