TOP SECRET – The US Army In Space

Bildergebnis für us army in spaceFM 3-14, Army Space Operations, provides an overview of space operations in the Army and is consistent and compatible with joint doctrine. FM 3-14 links Army space operations doctrine to joint space operations doctrine as expressed in JP 3-14, Space Operations and other joint doctrinal publications. This FM establishes guidance for employing space and space-based systems and capabilities to support United States (U.S.) Army land warfighting dominance. It provides a general overview of overhead support to Army operations, reviews national guidance and direction, and outlines selected unique space-related Army capabilities. The doctrine in this manual documents Army thought for the best use of space capabilities. This manual also contains tactics and procedures outlining how to plan, integrate, and execute Army space operations.

Space is a warfighting domain with different characteristics from air, land, sea, and cyberspace domains. Space is identified as one of the Global Commons as defined in the National Military Strategy of the United States of America. Army space operations enable Army and joint warfighting, and use of space capabilities is an inherently joint venture. The need for the Army to accomplish space operations is firmly established in national and Service level policies. Moreover, this FM is rooted in Army operations and consistent with Joint doctrine. Space capabilities and the space domain provide a global perspective as satellites allow routine access to denied areas of the Earth.

The space environment is harsh and the distances involved are vast, but it offers unique advantages that make it worthwhile to overcome the adversities of the operational environment. To that end, the space environment continues to become more congested, contested, and competitive. The uses of space are many, applications vary, and space-enabled capabilities are constantly evolving. It is important that Soldiers continue to look to the future with responsiveness, adaptability, and flexibility toward how space enables the Army’s warfighting functions in the conduct of unified land operations.

Army space operations includes all aspects of the employment of specialized Army space forces but also the spectrum of activities associated to the planning, preparation, integration and execution support required to ensure synchronized and effective space-based capabilities from all sources are available to support dominant land operations as part of Unified Action. Army space operations are heavily influenced by understanding the constraints, limitations, and operational needs of the land component users with regard to those space-based capabilities.

The Army depends on space capabilities to enable and enhance unified land operations. Virtually every Army operation relies on space capabilities to some degree to enhance the effectiveness of combat forces. Space capabilities enable the Army to communicate, navigate, target the enemy, and protect forces.

The principles that successfully guide unified land operations are applicable to the space domain. The Army uses space-based capabilities to support its dominance in unified land operations. Space operations are critical to the range of military operations as many space capabilities are embedded in Army operations. The space mission areas form the framework for how space supports the Army warfighting functions, and operations conducted through decisive operations.

1-4. This FM is rooted in basic Army and joint doctrine that is characteristically progressive and evolving. Space is a warfighting domain with different characteristics from land, sea, air, and cyberspace domains. The Army depends on space operations to effectively execute unified land operations. Every Army warfighting function relies on space contributions to some degree to enhance the effectiveness of our combat forces. Space capabilities enable the Army to communicate, navigate, accurately target the enemy, protect, and sustain our forces.

1-5. The U.S. Army is one the largest consumers of space-based capabilities within Department of Defense (DOD). The Army depends on Army space forces (personnel, organizations, space and terrestrial systems, equipment, and facilities), to ensure full access to all current and future space capability in order to fight and survive on today’s area of operations. The Army must leverage the capabilities of space assets. Consistent with the inherent right of self-defense, the Army must deter others from interference and attack, defend our space systems, and contribute to the defense of multinational space systems. If deterrence fails, the Army must defeat efforts to attack its space assets. This must be done while operating in a global information environment against any threats. Consequently, the Army space capabilities must provide continuous, secure, global communications, space situational awareness, space control, and space force enhancement to Army and joint warfighters from strategic to tactical levels.

