Return to

April 12, 2018
Notes from the Pentagon

Cyber hardware flaws studied
The most frequent cause of malicious cyberattacks is when computer users click on a link that results in malware being downloaded onto computer networks.

But another emerging hardware-based cyberthreat is being studied by the Cyber Command and U.S. intelligence community, according to the nominee to head the command and the National Security Agency.

Army Lt. Gen. Paul Nakasone, Cybercom and NSA director nominee, told the Senate Select Committee on Intelligence in written answers that massive hardware vulnerabilities called Spectre and Meltdown are major worries.

“U.S. Cybercom is engaged with the intelligence community, interagency and industry to better understand Spectre and Meltdown vulnerabilities and employ mitigations,” Gen. Nakasone stated.

Spectre and Meltdown are vulnerabilities affecting nearly every computer chip made in the past 20 years. They were discovered by security researchers in late 2017 and can be used by hackers to steal data from computers through flaws contained in microprocessors — the integrated circuits that contain all the functions of a central processing unit of a computer system.

Malicious programs can be used on the two vulnerabilities to extract secrets stored in the memory of running computers that until recently were thought to be safe from such theft. Potential lost data could include passwords stored in password managers or browsers, personal information such as photos, emails and instant messages, and documents.

A Meltdown attack uses a malware program to “melt” security features that protect information designed into all but two Intel processors released since 1995. Patches are available through operating system updates.

Two variants of Spectre affect all Intel, ARM and AMD processors and require hackers to conduct more complex attacks based on a process called “speculative execution,” a process used to speed up computer functions. It allows a hacker to trick programs into revealing their secrets and is more difficult to patch than Meltdown.

Gen. Nakasone said Pentagon directives under what is known as the Information Assurance Vulnerability Management program also have begun to address the two vulnerabilities, with Cyber Command helping identify which systems with flaws should be fixed first with solutions provided by vendors and chipmakers.

The Defense Department “will need to continue to follow these developments closely and adjust its approach as the situation warrants,” Gen. Nakasone said.

The commander of the Transportation Command, the military command that plays the key role in projecting U.S. power around the world, is facing growing threats of cyberattack.

“Cyber is the No. 1 threat to U.S. Transportation Command, but I believe it’s the No. 1 threat to the nation,” Air Force Gen. Darren McDew, head of the command, told the Senate Armed Services Committee on Tuesday.

The command helps mobilize, deploy and sustain military operations and relies heavily on commercial and nonmilitary resources that are vulnerable to cyberattacks. Chinese military hackers conducted major intrusions into Transcom’s Single Mobility System that aggregates data from transportation systems used by the military.

Compromise of that system could permit the Chinese military to severely disrupt Transcom’s ability to support military operations.

Gen. McDew said many of the businesses, including aircraft, shipping and particularly railroad companies that are used by the military, cannot withstand cyberattacks in a conflict.

“The concerns I have are in the cyber domain when it comes to rail,” he said. “I would imagine that every one of our potential adversaries understands our vulnerabilities in rail.”

The four-star general also said that whenever an airline reservation system goes down or a rail switch fails to operate, “I don’t immediately think that it’s just a problem part, I think, ‘Is that an actor potentially probing?’”

Gen. McDew said war games are held regularly to strengthen the ability to withstand cyberattacks that would be used to block the command from its logistics operations.

“The American public needs to understand how advanced the cyberthreat has become,” he said, adding that adversary states are probing his command’s networks every day to learn how they operate and obtain data.

Gen. McDew said cyberattacks on commercial networks used by Transcom would be disastrous since 90 percent of the command’s ability to move troops to war relies on commercial industry.

An Air Force officer involved in the Pentagon’s use of a missile defense interceptor to shoot down a falling U.S. satellite in 2008 recently revealed some details behind the activity known as Operation Burnt Frost.

Lt. Col. Nicole Petrucci, commander of the 614th Combat Training Squadron at Vandenberg Air Force Base, California, wrote that the satellite downing was the highlight of her early career as a weapons officer at Cavalier Air Force Station, North Dakota, the site that monitors and tracks missile launches.

Col. Petrucci wrote on the blog Angle of Attack about the operation, which has remained shrouded in secrecy. “However, the strategic implications from Burnt Frost are still felt,” she said.

Burnt Frost culminated on Oct. 20, 2008, at 10:26 a.m., when a modified SM-3 missile defense interceptor was fired into space from the guided missile cruiser USS Lake Erie. Within minutes, the missile destroyed USA-193, a satellite meant to be the cornerstone of the Future Imagery Architecture, a $5 billion program of a new generation of spy satellites.

USA-193 was launched in December 2006 and immediately failed after losing contact with ground stations. As the satellite degraded in orbit, a plan was drawn up to shoot it down using an SM-3 missile.

Col. Petrucci said the “strategic impetus” behind Burnt Frost was China’s use of a missile on Jan. 11, 2007, to blast the Fengyun 1C weather satellite in an ASAT missile test. The test created thousands of pieces of dangerous orbiting debris that continue to threaten spacecraft.

The Chinese created “the largest orbital debris event in low earth orbit (LEO) history, with more than 5,500 pieces of debris,” she wrote, noting that “this act made space more dangerous for everyone.”

Another event leading up to Burnt Frost was the Air Force anti-satellite missile test in 1985, when an ASM-135 satellite-killing missile was fired from an F-15 jet to destroy the Solwind P78-1 solar laboratory 326 miles in space. The blast created 285 debris pieces that Col. Petrucci said burned up shortly after re-entering the atmosphere.

Col. Petrucci said her role in Burnt Frost was to carry out space surveillance radar of the debris from the destroyed USA-193 satellite, along with several other stations.

“The amount of debris was overwhelming,” she said. “The biggest piece of debris was important as it was the fuel canister loaded with hydrazine, the propellant to move USA-193 around. If this fuel canister survived reentry it would cause a natural disaster depending on where it landed.

“The destruction happened a mere 153 miles from the earth’s surface,” she said. “Within 48 hours, most of the debris reentered the atmosphere. All the remaining debris from USA-193 reentered within 40 days. No piece was large enough to survive reentry.”

Col. Petrucci appears opposed to anti-satellite weapons.

“While Operation Burnt Frost was great to be involved in with little long-term effect on the space domain, the strategic implications still resonate,” she said. “An ASAT is not only harmful to its intended target but others not directly involved in the conflict with the resulting debris.”

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to