Friday News Roundup — May 14, 2021
Cyber Wake Up Call, Russian Victory Day Parade, Future of GPS
Good morning and happy Friday from the Nation’s Capital. It’s been a news-packed week, with the ransomware attack on the Colonial Pipeline, pandemic reopening inflation numbers, and the removal of Congresswoman Liz Cheney from GOP House leadership. If the future of the GOP is to be defined through the lens of the history of January 6, 2021, the events leading up to that shocking day, and the legitimacy of the 2020 election, the schism is now clear.
Regarding the other big headlines, Dan looks at the broader cybersecurity wakeup call in the roundup, but the pipeline shutdown has resulted in disruptions to drivers, truckers, and airlines along the East Coast. Last week’s jobs number and this week’s inflation numbers are sending mixed signals about an unprecedented economic environment, but Thursday’s announcement relaxing mask guidance for the vaccinated is a welcome weakening of the key economic headwind — the pandemic and related measures — and a return to normalcy.
This week, Joshua reviewed “The World Turned Upside Down” by Clyde Prestowitz, which debunks the false premises for engagement with China that have led us to this point, and what a future competition with China requires in terms of U.S. domestic revitalization.
Next week, join Amy Myers Jaffe, Research Professor at the Fletcher School at Tufts University, as we explore her latest book “Energy’s Digital Future: Harnessing Innovation for American Resilience and National Security.”
In this week’s roundup, Dan lays out the problems that can no longer go unaddressed following the Colonial Pipeline shutdown. Joshua looks at the latest kit rolled out at the Moscow Victory Day parade, and what it tells us about Russian strategy and policy — not just hardware. Ethan covers the latest updates to the GPS system, and, as always, we wrap with news you may have missed.
If This Doesn’t Change Our Cyber Posture, What Will?
Dan Mahaffee
At the beginning of the pandemic, many think tanks, CSPC included, were able to dust off reports from the 2000s and 2010s discussing shortcomings in U.S. pandemic preparedness and the challenges of coordinating such a response. At the time, the headlines talking about unclear interagency coordination, overwhelmed demand on health care systems, and shortcomings in medical supply chains could have very well been lifted from reports on pandemic preparedness. Today, the same can be said for the ransomware incident at Colonial Pipeline and the many calls from think tanks, policymakers, and private sector leaders about our cyber vulnerabilities and the precarious state of critical infrastructure. As disruptive as this event has been — largely worsened by panic buying (including in states unaffected by the disruption) — our critical infrastructure remains vulnerable to far worse. Hopefully, this event can serve as a wake up call in key areas.
First, cybersecurity has to be part of the business plan. For too long, private sector spending and investment on security and resilience measures has been too low compared to the magnitude of the challenge. Before companies are able to buy back shares or award massive compensation packages, shareholders, insurers, auditors, and, yes, regulators should be asking whether companies are meeting cybersecurity standards. Nor do we always need gold-plated solutions, as much of the challenge can be met through training staff (as well as the broader American public) about cyber hygiene. Technical measures will never be a solution for issues of corporate culture.
Many of these measures can come largely through carrots, rather than sticks, and the innovative role the private sector can play in cybersecurity is a strength of the American system. However, if it is true, as some report, that Colonial Pipeline shut down because they would not be able to bill their customers (rather than any concerns regarding the operational side of the pipeline) then policymakers in Washington and state capitals may need to better remind certain critical infrastructure companies of the hierarchy of their priorities.
Government, industry groups, think tanks, and others should also learn the lessons, not only from the Colonial Pipeline disruption, but also the Texas winter blackouts and California wildfires, to understand the network effects of these disruptions and the interdependence of critical infrastructures. The ongoing semiconductor shortage, and the supply crunches throughout the pandemic should also be reminders of the supply chain factors — as we consider both how our supply chains are disrupted by critical infrastructure failures and what supply chains we rely on to construct critical infrastructure. For example, when CSPC looked at the resilience of the U.S. electric grid, reliance on foreign suppliers for transformers was an area of concern.
