When it comes to network innovation, we must protect the data ‘pipes’

Retired Army Maj. Gen. John Ferrari is absolutely correct that network requirements and capabilities need to grow organically to meet the needs of the warfighter (”The military should turn its network innovation upside down,” Feb. 8).

But what he is wrong about is this: “Encrypting the data where it sits and along the route it travels makes it irrelevant to then protect the pipes.” Which is 100% wrong from an information warfare, or information advantage, or even “big data” perspective.

The military should turn its network innovation upside down

Encryption has a shelf life, and the encrypted information might have a longer shelf life than the encryption protecting it.

Triple data encryption standard, or DES, with a 56-bit key space was introduced in 1981, and the advanced encryption standard, or AES, wasn’t adopted as a federal standard until 2002, well after the F-22 first flew in 1997. The F-117 Nighthawk made its maiden flight June 18, 1981, one month before the more secure Triple DES was proposed. Had the materials involved in making the F-117 Nighthawk been encrypted with DES, that encryption would be irrelevant today, at a time when a modern low-cost commodity desktop that could break the encryption in minutes to hours.

There are still many foreign intelligence services interested in the technology to build even a first-generation stealth aircraft. There’s a reason that the Chinese J-20 and J-31 look similar to the F-22 Raptor and the F-35, and there’s a reason that China is interested in building massive supercomputers capable of massive parallel processing, despite the currently ongoing “chip war.”

We must conclude that any encrypted information collected by foreign intelligence services will eventually be cracked through sufficient compute power and time. This is one reason why super computers are part of the race for information dominance. At the level of supercomputers, the amount of compute is truly calculated in cost to build and cost to operate. If you do not have access to cutting edge chips, just increase the number of compute chips, central processing unit or graphics processing unit, or some other compute unit like an AI accelerator. It will cost more to make and cost more electricity to operate, but the amount of compute will be available to the government or corporation that invested in the system.

Without a true “zero trust” scheme, any compromise of any node on any network becomes a pivot point for further attacks. The problem with “zero trust” is that to be effective, you need a mature network model that can be secured, not a “growing, organic network” that is adapting rapidly to meet the needs of the user. And so without full security at every later version of the open systems interconnect model, there is unaddressed risk of which users are not even aware.

Lastly, even if encryption is 100% future quantum proof, the amount of data flowing between nodes is still a key indicator for intelligence analysists. If a massive amount of data begins flowing to and from a particular combatant command, that is a clue to foreign nation cyber teams that something is going on. It could be an exercise or a response to a crisis. But it becomes one part of a bigger picture that erodes any joint force information advantage. During the build up to Operation Desert Storm in 1991, the Christian Science Monitor published, “To gauge international tension, look at late-night pizza deliveries to U.S. war planners.”

Ferrari is absolutely correct that encryption of data at rest and data in transit is 100% necessary for modern military command, control and collaboration. He’s wrong that it will offer warfighters a panacea of capability, or that we can ignore protecting the data pipes that support the warfighter.

Maj. James Armstrong is a cyber electromagnetic operations officer currently serving as a course manager and instructor at the U.S. Army Cyber and Electromagnetic Warfare School at Fort Gordon, Georgia.

The views and opinions presented herein are those of the authors and do not necessarily represent the views of the Army or the Department of Defense.

Have an opinion?

This article is an Op-Ed and as such, the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email us.

Want more perspectives like this sent straight to you? Subscribe to get our Commentary & Opinion newsletter once a week.

C4ISRNet