Technological Risk In Automated Defense SystemsBy Ronald D. Elliott
In the future, automated information technologies will increasingly be critical elements of all defense systems.
For example, most modern defense systems depend upon complex and sophisticated computer chips produced by foreign countries. The most critical elements of modern defense information systems are dependent on these advanced computer components to maintain critical databases requiring real time updates; absolute accuracy requirements for data; and reliance on system availability of near 100 percent. Any discrete defense system's computer technology dependency is increased by its dependence on automated gateways through intermediate networks to transfer data rapidly to distant operating and supporting units. All components of complex information system architectures must be operable to enable the assured information services needed to ensure our security as a nation.
In any case, these technologies must be applied cautiously and in consideration of other critical factors. If not, expensive sophisticated technologies will be clumsily used, thereby reducing, rather than expanding, defense capabilities. Discrepancies may evolve, not from inadequate technology but from inadequate management of technologically sophisticated defense information systems. It is essential that such systems are as dependable and enduring as the weapon systems they support. Traditionally, supporting information system funding has encountered more difficulties than funding for the more visible and impressive major weapon systems. . Decisionmakers often allocate acquisition dollars based on the destructive capability envisioned to be enabled by the product, with less consideration for the technical complexities and endurance of essential supporting subsystems.
Also, scarce funds for command and control, communications and intelligence (C3I) systems often are applied toward fragile, complex electronic systems with sensitive security boundaries. Defense managers properly seek to acquire the most from their limited resources and frequently choose the most advanced technology rather than simpler, but more dependable, alternatives with minimally essential reliability, endurability and survivability capabilities. However, in some cases, especially where available resources do not permit backups or redundancy, more advanced technology may not necessarily ensure the best defense support system.
Unbridled reliance on complex C3I can produce sensitive, even frail, capabilities. Such systems may be susceptible to self-destruction from inadequate real time continuous management of sophisticated layers of automation protocols, to overt and covert physical and electronic attack, and to the various effects of detonating nuclear devices. Another potential hazard in sophisticated C3I systems and their support of distributed weapon systems is the tendency toward over-centralization and the consequent reliance on similarly fragile telecommunications links.
The principal purposes for command and control systems are to provide the commander with the correct, timely information needed to formulate an operation plan and to disseminate it with the commander's intent and information dissemination policy in an understandable form to subordinates who will apply defense systems to implement them. But, like all good management systems, there needs to be feedback. This is where communicators have a critical role to play. Finally, the integral importance of intelligence in information services to military forces has been increasingly recognized in recent decades. The overall result is the necessity for a coherent, comprehensive and enduring worldwide defense C3I system. However, in planning and building this system the potential to lean too heavily on the efficiency and cost benefits related to fully integrated and centralized systems must be carefully considered. Interconnected distributed and autonomous systems need to be integrated and interfaced to the maximum extent to enable the benefits of the efficiencies and cost-advantages they offer, but careful planning is necessary to ensure they will survive "computer failure."
National security information systems have evolved to link national command authorities (NCA) directly to the various unified and specified commands at worldwide locations. Those commands are, in turn, linked to service and force commands supporting them. Functional defense information management and exchange subsystems are interconnected by highly complex and sophisticated technologies enabling information systems that support teleconferencing, graphics and video exchange, distributed data bases and complex multiple security level computer-to-computer processes supported by worldwide communications subsystems. Though access to the complex national system is available to lower level commands, separate and more tactically oriented discrete information systems begin at service component/force level command boundaries of the national system. The component command support systems encompass interconnected units within a particular unified or specified command or region. Battlefield/battlegroup-based systems often interface with the interconnected higher echelon joint systems/networks through automated gateways, which can (potentially) link front line units directly to NCA.
As with the information infrastructure at the national level the defense information infrastructure that supports armed service and military command networks, components and joint task force systems or networks are generally computer-switched or enabled. The resulting concatenation across echelons of our national security information infrastructure provides an information conduit for directions from and feedback to higher commands and allows the real time updating of operational and intelligence databases. Physical elements of the system exist in myriad command, intelligence and communications centers. Military operations are directed remotely from these automated facilities through "virtual" operating center environments distributed globally across echelons.