The government, too, must also better address how it works with the private sector on cybersecurity and addresses threats from overseas. The Biden administration’s Executive Order on cybersecurity starts to address some of our cybersecurity needs, but there are also the recommendations of the Cyber Solarium Commission and other bipartisan legislation on cybersecurity that should now move through Congress with alacrity. Furthermore, in working with the private sector to secure critical systems — as well as informing the public of the magnitude of this challenge — the over-classification of threat information must be addressed. Since this will inevitably prompt a conversation about protection of sources and methods and U.S.-controlled “zero days”, this conversation must also include some aspects of active defense and pre-emptive disruption of overseas cyber threats. That we are in the state we are now shows that our current concepts of deterrence in the cyber domain have failed.
This broader challenge of cyber insecurity and the threat actors who take advantage of the shadows of cyberspace to avoid attribution and consequences requires an international response to this as piracy on the high seas was recognized as a threat to all humanity. The U.S. should work with its allies on norms and standards for behavior in cyberspace, and severe consequences for those state and non-state actors that violate them. An immense part of this challenge will be how fully integrated cyber criminality is into much of the Russia security apparatus. Moscow may see itself as a third Rome, when in cyberspace it is a second Barbary Coast.
Finally, while touched upon earlier, civil resilience, civic trust, and a return to common sense are necessary. Whether we like it or not, we have to assume a more resilient, competitive footing in the face of how our adversaries will seek to sow discord and confusion. When our own panic does as much if not more harm than the initial attack, what does that say to adversaries who will spread confusion, panic, and disinformation as part of any first strike in a modern war? Does our fully partisan media environment provide the needed information in a time of crisis? These are further questions that we must ask, and ask of ourselves, if we want to prepare our society for the future of conflict and competition. If done right, we can create deterrence through resilience, as our enemies’ actions will no longer have the desired effect on American society.
In looking at the early lessons of the pandemic, a new WHO report speaks of the “lost month” of February 2020. At that point, the virus was spreading rapidly, and , while warning signs were clear, the pace of governments’ and societies’ response lagged the pace of the virus. Nor is this lesson one solely for cybersecurity, as our crumbling infrastructure reveals — shipments on the lower Mississippi River are now at a standstill with cracks discovered in the I-40 bridge over the river at Memphis, Tennessee. One interesting detail in the Biden cyber executive order also aims to create a cyber investigation process similar to how the NTSB investigates air crashes or other transportation disasters. Such a process will hopefully investigate the nature of the Colonial Pipeline attack and the lessons learned for the future. Hopefully, it will not be the prologue in a far worse tale.
Russia’s Victory Day Parade & Putin’s Message
Joshua C. Huminski
On Sunday, Russia marked the 76th Anniversary of victory in World War Two with a military parade through Moscow’s Red Square. Some 12,000 personnel marched down the main stretch, including 37 infantry units, with 190 pieces of current and historical pieces of equipment were on display including the famed T-34 tank and the modern T-14 Armata. The show concluded with an air display including 76 aircraft and helicopters, taking to Moscow’s somewhat overcast skies.
The Victory Day parade takes place against a backdrop of increased tensions with the West, somewhat declining popularity for President Vladimir Putin, and increasing economic uncertainty resulting from Covid and other pressures. Yet, this is very much a day of solemn remembrance and celebration of those who gave their lives in defense of the Rodina (Motherland) in the Great Patriotic War. The parades, which were only resurrected after the end of the Cold War, are a visible and vivid display of Russian patriotism and pride.
The politicization of historical memory is, however, inescapable in Putin’s Russia. The line of Putin’s speech that received the most attention is curiously absent from the official transcript. Reports of his speech quote him as saying, “Russia consistently defends international law. At the same time, we will firmly defend our national interests to ensure the safety of our people.” Yet, the official transcript, at least in English, omits the last line, offering only “Russia is consistently defending international law while continuing to protect our national interests and the security of our people.”
Of course, from whom Russia will defend its national interests remains unsaid. One could infer it is against Europe, NATO, the United States, or Ukraine, or any other boogeyman Putin wishes to conjure.
The Victory Day parade, while certainly important to Russian remembrance and memorial, is also about theatre for the Kremlin and Putin, and this previous line highlights this fact. The language Putin used is intended to portray the country as under siege, beset from all sides by unseen and unidentified enemies. His references to the resurgence of Nazi ideology “supported by radicals and international terrorist groups of all kinds.” There are also those “trying to rewrite history and justify the traitors and criminals whose hands are smeared with the blood of hundreds of thousands of civilians.”
