Prometheus 6

Multiday attacks against CNN and Yahoo in 2000 and against Estonia in 2007 cost tens of millions of dollars. The SANS Institute projects that increasingly sophisticated botnets will be the No. 2 cyber security menace for 2008. A DDOS attack against a net-centric military could stop or delay any operation it intended. How could the U.S. military build such a system?

Carpet bombing in cyberspace
Why America needs a military botnet
BY COL. CHARLES W. WILLIAMSON III

The world has abandoned a fortress mentality in the real world, and we need to move beyond it in cyberspace. America needs a network that can project power by building an af.mil robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack.

America faces increasingly sophisticated threats against its military and civilian cyberspace. At the same time, America has no credible deterrent, and our adversaries prove it every day by attacking everywhere. Worse, our defensive concept is fundamentally flawed, and we have not learned the simplest lessons of history.

As much as some think the information age is revolutionary, local networks and the Internet are conceptually similar to the ancient model of roads and towns: Things are produced in one place and moved to another place where they have more value. The road-and-town model works well between cooperating states, but states also compete, and when they do, they sometimes have to defend themselves from attack. In today’s Internet, network “towns” are “fortified” with firewalls, gateways, passwords, port blocking, intrusion detection devices and law enforcement. This approach uses the same strategy as the medieval castle with its walls, moat, drawbridge, guards, alarms and a sheriff. While castles worked more or less for hundreds of years, they are now abandoned as completely ineffective except against the most anemic attack.

The time for fortresses on the Internet also has passed, even though America has not recognized it. Now, the only consequence for an adversary who intrudes into or attacks our networks is to get kicked out — if we can find him and if he has not installed a hidden back door. That is not enough. America must have a powerful, flexible deterrent that can reach far outside our fortresses and strike the enemy while he is still on the move.

Homer’s epic poems describe how fortified Troy held out against the united Greek armies for 10 years until Troy finally fell when it foolishly brought the threat inside its own walls by falling for the enemy’s masquerade in the form of a giant wooden horse. Today, it is no coincidence that the Trojan horse exploit uses the same technique on the Internet by hiding a threat inside what appears to be a gift.

In spite of Troy’s defeat, fortresses worked for thousands of years because they were so reliable and cheap compared to standing armies. Fortresses reached their zenith in the medieval castle, even though they were vulnerable to siege, tunneling and the threat that someone would open the gate from inside. However, the popularity of castles declined as the power of artillery increased. While fortresses enjoyed some notable successes, even the post-Civil War settlement of the American West evolved to relying on quickly constructed fortresses with wooden walls to house a highly mobile attack force that could secure a vast area.

The death knell for the fortress came during World War II at the Belgian Fort Eben-Emael. Its answer to the artillery threat was thicker and higher walls and the threat of its own artillery against any enemy in the vicinity of the fort, especially at the nearby bridge. But the attack did not come across the bridge. It came from the air. The Germans cunningly dropped storm troopers in gliders right in the middle of the fort, engaged the garrison and tied it up long enough for the massive German Army swarming across the bridge to compel surrender, which came in just one day.

Today, every Army outpost in America traces its roots to the walls, guards and gates of Troy. But none of today’s forts relies for boundary defense on anything more substantial than a chain-link fence, even though the base may contain billions of dollars in military equipment and the things most important to the soldiers — their families. The U.S. intends for defense of its “forts” to occur thousands of miles away. We intend to take the fight to the enemy before the enemy has a chance to come here. So, if the fortress ultimately failed, does history provide a different model?

AIR BASE DEFENSE

Almost from the beginning, air base defenders recognized the need to defend in close, coupled with the necessity of finding the enemy and destroying his planes on the ground before they launch.

In “Air Warfare and Air Base Air Defense,” John F. Kreis described the early defense of the air weapon. From the beginning of World War I, defense happened when the enemy was above your airfield, with expediencies such as Lewis machine guns mounted on stumps in the ground. However, by 1915, British Maj. Gen. Hugh Trenchard’s large, repeated raids on German airfields put the Germans on the defensive. Today’s air base defense concept still uses a layered defense in depth, but it starts as far as possible from the air bases, then relies on close-in defense only as a last resort. That capability in cyberspace can exist in an af.mil botnet.

A botnet is a collection of widely distributed computers controlled from one or more points. Criminals build botnets by using automated processes to break through the defenses of computers anywhere in the world and implant their programs or code. Often, the computer user is tricked through a crafty e-mail into cooperating with the installation of the code. The infected machines are called zombies and can be remotely controlled by masters. Hackers can build multiple levels of masters and zombies with millions of computers.

Hackers often use botnets to generate spam, but their real strength lies in their ability to generate massive amounts of Internet traffic and direct it against a small number of targets. This is called a distributed denial of service (DDOS) attack. The effect is that the target computers are cut off from the Internet. Because communication is often a computer’s main purpose, a compromised computer might as well be a rock. While preparation and money can help target computers defend themselves, once under attack, they have little ability to recover.