Commanders make decisions guided by sophisticated displays or aids fed by the databases and on-line accesses to chain-of-command elements above and below them. Status of friendly and enemy forces are summarized and fed to higher echelon databases automatically by electronic automated subsystems. Such modem information systems must be tightly managed and sensibly channeled to avoid confusion and indecision should the deluge of data become disorganized or incomplete. There's an inherent (though sometimes forgotten) dependency upon the accuracy and reliability of the numbers and icons displayed on the displays used by operating commands for their "situational awareness."
To control the information flooding operational units from myriad interconnected automated information systems, the armed services are developing increasingly sophisticated and complex information exchange systems with which field commanders, and those who support them, will be provided a common operational "picture" from correlated and fused data derived from diverse sources, such as sensors and data bases.
From the national perspective, joint and coalition operation plans require immediate delivery of directions from NCA to the commands. To be effective, the NCA must receive instantaneous status and intelligence reports. Thereby, defense forces and systems are operationally directed from remote and mobile facilities within response time frames of minutes and seconds. These facilities are equipped with interconnected information systems to implement defense strategies derived from their collaborative activities using their distributed "virtual" operating environments. Success or victory becomes subject to the effective application and performance of automated information systems and networks supporting those collaborative efforts and linking them to the operational situation.
Our defense and law-enforcement forces involved in national security related operations all over the globe rely on the availability of adaptive and enduring C3I systems and networks. Effective deployment of these forces requires rapid execution of interfaces to national and regional information exchange/distribution systems, often with little warning and with potentially severe impacts to operations of the customary users of those systems. Capabilities for successful accomplishment of these accesses/interfaces with reliability rates responsive to the needs of the operating units are improving. Continued investment in additional secure contingency subsystems, gateways to existing ones and redundant assets at pre-positioned sites around the world will ensure successful contingency missions wherever and whenever needed.
Weapon systems themselves also depend on integral electronic microprocessors and automated communications for their accurate, effective delivery or application. Real time intelligence, surveillance, reconnaissance, and analysis systems, the eyes and ears of many weapons, also depend on these technologies. Therefore, targeting sensor reports and data feedback analyses are time sensitive; and manual methods are slower and less effective in ensuring that automated weapon systems respond adequately. Data exchange arteries connecting such systems are frequently managed and directed by automated processors and computer networks served by multiple telecommunications links. Technically sensitive and complex automated technology is used both for telecommunications circuit switching and sharing of time and frequency segments on common circuits, so varieties of systems are consolidated/integrated over common transmission subsystems serving a battlefield or region. For example, individual systems supporting command of forces or weapons over a large geographic area at times share transmission facilities of a single space-based satellite. To reduce the obvious risks of such circumstances, steps are being made to ensure that diverse routing of defense support system circuits occurs.
Many automated defense support systems are worldwide military versions of an information management system, exhibiting vulnerabilities similar to those of civilian organizations, public and private, including risks of over-centralization and dependence on complex and sensitive technology. The significant contrast, though, is in the stakes involved relative to the types of resources managed. Defense support systems have a special value related to the destructive potential of forces or weapon systems managed.
Since defense support information flow is dependent on automated electronic components in modern telecommunications facilities, susceptibility to computer failure or malfunction exists in most defense support systems. The usual dependence of inter-computer networks on high capacity data transmission channels and inter-computer networks is an example. Most large telecommunications systems rely on high capacity satellite, terrestrial and submarine (copper and fiber-optic) cable and microwave line-of-sight (LOS) radio paths. Each of these has particular vulnerabilities. Nevertheless, cost-effective alternatives, backup telecommunications techniques or replacement media able to deliver needed information in the necessary bandwidths or channel sizes are not always available. Thus, unless diverse and/or redundant paths are provided, severing or otherwise disturbing a communications link can effectively disable or handicap information services to defense forces in significant geographical areas. This is especially true where shared telecommunications transport services are used for common-user inter-computer networks. To minimize such risk, the critical defense information infrastructure must continue to be improved with increasing diversity, redundancy and information dissemination management services.