To be sure there are far-right, nationalist, and radical movements in Europe, and certainly present in Ukraine, but these are a tiny minority and most certainly not a threat to Russia. Indeed, in some cases, Moscow has been known to mobilize these forces (along with biker gangs and football hooligans) to their advantage, seeking to undermine European unity and disrupt the U.S. elections through their use.
What Putin hopes to do by creating this under siege mentality is to validate his rule — he is the only one standing between the Russian people and a perfidious, libertine, and hostile West, which seeks to destroy Russia, its culture, and its way of life. By conjuring this straw boogeyman, Putin hopes to distract the public from the litany of domestic issues, not the least of which is endemic corruption and underinvestment domestically, and his own shortcomings. He raises this specter through the lens of World War Two, saying “This enemy not only wanted to overthrow the Soviet political system but also to destroy us as a state, as a nation and wipe our peoples off the face of the earth.”
Yet, it is again important to remember how the Russians themselves view Victory Day. In his speech, Putin said, “The Soviet people kept their sacred oath, defended the homeland and freed the countries of Europe from the black plague.” Here it is worth noting what Prof. Mark Galeotti said on a recent podcast, that Moscow sees its sacrifice in World War Two as its price of admission to the great power club. That the blood and treasure spent by the Soviet Union, but by Russia in particular, should buy it a seat at the table of great powers, even 76 years later. Putin did, tangentially, acknowledge the sacrifices of non-Russians, but only just, saying “People of all ethnicities and faiths fought for every inch of our soil.”
The theatre is also an opportunity for Russia to display its modernized and modernizing military. Indeed, the Russian Army took it is an opportunity to display (albeit on the back of a transporter) the Uran-9 Unmanned Ground Vehicle (UGV), the modernized third-generation main battle tank, the T-90M, and the T-14 Armata (which had the unfortunate honor of breaking down in rehearsals in 2015, but was able to depart under its own power). Newer Mine-Resistant Ambush Protected (MRAP) vehicles from the Typhoon family were also on display as were the “Boomerang” armored personnel carriers.
For the Russian Air Force, stalwarts such as the Tu-160 and Tu-95MS strategic bombers, Sukhoi SU-35S jet fighters, SU-24 bombers, Mikoyan MiG-31 supersonic interceptors, and the Ka-52, Mi-28, and Mi-35 helicopters partook in the celebration. A formation of the fifth-generation fighters, the SU-57 also overflew Moscow, but the live stream chose to use a CGI animation (albeit a rather good one) suggesting a super closer up of the lead plane, before departing to a wide angle.
What is interesting is that in some analysis, the fact that the Russian military is still flying very much Cold War airframes is indicative of either a lack of modernization or, indeed, innovation. Yet, that very much misses the point. Russia’s multi-billion ruble modernization program is yielding benefits. Its forces are considerably more professional than they once were. The tactical and operational level equipment, particularly the APCs and MRAPS, are modernized and analogous to American platforms, and while the SU-57 isn’t deployed in large numbers, one can make the same argument about the F-22. A fixation on “kit” while enjoyable also misses the battlefield experience that Russian personnel are getting in Syria in support of Bashar al-Assad.
This also misses the unconventional and irregular capabilities that Moscow can and does employ around the world — capabilities that very much are in the limelight at the moment, not the least of which is a result of the exposure of the GRU’s operation in the Czech Republic. Moscow need not field and employ divisions of modern main battle tanks when it can destabilize Estonia or any of its other neighbors via cyber warfare, espionage, proxy engagements, propaganda, or any of the other tools in its toolbox of skullduggery.
GPS evolution gets help from the Dark Side
Ethan Brown
On any given day when you hop into your vehicle, intending to travel to an unfamiliar destination, or perhaps are simply curious as to the density of traffic on your way to work, google maps is the normal 21st century approach for navigation.
The convenience offered via the google’s/waze apps are a direct benefit of the global positioning network which spans both the public (defense, intelligence, space) and private commercial sectors. One more example of military-funded technology making our everyday lives a little easier and adaptable to an increasingly complex world.
