ISSN 2277 – 3126
RNI NO. UPENG/2011/37063
Vol. 3
Issue. 2
`100 US$ 10
mAR – APR 2013
CYBER SECURITY
SMARTERPUBLIC WORKS Dynamically Jumpstart Your GIS
Quickly identify, locate, manage, and update all of your public works assets. Build configurable applications to better understand and streamline your organization’s workflow. Deploy easy-to-use, map-based, task-oriented web applications your entire team can use. With Intergraph®’s GeoMedia ® Smart Client, you’re fully equipped to make smarter decisions. Learn more about our solutions for public works at HxGN LIVE, Hexagon’s International Conference, on 3-6 June in Las Vegas, NV. Visit conference.hexagon.com/sgi to register today! geospatial.intergraph.com/SMARTCLIENT
© 2013 Intergraph Corporation. All rights reserved. Intergraph is part of Hexagon. Intergraph and the Intergraph logo are registered trademarks of Intergraph Corporation or its subsidiaries in the United States and in other countries.
Cyber Security
Guest Articles India -‘Wake up for Cywar’
Publisher Sanjay Kumar Managing Editor Lt Gen (Dr) AKS Chandele (Retd) Executive Editor Bhanu Rekha Product Manager Harsha Vardhan Madiraju Assistant Editor Aditi Bhan Circulation Manager Amit Shahi
14
The first comprehensive study on cyber security and information warfare was undertaken in India in 2002. Ten years after, India has no National Cyber Security Policy. This article recommends a course of action in this regard and suggests ways to sustain it
The unseen power
Chairman MP Narayanan
Interview
19
The discovery of cyber weapons like Stuxnet and Flames demonstrated how a nation’s assets can be targeted or destroyed without indulging in any bloodshed. Call it cyber terror or cyber attack, the fact is that cyber world would play a decisive role in future wars. India too needs to prepare for the future
Circulation Executive Vijay Kumar Singh Owner, Publisher & Printer Sanjay Kumar Printed at M. P. Printers, B - 220, Phase-II, Noida - 201 301, Gautam Budh Nagar (UP) India Publication Address A - 92, Sector - 52, Gautam Budh Nagar, Noida, India Editor Sanjay Kumar Price `100, US$ 10 Geospatial Media and Communications Pvt. Ltd. (formerly GIS Development Pvt. Ltd.)
Making the smart grid smarter
28
Security of critical infrastructure has always been a chief concern of security agencies. One of the very important parts of security review is penetration testing. The article talks about how penetration testing can help to validate or identify gaps in security controls within the power sector
Mati Hindrekus Head of Marketing Communications, Asia, MBDA
24
Event Reports Geoint in nation building
38
DGI 2013 was held at London recently and was attended by more than 800 people from over 40 countries
Taking to the sky
40
The ninth edition of Aero India, said to be asia's biggest airshow, was held at Bangalore, India, recently
A - 145, Sector - 63, Noida, India Tel + 91 120 4612500 Fax + 91 120 4612555/666 Geospatial Media and Communications Pvt. Ltd. does not necessarily subscribe to the views expressed in the publication. All views expressed in this issue are those of the contributors. The publication is not responsible for any loss to anyone due to the information provided.
Geospatial analysis to combat IED attacks
REGULAR SECTIONS 32
The article presents an insight about the methodologies used for the analysis and how the lessons learned in Afghanistan and Iraq can be used elsewhere in the world
Editorial................................................ 05 News..................................................... 06 Events................................................... 37 Image Intelligence .......................... 42
GEOINTELLIGENCE MAR - APR 2013
Inside Inside
THEME
3
NEWS •
• INTERVIEWS • NEWS • VIEWS • REVIEWS • INTERVIEWS • NEWS •
I would like to subscribe for (tick as applicable)
1 year (6 bimonthly issues for Rs.600 / US$60)
2 years (12 bimonthly issues for Rs.1200 / US$120)
First name .................................................. Last name ............................................ Designation ................................................ Organization ......................................... Address ..................................................................................................................... City ............................................................. State ..................................................... Postal code ................................................. Country.................................................. Phone ......................................................... Fax ...................................................... Email .........................................................................................................................
I enclose cheque no....................................drawn on ............................................... dated...........................................................towards subscription for GEO Intelligence magazine in favour of Geospatial Media and Communication Pvt. Ltd.
Sign.......................................................... Date .......................................................... Mail this form with payment to: Geospatial Media and Communication Pvt. Ltd. A-145, Sector - 63, Noida, India Tel + 91 120 4612500 Fax + 91 120 4612555 / 666
jan – feb 2011 GEOINTELLIGENCE I 4
Editorial
India Needs More Cyber Warriors
C
omputers and computer networks have today pervaded almost every sphere of human activity, from household chores to running huge industrial complexes, military organisations, nuclear installations and space programmes. Most public utilities and services – electricity, water, gas, health services, communication and transportation systems are controlled by computers. Banking and financial services are more or less totally computerised. Private industry relies heavily on computers to run their enterprises. Commercial and government organisations are turning increasingly to ‘cloud’ for storing their critical data. Computerisation has made the management, monitoring and control of these activities considerably easier and much more efficient. The advantages are phenomenal, but they also render the systems vulnerable to malicious acts of cyber terrorism. To counter the cyber threats, India had set up the Computer Emergency Response Team (CERT.in) in 2004, under the Department of Electronics and Information Technology, as the national nodal agency to respond to cyber threats as and when they occur. Faced with ever increasing cyber attacks and realising the inadequacy of CERT.in to effectively deal with them, the government created the National Critical Information Infrastructure Protection Centre (NCIIPC) in July last year, to function under the National Technical Research Organisation (NTRO), which would be responsible for cyber security in the critical sectors of energy, transportation, banking and finance, defence, space, law enforcement and security. CERT.in would continue to be responsible for the remaining non- critical sectors. It is learnt that NIIPC plans to have 500 cyber experts in a five-year time frame. However, with the growing number of threats and considering the criticality of the sectors, this number would be grossly inadequate. Moreover, the budget allocation for combating cyber threats is much too meagre.
Lt Gen (Dr) AKS Chandele PVSM, AVSM (Retd) Managing Editor
ajay@geospatialmedia.net
Recently, the Director of US National Intelligence, James Clapper and the head of the US Cyber Command, Gen Keith Alexander told the US Senate Intelligence Committee that the possibility of a computer attack on the nation’s critical infrastructure is now the top security threat facing the country, surpassing terrorism. India is expected to overtake the US by 2015 to become one of the biggest online populations in the world, with nearly 300 million users, more than double the present 140 million. India needs to prepare itself for the information wars of the future. It is essential that the cyber warfare resources of the civil and the military complement and support each other to create a robust defensive and offensive capability for the nation. And importantly, a large pool of trained manpower, ‘cyber warriors,’ is required, which we lack at present.
GEOINTELLIGENCE MAR - APR 2013
Computers are an integral part of the military, be it in communications, surveillance, navigation, weapon guidance, intelligence gathering, data analysis and logistics. Due to the progressively increasing reliance on information technology, military plans and operations run the risk of being seriously compromised by cyber attacks. Realising this, our armed forces have announced their intention of setting up a tri-service ‘Cyber Command’, under a three star officer, which would be responsible for cyber warfare as related to the military.
5
Vice Adm Anurag G Thapliyal new DG of Indian Coast Guard
Enter the dragon China is reported to have stuck a string of satellite deals with Sri Lanka and potential spacerelated partnerships in Maldives and Bangladesh, thus raising concerns among Indian security establishment. China is helping Sri Lanka build its space academy and satellite ground station and also launch the nation’s maiden telecom satellite. Whilke Maldives is said to have initiated discussions with China for cooperation in satellite manufacturing and launch, Bangladesh is seeking its help in launching its communication satellite called Bangabandhu.
GEOINTELLIGENCE MAR - APR 2013
India increases defence spending
6
India has increased its defence spending from Rs 1,93,407 crore in 2012-13 to Rs 2,03,672 crore, marking a hike of five per cent. Of the total defence outlay for 2013-14, Rs 86,741 crore is meant for capital expenditure.
Rajkamal commissioned Indian Coast Guard Ship ‘ICGSRajkamal’, the fourth in the series of eight Inshore Patrol Vessels (IPVs) designed and built by Garden
Vice Admiral Anurag G Thapliyal took over as the 20th Director General of Indian Coast Guard (IGC), succeeding Vice Admiral MP Muralidharan. The Admiral was commissioned in July 1977 and has held a mix of operational and sea appointments. He is a navigation and aircraft direction specialist and his various sea appointments include command of INS Ajay, Khukri, Tabar and Mysore. He has also had the rare distinction of commissioning INS Cheetah as Navigating Officer in Poland, and INS Ajay and Tabar as Commanding Officer, both in Russia. The Flag Officer has also been the Fleet Operations Officer,
Reach Shipbuilders and Engineers, Kolkata, was commissioned at Chennai recently. Equipped with state-of-the-art weaponry and advanced communication and navigational equipment, it is said to make an ideal platform for undertaking multifarious closecoast missions such as surveillance, interdiction, search and rescue, and medical evacuation.
Rules for cyber war While traditional wars follow rules laid down by the Geneva
Eastern Fleet, Visakhapatnam. On promotion to the rank of Rear Admiral, he took over as Chief of Staff at Headquarters, Eastern Naval Command and later served as Assistant Chief of Naval Staff Information Warfare & Operations and Fleet Commander of the Eastern Fleet. While he was Commandant Indian Naval Academy Ezhimala, he was promoted to the rank of Vice Admiral.
Convention, cyber wars have no such rules. The formal publication of Tallinn Manual recently is a step to plug this gap. The Manual talks abvout international law applicable to cyber war. According to LiveMint, the manual examines how existing international legal norms apply to cyber warfare and underscores jus ad bellum (international law governing the resort to force by states as an instrument of their national policy) and jus in bello (international law regulating the conduct of armed conflict).
Raytheon recently announced the release of SureView version 6.7 to aid federal agencies in complying with US President Barack Obama's memorandum in November aimed at implementing an insider threat detection programme to address national security threats while protecting privacy rights. The latest version of SureView offers simplified policy creation through a new 'policy wizard' that allows users to specify what information to collect and what information not to collect to protect civil liberties and personal privacy. It also enables integration of collected data in a central place, such as a Security Information and Event Management (SIEM) system. The data can then be analysed with other types of collected data to further improve security policies and procedures. As a policy-based cyber audit solution, SureView monitors employees' activities, including classified networks, while safeguarding privacy and legally protected whistleblower communications. It provides irrefutable and unambiguous attribution of end-user activity with full context to rapidly discern malicious from benign actions.
"The TMR 200 has been designed to enable defence and public safety personnel to quickly establish secure wireless networks and communicate critical situational awareness information through high-quality videos and images," said David Ibbetson, General Manager, General Dynamics Canada. "It improves the safety and efficiency of deployed personnel and vehicles wherever they are by ensuring that they always have the most relevant information at their fingertips." According to the company, the TMR 200's "intelligent management"
automatically adapts to network changes and maintains reliable connections in harsh environments. It uses advanced networking technologies to store and forward vital communications if a network connection is broken. This feature provides unprecedented flexibility for defence and public safety personnel who need immediate access to high-quality information over a tactical wireless network. The TMR 200 offers the advanced networking features needed to interconnect with a vehicle's electronic architecture and command, control, communication, computing, and intelligence (C4I) systems. In addition, it can easily interface with other systems to enable remote control of communication devices in a tactical mobile network.
GEOINTELLIGENCE MAR - APR 2013
Raytheon releases SureView 6.7
General Dynamics Canada has introduced its next-generation Tactical Mobile Router, the TMR 200, a compact, modular and flexible router that can be easily configured and integrated in a variety of platforms and wireless networks. With an ability to handle high-bandwidth applications, it ensures reliable and secure communications even where wireless network infrastructures do not exist or when nodes are overloaded or off the network. It is ideally suited for tactical environments where network and vehicle electronic architectures are becoming more complex with high-definition cameras and sophisticated sensors streaming gigabits of information.
Courtesy: General Dynamics
General Dynamics introduces its next-generation Tactical Mobile Router
7
NE WS The Open Group releases FACE Technical Standard Edition 2.0 The Future Airborne Capability Environment (FACE) Consortium, an Open Group managed consortium, has announced the immediate availability of the FACE Technical Standard, Edition 2.0, an enhanced version of the open avionics standard for making military computing operations more robust, interoperable, portable and secure. The FACE Technical Standard enables developers to create and deploy a wide catalog of applications for use across the entire spectrum of military aviation systems through a common operating environment. The new edition of the standard further promotes application interoperability and portability with enhanced requirements for exchanging data among FACE components and emphasis on defining common language requirements for the standard. Developed in collaboration with more than 50 consortium
member organisations, the FACE Technical Standard is a vendorneutral approach for addressing the affordability initiatives of the military aviation community. It is designed to enhance the US military aviation community's ability to address issues of limited software reuse and increase warfighter capabilities as well as enable the community to take advantage of new technologies more rapidly and affordably. Key additions to Edition 2.0 of the FACE Technical Standard include the FACE Data Model, Language Run-Times and Component Frameworks, Protocol Mediation Services, Streaming Media Services and expanded definitions of Units of Portability. These additions broaden the standard to accommodate other languages and aviation mission requirements, including required capabilities such as streaming video, and will accelerate the rate of adoption as Edition 2.0 now further accommodates the requirements and needs of organisations within the industry implementing the standard, said the company.