The advantages of satellite communications systems over terrestrial ones are many and widely recognized, but their vulnerabilities also are acknowledged. Nevertheless, future critically required defense systems must continue to be designed with assumptions that abundant satellite communications services will be reliably available whenever required. Recognizing the necessity to plan for exploiting the advantageous telecommunications services available from satellites, decisionmakers must continue to include redundant, backup/alternative communications capabilities in their planning for essential national security systems.
Terrestrial transmission systems (cable and LOS radio) traditionally are traditionally expected to be safe, dependable and secure; however, notice must be taken of the vulnerabilities of single threaded terrestrial links. Legacy single telecommunications links are often relied on for defense support connectivity in some areas. Often these are easy targets for saboteurs. Likewise, some satellite ground stations (supporting defense information systems) have been sited close to public areas and bases with less than formidable security systems. Those could be easily and simultaneously placed out of service. Efforts to relocate and upgrade physical security for these facilities do and should continue.
A telecommunications medium frequently relied on for backup or alternative support to space satellite and terrestrial telecommunications media by operating forces uses high frequency (HF) radio signals reflected to distant receivers by the ionosphere. HF radio was the primary method of military long haul communications before the satellite age. But with the advent of satellites, HF systems came to be considered obsolete or only desirable for limited applications. As a result, equipment and talent in their use became dangerously scarce or ill-maintained. Additionally, technology for HF systems to provide increased channel sizes required to accommodate larger volumes of data for most modem systems was not developed. Nevertheless, more recent recognition of past deficiencies and future opportunities in HF communications has led to investments now paying off in improved emerging adaptive HF systems. However, many vulnerabilities common to other radio propagation systems apply to HF systems and those common vulnerabilities must be considered when they are selected as a backup telecommunications media for critical defense support services.
Alluded to briefly above, a particular threat to modern information systems relates the effects of nuclear detonations. Both electronic ADP equipment and telecommunications (terrestrial, ionospheric and satellite) system components are subject to critical damage from these phenomena. Besides the destructive physical blast effects of nuclear detonations, their radiation is known to disrupt radio and terrestrial communications systems completely, and electromagnetic pulse (EMP) can bum out electronic equipment. Interestingly, tube type components, replaced in most modern systems with transistors or semiconductors are more immune to EMP effects than their new technology replacements, much as old HF radio techniques may be more reliable in certain wartime scenarios than satellites. Partly because of the expense and partly because of the lack of agreement on effective preventive measures and scope of the threat, only a small percentage of defense information systems are believed to be "hardened" to prevent damage to or destruction of electronic components by EMP. There are potential corrective measures available, including the availability of multiple communications systems to direct operating forces. All have varying strengths and weaknesses but overall greatly increase the endurance and survivability of U.S. defense telecommunications services. In addition, the increased capacity and survivability potential offered by optical rather than electronic systems are being widely explored. These and other communications measures can provide alternative telecommunications services to support national security operations that involve nuclear detonations.
The Military Departments' commitment to exploiting modern information technologies in the battlefield is indicated by the service academy practices of issuing personal computers to midshipmen and cadets. This has begun to produce military officers with capabilities to exploit the services of computer technology for problem solving/decision making. The accompanying evolving orientation to automated tools and complex automated systems introduces a dependency to be experienced by future commanders. In recognition of this evolving dependence, the Armed Services should increasingly provide training in the use of manual techniques and procedures. Otherwise, loss of computers involved in providing information on location and status of friendly and enemy forces, denying commanders essential force management information, could unacceptably reduce their effectiveness. Potentially worsening the impact of such a denial of automated information support service is the possible deterioration and/or loss of talent to collect, report, plot and analyze intelligence data by analysts without computer assistance. Continued improvement in training and exercising of military capabilities using manual backup techniques and procedures is essential.
The potential long-term effects of human reliance on computers deserve attention equal to that given to communications and intelligence systems. These effects should be equally of concern to the commanders themselves. Training provided to force and unit commanders and the directives issued them depend on the availability of automated information systems and a richly connected defense information infrastructure. Removal of components of that infrastructure can have detrimental impacts on the capabilities/effectiveness of operational commanders, possibly left without direction from higher command.