Global positioning systems (GPS) are a truly revolutionary endeavor that shrank the world since its advent in the 1960’s (more on that below once I unbury this lede). Some of the downsides to the architecture of the current GPS network include the congestion in low- and mid-earth orbits from the large satellite apparatus’, which makes navigation both a science and an art form, keeping all of the space players’ toys from clanging into one another. Those big GPS satellites also make for high payoff targets, both as a host to the cyber architecture and their connectivity to the hardware upon which all of our modern systems function (if only there was a discussion on how protecting the satellite and cyber domains could become a function of DoD). Those milsats are particularly critical as the Defense Department relies wholly on the connectivity and integrated support made possible by these sat constellations.
In order to potentially reduce the vulnerability of those legacy systems, the Defense Advanced Research Projects Agency (DARPA) awarded a development contract to military industrial titan Northrop Grumman to operationally advance its Blackjack program — small, cheap LEO satellite swarms capable of hosting DoD systems while being increasingly immune to jamming, the main vulnerability to those legacy constellations. More on BLACKJACK and its military applications shortly. First, a history lesson on GPS (and INS), and why these systems matter so much across the military, all the way down to the lowest soldier.
The roots of digital global awareness
During the heyday of the Cold War, submarines were circumnavigating the globe armed with nuclear missiles for the purpose of deterrence and force projection, common history stuff. The challenge with the distances and increasing inventories of submariners lay with knowing where those nuclear assets were in the event of the potential doomsday. During the Sputnik era of the early 1960’s, scientists were able to track the shifts of orbiting satellites by reverse-vectoring the “Doppler Effect” radio signals of those early satellites circling the north and south poles. Based on the known routes of the first generation milsats, submarines could observe Doppler changes and pinpoint their present location within minutes, and relay that information across the oceanic surface waves using HF radios to update command and control architectures.
The potential for precise geolocation was immediately realised by DoD thinkers, who spent the ensuing decades to implement a more robust satellite constellation, culminating with the end of the first generation satellite networks by launching the Navigation System with Timing and Ranging (NAVSTAR) system in 1978. While limited to the ping-and-read capability pioneered by those early submariners, the precision with which the military (and ultimately, your DoorDash or Uber driver) could navigate improved by leaps and bounds through the rest of the 20th century.
As conflict paradigms emerged from the shadow of the Cold War, new systems continually expanded the panoply of the DoD and allied partners, as well as adversaries keen to keep pace with the superpower of the American military. While the decades after the Vietnam War enjoyed a slow application of GPS technology to the defense enterprise, Desert Storm was when the global positioning apparatus made hay and changed warfare. Of note, only 19 of the mathematically-required 24 NAVSTAR satellites were Death Star (“fully operational battle stations”, I won’t apologize for good puns) when the coalition invasion kicked off, meaning that there were only 19 hours of satellite alignment (necessary for proper coverage) in a given day of the invasion, making coordination and effective planning critical to success. Those GPS sensors were accurate to within 16 meters (52~ feet), compared to the original submarine Doppler vectors that could be accurate to within a couple kilometers. What the new NAVSTAR system offered the coalition forces was the ability to plot waypoints on known atlases and maps based on the universal transverse mercator (an overlapping set of equidistant grid lines covering the earth) and use new GPS receivers inside their vehicles to leap over the berm and into the heart of Iraq at high speed. Those receivers also enabled artillery support to plot fire missions (sweep/zone, suppression and fire-for-effect) ahead of friendly forces worried at the potential chemical weapons threats reported by intelligence assessments.
The “shock and awe” is well known, but the effectiveness of the stealth bombers, cruise missiles, and precision engagement bombs rendered a global top-5 military toothless ahead of the invading coalition forces, thanks to the precision navigation offered by the expanding GPS systems. Desert Storm would not be the end of GPS changing how the fight is taken to the enemy. In the early days of Afghanistan, Joint Terminal Attack Controllers were often supported by aircraft equipped with GPS-guided munitions, and not the free-fall “dumb” bombs or laser-guided weapons which terminal controllers were well-versed. Eyes on target are not always required to employ aerial delivered munitions on an enemy target, and the hallmark of the Close Air Support (CAS) war in Afghanistan accommodated forward controllers passing precision grids to aircraft without additional target correlation, meaning the GPS-guided bombs tracked directly to the stated grid with devastating success, although this can often be a risky endeavor if the quality of the grids given to the aircraft are sub-par.