DOD SPACE POLICY

1-16. Department of Defense directive (DODD) 3100.10, Space Policy implements the National Space Policy and assigns responsibilities for space and space-related activities. This directive states the primary DOD goal is to provide operational space force capabilities to ensure the U.S. has the space power to achieve its national security objectives in accordance with the U.S. National Security Strategy. Additionally the U.S. National Military Strategy recognizes space as one of the global commons and notes that our ability to project power from the global commons may be at risk. The space domain is critical for Army operations, yet becoming increasingly more vulnerable to malicious actions that create a D3SOE. The space environment is continuously becoming more congested, contested, and competitive. Space capabilities and applications will be integrated into the strategy, doctrine, concepts of operations, education, exercises, and operations and contingency plans of U.S. military forces. DOD operational space force structure will be sufficiently robust, ready, secure, survivable, resilient, and interoperable.

OPERATING IN SPACE

1-33. Space is the ultimate high ground and gives land forces the advantage of a global, persistent perspective of the strategic, operational, and tactical situation. Space systems consist of satellites on orbit, ground stations, launch bases, and the communications links and capabilities. Space hosts communications transponders, observation posts for surveillance and reconnaissance, transmitters broadcasting location and exact time information, sensors for weather and other environmental data, and sensors that can warn of enemy actions.

1-34. Space is a domain like land, sea, air, and cyberspace within which military activities are conducted to achieve U.S. national security objectives. Space begins above the atmosphere of the Earth and extends infinitely outward. The U.S. does not formally recognize a lower limit to space. However, space is considered to be the region around the Earth with little atmosphere, where satellites are placed in orbit. Space operations are those enabling operations that create or present opportunities to employ space capabilities to enhance the warfighting potential of the U.S. military and multinational partners. Space operations are generally supported by satellites in orbits around the Earth. Space is interrelated with the other domains and properly integrating these complex functions with the other military activities is critical for successful operations.

1-35. The 1967 Outer Space Treaty, officially known as Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, Including the Moon and Other Celestial Bodies dictates satellites in orbit must be allowed free passage over countries. Nations cannot claim the space directly above them as their own, as they do with airspace. This allows the U.S., other countries, and commercial entities to orbit satellites that freely traverse or occupy positions while in space over other countries.

1-36. Space-based resources provide freedom of action, global reach, responsiveness, insights in an anti-access, area of denial arena, and are not constrained by geographic borders of otherwise geographically denied regions. Satellites are well suited for reconnaissance and surveillance, imagery, mapping, and intelligence operations because of the access they provide. However, operations in the space environment are bound by other constraints such as the laws of physics, international law, and policies that have a unique set of vulnerabilities.

DIRECTOR OF SPACE FORCES

2-14. A director of space forces (DIRSPACEFOR) is assigned to the commander, Air Force forces staff and serves as the senior space advisor to integrate space capabilities and effects. If the commander, Air Force forces or joint force air component commander is delegated SCA, the DIRSPACEFOR will normally execute SCA responsibilities on behalf of the commander, Air Force forces or joint force air component commander. While each combatant commander may have a DIRSPACEFOR, United States Central Command is the only combatant commander with a standing DIRSPACEFOR with a formal agreement to utilize an Army functional area 40 (FA40) space professional as the Deputy DIRSPACEFOR. When an Army FA40 is serving as the United States Central Command Deputy DIRSPACEFOR, the individual is assigned to USASMDC/ARSTRAT with duty at Air Force Central Command.

2-15. The DIRSPACEFOR is responsible for:

Integration of space force enhancement, space control operations, and planning in joint operations on behalf of the combined force air component commander when acting as SCA;
Oversee day-to-day functions of the DIRSPACEFOR staff and accomplish assigned duties of SCA;
Provide the combined force air component commander and key staff counsel and training in space operations;
Assist with planning and executing theater space operations and applying space capabilities throughout the joint targeting cycle;
Assist in coordinating tailored space support for operations throughout the area of responsibility;
Work directly for the combined force air component commander as special staff providing advice on space capabilities and employment;
Ensure continuity of operations, focus, operational stability, and unity of command with multiple rotations of joint space personnel across the area of responsibility;
Conduct deliberate planning for contingency operations and exercises, and validate process;
Provide reachback support for all forward deployed space forces from all Services in area of responsibility;
Interact with multiservice space professionals within the combined air and space operations center; and
Provide insight and participate in special technical operations planning, as required.
2-16. During larger standing operations and in crisis planning and execution, the theater SCA function is supported with appropriate manning for staff support based upon the nature of the pending contingency. The manpower and expertise requirements will be reflected in the final approved joint manning document for that headquarters along with an identification of a responsible Service to fill the position. In most cases where the SCA is delegated to the Commander, Air Force forces with an assigned DIRSPACEFOR to support those functions, the Deputy DIRSPACEFOR is normally sourced as an Army space officer, as established in operations. An Army Deputy DIRSPACEFOR supports all the joint functions of the DIRSPACEFOR, can represent specific land component space-related needs and issues to the theater SCA for resolution. An Army Deputy DIRSPACEFOR also acts as an intermediary between DIRSPACEFOR staff and Army SSEs, ARSSTs, ASCE, JTAGS detachments, space situational awareness planning teams (SSAPT), and space control detachments.

Advertisements

FBI – Study About Active Shooters Cause Massacres

 

 

Bildergebnis für shooting massacre

In 2017 there were 30 separate active shootings in the United States, the largest number ever recorded by the FBI during a one-year period.1 With so many attacks occurring, it can become easy to believe that nothing can stop an active shooter determined to commit violence. “The offender just snapped” and “There’s no way that anyone could have seen this coming” are common reactions that can fuel a collective sense of a “new normal,” one punctuated by a sense of hopelessness and helplessness. Faced with so many tragedies, society routinely wrestles with a fundamental question: can anything be done to prevent attacks on our loved ones, our children, our schools, our churches, concerts, and communities?

There is cause for hope because there is something that can be done. In the weeks and months before an attack, many active shooters engage in behaviors that may signal impending violence. While some of these behaviors are intentionally concealed, others are observable and — if recognized and reported — may lead to a disruption prior to an attack. Unfortunately, well-meaning bystanders (often friends and family members of the active shooter) may struggle to appropriately categorize the observed behavior as malevolent. They may even resist taking action to report for fear of erroneously labeling a friend or family member as a potential killer. Once reported to law enforcement, those in authority may also struggle to decide how best to assess and intervene, particularly if no crime has yet been committed.

By articulating the concrete, observable pre-attack behaviors of many active shooters, the FBI hopes to make these warning signs more visible and easily identifiable. This information is intended to be used not only by law enforcement officials, mental health care practitioners, and threat assessment professionals, but also by parents, friends, teachers, employers and anyone who suspects that a person is moving towards violence.

Key Findings of the Phase II Study

  1. The 63 active shooters examined in this study did not appear to be uniform in any way such that they could be readily identified prior to attacking based on demographics alone.
  2. Active shooters take time to plan and prepare for the attack, with 77% of the subjects spending a week or longer planning their attack and 46% spending a week or longer actually preparing (procuring the means) for the attack.
  3. A majority of active shooters obtained their firearms legally, with only very small percentages obtaining a firearm illegally.
  4. The FBI could only verify that 25% of active shooters in the study had ever been diagnosed with a mental illness. Of those diagnosed, only three had been diagnosed with a psychotic disorder.
  5. Active shooters were typically experiencing multiple stressors (an average of 3.6 separate stressors) in the year before they attacked.
  6. On average, each active shooter displayed 4 to 5 concerning behaviors over time that were observable to others around the shooter. The most frequently occurring concerning behaviors were related to the active shooter’s mental health, problematic interpersonal interactions, and leakage of violent intent.
  7. For active shooters under age 18, school peers and teachers were more likely to observe concerning behaviors than family members. For active shooters 18 years old and over, spouses/domestic partners were the most likely to observe concerning behaviors.
  8. When concerning behavior was observed by others, the most common response was to communicate directly to the active shooter (83%) or do nothing (54%). In 41% of the cases the concerning behavior was reported to law enforcement. Therefore, just because concerning behavior was recognized does not necessarily mean that it was reported to law enforcement.
  9. In those cases where the active shooter’s primary grievance could be identified, the most common grievances were related to an adverse interpersonal or employment action against the shooter (49%).
  10. In the majority of cases (64%) at least one of the victims was specifically targeted by the active shooter. 