Boeing acquires CPU Tech's Microprocessor Business Boeing has announced acquisition of CPU Technology Inc.'s Acalis business. Acalis microprocessors contain unique hardware and software that can guard mission-critical onboard systems in Boeing platforms, said the company. "Acalis provides security-on-a-chip that can help defend the manned and unmanned aircraft we build at Boeing," said Chris Chadwick, President of Boeing Military Aircraft. "With these processors onboard, warfighters can complete their missions and not be sidelined by malware, cloning and other cyber threats against the aircraft's systems." Acalis will be integrated into Boeing Military Aircraft's Global Strike division. The latest acquisition is a part of the company’s strategy to increase its vertical depth to better differentiate its offerings and provide long-term value for its global aerospace and defence customers.
GEOINTELLIGENCE MAR - APR 2013
Secure communications for public safety on smartphones
8
Raytheon Company has released a mobile app for first responders that provide reliable and secure real-time communications, situational awareness and a suite of robust collaboration capabilities for groups of users on smartphones, tablets and mobile data computers. One Force Mobile Collaboration is a complete end-to-end system, as per the company. Raytheon leveraged experience from commercial and military technology to design One Force with a rich set of capabilities including voice, maps, drawing tools, chat, real-time position
tracking with GPS, streaming video and image sharing. "For most first responders, the personal cell phone they carry has significantly more communications capabilities than their traditional police radio," said TJ Kennedy, Director of Public Safety and Security for Raytheon's NCS business. "However, a civilian cell phone is not optimised for public safety use. The One Force application brings together the best of both worlds." By improving communication between groups, through both voice and data collaboration, One Force enables faster decision
cycles and greater efficiency of department assets for public safety professionals. One Force supports an evolving incident in the field through the integration of existing and emerging technologies to maximise response effectiveness. It allows departments to use existing hardware and infrastructure operating on networks with 2G, 3G, 4G and Wi-Fi. The system performs equally well over low data rate radio and tactical radio networks, and has heterogeneous network capabilities among responders. Device platforms supported include Android, iOS and Windows.
DigitalEdge is the first technology release from a family of Critical Insight big data optimisation solutions for the enterprise. Large organisations in industries such as energy, financial services, health, national security and telecommunications can now benefit from a robust intelligence solution that facilitates real-time actionable business decisions, generating alerts for applied use cases such as cyber security threats, electronic financial fraud detection, medical research and digital anomalies, said the company. The DigitalEdge platform enables automatic scaling to handle the on-boarding and processing of high velocity streaming data. It solves the problem of managing and interpreting complex information with data enrichment, which correlates and merges related data into context-rich records, added the company. It also empowers decision makers with real-time alerts when data anomalies are detected. The platform can process billions of data records per day while providing situational awareness based on userdefined alerting criteria. The platform runs in private, public and hybrid cloud environments and can provide output to a number of NoSQL data stores based upon customer needs. Additionally, the company claims that DigitalEdge can easily integrate with legacy systems, ingesting and analysing data that an organisation currently generates. KEY BENEFITS: >> Real-time actionable intelligence:
BAE Systems has been awarded a multi-year USD 127 million contract to provide infrastructure and software development support to the National Security Agency’s (NSA) high performance computing infrastructure group. BAE Systems experts will provide architecture, installation and administration for a complex provides timing and context for a competitive advantage or enhanced situational awareness >> Component agnostic: easily integrates with legacy solutions while focusing on agile improvements >> Threat detection and prevention: enables organisations to stay in front of opportunities and threats to critical and sensitive information through real-time alerts >> Operational efficiency and productivity: dynamically scales up and down as processing and storage demands fluctuate .
Lockheed Martin wins Aegis CSEA contract The US Navy has awarded Lockheed Martin a 5-year, USD 100 million
networking environment that supports multiple network enclaves and high-speed data center access. In addition, BAE Systems will provide 24x7 server and desktop customer support to more than three thousand endusers. The contract consolidates the work of three previous NSA contracts under one. contract to provide combat system engineering services including the design, development, integration, test and life cycle support for all Aegisequipped ships. According to the company, it has partnered with the Navy for decades as the Aegis combat system engineering agent (CSEA), while evolving the system through nine technology baselines to outpace a wide array of dynamic and evolving threats. Aegis is the world's premier combat system and is the foundation for the aegis ballistic missile defence capability, said the company. Aegisequipped ships are multi-mission surface combatants that can simultaneously attack land targets, submarines and surface ships while automatically implementing defences to protect the fleet against aircraft and missiles.
GEOINTELLIGENCE MAR - APR 2013
Science Applications International Corporation (SAIC) has introduced DigitalEdge, a versatile big data software platform capable of realtime, high-volume data ingestion and processing from a variety of complex data sources.
NSA to receive high performance computing support
Courtesy: BAE Systens
SAIC introduces cloud-based Big Data ingestion platform
9
NEWS Aegis is also the combat system of choice for the navies of Australia, Japan, Norway, the Republic of Korea and Spain. More than one hundred Aegis-equipped ships are in service around the globe.
Harris Corporation receives order from Latin America Harris Corporation has received USD 11 million order from a nation in Latin America for Falcon III Very High Frequency (VHF) Combat Net Radios. The radios will enable the nation's Army soldiers to communicate via voice, video and data as they conduct their missions. Combat net radios are a primary tool for military communications around the world. The RF-7800V delivers range, data speeds and throughput unmatched by any VHF combat net radio in the market, said the company. The RF-7800V handheld supports simultaneous networked voice and data communications to multiple users with data rates up to 192 Kbps, allowing for timecritical GPS reports. The radio
offers new Harris technology that makes it easier to talk in highnoise or jammed communication environments, added the company.
for the Line of Sight – Short (LOS-S) integrated targeting system as well as priced options for production systems. With all options exercised, the contract has a potential total value of more than USD 100 million.
"This order will accelerate tactical radio modernisation for this nation's Army by providing soldiers with highly portable voice and high-speed VHF data capabilities," said Brendan O’Connell, President, International Business, Harris RF Communications. "The RF-7800V delivers continuous coverage in the 30 to 108 MHz frequency band, offering unique performance and flexibility for a combat net radio."
LOS-S, an evolution of a previous acquisition, offers improved target detection, recognition, laser designation and friendly-fire avoidance capabilities in a single lightweight unit, said the company. "Our mission is to deliver complete C4ISR solutions that meet our customers' need for actionable information," said Mike Hettmann, General Manager of Boeing subsidiary Argon ST and Director of Tactical Intelligence, Surveillance and Reconnaissance. "LOS-S provides the Air Force intelligence, surveillance, reconnaissance and targeting in one easy-to-use, lightweight, hand-held device."
USAF contract for integrated C4ISR targeting solution Boeing will provide the US Air Force with a lightweight, compact laser targeting system designed to improve the effectiveness of battlefield airmen on close air support missions.
LOS-S supports the Air Force's Battlefield Air Operations Kit Program and its goal of upgrading the battlefield airman's equipment suite.
The USD 3 million contract award includes design, development, delivery, training and sustainment
GEOINTELLIGENCE MAR - APR 2013
NCS Technologies announces the bunker rugged 1U short-depth server
10
NCS Technologies, Inc. has announced the availability of the Bunker XRV-5241 rugged 1U short-depth server, a powerful and reliable computing system engineered to fit perfectly into tight spaces and endure harsh conditions on land or at sea. Bunker XRV-5241 is designed for rugged service in the military or in industry, from tactical military deployments to civilian first responders and outdoor construction and transportation. The server meets all relevant military performance
specifications, including stringent MIL-STD-810G, MIL-S-901D and MIL-STD-167 environmental, shock and vibration requirements, said the company. Bunker XRV-5241 offers dual Intel Xeon E5-2600 series processors for high performance, up to 256GB of DDR3-1600MHz memory in up to 8 DIMM slots, four 2.5" hot-swappable hard disks, dual Ethernet LAN and multiple PCI-E 3.0 expansion capabilities. Plus, its 18-inch depth is ideal for use on board ships in short-depth server
rack environments, as per the company. The rugged server is equipped with an enhanced KVM over LAN feature for remote appliance management. It features a highly efficient 1+1 redundant 750W hot-swappable power supply. The server also has a DC power option that enables a wider range of environmental applications such as powering the server from aircraft power or vehicle power without using an inverter. Low voltage kits are also available for high temperature environments.
Lockheed Martin to improve secure communications capabilities Lockheed Martin has completed and delivered the software waveform for the US Navy’s Mobile User Objective System (MUOS). The new waveform will enable military satellite communications terminal providers to deploy equipment that takes full advantage of enhanced MUOS capabilities. A next-generation narrowband tactical satellite communications system, MUOS will provide significantly improved and secure communications capabilities, including simultaneous voice, video and data, for mobile and remote users, said the company.
Each MUOS satellite also includes a legacy UHF payload that is fully compatible with the current UHF Follow-on system and legacy terminals. This dualpayload design ensures a smooth transition to the cutting-edge
WCDMA technology while the UFO system is phased out, added the company. The first MUOS satellite and associated ground system already provide initial on-orbit capability. After the second MUOS satellite is launched in July 2013 and completes on-orbit testing and check-out with the MUOS ground system and a HMS Manpack terminal certified with the MUOS waveform, the system will provide full WCDMA capability to users.
Lockheed Martin is currently under contract to deliver five MUOS satellites and the associated ground system to the US Navy. Lockheed Martin Space Systems, Sunnyvale, California, is the MUOS prime contractor and system integrator. The Navy's Program Executive Office for Space Systems, Chantilly, Va., and its Communications Satellite Program Office, San Diego, California, are responsible for the MUOS programme.
GEOINTELLIGENCE MAR - APR 2013
Lockheed Martin tailored a previously commercial waveform to be used with the new WCDMA payload. The US government has made the waveform available for military satellite communications terminal providers through the Joint Tactical Networking Center (JTNC) Information Repository, and contractors can now integrate the waveform into their MUOScompatible terminals to provide WCDMA capabilities for users.
Courtesy: Lockheed Martin
MUOS satellites are equipped with a Wideband Code Division Multiple Access (WCDMA) payload that provides a 16fold increase in transmission throughput over the current Ultra High Frequency (UHF) satellite system.
11
NE WS radio coverage. More than 6,500 emergency responders including the military, law enforcement agencies and government officials, are expected to benefit from it.
Critical communications system contract awarded Harris has been awarded a USD 31 million contract for a Public Safety Access Point (PSAP) and 800 MHz P25 (Project 25) trunked radio system for the Trinidad and Tobago Police Service. The Harris public safety solution will be a unified, national secure communications system that is fully interoperable and will seamlessly connect public safety and Armed Forces personnel through the Harris' VIDA(r) network and Harris Falcon military radios currently in use. According to the company, the VIDA network will efficiently utilise the country's existing UHF frequency and provide Trinidad and Tobago's first responders with increased
GEOINTELLIGENCE MAR - APR 2013
Boeing, SecureTech partner to enhance UAE cybersecurity
12
Boeing and SecureTech have agreed to jointly offer solutions that protect critical data and national infrastructure for customers in the United Arab Emirates (UAE) and the region through a cybersecurity agreement signed during the recently held 2013 International Defence Exhibition and Conference in Abu Dhabi. The memorandum of agreement outlines a joint strategy for
The solution creates a flexible platform ready for the quick and easy addition of future equipment to meet operational requirements of the Ministry of National Security and other government agencies, added the company. Harris further stated that its product will replace the existing hybrid public safety communications systems across both Caribbean islands with a single all-digital, robust and reliable PSAP and P25 system; and the solution will support the 21st Century Policing Initiative underway.
Harris to provide voice communications system in Algeria Harris Corporation has been awarded a contract to provide a
improving the cybersecurity capabilities of enterprise, government and defence customers in the UAE and builds on the strengths of the respective partners. Boeing will provide advanced data analytics, network security and cybersecurity simulation capabilities to the UAE market through its partner SecureTech. The latter will contribute market expertise within the region, strong local partnerships, and talented information technology professionals.
Raytheon and Chemring Group join hands Raytheon Company and Chemring have agreed to develop a naval capability to defend against surface targets, for use on ships ranging in size from small patrol boats to large combatants. "This initiative combines Chemring's
voice communications system for military air traffic control in Algeria. This will be the seventh Harris Voice Communication and Control System (VCCS) deployed in Algeria, with an option for four additional systems to be deployed over the next two years. Harris will supply the LibertySTAR VCCS to a partner that will integrate the system into a mobile military shelter for monitoring aviation activity in remote locations. The mobile shelter system will be equipped with touch-screen operator positions, radio and telephone interfaces, and a System Maintenance, Administration and Reconfiguration Terminal (SMART) POSITION. Liberty-STAR features a modular architecture, open-platform software and commercial-off-the-shelf hardware that delivers a reliable, scalable communications solution for air traffic control (ATC) towers, airline and area control dispatch, flight service stations, and mobile shelters
innovative multi-mission launcher, CENTURION, with a variety of Raytheon's combat-tested missiles to provide a sea-based, insidethe-horizon defensive system," said Rick Nelson, Vice President of Raytheon Missile Systems' Naval and Area Mission Defense Product Line. "Our Raytheon-Chemring team will combine a multifunction decoy and missile launcher with world-class missiles and existing ship systems to provide a new mission capability to meet our customers' specific self-defence needs." Currently in the integration engineering phase, live-fire testing of the new mission defence system is scheduled for mid-2013. Testing is expected to include at least two different missiles in order to establish a multi-mission capacity against maneuvering surface
The solution to counter fast inshore attack craft consists of a variety of Raytheon missiles with ranges matched to the intended target. The missiles will be fired from the Chemring CENTURION launcher, with initial target detection, tracking and identification provided by the ship's sensors.