Blackjack: Position, Navigation and Timing
Smallsats are rapidly becoming the norm in space-tech strategy. Work here at the CSPC (spearheaded by Joshua Huminski’s stellar vectoring) highlights the space enterprise as an entire ecosystem, not simply the “sum of its parts”. Global Positioning is arguably the most important component of what the space architecture provides to the national security paradigm. As seen through the eyes of defense industry, DARPA’s Blackjack is the next phase of LEO smallsats capable of hosting the DoD networks on an agile, alternative capability that overcomes the limits of legacy systems.
Northrop Grumman is no stranger to DARPA’s needs, having a long history of building secret-squirrel toys for such customers as the National Reconnaissance Organization (NRO), as well as other classified projects lending evolutionary progress to stealth and surveillance technologies. Where Northrop has a leg up over previous Blackjack vendors (Lockheed Martin and Raytheon subsidiaries) is in its development of the Position, Navigation and Timing (PNT) technology — a software-developed GPS alternative that bounces across meshed networks. Simply, GPS satellites are easy for an adversary to jam (wash out the transmitter-receiver signals) through simply overpowering the weakened radio signal as it returns to earth (the receiver end of the process). PNT however, at low-earth orbit, shares the transmit-receive process across the swarm and offers too many nodes for an opponent to reasonably interdict through traditional jamming methods.
PNT matters a great deal to the modern warfighter, because as it currently stands, the GPS inventory isn’t going to make par against a peer adversary. I’ve recently interviewed several DoD personnel about the challenges of peer competition, and one of the main takeaways is that training for an adversary who can interdict, scramble, or otherwise inhibit the GPS connectivity is going to be the single most critical component in future readiness. Congressional leaders want GPS alternatives, and defense contractors experimental systems are becoming increasingly post-GPS in their digital-engineering evolution.
Bandwidth is going to matter at a more profound level than ever before, due to the sheer volume of data in peer-to-peer conflict. The entire point of the Joint All-Domain Command and Control (JADC2) system is to accelerate the data sharing between warfighting elements and strategic decision makers, and the next phase of the JADC2/All-Domain Operations lifecycle heads to the Deputy Defense Secretaries desk in the coming days for review and validation. DARPA all but certainly has its eyes on hosting JADC2 as a slam-dunk in building out the data-sharing DoD architecture, relieving some of the bandwidth constraints that current line-of-sight connectivity imposes on JADC2 reaching its potential to change warfare.
Thus news of this program moving forward under DARPA’s watchful eyes could mean regaining a fighting advantage at the tactical, operational and strategic levels when strategic competition moves to strategic conflict.
News You May Have Missed
Kenyan High Court Throws Out Constitutional Reforms
In a blow to constitutional reforms agreed upon by President Uhuru Kenyatta and Ralia Odinga, his political rival who is now an ally, the Kenyan High Court blocked the reforms, citing several violations of procedure for amending the constitution and the selection of the body to create the rejected reforms. How these leaders and the parliament, which passed the constitutional reforms, will react to the court ruling remains to be seen. The constitutional reforms sought to address the winner-take-all nature of Kenyan politics, which has often resulted in waves of political and ethnic violence.
Protests Continue in Colombia
Protests have continued in Colombia, as what started as a reaction to now-withdrawn tax hikes has taken on a broader meaning against inequality and police brutality. Protestors have blockaded the third-largest city Cali, leading to shortages, while decrying the brutal crowd control response of a police force designed for counterinsurgency and counternarcotics.
Wild Boars Steal Italian Woman’s Groceries
While we at CSPC are used to tales of Italian politicians’ boorishness, amazing social media footage from outside Rome shows 4 wild boar cornering a woman in a parking lot and pushing towards her until she drops her groceries, which they devour. The rise of wild boar in Italy has been in the headlines—with police killing wild boar on a playground near the Vatican and farmers’ groups calling for action against the pesky prosciutto. Despite the feral hogs, there are no calls to relax Italy’s gun laws.
The views of authors are their own and not that of CSPC.