U.S. National Intelligence Reveals About Cyberthreats

This reference aid draws on CTIIC’s experience promoting interagency situational awareness and information sharing during previous significant cyber events—including cyber threats to elections. It provides a guide to cyber threat terms and related terminology issues likely to arise when describing cyber activity. The document includes a range of cyber-specific terms that may be required to accurately convey intelligence on a cyber threat event and terms that have been established by relevant authorities regarding technical infrastructure for conducting elections.

CTIIC will adhere to this terminology guide in future documents related to cyber threats to US elections and recommends use by others in the interest of consistency and clear communication.

Please note that this reference aid is not intended to address terminology related to political or other noncyber aspects of influence or interference involving elections, nor is it intended to be a comprehensive guide to cyber threat terminology.

Describing What’s Happened: Common Terms

The following terms are central to accurately describing cyber threat activity but are often used differently. CTIIC recommends their use be accompanied by definitions and any necessary context for nontechnical readers.

Attacked

Indicates that a cyber actor has attempted to degrade, destroy, disrupt, manipulate, or otherwise detrimentally affect the operation of a system or network. However, manipulation or deletion of data solely for the purpose of hiding one’s tracks is not considered an attack. Some reports use “attack” and “exploit” synonymously, drawing in part on the cryptanalysis sense of “attack”—the use of a technical approach to defeat a security measure. The dual usage can cause confusion, especially for nontechnical readers, if the context does not fully explain the type of malicious cyber activity that occurred.



Compromised

Indicates that a victim system has installed malware, connected to a malicious Internet Protocol address, or provided a cyber actor unauthorized access to collect data or execute commands.

Exploited

Indicates that a malicious actor has conducted additional activities on a compromised system, such as collecting data, deploying more malware, or establishing persistent access. Some documents—within both the IC and the private sector—use exploited and compromised synonymously. In practice, however, cyber actors may compromise more accounts and systems than they exploit, in part because of the availability of tools to automate the process of compromising vulnerable systems. Distinguishing whether and how an actor has made use of a compromised system—whenever available intelligence allows—aids in understanding the impact and implications of the malicious cyber activity.

Scanned/Scanning

Scanning a system involves attempting to identify the security vulnerabilities the system may have by sending it specific network traffic and observing its responses. The definition is reasonably specific but can cause confusion—and potentially undue alarm—if it is assumed to include follow-on attempts to exploit any vulnerabilities discovered. Scanning is extremely common on the Internet but may have only a modest success rate, and cyber actors therefore scan far more systems than they actually affect.

Targeted/Targeting

A cyber actor’s targeting of a particular victim can refer to any aspect of the actor’s attempts to select a system to conduct operations against, learn about, find vulnerabilities, gain access, or conduct other malicious activities. The term also connotes an attempt at conducting malicious cyber activity, without indicating the degree of success an actor achieved. We recommend greater specificity and clarification of the specific usage whenever available intelligence allows.

Cyber Deterrence

The prevention of cyber action by credibly demonstrating the ability and willingness to deny benefits or impose costs to convince the adversary that restraint will result in better outcomes than will confrontation.

Cyber Defense

A set of processes and measures to detect, monitor, protect, analyze, and defend against network infiltrations. See Cyber Security.

Cyber Disruption

Activities initiated by the threat actor that temporarily negatively alter or prevent the operation of the victim’s network.

Cyber Effect

The manipulation, disruption, denial, degradation, or destruction of computers, information or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon.

Cyber Espionage

The intentional clandestine acquisition of information from targeted networks without altering the information or affecting users’ access.

Cyber Influence

The use of cyber operations to shape the perceptions or behavior of targeted audiences while maintaining plausible deniability.

