cont'd

The Pentagon should never be immune to thoughtful spending and strict fiscal accountability — and that statement does not make us soft on defense, disloyal to the military, or unpatriotic in any way.  What it makes us is responsible realists.

Now the question becomes: How can we best achieve this?  Contrary to what some in Washington believe, we don’t have a bottomless bank account when it comes to military spending and national security.  

To be clear, we believe the United States of America should never be forced to forgo the critical military capabilities that we need to protect ourselves.  The United States must have a cutting-edge military that has the fortitude to fully protect this country, regardless of where the threat comes from or in what form it comes in. 

The United States should also never be in a position where we are forced to pick and choose between the most dangerous regions of the world. 

Given China’s rise and the importance of nurturing relationships with other Asian countries, ensuring stability in the Asia-Pacific region is increasingly critical to our economic and national security.  At the same time, it’s dangerous to fixate solely on that region of the world, particularly when the Middle East remains so unstable.  We must be able to sustain security simultaneously in Russia, Africa, South and East Asia, the Middle East, and Europe — and have everything we need to operate successfully in the traditional theatres of land, sea, air, cyberspace and outer space. 

Given the sheer scope of these operational and geographical realities, our national security must be forward-thinking, innovative, and dare we say, crafty.

War has evolved, big time.  This means we have to evolve as well — and do what five-star Army general and former president of the United States Dwight D. Eisenhower once advised: “Learn how to compose differences not with arms, but with intellect and decent purpose.”

This is not to say that diplomacy can solve everything. It clearly cannot. But the “intellect” part of President Eisenhower’s advice is convicting.  The harsh truth is that throwing a bunch of money at a million different things to see what sticks — as we have done since the 9/11 terrorist attacks — is not going to cut it anymore.

Neither is relying on the threat of a ridiculously gigantic arsenal of big, scary bombs.  The “my bomb is bigger than your bomb” strategy we have depended on for decades now seems lazy and terribly inadequate.

Our potential adversaries figured this out years ago.  While we were busy fighting wars in the Middle East, China and Russia were busy closely examining our weak spots and investing in new strategies and technologies to exploit our vulnerabilities.

China now has the wealth necessary to heavily upgrade its military and make a move for East Asia.  And, although Russian military forces were in significant decline in the years following the Cold War, Vladimir Putin has spent significantly to rebuild a strong military.

This is all the more painful because we did a lot of the heavy lifting for them by investing in expensive research and development that allowed us to develop superior military technologies (like long-range precision-strike, electromagnetic-spectrum warfare, and hypersonic warfare) — and then just let them copy us.

 

China’s DF-21D anti-ship ballistic missile is a game changer, as is their intermediate-range missile called the DF-26 that threatens our naval forces and bases in the Pacific. The Russian military announced in December 2019 that they had deployed Avangard, a new hypersonic weapon that flies at lightning-fast speeds, allowing it to evade American missile defense systems.  They are also working on stealth submarines and torpedoes.

Already, China and Russia have weapons that jeopardize our assets in space, through everything from cyberattacks to radio jamming to destroying them altogether.  

The 2019 Worldwide Threat Assessment of the U.S. Intelligence Community says that our intelligence agencies “expect foreign governments will continue efforts to expand their use of space-based reconnaissance, communications, and navigation systems – including by increasing the number of satellites, quality of capabilities, and applications for use. China and Russia are seeking to expand the full spectrum of their space capabilities, as exemplified by China’s launch of its highest-resolution imagery satellite, Gaofen-11, in July 2018.”

Plus, “China and Russia are training and equipping their military space forces and fielding new anti-satellite (ASAT) weapons to hold U.S. and allied space services at risk, even as they push for international agreements on the non-weaponization of space. 

Both countries recognize the world’s growing reliance on space and view the capability to attack space services as a part of their broader efforts to deter an adversary from or defeat one in combat.”

But beyond all of that, the most significant advancements China and Russia have made have little to do with space or military hardware at all.  Instead, the most impressive part of their strategy falls under the “crafty” category.  Both countries have developed anti-access/area denial (A2/AD) networks and designed smart asymmetric-warfare strategies (asymmetric -warfare is essentially a conflict between two countries that have significantly uneven military capabilities, like the United States versus either China or Russia).

These hybrid warfare tactics are designed to significantly raise the risk and cost of retaliation, and to keep potential adversaries guessing.  This creates a kind of gray zone between war and peace, where things don’t necessarily escalate into overt military conflict, but where adversaries know the threat exists nonetheless.

 

China has unlawfully used the disputed waters of the South and East China Seas as their gray zone battlefield, building militarized artificial islands and occupying disputed reefs and shoals to keep our naval forces out deep in the Pacific. 

 

Stephen Biddle and Ivan Oelrich, international security experts, explain it this way:

     “For more than a generation, China has been fielding a series of interrelated missile, sensor, guidance, and other technologies designed to deny freedom of movement to hostile powers in the air and waters off its coast.  As this program has matured, China’s ability to restrict hostile access has improved, and its military reach has expanded.  Many now believe that this anti-access, area denial capability will eventually be highly effective in excluding the United States from parts of the Western Pacific that it has traditionally controlled.

     Some even fear that China will ultimately be able to extend a zone of exclusion out to, or beyond, what is often called the ‘Second Island Chain’ — a line that connects Japan, Guam, and Papua-New Guinea at distances of up to 3,000 kilometers from China.”

For its part, Russia demonstrated hybrid warfare in the annexation of Crimea and in their effort to destabilize Ukraine by using cyber warfare, extortion, invasion, and incredibly effective and destabilizing propaganda.

