President Donald Trump recently directed the Department of Defense to “establish a space force as the sixth branch of the armed forces” marking not only a major milestone in U.S. military history but also a significant shift in the way U.S. threats are perceived. Given that, might there be a seventh force directed in the near future?
Many credit technological advances as a primary driver for the surge in recent cyberattacks, but multiple factors are at play. Despite medical advances and overall population stabilization, the past 100 years of human activity has created a new domain that is susceptible to devastating cyberattacks: the subterranean.
The world population boom between 1900-2000 saw many advances, but it also required significant industrial and metropolitan development, ultimately resulting in the birth of the megacity – a metropolitan area with a total population exceeding 10 million. Today, there are nearly 40 megacities worldwide.
Why are megacities a problem?
Megacities offer a lot of benefits – proximity and public transportation among them – but with more people comes a lot of congestion. This is why the London Underground was introduced as the world’s first metro system in 1890. Today, there are more than 30 metro systems in the U.S.; worldwide, there are roughly 150.
From the perspective of critical infrastructure, subterranean transit represents a significant target for adversaries – and sets the stage for a hybrid physical-cyber attack. Gaining control of a single city’s metro controls could result in catastrophic physical events – limiting the ability of riders to get to their destinations, limiting the number of employees who physically show up for work, disrupting everyday transactions – from buying groceries and gas to securing financial transactions on Wall Street. The Butterfly Effect may seem extreme, but with more than 4.3 million daily riders on the NY subway alone –a little imagination is all that’s required to start to understand the ripple effect of a single, geographic outage.
How are megacities vulnerable?
The subterranean is a “complex” operating environment that presents unique monitoring and communications challenges. While there have been some efforts to bring in new, automated technology, adoption has been slow. D.C. metro authorities seem bent on running trains manually and New York has been criticized for its slow adoption of communications-based train control (CBTC). Ironically, most metro riders use the latest technology available – Wi-Fi and Bluetooth-enabled IoT devices – that can be compromised. Hypothetically, a malicious actor could hack a rider’s device and gain access to the controls of the entire metro.
How should we defend the subterranean?
While the U.S. military has substantial experience with urban combat from recent engagements, that experience has been mostly limited to terrestrial engagements. The subterranean threat is new, and we’re approaching a great power competition that will close the gap between the contested spaces of air, land, sea, ground, space, and cyber.
The key to defending the underground will be the same key as defending any other space: have the upper hand, and make proactive cyber decisions before you have to make reactive cyber resolutions:
Trend and pattern recognition: This can offer a significant advantage in the cyber arena. Detecting and studying the patterns of our adversaries before they attack will be crucial – where are they going to school, what are they studying, what is their economic status, what political changes are occurring, what ports are they using and buying?
Adaptation: Just as we developed walkie-talkies and the first atom bomb in the 1940s, just as we enabled GPS capabilities for the world with the DoD’s development of GPS and satellite technology in the 1990s, and just as the United States has developed advanced robotics to assist soldiers on the battlefield in 2010, the United States will adapt to the demands of subterranean warfare. Data is the quintessential element in the adaption equation; it’s critical that the U.S. absorb as much megacity data as possible to baseline and analyze the aforementioned trends and patterns and develop predictive models for future vulnerabilities and attacks.
Speed: Advances in technology have enabled rapid decision making in the commercial space – from choosing a movie on Netflix, to buying or selling a stock online. Consumer decisions are as equally informed as they are fast, and federal and military decision makers need to operate under the same real-time parameters.
Dedicated Force: Cyber success – dominance – hinges on a proactive approach. That doesn’t mean waiting on policy to be enacted, that doesn’t mean hesitantly doling out sanctions for suspected cyber attacks, and it doesn’t mean waiting for the fight to come to you. It means taking a proactive, offensive stance, and dedicating resources to protect assets before they are compromised.
If those resources are assembled in a seventh military branch, it’s likely to be a diverse group of players. With DoD involved much in the way they’ve been involved with other branches in the past, we can expect other strategic input and involvement from the Department of Transportation and Customs and Border Protection. Given the unique combat experience the Army brings, and the Army’s recently accelerated outfitting of its combat brigades, it’s likely they will play a key role as well.
Time and necessity bring new technology and new technology brings new threats and opportunities. The subterranean domain isn’t the last domain – it’s just the next one we need to worry about. Just as the Dark Web presented cyber concerns from an anonymity perspective in the 90s, and quantum computing threatens the future of encryption as we know it, this too shall pass. But until it does, we need to be prepared, and we need to be ahead.
Colby Proffitt is a senior technology strategist at NetCentrics Corporation.