Teaming agreement for UAS Boeing and Abu Dhabi Autonomous Systems Investments Company (ADASI), a Tawazun subsidiary, recently signed a teaming agreement for the two
TeleCommunication Systems announces availability of UltraCompact BGADrive TeleCommunication Systems, Inc. recently announced the availability of its ultra-compact BGADrive solid-state drive (SSD) in both serial ATA (SATA) and parallel ATA (PATA) interface versions. These new versions are well-suited for applications such as unmanned aerial vehicles, wearable computers and miniature embedded systems. According to the company, the BGADrive line works across industrial temperature ranges and has been verified by outside laboratories to meet MIL-STD-810 requirements for shock, vibration, temperature range, temperature shock, humidity and altitude. Both SATA and PATA BGADrives are ultra-compact and packaged in a 31mm x 31mm ball grid
companies to address the growing Middle East market for unmanned systems. The agreement enables ADASI to provide training, support and marketing services for Boeing's ScanEagle and Integrator unmanned aircraft systems in the United Arab Emirates (UAE), with prospects to expand into the Middle East and North Africa.
array. These drives include an SSD controller which provides complete, on-the-fly error correction and endto-end error detection through the use of a cyclic redundancy check code to ensure that data is reliably stored and retrieved.
AHRS for nEUROn unmanned combat aerial vehicle demonstrator Northrop Grumman Corporation, in cooperation with Saab Aerosystems, has provided the attitude and heading reference system (AHRS) for the nEUROn Unmanned Combat Aerial Vehicle (UCAV) demonstrator, which recently completed a successful first flight. Northrop Grumman's German navigation systems subsidiary, Northrop Grumman LITEF, supplied the fibre-optic, gyrocompassing LCR-100 AHRS for the European UCAV demonstrator. The LCR-100 AHRS provides navigation information relating
The contract supports the ongoing drive to develop UAE national capabilities within ADASI. According to the Boeing, its direct involvement with ADASI will open many opportunities for ADASI's UAE nationals to develop their knowledge and skills through Boeing's world-leading capabilities and experience in the management and implementation of technical programs. The teaming agreement expands on a previous agreement between ADASI and Insitu, a wholly owned Boeing subsidiary that makes the ScanEagle and Integrator. That collaboration allowed for support and sustainment of Insitu's unmanned ISR products and services.
to the aircraft's position, heading and attitude. The north-finding gyrocompass feature eliminates the need for a magnetic sensing unit, similar to an inertial reference system. Additionally, the system's precise inertial measurement unit enables extended coasting performance for the aircraft to continue providing accurate navigation information in the event of GPS signal loss. The LCR100 is certified to civil standards for commercial off-the-shelf equipment in military platforms. The nEUROn is an experimental UCAV being developed with international cooperation, led by France, and includes government and industry partners from Greece, Italy, Spain, Sweden and Switzerland. It is the first large stealth platform to be designed in Europe. The programme aims to develop, test and sustain key technologies for use by European manufacturers in the next generation of unmanned aerial vehicles and combat aircraft. The demonstrator will not enter serial production. However, additional flight testing, including a flight in Sweden during 2014, is expected.
GEOINTELLIGENCE MAR - APR 2013
threats such as fast inshore attack craft.
13
GEOINTELLIGENCE MAR - APR 2013
INDIA -‘WAKE UP FOR CYWAR’
14
<< The first comprehensive study on cyber security and information warfare was undertaken in India in 2002. Ten years after, India has no National Cyber Security Policy. This article recommends a course of action in this regard and suggests ways to sustain it >>
E
nough has been written about the imminent threat of cyber war, however, to India’s peril, it is still considered a distant probability and has still not received attention. The many ‘wakeup’ calls have gone unattended and India is woefully unprepared. Our visual media, which has been very active in recent months on political and social issues, has chosen to stay silent on this vital issue which can threaten the existence and stability of the nation.
Attacks in 2013
As reported, the frequency of attacks has increased in 2013. The onslaught on the South Korean banking systems on March 20 is a manifestation of the mayhem, destruction and lack of public confidence that these can cause. The US Department of Homeland Security recently announced that an American power station, which it did not name, was crippled for
weeks by cyber attacks. In January 2013, The New York Times reported that it had been struck, for more than four months, by a cyber attack emanating from China. The Wall Street Journal and The Washington Post reported similar attacks on their systems especially when they published some articles considered anti-Chinese. On March 13, DNA had a report, ‘India’s secrets are in Guangdong’. The report went on to say, “A successful Chinese hacking attack has caused what is arguably the biggest security breach in India with systems of hundreds of key DRDO and other security officials being compromised and leading to the leak of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India. The other stolen files recovered so far belong to the governments of the United States, Russia and South Korea. The leak was detected
Courtesy:computerdomain.net
CYBER SECURITY
All this is merely the proverbial ‘tip of the iceberg’. Anyone in the cyber world would know that for an espionage to be successful, it must never be detected. Being lulled into a false sense of confidence in a system is possibly the biggest vulnerability. Such naiveté is an anathema in today’s environment. While hackers, industrial spying, cyber crime are part of everyday life, the difference comes when nation states use it as a means of war.
Changing Nature of War The 21st century has seen its transformation from fourth to fifthgeneration in the cyber domain. With competition over resources and markets, nations will use cywar’s potential to secure national interests. Cywar forms a part of Information Warfare (IW) which extends to every form of media and inter alia includes aspects of propaganda and perception management. Cyber though technically restricted to internet, is now increasingly linked by convergence to every communication device. With greater connectivity, this divide is narrowing and every citizen or aspect of life is vulnerable. It is also a vital constituent of ‘No Contact War’ (NCW). The scope for reach and exploitation by inimical elements ranging from innocent hackers to criminals, terrorists, non-state actors as also nation states is thus unlimited. The damage could be immense and many countries are pressing ahead and taking steps to build capacities for defending themselves as also taking offensive action in cyberspace.
<< Cyber though technically restricted to internet, is now increasingly linked by convergence to every communication device. With greater connectivity, this divide is narrowing and every citizen or aspect of life is becoming vulnerable >>
The Institute of Defence Studies and Analyses published a seminal report in March 2012 titled India’s Cyber Security Challenge. The report undertook a holistic survey and having identified the allencompassing nature of the threat, made cogent recommendations. Amongst others, it emphasised that this was a challenge which could only be met by public-private partnership. National Security Advisor Shiv Shankar Menon mentioned in January this year that the National Security Council (NSC), the nodal agency of the Government of India, had approved the architecture in principle. The first comprehensive study of cyber security and IW was undertaken by the NSC in 2002. Amongst others, this led to the creation of NTRO. Eleven years have gone by yet a National Cyber Security Policy (NSCP) or doctrine has not been issued. Dependency on the internet has increased exponentially with resultant enhancement in threat. Cyber war looms and means to counter it or take pro-active action are still unclear. The USA in 2010 was the first country to formally declare cyber as the fifth domain warfare after land, sea, air and space. They have
also formally classified its use as a ‘force’, a euphemism for offensive capability. The Chinese adopted the concept of ‘informationalisation’ in the mid-90s and have relentlessly built up structures and operations in this domain. Consequent to the raising of the US Cyber Command (USCYBERCOM), South Korea created a Cyber Warfare Command in December 2009. This was also in response to North Korea’s creation of cyber warfare units. The British Government Communications Headquarters (GCHQ) has begun preparing a cyber force, as also France. The Russians have actively been pursuing cyber war. In 2010, China overtly introduced its first department dedicated to defensive cyber war and information security in response to the creation of USCYBERCOM. The race is thus on.
USA
At a Cyber Security Summit held in October 2012 at Delhi, Lt Gen Harry Raduege, USAF (Retd), elaborated on how the USA had set up USCYBERCOM. He explained that with the democratic process, legal stipulations, norms of privacy laws - building such structures took over a decade. Cywar being a grey area, specific details are not available, however, what is evident is that the USA is taking determined steps in this regard. The New York Times in February 2013 reported, “A secret review based on America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the US detects credible evidence of a major digital attack looming from abroad”. It further elaborates, “That decision is amongst others several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules on how the military can defend, retaliate, against a major cyber attack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the US and,
GEOINTELLIGENCE MAR - APR 2013
in the first week of March as officials from India’s technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts cracked open a file called “army cyber policy”. The file had been attached to hacked email accounts of senior DRDO officials that quickly spread through the system in a matter of seconds.”
15
if the president approves, attack adversaries by injecting them with destructive code – even if there is no declared war.” These rules are highly classified and similar to those governing drone strikes. It was reported that these have come about as a result of greatly increased cyber attacks on American companies and critical infrastructure. China has been mentioned as the main threat. The implications of such statements are ominous and need to be taken note of.
GEOINTELLIGENCE MAR - APR 2013
India in the current geo-strategic environment is a target and incidents of sensitive government and military computers being attacked and information stolen are on the increase. There is enough evidence to suggest that this is the result of actions of nation states either directly or through proxies. The draft NCSP published in 2011 mainly covers defensive and response measures and makes no mention of the need to develop offensive capacity. A report in the Business Standard on March 19, 2013 mentions that it is under issue. This is necessity if India is to ensure capability for self defence granted under Article 51 of the UN Charter. It thus leads to the question as to what is cyber war?
16
There is no formal definition. It could be defined, “actions by a nation-state or its proxies to penetrate another nation’s computers or networks for the purposes of espionage, causing damage or disruption.” These hostile actions against a computer system or networks (NWs) can take two forms - firstly, cyberexploitation; which in a manner is nondestructive and includes espionage. Cyberexploitation is usually clandestine and conducted with the smallest possible intervention. It does not seek to disturb the normal functioning of a computer system or NW. The other actions are those which are
Courtesy:google.co.in
The Indian Scenario
destructive in nature. These could be deliberate acts of vandalism or sabotage – perhaps over an extended period of time – to alter, disrupt, deceive, degrade or destroy an adversary computer systems or NWs or the information and programmes resident in or transiting these systems or NWs. For easier understanding, the domains of cyber war could broadly be classified as:>> Espionage: Intelligence gathering and data theft. Examples of this were Titan Rain & Moonlight Maze. These activities could be by criminals, terrorists or nations as part of normal information gathering or security monitoring. >> Vandalism: Defacing web pages, or use directed denial of service (DDOS) to take them down. Such actions were evident in Estonia or Georgia. >> Sabotage: This has the most serious implications and includes DDOS, destruction of data, insertion of malware and logic bombs. It also encompasses actions in war such as those taken for preparation of the battlefield. The Stuxnet is a recent example.
According to Spy Ops, by the end of 2008, nearly 140 countries possessed varying degrees of cyber attack capabilities. In addition, an unknown number of extremist groups and ‘Non-state actors’ have developed or acquired cyber weapons. Some commercially available products are flexible enough to be classified as dual purpose – security testing tools and weapons of attack. Each nation works on its own. An assessment of cyber warfare threat matrix by the USA which covered over 175 countries and organisations made a watch list in which the top ten in order of priority were China; Russian Business NW; Iran; Russia tied with France; Extremist/ Terrorist Groups; Israel; North Korea; Japan; Turkey and Pakistan. India on its growth path is vulnerable, under serious threat and constant attack. All institutions and organs of the state along with the private sector must therefore jointly work to counter this challenge. All this has to be coordinated under the aegis of the NSC. Within this, lead agencies for executing offensive cyber operations inter alia could be the NTRO, CIDS and the DRDO.
Proactive Cyber Defence: These constitute actions taken in anticipation to prevent attack. As opposed to the current practice of passive defence, it provides a via media between purely offensive and defensive action; interdicting and disrupting an attack, or an adversaryâ&#x20AC;&#x2122;s preparation to attack, either pre-emptively or in selfdefence. The most compelling reasons for a proactive defence can be couched in terms of cost and choice. Decision makers will have a few choices after an impact and all of them are costly to start with. Proactive defence is thus the key to mitigating operational risk. The USA had set up a â&#x20AC;&#x2DC;Proactive Pre-emptive Operations Group (P2OG) in 2002. Such actions thus find international acceptability. Critical Infrastructure: Section 70 of the IT Act lays down the need to protect critical infrastructure security. National Critical Information Infrastructure Protection Centre (NCIIPC), under NTRO is being declared as the nodal agency for the protection of Critical Information Infrastructure of India; and issue of Gazette notification is
<< The Law of Armed Conflict provides the primary legal framework within which one can analyse constraints for offensive cyber operations >>
underway. This needs greater speed in implementation. Legal Provisions: The IT Act of 2008 covers all actions in this domain and there is a need to work within these provisions. The Law of Armed Conflict (LOAC) provides the primary legal framework within which one can analyse constraints for offensive cyber operations. Immunity for actions taken against another nation, institutions, hostile group or individual is possible within the realm of LOAC or for self-defence under Article 51 of the UN Charter. The cyber domain with scope of non-attributable actions as also ease of deniability provides immense scope for exploitation. So far, there are no international cyber laws or treaties and the Tallinn Manual on International Law Applicable to Cyber Warfare, 2013 seeks to define a cyber war code. Though not an official document, it reflects the opinion of 20 researchers and practitioners of international law and was commissioned by NATO. It is the beginning of a deliberate process which would eventually produce an electronic version of the Geneva Conventions. What is evident from The New York Times report quoted above is that nations can authorise protection in this regard. War Situation: While cyber war is an ongoing activity during peacetime, there is an urgent and dire need to develop this capacity for a warlike situation. It will form an essential part of preparation of
the battlefield in any future conflict. Such attacks may also precede the kinetic war. As explained, building this capability will take time and must remain covert and ambiguous. It could also form part of the strategic deception process. This should be the responsibility of the Armed Forces (HQ IDS) along with the DRDO and other experts. Detailed discussions and consultations in this regard require to be initiated. Raising of Cyber Command: India must raise a Cyber Command. This will comprise not only the three services but personnel from the DRDO, scientific and technological community. It could function within the space command as many aspects overlap and would economise on resources. It will oversee all activities undertaken during peace time and also plan for offensive cyber operations as required to include preparation of the battlefield. It must work in close concert with the NTRO. To determine the structure, it would be prudent to study the mission and objectives of USCYBERCOM. Cyber Command Structure for India: The US evolved its structure based on experience as also that it functions as an open democracy. India already has the Strategic Forces Command which could be augmented by both the Space and Cyberspace Wings. These may be of smaller size to start with and will develop in accordance with threats and needs. Each service has its own requirements; the structure therefore has to be need based and flexible. The various elements of this could be:>> Army, Navy and Air Force CERTS. They could also be charged with protection of critical infrastructure of each service. The structure thus envisages a Defence CERT. >> Intelligence and information operations. A Defence Intelligence Agency exists under HQ IDS.
