EC-130 Compass Call 021202-O-9999G-004

NATIONAL HARBOR: Matthew Broderick in his basement, playing Wargames over a landline, is still the pop culture archetype of a hacker. But as wireless networks became the norm, new-age cyber warfare and traditional electronic warfare are starting to merge. Hackers can move out of the basement to the sky. In a series of experiments, the US Air Force has successfully modified its EC-130 Compass Call aircraft, built to jam enemy transmissions, to attack enemy networks instead.

“We’ve conducted a series of demonstrations,” said Maj. Gen. Burke Wilson, commander of the 24th Air Force, the service’s cyber operators. “Lo and behold! Yes, we’re able to touch a target and manipulate a target, [i.e.] a network, from an air[craft].”

What’s more, Wilson told reporters at the Air Force Association conference here, this flying wireless attack can “touch a network that in most cases might be closed” to traditional means. While he didn’t give details, many military networks around the world are deliberately disconnected from the Internet (“air-gapped”) for better security. You can try to get an agent or dupe to bring a virus-infected thumb drive to work, as reportedly happened with Stuxnet’s penetration of the Iranian nuclear program, but that takes time and luck.

You unlock a lot more virtual doors if you can just hack a network wirelessly from the air. Israeli aircraft using BAE’s Suter system reportedly did just this to Syrian air defenses in 2007’s Operation Orchard, and the Navy is interested in the capability, but this is the first I’ve heard an Air Force general discuss it. Digital AESA radar can do much the same thing, as we’ve reported about the F-35.

“That doesn’t mean that we may not still try to touch a target through a traditional networking set of capabilities, but to be able to go and use the other domains [e.g. from the air] I think is really the future,” Wilson said.

The big picture here is not any one aircraft, but the ability to attack a single target simultaneously in multiple ways from multiple domains. That’s both high explosives and hacking, coming from cyberspace, from electromagnetic signals propagating through air and space, and — if you bring in the other services — from the sea and land as well. “In the past those have been fairly separate,” Wilson said. “What we’re seeing today is a power of being able to integrate those.”

When Wilson gets back to his HQ in San Antonio on Monday, he said he’ll get an after-action report on the use of cyber at the latest Red Flag wargames. Cyber and other non-kinetic means “used to be… an afterthought” in Red Flag, he said. “Today it’s front and center.”

“The focus over the last couple of years — [and] it’s really taken on a lot of momentum here over the last year — [is] integrating not just air capabilities, but air, space and cyberspace capabilities into the fight,” he said.

This merger requires teaching traditional combat commanders what this new-fangled cyber stuff can do in the real world — part of the purpose of the EC-130 demonstration. Integration also requires teaching cyber personnel to think less like IT technicians and more like fighter pilots.

“We’re bringing an operations culture and skillset to what has traditionally been an information technology mission,” Wilson said. “I think we have some of the best cyberspace operations talent in the world.”

Another needed change is in intelligence. Cyberspace has been the focus of top-level strategic intelligence agencies like the NSA. Those agencies don’t typically collect the tactical and technical data on enemy combat systems required to identify vulnerabilities. They simply don’t have the manpower, said Wilson. The ongoing effort to build new cyber mission teams will help on that front, he predicted.

For the Air Force’s goal of about 1,700 new cyber operators, “we’re about halfway through the build of the cyber mission force,” Wilson said. “At the end of this month we should have 17 teams at initial operating capability and three teams at full operating capability.”