An analysis by the RAND Corporation — a nonprofit policy think tank partially funded by the U.S. government — “characterizes the contemporary Russian model for propaganda as ‘the firehose of falsehood’ because of two of its distinctive features: high numbers of channels and messages and a shameless willingness to disseminate partial truths or outright fictions.  In the words of one observer, ‘new Russian propaganda entertains, confuses and overwhelms the audience.’”


Russia’s guerilla-style brand of asymmetric-warfare has been targeting America for decades. Moonlight Maze, Russia’s three-year covert operation to hack into U.S. governmental agencies, started in 1996 and penetrated both NASA and the Pentagon.  In fact, Moonlight Maze is the reason the U.S. Cyber Command center was created in the first place.

James Andrew Lewis, Senior Vice President of the Center for Strategic and International Studies, explains that “Russia is a haven for the most advanced cybercrime groups and no clear line delineates the criminal world from the government. The Kremlin sees Russian cybercriminals as a strategic asset, and one of the most difficult problems for reducing cybercrime is that Russia, along with North Korea, will not cooperate with Western law enforcement.  High-end cybercriminal groups in Russia have hacking capabilities that are better than most nations for both criminal and intelligence purposes.”

Unfortunately for us, Russia has just gotten better and better at this through the years, so much so that we now are engaged in an ongoing and unrelenting cyberconflict.

This battle reached deep into the good ‘ol USA when the Russians significantly intervened in the 2016 presidential election, then yet again in 2020 when they unleashed the mother of all cyberattacks against us.  In Spring 2020, as Americans were settling into Covid lockdown and the U.S. cyber-defense agencies were obsessively focused on protecting the upcoming presidential election, Russian hackers known as APT29 and Cozy Bear — the pride of the Foreign Intelligence Service of the Russia Federation (SVR) — launched a massive cyber hack against the United States of America.

A large portion of the hack was facilitated by software called Orion, which is made by SolarWinds, a company that makes network monitoring software used by at least 425 of the Fortune 500 companies, media companies, and most of our governmental agencies.

For years, SolarWinds has been accused of having insufficient security for its products, but for some reason the U.S. government and large corporations kept using them anyway.  In the end, thousands of people, both inside and outside of the U.S. government, downloaded the corrupted software, giving the Russians a way to create hidden back doors in order to access each user’s network.  The hack is believed to have reached at least 250 United States federal agencies and American corporations, including Microsoft and Amazon.

In our minds, this went way beyond spying, which most every country does to some degree.  Instead, this was a global espionage supply chain attack that compromised U.S. intelligence agencies; nuclear laboratories; Fortune 500 companies; companies that monitor and protect critical domestic infrastructure; the National Institutes of Health; and the U.S. departments of State, Treasury, Commerce and Energy.  The Department of Defense adamantly denies that the attacks penetrated its systems, although we have yet to see proof of that.

           

The National Nuclear Security Administration, which oversees our nuclear stockpile, was also breached, as was the Los Alamos National Laboratory, where most of our nuclear weapons are designed. The Federal Energy Regulatory Commission (FERC) was compromised, which may not seem like a big deal until you find out that FERC is responsible for Black Start, the United States’ strategy for restoring power if we ever experience a disastrous national blackout (which you can bet is already on Russia’s attack checklist).

The Department of Homeland Security and the Pentagon were also hit, which is ironic given they are the very departments tasked with protecting our networks.  All of this, despite the fact that the United States has thrown billions after billions after billions of dollars to prevent this from happening.

 

The National Cybersecurity Protection System (NCPS) is, according to its website, “an integrated system-of-systems that delivers a range of capabilities, including intrusion detection, analytics, intrusion prevention, and information sharing capabilities that defend the civilian federal government’s information technology infrastructure from cyber threats and includes the hardware, software, supporting processes, training, and services that the program develops and acquires to support DHS’s cybersecurity mission.”

 

These capabilities, known as EINSTEIN, “provide a technological foundation that enables the Department of Homeland Security to secure and defend the federal civilian government’s information technology infrastructure against advanced cyber threats.”

 

Ummm...we should probably give EINSTEIN a new name since it completely missed hundreds of Russians stealthily digging around our governmental networks for months.  Just say'n...

This is all the more frustrating given that, in December 2018, the Government Accountability Office (GAO) warned of this exact thing happening: “The 23 civilian agencies covered by the Chief Financial Officers Act of 1990 have often not effectively implemented the federal government’s approach and strategy for securing information systems.  Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk.”

As if all of that is not humiliating enough, two other facts make it even worse: First, the United States government may have never discovered the hack at all.  A private cybersecurity firm named FireEye actually discovered it and informed U.S. intelligence agencies, calling the attack “top-tier operational tradecraft.”

Second, the Russians facilitated the attack from servers inside the United States.  Some of the servers were actually in the same city as their intended targets. This was actually the most brilliant part of the plan because this allowed them to exploit rules that prohibit U.S. federal agencies from conducting domestic surveillance.

The Russian assault was so sophisticated — and so flawlessly executed — that experts were reportedly “stunned” by its scope and impact.  It will be months — if not years, or maybe never — before we know how much damage has been done, but it is already apparent that the harm is significant and severe.

As a point of reference, the 2017 WannaCry fiasco — a hack perpetrated by North Korea that exploited a vulnerability in the Microsoft Windows operating system — reached 300,000 computer systems in 150 countries.  The estimated global loss caused by the attack is over $4 billion.

 

From all angles, it’s clear that China and Russia are ready to test the international order that America has ruled for decades, through military capabilities, hybrid warfare, and increasingly positive diplomatic relations around the world.

These countries are all the more dangerous because they view pesky things like human rights and the rule of law as nothing more than nuisances — and that philosophy can easily spread across the globe.

​The bottom line is that China and Russia’s crafty tactics are working, so we better find ways to nip them in the bud.  And fast.