GEOINTELLIGENCE MAR - APR 2013
Defining Objectives and Doctrine: Application of such measures must be in accordance with clearly defined objectives which would be in keeping with customary international law and practice. The primary objective would be to garner knowledge to find how systems are breached and thus provide the ability for defensive measures to be developed and put in place. The further argument is that it must be visible as an armour of self defence so as to deter an attack. While this capability will be ambiguous, subtle signals and clear definition of objectives will lend credibility. Moral arguments stand thin in face of realities. There is therefore a need to lay down the objectives and include them in the NCSP or issue a doctrine in this regard.
17
>> Defence communication NWs. >> Cyber operations which are required for preparation of the battlefield. This again would be a tri-service organisation with additional experts from the DRDO or any other such institution. This would include R&D.
GEOINTELLIGENCE MAR - APR 2013
a) Territorial Army (TA) Battalions for Cywar. While cyber war is ongoing, there are periods of heightened threat. There is therefore a need to create and maintain a ‘surge capacity’ for crisis or warlike situations. Young IT professionals constitute a vast resource base and a large number would be willing to loyally serve the nation when required. This resource must be capitalised by raising cywar TA battalions similar to those for Railways and ONGC which could be embodied when required. In addition to purely ‘defence’ requirements, these could also provide for protection of critical infrastructure.
18
b) Perception Management and Social NWs. In the current age of ‘democratisation’ or instant availability of information and growth of social NWs, there is tremendous scope for perception management and manipulation of information. 2011 saw its extensive use during the ‘Arab Spring’ and London Riots. Post the Bodoland agitations in August 2012, the mass exodus of Northeasterners from different parts of India was driven by this. It therefore must be seen as a potential tool for psychological and NCW, and form a part of any offensive or defensive action.
Capacity Building
Capacity building is vital. It must also be sustainable and of larger benefit. There is a need to create a R&D base and institutions. Growth forecasts of internet usage especially with e-governance, will create an employment potential ‘Cyber Doctors’ and sleuths. Just
as 26/11 created a whole new dimension of requirement of physical security, protection of internet usage and transactions will create millions of jobs in the near future. It will be a seller’s market for which India, with its human resource (HR) base, must be ready. Consequently, the government must accelerate this process. Some thoughts in this regard are:>> Partnerships: India cannot do it alone. Various past attempts have not been of much success. It has to be seen as a global issue and capacities developed. >> HR and R&D: The Dept of IT has set up the Information Security Education and Awareness Programme. Other options include the Chinese models. They set up four universities in 1999. Security of data for the BPO industry has brought up the necessity for such institutions. Talent spotting with competitions is an easy option. Programmes and competitions such as ‘Cyber Patriot’ in USA need to be followed up in schools and educational institutions. These could be self financed. Army Training Command as also the other two services must take the lead in partnership with the private sector. >> Testing and Certification: The outsourcing model has affected testing and certification. Hardware and HR in this regard has to be Indian. This can then be adapted for pro-active defence.
of developing capacities, understanding use of cyber as a ‘force,’ implications of the UN Charter, negotiating international laws and treaties, all needs trained personnel. >> Understanding Vulnerabilities: Study of vulnerabilities both of own systems as also those of our potential adversaries must be undertaken to prevent intrusion and exploit weaknesses. >> Identification of Technologies: There is a need to identify technologies in this regard. These should also include isolation of NWs within the country, close monitoring of gateways and backbone, identification of ‘zero day’ vulnerabilities, protection of power grids, secure communications for defence and critical services, penetration et al.
The Urgency
Understanding the threat of cyber war and developing capacity for offensive actions in this domain is a sine qua non. Nations, nonstate actors, terrorist groups and individuals pose a challenge to growth which is increasingly going to be dependent on the cyber domain. Cyber war will also be central to any hostile or conflict situation. Clearly defined objectives and national doctrine in this regard along with supporting structures and matching capabilities are thus essential. Does this have to be driven by a cyber 26/11 or can India wake up?
>> Innovation: The key in the internet is innovation. Funding in this regard should not be a problem. Here too, the PPP model needs to be exploited. >> Language Training: HR trained in language of our potential adversaries is a must. This must be provided suitable incentives and permanence of employment. >> Legal Capital: Legal aspects
Lt Gen Aditya Singh (Retd) adityasingh99@hotmail.com
CYBER WARFARE
The unseen power
Courtesy: www.spiegel.de
<< The discovery of cyber weapons like Stuxnet and Flames demonstrated how a nationâ&#x20AC;&#x2122;s assets can be targeted or destroyed without indulging in any bloodshed. Call it cyber terror or cyber attack, the fact is that cyber world would play a decisive role in future wars. India too needs to prepare for the future >>
GEOINTELLIGENCE MAR - APR 2013
S
19
even F-15 aircraft of Israel Air Force entered into the Syrian airspace, destroyed an upcoming nuclear enrichment facility at Al-Kibar and returned home at Ramat David Airbase unhurt because Syrians did not fire a single shot in self defence. Syrian air-defence system had been infected by a malware designed by Israeli Signal Unit 8200 and the kill-switch was activated at the right time to subdue the Syrian airdefence network. This is not a fiction but part of Operation Orchard conducted by Israel in September 2007.
It was the first example of deft use of combination of cyber weapon with real-world war-machinery. Many skeptical people, who maintained that cyber weapon cannot lead to bloodshed, were proved wrong. On November 12, 2011, Maj. Gen. Moghaddam, architect of Iranâ&#x20AC;&#x2122;s missile programme, was showing a new type of warhead for nuclear weapon capable missile Sejil 2 to a group of experts, at a site which is about 50 km from Tehran. Warhead was connected to a computer for simulation which was being watched on a big screen; but
instead of simulation, the actual warhead went off, pulverising the site. Explosion was so powerful that it could be heard in Tehran. Initially, the Iranian government refused to accept that there was any such explosion, however, it later conceded that 17 officers of Revolutionary Guards lost their lives (though 36 funerals took place) in the blast. The site was damaged so badly that neither could anyone escape alive to narrate the incident nor any credible evidence could be obtained from it. Revolutionary Guards (IRGC) investigation pointed at two probabilities - infiltration by
In view of the significant developments in weaponisation of cyberspace, the attack on Estonia in 2007, where government websites were defaced and many services denied to citizens, appear as Stone Age attack methods. Defacing causes least of the problems; website can be refreshed at the click of a button. Enhanced bandwidths and enormous processing powers through cloud computing has made Denial of Service (DoS) a retreating threat.
War and cyber war To understand the real meaning of cyber war, it is necessary to understand the meaning of war and its import on governance and diplomacy. The British Parliamentary Committee in its report after Iraq war noted that war is a term that has both popular and legal connotations. Colloquially, war embraces conflicts between the armed forces of states and, occasionally, major internal conflicts such as the British or the American Civil Wars. War as a legal institution is a feature of both international and national law. In international law, the distinguishing characteristic of war is the legal equality of the
<< Cyber war is a politico-military issue. Hence, it is necessary to define what would constitute a cyber attack serious enough to precipitate into politico-military counter offensive >> belligerents and the special status of those states not taking part in the conflict (neutral states). The condition of war could be brought about by a declaration of war. Also, states could choose to regard a conflict between them as war and apply the legal rules accordingly, or neutrals could insist on respect of their rights. War as an institution of domestic law did require a declaration, made in the Monarch’s name by the Prime Minister, acting under the prerogative. This action triggered domestic consequences — nationals of the opponent state became ‘enemy aliens,’ liable to measures of restraint including detention, seizure of property and so on. Unlike cyber crime which is a law enforcement issue, cyber war is a politico-military issue. Various international laws and treaties especially of Paris and also Charter of United Nations prohibit use of threat or use of force in international relations. Prior to these developments post 1945, declaration of war was a standard practice, but today no one officially declares war to the international community. However, internally a nation state has to declare war, whether limited in scope or a fullfledged one. This is necessary to activate appropriate structures; authorisation to force commanders to use Rules of Engagement (RoE) for conflict; activate provisions of War-Book; freezing of assets
of enemy aliens; mobilisation of resources; suspension of local laws against the enlisted personnel engaged in war; and even enforcing emergency in a country. Thus a war whether declared or otherwise is a ‘structured-response’ to a conflict which is expected to result in subjugating an enemy to the will of a nation.
What constitutes an act of cyber war? It is necessary to define what would constitute a cyber-attack serious enough to precipitate into politicomilitary counter offensive. For a country like India, it is important to define this line in an open stated policy so that in case of any military retaliation, the international community stands by it. However, defining this Lakshman Rekha is not easy. If the threshold is kept too low then breaches will become a norm and finding exception to those norms wherein counter offensive becomes necessary, in a transparent manner, would be difficult. And if the threshold is kept too high then a nation can be bled by thousand wounds rather than one massive attack and no formal retaliatory force can be used. Another challenge is attribution. Cyber attack may appear to have originated from one or multiple countries but actual culprit may be a third country. In April 2012, National Informatics Centre (NIC) stated in a press meet that some unknown third country has used its servers to attack other countries including China. The statement had two immediate adverse impacts on our cyber war preparedness. First, it exposed our vulnerabilities to the outside world, that is, India does not have an ability to identify originating country. Second, it provided a perfect excuse to our enemies to attack us and deny ownership of such attacks. Can we now blame China for attacks on Indian cyberspace? Thus, attribution is critical for an
GEOINTELLIGENCE MAR - APR 2013
a Mossad operative; or computer controlling the missile was infected with a cyber weapon. The second probability was considered much more likely in view of the three well-known cyber infiltrations using cyber weapons - Stuxnet, Duqu and Flame (the three were used to stall Iran’s nuclear ambition). The incident is historic, probably because it was for the first time, a cyber weapon was used to cause real world explosion or kinetic attack. The involvement of the US in this cyber attack was later confirmed by Roger Cohen in The New York Times. He wrote that this attack was part of new US cyber and drone attack doctrine – Doctrine of Silence. In this case also, like Stuxnet attack, the US neither confirmed nor denied its involvement.
20
appropriate response. In its Annual Report 2011-2012, Intelligence and Senator Committee of UK termed cyber attack as a ‘Tier One threat to UK.’ It directed the government to develop capabilities of cyber attack without detection (or at least without attribution). The UK government has allocated funds equivalent to Rs 5,720 crore over the next three years for National Cyber Security Program. The programme will prepare the country for cyber attacks. Cyber war has also challenged some of the basic tenets of armed conflict. What is the use of men in uniform when the opposing forces are not going to be physically present in front of each other? How would belligerent forces know that attacking party is enlisted or a civilian? What if major critical data of one of the belligerent nations is encrypted and made unusable - will the data, which may be very vital for the survival of the population, be called ‘prisoner-ofwar?’ If collision of trains takes place due to intentionally introduced malfunctioning of signalling system, leading to death of hundreds of innocents, will it amount to war crime?
GEOINTELLIGENCE MAR - APR 2013
Weaponisation
21
Stuxnet, the first ever known cyber weapon, needs to be studied from warfare perspective than just from technical viewpoint. The politicomilitary objective was to delay and, if possible, deter Iran from going nuclear. The work on this cyber weapon was initiated in 2005 by NSA of US and Signal Unit 8200 of Israel. HUMINT was used to gather inside info about the work culture at nuclear enrichment plants in the country. For example, through HUMINT, it was gathered that Iranians working at the plants were in the habit of carrying pen-drives with them which they would use to listen to their favourite music. Also, there was an air-gap between network of office and network
India needs to clearly define the agencies and their roles for both offensive and defensive cyber capabilities
controlling Programmable Logic Controllers (PLC). However, both these networks had a shared network printer. The ‘Siplus Extreme’ machines of Siemens were used by Iran for programming the PLC of centrifuges of enrichment plants. Based on this intelligence, the weapon was designed by a multidisciplinary group which had a deep understanding not only of the Information Technology but also about Siemens PLC. Cooperation of Siemens is also not ruled out. Original digital certificates were used for authenticating the malware. Mysteriously no complaint of loss of these digital certificates was lodged. The designers had also taken due care to ensure that there was no need for the user to click on anything to activate the malware. To avoid fratricide, the malware was hard-coded with the message that it would not infect the system if it came across marker ‘19790504.’ Probably that was the reason for limited infection in Europe and Americas; intriguingly Russia and China were also not affected by Stuxnet; while India was the third most infected nation. The weapon was launched by infecting a compromised worker’s
pen-drive. After infecting the system, the malware would search for one specific data block and two code blocks. In case, it did not find these blocks, it would continue to spread to other systems of the network. It was for the first time that memory block of common network printer was used to jump from one intranet to other. When the targeted PLC programming computer was infected, this information was shared with the Command and Control server. It then manipulated the revolution rates of centrifuges of enrichment plants to cause permanent physical damage, while the operator was presented a fake output on the screen so that he would not suspect anything wrong till the damage was actually done. According to IAEA reports, Natanz centrifuges operations in Iran had mysteriously declined from about 4,700 to about 3,900.