Cyber Operation

An umbrella term to describe cyber attack, cyber espionage, cyber influence, or cyber defense, and intrusions or activities with unknown intent.

Cyberspace

A global domain within the information environment consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

Cyber Security

The protection of information systems against unauthorized access to or modification of information contained therein, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. Also known as network security. See Cyber Defense.

Cyber Threat

Cyber operations or noncyber actions (intentional or accidental) that compromise the confidentiality, integrity, reliability, or availability of digital devices, systems, networks, or data.

Cyber Threat Intelligence

The collection, processing, analysis, and dissemination of information from all sources of intelligence on foreign actors’ cyber programs, intentions, capabilities, research and development, tactics, operational activities and indicators, and their impact or potential effects on US national security interests. Cyber threat intelligence also includes information on cyber threat actor information systems, infrastructure, and data; and network characterization or insight into the components, structures, use, and vulnerabilities of foreign cyber program information systems.

Experts Warn – Security Problems Inside The Blockchain Technology

Bildergebnis für blockchain

 

Awareness of blockchain has soared in recent years with the emergence of cryptocurrencies, but the technology has existed for much longer. The linking of blocks, containing cryptographic functions of transactions and data, means that tampering with their contents becomes increasingly difficult as the chain grows – this concept was exploited for document timestamping applications more than a decade before cryptocurrencies became reality. In many implementations, blocks are confirmed by, and stored at, many nodes in different locations, providing a high degree of data integrity. There are, however, many challenges for applying blockchain technologies in tactical networks, particularly due to the constraints of the platforms, the limited bandwidth available among them, and the impact of network partitioning. In this report, the development and principles of blockchains are presented, along with an overview of their weaknesses and vulnerabilities. There is a huge level of interest in this technology across many sectors, and this is reflected in the breadth of the referenced material. Weaknesses in design and implementation can make blockchains vulnerable to attack, and their interfaces are particularly at risk. A range of possible applications in tactical networks is explored, from supply chain management, to network management and application data immutability. Finally, a simple blockchain architecture for mobile tactical networks is developed, to illustrate the potential and challenges of this technology. Overall, it is clear that blockchain technology provides a potential avenue for solving some problems in the tactical network context, but it is not yet clear whether it is the best such solution.

The key feature of blockchain technology is data integrity in a trustless environment: transaction or data records included on the blockchain are timestamped, cryptographically protected and stored by many distributed nodes, reducing the risk of total loss. For a sufficiently long blockchain, with a large number of nodes, the records can be considered immutable, in the sense that any tampering will be evident. This integrity can be exploited in different ways to enhance the robustness and resilience of tactical networks, and some of these are discussed in Section 5.1.

Smart contracts, described in Section 3.2, also provide opportunities for robust resource management in tactical networks, particularly in complex operational conditions where many users interact in the electromagnetic (EM) spectrum. Possible applications of blockchain to resource management are discussed in Section 5.2.

Tactical environments pose particular challenges for the introduction of blockchain technology, as devices are constrained in size, weight and power, and there are physical limitations on node connectivity. These challenges are considered in Section 5.3.

An example architecture for applying blockchain technology to support tactical operations is described in Section 5.4, taking into account the opportunities and challenges outlined thus far.

In this section, network nodes are considered to be the devices or platforms connected to the blockchain network; these are not (just) the radio interfaces themselves, but may be auxiliary equipment such as biometric devices, weapons or communication platforms.

5.4 Example tactical blockchain architecture

Based on the preceding, we propose an example architecture for a tactical blockchain system. The scenario we consider consists of a unit of dismounted soldiers, each carrying several devices connected on a personal network: a weapon, a radio, a camera, a radio frequency (RF) sensor and a computer (similar to a smart phone), sharing a battery and a memory drive such as a flash card. The soldier is also considered a network component, as they are a source and sink of data, and their identity is confirmed using a networked biometric sensor such as a fingerprint or iris scanner. The other devices may be authenticated using a radio frequency identification (RFID) chip or imaging as described in Section 5.1.4; authentication will only be required if the networked component has been disconnected from the personal network and attempts to rejoin.