Preparation for cyber war Armed forces across the world prepare regularly for war. The preparation involves intelligence and surveillance, placement of weapon launch pads, identification of targets and appropriate weapons for defeating the targets,
To built cyber war capabilities, the United States of America has issued presidential directive, doctrine and rules of engagement for cyber war. NATO routinely undertakes cyber war exercises. European Union, though for cyber crime, also undertakes several exercises every year. China is following an established policy of Informationisation of Warfare. In April 2010, China diverted almost 15 per cent of the internet traffic through a single router. Many experts believe that the move led to a gathering of large amount of data for intelligence purposes by China. However, if the information was sensitive then it should have been encrypted in the first place. In fact, China rather than copying information has demonstrated to the world that it has technological superiority, where its routers and servers can process extremely huge data without collapsing. What it translates in real terms is that India with just about one per cent of Internet IP addresses allocated to it, has no ability to launch Denial of Service (DoS) attract on critical servers of China, even if all the computers in India are simultaneously used. This incident has also substantiated that China has brute power to process extremely huge data it routinely steals from its victims. Recently, National Technical Research Organisation (NTRO) discovered that thousands of country’s Top Secret documents
<< In April 2010, China diverted almost 15 per cent of the internet traffic through a single router, thus demonstrating to the world that it has technological superiority, where its routers and servers can process extremely huge data without collapsing >>
have been stolen by a China based server. The latest Mandiant’s report on China says, “Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China’s cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organisation behind this activity, our research found that People’s Liberation Army (PLA’s) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.” China has established its foothold in all countries including India; and these are not only restricted to stealing information but also can be the launch pads of cyber weapons in case of any cyber conflict.
India needs cyber offensive capabilities Warfighting cannot be learnt from books or seminars. Several years of experience to manage complex warfighting mechanics is necessary. Therefore, it may not be appropriate to make someone, without any military experience, responsible for managing the cyber
war capabilities. Indian Computer Emergency Response Team (CERTIN) was established in 2004 to provide defence to non-critical IT sectors of the country. National Critical Information Infrastructure Protection Centre is getting the final touch. While a formal structure under Joint Intelligence Committee (JIC) is required for intelligence and surveillance, Indian armed forces must be tasked with building cyber offensive capabilities, without further delay, as the task involved can take several years. Some of the suggestions for developing national cyber war fighting capabilities are: >> Declare National Information Security Policy (inclusive of policy on cyber war) after wide consultation with all the stake holders. Such a policy should be, as much as possible, technology neutral, overarching and long lasting; >> Evolve cyber warfare doctrine and develop an ability to implement such a doctrine; >> Modify necessary orders (WarBook) to deal with situation when nation may go for cyber war, clearly defining changes in structures required to synergise national war efforts; >> Define rule-of-engagement for cyber war to prevent unintended escalation of war; >> Several war objectives, scenarios and targets should be defined to develop appropriate cyber weapons; >> Cyber weapons have very short shelf-life and once exposed, its defensive mechanism can be developed in a very short time. Therefore, cyber weapon research work is a non-stop continuous process; >> Several penetration tools must be developed indigenously;
GEOINTELLIGENCE MAR - APR 2013
continuously evolving strategies, doctrines and tactics for developing an ability to attack as well as defend, and very importantly methodologies for battle damage assessment. Research and development is an integral part of all of them. The regular exercises not only ensure war preparedness but also improvement of the weapon system. The same process should be followed for cyber war as well.
22
>> Establish close coordination amongst agencies and defence forces; >> Maintain database of capable persons who can be enlisted or used as militia for cyber war;
CYBERWARS THROUGH AGES
GEOINTELLIGENCE MAR - APR 2013
Year
23
Attack Name
Suspect
Victim
Type of Operation
1998
Moonlight Maze
Russia
US
Surveillance
2003
Titan Rain
China
US
Surveillance
2006
Wikileaks
Julian Assnage
Nation States
Hacktivism & Espionage
2007
Tullinn Cemetery
Russia
Estonia
Website defacement & Denial of Service Attack
2007
Operation Orchard Israel
Syria
Physical Destruction of Nuclear Fuel Refining plant
2008
South Ossetia War Russia
Georgia
Website defacement & Denial of Service Attack
2009
Operation Aurora
China
Espionage
2009
Ghostnet
China
Tibetan government-inexile, India
Espionage
2010
Operation Night Dragon
China
Oil & Natural Gas companies
Industrial Espionage
2010
Stuxnet & Duqu
US/ Israel
Iran
Cyber weapon with destructive payload
2011
Occupy Movement Anonymous Nation States
Hacktivism
2012
Flame
US/ Israel
Iran
Cyber weapon with encrypted payload
2012
Iran retaliates
Iran
US Banks
2013
Shanghai Group (ATP1)
China
US
Surveillance & Denial of Service
2013
Unnamed (NTRO findings in March 2013)
China
India
Cyber Intelligence Cyber Intelligence
>> Develop capabilities to synthesis of cyber-intelligent inputs on grand scale. >> Establish cyber-operation centres. >> Allocate area of responsibility in cyberspace to avoid fracticide and waste of efforts. >> Maintain presence in socialmedia for psy-ops and intelligence gathering. >> Undertake major educational campaigns at college level to build human resource capacity. >> Do not undermine requirements of cyber-battle-damageassessment and build capacity for artefact analysis accordingly. Cyber war is politico-military issue and it requires far more integration not only between political heads and military but also with the other organs of the government and importantly with the civilian IT sector. India should gear up to fight proactively in this new virtual dimension, because cyber wars are not imaginary but real.
By Commander Mukesh Saini (Retd.)
Former National Information Security Coordinator, Government of India mukesh.saini@esselgroup.com
INTERVIEW
“We are the only company that cover all the three forces” << Known for its missiles and missile systems, MBDA is excited about working with India and hopes to further extend the existing partnership. Mati Hindrekus, Head of Marketing Communications, Asia, MBDA, tells us more… >> Q. Can you tell us about your products?
GEOINTELLIGENCE MAR - APR 2013
MBDA is a European company created about ten years ago, following the merger of Europe’s leading guided weapon systems companies, to maintain European capability, sovereignty and to be able to better compete against the sector’s big players in America for example. MBDA has developed very strong skills by integrating national and international requirements and developing cooperative programmes. A lot of the major products in MBDA’s catalogue are those that are a result of cooperative European programmes between countries, for example, the Meteor missile. It is a programme we are developing for Rafael, Eurofighter and the Gripen aircraft. It is a typical example of MBDA working on a cooperate programme which, in this case, sees the development of a world leading weapon to meet the requirements of six different nations and three different aircraft. Meteor is also a missile which interests India for its future requirements of the MMRCA.
24
MATI HINDREKUS Head of Marketing Communications, Asia MBDA
Another interesting fact about MBDA is that it is the only company in this sector which is capable of meeting the guided weapons needs of all the three armed forces – the army, the navy and the air force. We are the only company that cover all the three forces. We have a full range of air-to-air, air-to-ground and surfaceto-air, anti-ship weapon systems, and anti-armour guided systems.
We have a very comprehensive portfolio of products. In fact, some of our products actually cover all three armed forces’ requirements. For example, one of our products is the Mistral missile. Mistral has already been ordered by India for its Dhruv helicopters. We are also offering this missile to India to meet its very short-range air defence system (VSHORADS) requirement. Mistral, with its firing success rate of over 96 per cent, is in service with many customers around the world, on ships, vehicles, helicopters, on tripodmounted systems – that is just to give you an idea of how flexible this and some of our other products are.
As far as VSHORADS programme is concerned, I believe additional firings are still planned. These firings are part of the Firing Evaluation Trials (FET) where India asks the competitors to prove certain capabilities of their proposed systems, that is, over different ranges, with different targets, countermeasures conditions and so on. I can’t go into details about the firings so far, and I can’t talk about other competitors’ results but our test firings for India have been fully successful. It is difficult to compare three very different systems. Obviously we feel that we have all the advantages that will give India the ideal solution to its VSHORAD requirement. If you look at the fundamental differences between the options being proposed, our system is a fire-and-forget system. If you compare that with Saab, we will say that we offer a definite advantage because in the very short-range air defence scenario, you don’t have much time to react. We see the fire-and-forget
solution as an easier and much more efficient method. A beam riding system calls for quite a bit of skill on the part of an operator – tracking a target, keeping a beam on the target while it is moving rapidly and perhaps carrying out sharp evasive manoeuvres. There is a strong danger that any last second manoeuver by the target would result in the beam coming off aim. Also, while you are keeping your focus on the incoming target right up to impact as you have to do with a beam riding system, you don’t get much time to react should you miss or should you have a second target that needs to be dealt with. With MBDA’s Mistral MANPADS fire-and-forget system, the operator can very quickly lock on to the target, pull the trigger, and the missile will be released. The operator can then reload and take a second shot or engage another target or, if necessary, pick up his equipment and leave a danger zone. It is very easy to set up and operate, and is
lighter than the Saab system. We are talking about a truly man-portable system here. Our missile can easily be carried by two operators – one is required to carry the tripod and the other the missiles. The other missile being offered for the programme is a Russian option, that features a small missile. Although it is designed as a shoulder-mounted system, it is still heavy, you are going to get tired very soon in supporting that weight. I would say the final and the convincing argument in favour of our product is the pure success rate of the Mistral missile. Out of over 4,000 firings, Mistral missiles have managed to score an unprecedented success rate of 96 per cent. No other VSHORAD missile can match that. Also when we talk about the success rate, we are talking about a real hit, not a “technical hit” as described by some of our competitors. Every system has its advantages and disadvantages. Naturally, we feel that we have a lot more advantages
GEOINTELLIGENCE MAR - APR 2013
Talking about the VSHORADS programme, you are facing a tough competition from Sweden’s Saab and Russia’s KBM. How soon do you expect the contract for this programme to be finalised? How is Mistral different from its competitors?
25
than disadvantages. However, to conclude this discussion, I would say that with India already using Mistral missiles on its Dhruv helicopters, it would be advantageous if it opts for the Mistral MANPADS missile. This will help India benefit from the logistic advantages of stock-pile maintenance, management and servicing – all the advantages that come with having one common stock rather than separate stocks. In addition, if India goes for the Mistral MANPADS, then the arrangement is such that there will be a full technology transfer on our part and missiles will be produced under license by BDL in India. Is BDL your only partner in India or are you partnering with other companies as well?
GEOINTELLIGENCE MAR - APR 2013
We are dealing with other companies as well, both small and large, but unfortunately, I can’t name them. We are working with HAL in supplying the Mistral ATAM self defence system for the Dhruv project. BDL has of course been manufacturing the MILAN missile for the Indian Army under license from us for over 35 years. One other important product which we are proposing for Dhruv’s air-to-ground anti-armour capability is the PARS-3 system. The system is already being used by the German Army on their Tiger helicopters. For the Indian requirement, we have been working with a local Indian partner to develop a special launcher for the Dhruv and that is quite advanced. It is a SME company and has worked with European defence companies. And yes, we are liaising very closely with it.
26
What other products are you offering to India? We have had a full range of discussions covering numerous potential solutions – obviously some of these are just long term discussions and some are very close to be determined. We have already talked about Mistral MANPADS. We are in discussions to provide
<< Meteor is a real game-changer in terms of its capability. In fact, it is considered to be the only real solution to combat the Chinese PL-12. Its capability is exceptional and places it in a class of its own >> India’s chosen MMRCA aircraft with a number of our air-to-air and air-to-ground products, the necessary equipment to ensure that the platform is indeed capable of multi-role missions in the full sense. We are discussing a broad range of weapons here – MICA which has already been ordered for the IAF’s Mirage upgrade, Storm Shadow/ SCALP for the long range stand of cruise missile requirement. In the longer term, India is also interested in the Meteor missile. Meteor is a real game-changer in terms of its capability. In fact, it is considered to be the only real solution to combat the Chinese PL-12. Meteor’s capability is exceptional and places it in a class of its own. It is exceptionally agile and exceptionally long-range and has capabilities far superior to those of other beyond visual range weapons, current or planned. We talk about no escape zones in the combat environment. An aircraft armed with Meteor can engage and defeat its target well before it comes into the range of the enemy’s own missiles. What makes Meteor so special is that its ramjet motor not only gives it exceptional speed, and thus agility, but it also is smart enough to preserve its maximum thrust until the very end of its flight envelope. Maximum power is needed towards the very end of the missile flight to maintain full agility and to ensure a hit even if the target tries to manoeuvre away. Other
products, I won’t go into the details, might claim a similar maximum range but by the time they reach this limit, they have lost all their power and agility and hence their ability to rapidly manoeuvre. The target at this stage of the combat can thus easily evade the incoming threat. The Meteor, on the other hand, has full power, speed and agility during the last phase of the combat, making it impossible for the target aircraft to avoid the missile coming in. We are also discussing Exocet AM 39 for India’s anti-ship missile requirement on the MMRCA. Discussions are being held on a wide product portfolio range which would enable us to give India the full scope of multi-role capabilities that it is looking for. In the old days, the typical air operation would involve several kinds of aircraft and missions - one to control the air space, another to dominate it and yet another to actually carry out the ground strike. But now multi-role aircraft carry out all these missions. However, for that, you need a full range of missiles - from missiles to ensure your protection in the air to those that would enable you to compete with other air platforms or those which can deliver high precision ground strikes against control bunkers, tanks, fast moving vehicles whatever. We have recently participated in a series of tests to demonstrate the capabilities of ASRAAM and how well it is suited to provide the above wing pylon air defence missiles on the Jaguar aircraft. The IAF is currently working on a major enhancement programme for Jaguars involving a new engine, new cockpit and so on to provide the fleet with an extended life. We are also discussing with IAF the advantages of our Dual Mode Brimstone (DMB) missile which is in service with the UK’s RAF. DMB is integrated on the RAF’s Tornado and has been deployed very effectively in recent combats - in Iraq, Libya
How is the MICA deal progressing? MICA was signed for Mirage in January 2012. I can’t really tell you the details but we are fully confident of delivering the missile within the delivery period that we have agreed upon. What kind of response are you receiving from other forces – Indian Army or Navy? As far as Army is concerned, we are providing them Mistral missiles for its Dhruv helicopters. Now we are working very closely with the IAF to determine its future MMRCA requirements. The Navy has recently issued an RFI for an anti- ship weapon and we are offering two solutions there.. One is Exocet, probably one of the best known anti-ship missiles in the world. The latest version of the Exocet, the 200km class MM40 Block3 with the ability to also strike onshore targets as well, is now entering service with quite a few customer countries including France. The other is the Marte ER system which would be an
evolution of the already in service Marte MK2/S helicopter launched weapon. One of the problems that companies often complain about India is that the country’s acquisition process is too slow. Do you also agree with it? MBDA operates in various countries; we are a global operator so we know we cannot expect every country to operate in the same way. We respect the modusoperandi of each country and each customer we deal with. Some customers have a certain methodology, a certain way of administering the progression of an acquisition. Some decisions do get stretched and it is at times hard to keep the impetus going. But this is a process we accept and we work with. In fact, we are proud to be working with India and hope that we will have the opportunity to further extend the existing partnership. So MBDA has no complaints on this score.