We assume that the weapon tracks the ammunition it uses, and records the amount remaining. The camera may be continually recording, but to limit memory usage, only a few seconds before and after the weapon is fired are retained. C2 and other messages, either digital voice or data to and from the computer, all passed via the radio, are recorded for post-action analysis. SA in the form of RF sensor data is sampled periodically, and transferred via the radio to other soldiers in the unit and recorded locally. These different sources of data all use the computer’s memory for storage; both the memory and battery usage are tracked.

We use blockchains to provide authentication and identification management for the soldiers and devices engaged in the operation, an auditing function to track cyber SA and C2, resource usage tracking, and a policy management function, which is used to support resource loading decisions across the unit. As noted in Section 5.3.6, the longer the blockchain, the stronger it is, so all these functions use the same blockchain within their cluster (Section 5.4.1).

This is a simplified scenario, intended to give insight into the potential application of blockchain technology in tactical networks. Note that, as discussed in Section 6, the fact that this technology might be used to address these problems does not mean it is the best choice. Note also that the exchange of transactions and blocks among the users is assumed to be secure.

Chinese Cyber Hackers Launch Malicious Bot

Chinese Cyber Hackers Launch Malicious Bot

In March 2018, an identified financial services corporation received a thumb drive infected with the bank credential-stealing Qakbot malware variant, targeting information from networked computers and financial institution web sites. The financial services corporation purchased bulk thumb drives from a US online retailer of computer hardware. The thumb drives were originally manufactured in China. According to FBI forensic analysis, the Qakbot malware was on the infected thumb drive before the drive arrived in the United States. Qakbot is extremely persistent and requires removal of all malware from every device. Failure to remove even one node of malware may result in re-infecting previously sanitized systems possibly costing the victim hundreds of thousands of dollars in malware removal and system downtime.

Threat

Qakbot is an information stealing worm—originally discovered in 2007 with a major update in 2017—that propagates through removable drives, network shares, and Web pages. The most common vector of intrusion for Qakbot is malicious attachments to phishing emails. Once executed, Qakbot spreads to other shared folders and uses Server Message Block (SMB) protocol to infect other machines. Qakbot has keylogging capabilities, and is able to propagate across network environments through a single instance within that network. It is capable of remaining on a device through the use of registry keys and by scheduling recurring tasks to run at timed intervals. Every device connected to the network and every piece of removable media which has been attached needs to be scanned for the malware and cleaned of the infection before it can be reconnected. The most recent updates in 2017 allows Qakbot to lock users out of the active directory, preventing them from being able to work. It also deploys malicious executables into network shares, registering them as services.

Cyber actors have the capability to infect devices with malware at nearly any point in the manufacturing process. The FBI has historically seen cases of infection with malware capable of stealing credentials, gathering data on the users of a computer or network, dropping other types of malware, and serving as a “backdoor” into a secure network. It is difficult to know at which point the malware infection occurred or whether the infection was intentional, due to the international nature of hardware manufacturing.

Recommendations

To mitigate the threat of a potentially infected thumb drive, the following measures should be taken at a minimum:

Ensure the use of approved, trusted vendors for hardware purchases.

Scan all hardware, especially removable storage media, on an external system prior to its insertion into a network environment.

For signature-based intrusion detection systems, ensure that the hash value for known Qakbot variants are included. The MD5 value for the variant identified in this PIN was: ff0e3ec80faafd04c9a8b375be77c6b6. This hash value can change, so be prepared to use other advanced detection systems.

Users should protect themselves and organizations by practicing good browsing habits, ensuring they do not respond to or click on unsolicited email, and to not plug unknown USB devices into
their workstations.

If you don’t have the expertise to properly handle or identify potential cyber threats please seek out an expert who can provide the expertise needed to secure your organization.