GEOINTELLIGENCE MAR - APR 2013
and Afghanistan. The missile can be launched either individually or in salvo mode. Its key feature is its dual-mode seeker incorporating a millimetric wave radar as well as a semi-active laser seeker. While the millimetric wave radar seeker gives it the fire-and-forget capability against multiple targets, the semi-active laser seeker provides it with the man in the loop control necessary in a complex environment. In both the cases, the missile is capable of hitting stationary as well as fast-moving targets. This is proving to be very effective as an anti-FIAC solution. FIACs are fast inshore attack craft which are emerging as a significant threat to countries with large coastal regions to control. These small, very fast moving craft are sometimes armed with RPGs or small missiles and can appear in a swarming attack against sensitive targets such as harbour installations, ships in dock and so on. At present, it is very difficult to react to this kind of threat however, DMB has already proved during tests that it can take out such targets very effectively in a coastal combat zone.
27
CRITICAL INFRASTRUCTURE
Making the smart grid smarter << Security of critical infrastructure has always been a chief concern of security agencies. One of the very important parts of security review is penetration testing. The article talks about how penetration testing can help to validate or identify gaps in security controls within the power sector >>
GEOINTELLIGENCE MAR - APR 2013 28
However, the cultural and technological differences between control systems and traditional IT systems have caused confusion around how to perform a penetration test safely and effectively. Further, the challenges around upgrading components of the grid have historically been significant and have included the immaturity of the technology and the cost of upgrades. In fact, the biggest inhibitor to adopting new, more technically advanced systems in the grid has been a
Courtesy: www.electrikgrid.com
M
aking the grid smarter and more secure has been the goal of military and civilian industry for years. As an example, military is investing in microgrids that rely on smart grid technology. With increased feedback and control at all points between generation and consumption, military will gain significant efficiencies in the battlefield. Just as importantly, civilian grids have long been considered the most critical infrastructure and hence a primary target to defend. Making the grid smarter – including enhancing Industrial Control Systems’ (ICS) security through penetration testing – will help to address concerns around the need protect the current infrastructure for both the military and civilians.
lack of confidence in the new technologies. Recognising the industry’s almost zero-fault service expectation, companies are even more apprehensive about adopting new technologies. But through extensive testing, review, and careful grid construction, these technologies are now being rolled out to customer grids. Currently, ICS for electric utilities are focused on the integration of Advanced Metering Infrastructure (AMI) and a migration to internet
protocol (IP)-based networks for control systems in order to keep up with emerging smart grid technology. Utility companies are focused on taking advantage of advances in electricity distribution and generation technology, and the industry is actively seeking to upgrade its infrastructure to support the new technologies. The level of effort required to perform such an upgrade can be high; however, many companies recognise that the benefits
In the ICS environment, the prioritisation of security attributes is reversed in comparison to corporate IT environment. Availability is usually a key concern, while integrity and confidentiality are pushed aside in order to ensure easy and fast data flow between critical components operating in realtime. As a result, the approach to securing ICS environments differs dramatically from the one followed in corporate environments. Knowing that, penetration tests should be customised to meet the reality of the ICS environment so that conclusions and recommendations are valuable and realistic. In most cases, penetration testing of ICS networks follows the same basic steps as tests performed on traditional IT networks. However, the manner in which the test is conducted must be tightly controlled, with special attention given to concerns specific to an ICS environment. The key to successful penetration testing within an ICS environment is through communication and understanding between the ICS support engineers and the penetration testers. ICS support engineers should be given the opportunity to ask any questions concerning the testing process, the methodology used, and the precautions taken by the tester to maintain the operational integrity of production systems. Penetration testers must have a clear understanding of the implications of testing within an ICS environment and any testing activities that could
<< The approach to securing ICS environments differs dramatically from the one followed in corporate environments. Knowing that, penetration tests should be customised to meet the reality of the ICS environment >> potentially disrupt critical servers must be excluded. It is important for any company doing penetration testing in the ICS environment to consult with experts to ensure proper methodology and rigor. The benefits of increasing the efficiency of ICS and smart grid systems are significant, as are those derived from enhanced confidence around its security. Effectively done penetration testing allows companies to move ahead with confidence towards leveraging these efficiencies. Penetration testing should be done correctly and safety, targeting control gaps and assisting with quantifying risks to the ICS environment. Done right, penetration testing can help a company prioritise available security resources and improve the effectiveness of a well-rounded security programme, thereby improving the potential impact of smart grid ICS technologies and investments. For many years, ICS were designed primarily to be reliant, but they were not necessarily designed with security in mind. In order for grids to be smarter, they have become dependent on computer system. And while there has been some progress in security with the smart grid technology, it is imperative that the military understands the vulnerabilities in the systems they use and defend so they can proactively engage vendors,
understand how to respond, and be able to protect. As the battlefield continues to move to the cyber front, so must the training and simulations, that is, penetration testing. PENETRATION TESTING PROCESS OVERVIEW There are a number of fundamental steps towards robust penetration testing, as well as other smart grid/ ICS considerations that can enhance efficiency and build confidence. 1.The Rules of Engagement Before a penetration test begins, the rules of engagement should be clearly defined and should include the expected outcome of testing. In addition, ICS support engineers should work with the testing team to understand the team’s approach and what tools will be used during the test. If automated or invasive tools are to be used, both teams should understand the impact of the tools on the environment and, if necessary, use special precautions to prevent adverse effects. • The ICS team should identify the specific scope of the engagement in terms of network ranges, hosts or applications to be included in the test as well as those explicitly excluded from specific types of testing or from the assessment altogether. • Communication protocols should be established - in advance of testing - that define the means of escalating vulnerabilities identified and any system availability issues observed by the testing team. • All individuals performing the testing should provide contact information to ICS support engineers in case testing is be halted for any reason. • ICS support engineers should provide regular briefings to system operators throughout all
GEOINTELLIGENCE MAR - APR 2013
associated with supporting smart grid technology overshadow the costs. Along with the many benefits promised after implementing the smart grid, additional security concerns will be introduced and current ICS environment vulnerabilities will also be uncovered. For utility companies to eventually get what smart grid promises, it is necessary to deploy this technology on a very strong foundation.
29
evolutions of testing; otherwise companies, as well as electricity consumers, may end up with very expensive metering infrastructure that will deliver inaccurate and unreliable data.
An important issue for penetration testing to deliver proper results is selecting a sample for testing. It is rarely possible or feasible to test all components of a particular system, so the results of testing performed on a selected sample are extrapolated to other similar components. However, such an approach includes the possibility of vulnerabilities being missed that only affect select systems of a particular kind, due to a false assumption that the configuration for all like components is exactly the same.
GEOINTELLIGENCE MAR - APR 2013
2. Discovery
30
Once the administrative tasks are complete, the testing begins with the technical discovery of the environment. The objective in this phase is to identify key technologies and attempt to determine the network or web application architecture. Fingerprinting activities are conducted to identify characteristics of the network or web application being tested.
PENETRATION TESTING CONSIDERATIONS Critical Systems Courtesy: www.ect.coop
Once the rules of engagement of the penetration testing are identified, testing objectives should be discussed to determine the right use of testing resources. In some cases, a ‘blind’ approach is preferred to simulate an attacker that is unfamiliar with the environment. The use of ‘stealth’ techniques – while not always as thorough as others – may also be desirable in order to identify gaps in detective controls, such as intrusion detection systems or other monitoring activities. However, these specialised testing techniques also have drawbacks that should be considered in determining the scope of testing.
operating systems with well-known vulnerabilities. This is typically accomplished by matching a response given by a host or service to a defined signature that reflects the characteristics of a specific vulnerability. Passive network sniffing can also be used to identify vulnerabilities on the network.
Network fingerprinting typically involves using port scanners to identify IP addresses being used by live systems as well as the services running on those systems. The use of active network fingerprinting techniques, such as port scanning, in production should only be conducted on non-critical systems running a robust network stack capable of handling all of the requests initiated by the scanner without noticeable degradation in service availability. Testers may also employ passive network fingerprinting techniques such as the use of network traffic analysers or ‘sniffers’ to examine network traffic. Network traffic analysers can be placed in key areas throughout the environment and can be used to fingerprint ICS-related networks without causing any additional network traffic or interference. 3. Vulnerability Identification After the various technologies being used within the environment are identified, manual and automated tests are performed to identify potential vulnerabilities. These tests may include using general vulnerability scanners as well as service-specific scans or checks that attempt to identify services or
Ideally, penetration tests should be conducted in an environment that exactly mimics the systems and web applications deployed in production; however, many organisations lack the resources to create and maintain a test environment identical to production. When targeting critical ICS hosts or web applications in a production environment, it is imperative that both parties have a clear understanding of how those systems can be safely identified, and specifically define the testing activities deemed in scope in order to safely meet the testing objectives. If testing objectives cannot be completed in a way that can ensure the health of the system, the objective should be removed or redefined. In many cases, this will involve a ‘table top’ exercise where the penetration testers and ICS engineers discuss the capabilities of the target, the software in use, and configurations that may contain vulnerabilities. Potential areas for vulnerabilities should be replicated in a test environment on non-critical systems if possible. The ability to replicate the configuration in a test environment that would include the potential vulnerability without replicating the entire system should be explored. This would allow the penetration tester to help validate the existence of the vulnerability without jeopardising the health of the system.
Vulnerability Exploitation
Privilege Escalation Finally, exploitation activities that provide additional access within the environment are explored to determine how the additional access could be leveraged to escalate privileges within the environment, potentially leading to compromising defined targets or meeting other test objectives. In most cases, the initial system compromised will be the security environmentâ&#x20AC;&#x2122;s weak link, the â&#x20AC;&#x2DC;low-hanging fruit,â&#x20AC;&#x2122; which provides the path of least resistance to gaining initial access into the ICS environment. A network designed using the principle of defence in depth is built to withstand this initial compromise and should exhibit the same or a similar amount of resistance to allowing additional access as before the initial access was obtained. During the design of ICS networks, functional requirements such as high availability and redundancy usually take priority over security requirements such as proper access control and least privilege. Smart Meter Analysis Attacks against a smart grid are not exclusive to network-based attack vectors. A natural target for attack within the advanced metering infrastructure (AMI) is the smart meter itself. Hardwarebased penetration testing requires
<< Network fingerprinting typically involves using port scanners to identify IP addresses being used by live systems as well as the services running on those systems >>
a specialised skill set, which usually includes a strong electrical engineering background, specialised tools that may include a separate laboratory environment and a highly technical approach that may require significant resources. Performing this type of review involves a significant investment of time and expense; however, testing can be conducted on a single device or smart meter and the results applied to the thousands of identical devices already deployed. Penetration testing of smart meters may include the following categories: >> Tamper protection and detection >> Interface and configuration review >> Bus analysis >> Microcontroller dumping >> Erasable Programmable ReadOnly Memory (EPROM) dumping
Social Engineering Attacking the smart grid can also involve non-technical methods, such as social engineering. Social engineering is the art of influencing people into divulging information, performing actions or unintentionally providing unauthorised access through the use of deception, coercion, fear or intimidation. The use of social engineering during a penetration test can help uncover gaps in security policies and procedures and identify weaknesses in personnel awareness training against such attacks. Social engineering also helps to enhance or complement technical activities during a penetration test and more closely resembles the array of activities and methods that would be used by an attacker. CONCLUSION Penetration testing should be used to identify control gaps and assist with quantifying risks to the ICS environment in order to prioritise available security resources and improve the effectiveness of a wellrounded security programme.
Tamper Protection and Detection Tamper protection includes all physical security controls contained within the meter itself that prevent (tamper-resistant) or detect (tamper-indicating) physical tampering. These protections vary from simple controls such as tamper-evident labels and physically hardened casing to highly sophisticated controls such as self-destruction mechanisms and alerting sensors. Selection of
Paul van Kessel
Global leader IT Risk and Assurance Ernst & Young paul.van.kessel@nl.ey.com
GEOINTELLIGENCE MAR - APR 2013
The accuracy of vulnerability identification techniques depends heavily on the specificity and accuracy of the signatures used to identify the vulnerabilities. Additionally, existing controls or other countermeasures might make an identified vulnerability impossible to exploit or not worth exploiting. Therefore, all potential vulnerabilities identified must be examined for validity, and the impact of their exploitation should be considered when determining the actual risk to the organisation.
appropriate tamper protection controls should balance the cost of the controls with the level of protection they provide. Controls should be proportional to the level of impact caused by compromising the device.
31
ASYMMETRIC WARFARE
Geospatial analysis to combat IED attacks << The article presents an insight about the methodologies used for the analysis and how the lessons learned in Afghanistan and Iraq can be used elsewhere in the world >>
GEOINTELLIGENCE MAR - APR 2013
A
32
ccording to the NATO Center of Excellence Defence Against Terrorism (COE-DAT) 2011 annual report, India experienced 1,166 terrorist attacks that killed close to 650 people. In 2012, the numbers were slightly better – 767 terrorist attacks killing 333 innocent people. Most of these attacks involved Improvised Explosive Devices (IEDs) as the weapon of choice. IED attacks over the years in India have involved IEDs strapped onto bicycles, IEDs disguised as pressure cookers, and more. The primary targets of these IED attacks are markets where teeming throngs are out carrying out their daily shopping. The range of extremist groups carrying out IED attacks has also been substantial, ranging from IED attacks carried out by Indian Mujahideen (funded in part by the Pakistani Inter Services Intelligence agency) to attacks carried out by the Maoist insurgency. With numerous IED attacks per month and a host of armed groups funded by Pakistan, Indian civilians face an ever present threat to their security. Nonetheless, much experience has been gained over the years from efforts to counter IED attacks in Iraq and Afghanistan where the US military and ISAF forces were able to reduce the number of terrorist attacks via a number of sophisticated means. In Iraq,
the number of terrorist attacks dropped from 2,694 in 2011 (with 3,065 deaths) to 1,900 in 2012 (with 2,512 deaths). In Afghanistan, the number of terrorist attacks dropped from 2,009 in 2011 to 972 in 2012 along with a drop in the numbers killed from 2,977 to 1,999. These substantial reductions in terrorist attacks were due, in part, to intelligent methods to counter the adversary. Between 2007 and 2011, Major Paulo Shakarian of the US Army and I led two major counter-IED projects[2,3,4] at the University of Maryland in which advanced information technology was harnessed in order to reduce IED attacks. The work culminated in the development of two systems called SCARE and SCARE-S2 focussing respectively Baghdad and the Helmand/ Kandahar provinces of Afghanistan and are summarised in the book, Geospatial Abduction: Principles and Practice. IED CACHE DETECTION IN BAGHDAD The goal of SCARE [3] was to identify weapons caches in Baghdad that were used to facilitate multiple IED attacks. Identifying such cache sites had powerful implications – once identified, such sites could be monitored and insurgent leaders and other key players (for example, bomb-makers) identified, caught and further interrogated for information about the IED network.
SCARE focussed on detecting IEDs by understanding the constraints under which the insurgents were operating. Though some insurgents recruited suicide bombers, most insurgents carrying out IED attacks in Baghdad did not wish to either die or be caught – and this led to two operational constraints: >> Constraint 1: Most insurgents did not want to travel long distances from a cache site to an attack site because of the risk of discovery by US forces when transporting munitions. >> Constraint 2: Most insurgents did not want the attack site to be too close to the cache site because of the risk of discovery in post-attack security sweeps of the area around the attack site. What this meant was that once an attack occurred at a particular location, one could draw two concentric circles centered at the attack location as shown in Figure 1. The cache is likely to be outside the smaller (blue) circle, but inside the larger (red) circle. The smaller circle represents the zone described by Constraint 2 above and the larger circle describes the area defined by Constraint 1. The two circles jointly represent a donut shaped region which is likely to contain one or more caches supporting the attacks. In SCARE, we used historical data on past attacks and past caches discovered in order to learn the radii of these two circles.
Figure 1. Map of Baghdad showing IED attacks and associated constraints. Caches must lie within the red circles but not within the blue circles. The gray zones show infeasible regions to host a cache.
>> Represented a Sunni neighbourhood of Baghdad (as all attacks considered in [2,4] were Shiite backed attacks);
<< IED attacks over the years in India have involved IEDs strapped onto bicycles, IEDs disguised as pressure cookers, and more. The primary targets of these IED attacks are markets where teeming throngs are out carrying out their daily shopping >>
‘feasibility’ map of Baghdad specifying which regions were feasible hosts of IED weapons caches. The conditions listed above were used by SCARE in Baghdad – other feasibility conditions can be used in other jurisdictions such as India. SCARE used a sophisticated mathematical algorithm to determine the most likely set of places where the cache is hosted. On data in Baghdad, SCARE was able to predict locations of caches to within 700m. HIGH VALUE TARGET DETECTION IN AFGHANISTAN
>> Was part of the Tigris river (as most IED caches were on land).
superimposed on the map, the only region left where a cache might possibly be hosted (for just the two attacks considered in Figure 1) is the region shown in green that the yellow arrow points to.
Maj Paulo Shakarian and I led the creation of a variant of SCARE, SCARE-S2, to identify the locations of High Value Targets (HVTs) in Afghanistan. HVT is defined as either an insurgent commander or a large weapons cache.
Once these ‘feasibility’ overlays are
SCARE supports the use of any
Unlike Baghdad which is a relatively
>> Represented a coalition base (as IED weapons caches were not expected within coalition bases);
GEOINTELLIGENCE MAR - APR 2013
As a large number of attacks occurred in Baghdad, SCARE drew such donuts around each attack. The intersection of these zones show plausible locations for IED weapons caches. However, Figure 1 shows we can do better. SCARE allows an analyst to explicitly identify infeasible zones, shown in grey in Figure 1. In Baghdad, SCARE declared a zone infeasible (from the perspective of hosting an IED weapons cache) if it either:
33
Figure 2. Red circle shows a location where an IED attack occurred. Blue squares show villages which are neither too close to the IED attack location
small but densely populated area, in Afghanistan, we studied IED attacks in the sparsely populated and large provinces of Helmand and Kandahar. Helmand by itself is enormous – over 58,000 sq.km. in area, while Kandahar province is only slightly smaller, over 54,000 sq. km. Both are slightly bigger than the state of New York. In contrast, Baghdad is just over a mere 4,500 sq.km.
GEOINTELLIGENCE MAR - APR 2013
In these two large provinces, a variant of SCARE called SCARE-S2 was used along with a number of assumptions.
34
The first assumption was that insurgents would use road networks for most of their operational transportation needs. This assumption was justified by the nature of the terrain in these provinces. Moreover, even if the insurgents used both off-road and on-road transportation methods, using the road networks as a proxy for the actual routes taken seemed reasonable as most attacks were
carried out in locations that were either on roads or at junctions of roads (for example, markets). As a consequence, even if the insurgents were not using the roads themselves, they were unlikely to be too far from the roads which eventually they needed to get to as the targets were on or just off the sides of roads. The second assumption used in SCARE-S2 was that HVTs were located in villages. This was a reasonable assumption again as most insurgent leaders tended to visit family and friends near villages and these families and friends often provided hospitality as required by the Pashtunwali code of conduct. These two assumptions induced some differences (from SCARE) on how HVTs were discovered. Rather than using a pure geospatial model, SCARE-S2 uses a network model consisting of nodes and edges - nodes are villages, and edges are road segments connecting two villages together.
Each edge in this network is labelled with a distance, specifying the distance between the two villages. The distance is a proxy for the travel time (which we did not have from open source data). The notion of ‘feasibility’ used in SCARE was replaced by tribal affiliation. If an IED attack occurred in village A, and there was a tribe T that lived both in village A and B, then B was a feasible location for the HVT cache. In addition, B needed to be at least a certain distance away from A and at most a certain distance away from A. This is because, as in the case of Baghdad, insurgents did not want their HVTs discovered in the security sweeps following an explosion in village A – but on the other hand, they did not want to run the risk of discovery of munitions during transportation from village B to village A; and this means that village B could not be too far from village A. Figure 2 shows this situation
affected countries create detailed demographic maps of their jurisdictions. These demographic maps should cover:
In the figure, an IED attack occurs at a village V shown as a red circle. As a first step, SCARE-S2 uses the road network to identify all villages that are larger than a minimal driving distance (on road distance, not crow flies distance) and smaller than a maximal driving distance. These numbers can be readily learned from historical data on past IED attacks and previously discovered HVTs. In Figure 2, the blue squares show the locations of villages that are within these minimal and maximal driving distances.
>> Religious distribution of the population on at least a square mile by square mile region – such religious distributions must go beyond mainstream religions (for example, muslims, christians) to more specific belief systems (for example, sunnis, shias, deobandi, barelvi);
Thus, every single attack leaves behind a set of candidate villages hosting an HVT responsible for the attack. In Figure 2, following the threat of discussion provided above, the candidate villages associated with hosting the attack on village V are B, D and E. SCARE-S2 uses a mathematical algorithm to deal not only with just one attack at a time but also multiple such attacks. Each attack in a village V leads to a set of candidates identified as above. Of all such candidates, the SCARE-S2 algorithm finds a method of identifying the best set of villages that collectively explain all the attacks that were observed. Given a set of attacks, SCARE-S2 returned as output, a set of villages that collectively had a density of HVTs that was 35 times larger than the average density of HVTs in the
<< SCARE-S2 uses a mathematical algorithm to deal not only with just one attack at a time but also multiple attacks >> two provinces combined. Moreover, SCARE-S2 only returned 4.8 villages on average per prediction. This allows commanders and security officials on the ground to cue their intelligence and surveillance assets on those villages, enabling them to save valuable intelligence resources when smoking out the insurgents.
>> Ethnic distribution of the population on at least a square mile by square mile region which tracks ethnicity of a population (for example, hazaras vs. tajiks) on a similar square mile by square mile population; >> Economic distribution of the population with per capita income used to characterise each one sq. mile region. Though the creation of such detailed demographic maps is a challenge, we believe that some of these maps can be created using modern technology such as crowdsourcing, GPS devices, and by leveraging census data. Such maps are invaluable in identifying possible candidate locations for IED caches and HVTs as used by SCARE and SCARE-S2. Randomise Security Sweeps along Roads
Create Detailed Demographic Maps
Insurgents are keenly aware of the need to avoid detection as they travel from a cache or HVT site to a site where they plan to carry out an attack. Given the extremely large number of potential targets that the insurgents can choose to attack and given the relatively small resources available to disrupt such attacks, it is essential that these protective resources be used effectively.
Our first recommendation is that security organisations in all
Static road checkpoints are frequently used in many countries,
LESSONS LEARNED The lessons learned from SCARE and SCARE-S2 can be applied to many parts of the world where IED attacks are common – India, Pakistan, Philippines are three examples. Specifically, we recommend the following.
GEOINTELLIGENCE MAR - APR 2013
Once these villages are identified (in the figure, we see that A, B, C, D, and E are these villages) all villages that share a tribal overlap with the village V where the attack occurred can be eliminated. For instance, if villages A and C don’t have any resident tribes that live in village V as well, then they can be eliminated, leaving three possibilities behind.
Courtesy: http://www.popsci.com
with the road networks clearly identified – and villages are at the intersections of roads as well as at certain other points.
35
for example, India. The location of these road patrols must be selected intelligently in order to disrupt attacks against selected targets using methods such as those proposed by Dickerson et al[5]. But insurgents are continuously reacting to security activity on the ground. In order to address this, a certain element of randomisation is needed. We recommend intelligent randomisation of both locations of static road checkpoints as well as intelligent patrolling strategies – the methods suggested by Dickerson et al[5] for protecting moving targets can be readily adapted to moving adversaries. Randomise Security Sweeps after Attacks
GEOINTELLIGENCE MAR - APR 2013
Insurgents are well aware that security forces usually sweep an area of a certain radius, mindist after an attack. It is this knowledge that makes them choose to put their HVTs or caches a little further away, but no more than some distance, maxdist from the attack site. These two numbers, mindist and maxdist specify the donut shown earlier in Figure 1 and a region (though not shaped like a donut) in Figure 2.
36
After an attack, the proposed strategy would, in addition to doing the normal security sweep up to mindist distance units from the attack, additionally and randomly search locations within the donut after an attack. This would have the effect of pushing the envelope beyond mindist forcing the attackers to move their HVTs and caches further away from the intended attack locations, reducing the probability of success of their attacks as they are squeezed by some of the other actions recommended in this section. Shape the Adversary’s Movements This strategy focuses on making certain targets and routes appear
to be relatively unprotected so that the adversary is lured towards them and is captured in a pre-planned security sweep when doing so. For instance, in Figure 2, we know that the HVT is at either locations B, D or E, but we are not sure where. We also know the insurgents strike approximately once a week. A security agent may use advanced aerial surveillance (for example, drones) and other methods to survey locations B,D, and E, while simultaneously withdrawing overt presence of security forces along certain roads and concentrating them elsewhere. Realising that certain roads are now clear and afford an easy path to certain targets, insurgents may be emboldened and start moving along those roads allowing security forces to swoop down on anomalous vehicles either enroute to the target or via sudden inspections near the target in the hope of uncovering the insurgents. CONCLUSION IED attacks are playing an increasing role in insurgencies all over the world. India, in particular, has been extremely vulnerable to such IED attacks. Many different techniques ranging from video surveillance to thermal imaging to spectroscopic particle analysis methods have been proposed to help bring terrorists carrying out IED attacks to justice. In this article, the focus has been on the use of computational methods to systematically analyse past data about terrorist attacks and IED cache and HVT locations in an effort to identify part of the logistics supply chain supporting such attacks. Many other techniques can – and should – be applied including surveillance of mobile phone and internet communications in IEDprone areas in order to uncover the nature of the operational insurgent network. Nonetheless, the techniques described here
have provided impressive results in two conflict zones – Baghdad and Afghanistan – and should be used in other theaters along with other techniques. REFERENCES 1.Center of Excellence Defense Against Terrorism 2012 Annual Terrorist Report, NATO report, Jan 2013, COEDAT, Turkey. 2. P. Shakarian and V.S. Subrahmanian. Geospatial Abduction: Principles and Practice, Springer, Nov. 2011. Foreword by LTG (Ret) Charles Otstott. 3. P. Shakarian, J. Dickerson, and V.S. Subrahmanian. Adversarial Geospatial Abduction Problems, ACM Transactions on Intelligent Systems Technology, Vol. 3, Nr. 2, Article Nr. 34, 35 pages, Feb. 2012. DOI: 10.1145/2089094.2089110 4. P. Shakarian, V.S. Subrahmanian and M.L. Sapino. GAPS: Geospatial Abduction Problems, ACM Transactions on Intelligent Systems and Technology, Vol. 3, Nr. 1, Oct 2011, Article Nr. 7, doi10.1145/2036264.2036271 5. J. Dickerson, G. Simari, S. Kraus and V.S. Subrahmanian. A GraphTheoretic Approach to Protecting Static and Moving Targets from Adversaries, Proc. 2010 Intl. Conf. on Autonomous Agents and MultiAgent Systems, Toronto, May 2010, pages 299-306.
Dr V.S. Subrahmanian Professor University of Maryland vs@cs.umd.edu
EVENTS
Paris Air Show
APRIL
June 17-23, 2013 Le Bourget Airport Paris France http://www.paris-air-show.com/
Global Security Asia 2013 April 2-4, 2013 Sands Expo & Convention Center Singapore www.globalsecasia.com
Undersea Defence Technology
LAAD 2013
April 9-12, 2013 Riocentro, Rio De Janeiro, Brazil http://laadexpo.com.br/english/
June 18-20, 2013 Hamburg Germany http://www.udt-global.com/
Military Space
JULY
April 10-11, 2013 The Copthorne Tara Hotel London Kensington United Kingdom http://www.smi-online.co.uk/defence/ europe/milspace
April 23-25, 2013 Old Dockyard Portsmouth,UK www.offshore-patrol-security.com
Counter Terror Expo 2013
Heli Russia 2013
May 16-18, 2013 Crocus Expo Center Moscow, Russia www.helirussia.ru/en/index.html
CYPNAVAL 2013
April 24-25, 2013 Olympia Expo Center London, UK www.counterterrorexpo.com
May 28-29, 2013 Hilton Park Nicosia Cyprus http://www.cypnaval.com/
SPIE Defense & Security 2013
JUNE
April 29 â&#x20AC;&#x201C; May 3, 2013 Baltimore Convention Center Baltimore, Maryland United States http://spie.org/x6776.xml
MAY The 6th Annual Geospatial Intelligence Middle East May 13-15, 2013 The Westin Abu Dhabi Golf Resort & Spa United Arab Emirates www.geospatialdefence.com
IMDEX Asia
May 14-16, 2013 Changi Exhibition Centre, Singapore http://imdexasia.com/
ISDEF
June 4-6, 2013 Tel-Aviv, Israel www.isdefexpo.com
Soldier Technology
July 3-7, 2013 St. Petersburg Russia http://navalshow.ru/eng/
AUGUST AUVSI 2013
August 12-15, 2013 Walter E. Washington Convention Center Washington DC, USA http://www.auvsishow.org/auvsi13/ public/enter.aspx
MAKS 2013
August 13-18, 2013 Sukhovsky LII Gromov Russia http://www.airshow.ru/ exhibition/1/ex.htm
SEPTEMBER
June 11-14, 2013 Olympia Conference Centre London, UK www.wbresearch.com/ soldiertechnologyeurope/home.aspx
DSEI 2013
GeoIntelligence India 2013
GeoIntelligence Latin America
June 12-13, 2013 JW Marriott Aerocity, New DelhiI India http://geointelligenceindia.org/
September 10-13, 2013 ExCel Exhibition Center London, UK http://www.dsei.co.uk/
September 12-13, 2013 Sul America Convention centre Rio De Janeiro Brazil http://www.geointla.org/2013/theme.htm
GEOINTELLIGENCE MAR - APR 2013
Offshore Patrol & Security 2013
IMDS - International Maritime Defence Show
37
REPORT
Geoint in nation building << DGI 2013 was held at London recently and was attended by more than 800 people from over 40 countries >>
GEOINTELLIGENCE MAR - APR 2013
G
38
eoint in nation building, reconstruction and security was the theme for DGI 2013 conference and exhibition, London, which for the first time, was a three-day event, the additional day focusing on North America. It was attended by around 800 professionals from over 40 countries, and close to 30 companies showcased their products and solutions. NORTH AMERICA FOCUS DAY The day brought together major geospatial players from the region
to network, present their cases and discuss future plans. North America has the largest number of geospatial intelligence professionals and is also the largest market for both commercial and government products and services. Experts described the world class geoint being conducted in the US and Canada. Among the issues discussed was the use of social media for geoint support and how to build a unified and integrated database for all types of operations. Professionals from the US National Ice Centre and the Canadian Ice Service described the marine geoint requirements
in ice infested waters. Though discussions were focused on North America, participants from across the world got an opportunity to benefit from the experiences. EXTENDING GEOINT ACROSS THE ORGANISATION In his keynote address Jack Dangermond, Founder and President, Esri, explained how geography is a platform for understanding our complex and very rapidly changing world. â&#x20AC;&#x153;GIS is at a major turning point,â&#x20AC;? he said. New technologies are extending GIS into
a platform (cloud) and providing a new architecture. This platform facilitates the integration of all types of information. It provides geospatial capabilities across the organisation, enabling everyone to access and use GIS - a framework for sharing and collaboration. Geoint applications are growing rapidly – mapping, charting, data management, analysis and dissemination. SAFE AND SECURE GAMES
MARITIME FOCUS Discussing the future of geoint in maritime environment, Vice Adm Robert B. Murret, former director of NGA, spoke about the various mission sets for geoint – ship monitoring and reporting, surveillance and border protection, fisheries and environment protection and search and rescue. He emphasised the strategic importance of the maritime domain and the need
<< Monitoring the oceans and vessel movements fills in the global gaps in understanding human activity >>
for readiness for unanticipated challenges, both from civil maritime requirements and military operations. John Allan, exactEarth, explained how Satellite AIS(S-AIS) provides rich comprehensive data and is a key component of the global effort to achieve Maritime Domain Awareness (MDA). Guy Thomas, C-SIGMA, explained the concept of Collaboration in Space for Global Maritime Awareness and the progress so far.
near real-time to benefit operations. How do we better enable operators and analysts to leverage robust collection systems and data rich enterprises to optimise intelligence production? James P. Dolan from Textron Systems, and Nazlin Kanji from General Dynamics, suggested that the intelligence value of big data can be maximised by deploying flexible, automated, multiintelligence workflow management capabilities. Discussing the future, Paul O’Hanlon from HP, argued that the cloud model is relevant even in the geoint environment. CONCLUSION
BIG DATA MANAGEMENT AND CLOUD COMPUTING
A highlight of the conference was the Guest Keynote Address by General Sir Peter Wall, Chief of the General Staff, UK Army, who spoke about the challenges of geospatially enabling every military operation. He gave his vision for UK Army’s implementation of geoint capabilities into its processes and strategy.
Nowadays with multiple intelligence gathering, organisations and sources, imagery and data is growing exponentially. Too much data can be as problematic as too little data and clients are unable to realise potential, particularly where actionable intelligence should be available in
The event drew professionals and users from across the globe, with participants from industry, government, academia and the military. Emerging technologies in geointelligence, their applications and case-studies were shared and discussed.
GEOINTELLIGENCE MAR - APR 2013
Olympics 2012 London was a major multi-sport event with over 200 nations and 10,000 athletes participating for a fortnight. This was followed by Paralympics which had a participation of around 4,000 atheletes. In addition, there were a large number of spectators, officials, logistics and support staff. The task of conducting the games and ensuring security was stupendous. Vanessa Lawrence, Director General and Chief Executive, Ordnance Survey UK, described the contribution of the geospatial community in ensuring the safety and security of the games. Lt Kendal Moran, Royal Engineers, explained the nuances of providing operational geographic support to the Joint Military Command and the Metropolitan Police, particularly in the areas of traffic and for route management and security threat assessment based on demographic analysis.
39
AERO INDIA REPORT
TAKING TO THE SKY
T
he ninth edition of Aero India 2013 was held in Bangalore, India, recently. Speaking at the event, Indian Defence Minister AK Antony said that in view of immense opportunities available in the aerospace industry, the revised Defence Procurement Policy of 2010 has provided for more public-private partnership model to the industry. He appealed to all stakeholders of defence industry to take advantage of this policy initiative and develop world-class products and technologies so as to make India a hub in the entire sub-continent.
GEOINTELLIGENCE MAR - APR 2013
After the Brahmos success story, India and Russia are working together for the development of Fifth Generation Fighter Aircraft (FGFA). Talking to reporters, Air Chief Marshal NAK Browne, the chief of air staff (CAS), IAF, said that India would receive three prototype FGFA aircraft from Russia between 2015 and 2018. He said the design phase of the aircraft is over and the R&D phase would begin soon. He also expressed hope that the much awaited MMRCA contract would be signed by mid-2013.
40
More than 600 companies and 78 overseas delegations participated in this biennial event. The aim of the event was to promote products and services offered by Indian defence industry in the international market and provide exposure to the Armed Forces, R&D personnel to the latest technology available in the aviation and aerospace industry. Spread over an area of 1,25,000 sqm (approx), this year the largest overseas participation was from USA followed by Israel and Russia. The major attraction of the event were aerobatic teams â&#x20AC;&#x201C; Flying Bulls from Czech Republic, Russian Knights-Russian Air Force Aerobatic Team (who arrived late) and IAFâ&#x20AC;&#x2122;s Sarang Aerobatic Team. Organised by Department of Defence Production, MoD, and managed by Federation of Indian Chambers of Commerce and Industry (FICCI), the five-day event showcased the latest international technology in the fields of military and civil aircraft, radars, UAVs, avionics and subsystems in defence and aerospace sector. The 10th Aero India will be held at Bangalore from 18-22 February 2015.
Indian Army gets indigenously built Rudra attack helicopter
Rockwell Collins agreement with Tata Power SED
TAML signs MoU with Strongfield Technologies Limited
Rockwell Collins and Tata Power’s Strategic Engineering Division (Tata Power SED) announced a teaming agreement as part of their pursuit of the Indian Air Force Software Defined Radio (SDR) programme. Under the terms of the agreement, Tata Power SED is the prime contractor and Rockwell Collins will provide technology for the team’s SDR offering. For the Indian Air Force programme, the latter claims to be providing industry leading SDR technology designed to provide the best value in features, technology and growth capabilities. This technology features a digital radio architecture that allows easy reprogramming with different waveforms and operating modes through the use of digital signal processing technology.
Tata Advanced Materials Limited (TAML) recently signed a MoU with UK based STL (Strongfield Technologies Limited). Under the agreement, the two will jointly explore the potential business cooperation areas in various segments of the Pilotless Target Aircraft activities as well as other aerospace and defence activities. The parties wish to establish a long–term profitable and stable relationship with an aim to better meet their customers’ needs in India and abroad, and also contributing to offset programmes. While TAML is engaged in the design, manufacture and supply of composite products for aerospace, armour, defence, transportation and infrastructure sectors, STL is a specialist manufacturer and supplier of high-tech components and equipment for defence and space applications and provides engineering, design and consultancy support.
GEOINTELLIGENCE MAR - APR 2013
The indigenously developed Advanced Light Helicopter Mk-IV army version `Rudra` was handed over to Indian Army during the show. Designed and manufactured by HAL, the helicopter is fitted with day and night targeting systems and can carry a mix of weapons (70 rockets, anti-tank missiles, air-to-air missiles and 20 mm turret gun), providing the required capability to search and destroy any targets.
41
Image Intelligence
Iran’s nuclear weapons - a reality?
42
The report comes at a time when the leading nations of the world (namely, Britain, China, France, Russia, the United States and Germany) are holding talks with Iran for reviewing sanctions imposed against it. The talks resumed last month after Iran showed signs of slightly softening its position vis-a-vis its nuclear programme.
Image courtesy: http://www.telegraph.co.uk
GEOINTELLIGENCE MAR - APR 2013
Iran’s nuclear weapons programme has once again caught the world’s attention with reports claiming that the country is working towards developing a technology for producing plutonium. Although Iran still lacks the technology to reprocess plutonium for weapon purposes, experts fear that the country may seek North Korea’s assistance in the matter. The latter has already developed the technology. Iran, meanwhile, insists that its nuclear facilities are only for peaceful use.
The Happening Places For Geospatial Community
facebook.com/ GeospatialMedia
twitter.com/ geoworldmedia
youtube.com/ geospatialmedia
www.geospatialworld.neT