A classic example of those effects is the result of the Long Commission recommendation of the previous decade. Following an examination of the Beirut, Lebanon, that Commission determined that the military commanders should be provided real time tailored/fused information. Certainly the DoD has subsequently fielded many automated systems to provide this service; however, caution lights should pulsate while planning and implementing such systems. The designers should be acutely aware of the concept of "situational awareness," wherein the user's situational needs and the environment within which the user is working must drive system design factors. Also, defense system designers should remain aware of the need, for the user to continue to function when a device, system or information service is disabled or diminished in capacity. Automated training systems have been and can increasingly be used effectively in this area to order by priority reduced information input or output capacity and prepare the user to continue functioning when information is lost. Simulator usage for such training could be particularly effective in preparing the commander and his staff to continue functioning as services from automated information systems and supporting networks degrade.
It takes a brave commander to trust a computer program to decide what is, and is not, brought to his attention. Though this may be true, work is proceeding at accelerating rates to apply artificial intelligence technologies in the battlefield to do just that. Artificial intelligence is being applied to human analysis and decision making activity that structures and underlies the battle management process, from problem recognition to decision execution. However, computer aided decisionmaking is fraught with potential hazards and should be designed and implemented cautiously. Training of our national security forces to function effectively in battle without their sophisticated information systems ought not be disregarded as irrelevant or not "cost-effective."
Authorities are making great progress in reducing risks by assigning top priority to the modernization of rapidly responsive, adaptive, dependable, survivable and enduring C3I systems and the defense information infrastructure. Certainly the Defense Department and the Military Departments are striving to ensure the readiness of such systems from end-to-end. A long list exists of initiatives underway to improve systems in all areas to provide assured information services. To ensure that reliable human control over defenses can survive the loss of significant components, a complete assessment and adaptation of policy and appropriate strategies and procedures for defense information systems, as well as the weapons systems themselves, needs to be continuously reviewed.
Associated with this review process, some areas and questions that should continue to be addressed include the following. We should continue to consider design strategies accentuating automated but distributed management of information and information dissemination/exchange systems. In so doing, we should be alert and clear headed in evaluating system designs that have evolved to be called distributed. Some, for example, only use distributed and parallel processing in loosely coupled microprocessor architectures while retrieving information over vulnerable single path links from remote sources transparent to the user. Centralized segments of such systems remain troublesome. For example, dependence upon a single inter-computer network vulnerable to hacker, virus and other attacks capable of significantly reducing service parameters. But reliable distributed information systems linked by interlocking networks, with flexible, modular, redundant and integrated subsystems consistent with appropriate organizational concepts, operational doctrine and training for contingencies, offer great potential.
Years ago, a Marine Corps communicator wisely noted the need to develop defense information systems that reliably provide information in the most accurate and usable form when and where needed. In fact, progress is being made in reducing, tailoring and managing information dissemination to increase its effectiveness. Systems are needed that tailor information and separate wheat from chaff out of the large volumes of data frequently offered by emerging automated systems to commanders operating units and those supporting them, who do not have the time or other resources to analyze the information effectively. What our warriors and those supporting them need is information increasing their knowledge of the situation they must cope with to perform their mission and functions.
Systems currently deployed with our national security forces are not capable of achieving the levels of performance related to "information superiority" anticipated by the Joint Staff's JOINT VISION 2010; however, evolving electronic and optical information technologies and innovative artificial intelligence applications promise significant performance improvements within a decade to fulfill that vision. With higher levels of integration and faster computing, we can go a long way toward filtering and tailoring information for joint warriors of the 21st Century. But we must be careful to provide a DoD information dissemination management capability and provide those warriors the tools and wherewithal to continue functioning if the automated services are degraded or disabled. An area to be explored for improvement in providing that wherewithal is in improved training programs, including maximum use of realistic simulation of actual conditions feasibly envisioned.
In addition to continuous defense information infrastructure design reviews, reassessment of operation and contingency plans should continue. Doctrine must allow for adaptability, flexibility and survivability at force and unit levels, in step with the state of the art and available information systems, networks, redundant and physically secure communications links and electronic facilities. Continuous evaluation of policy, associated strategy and implementing doctrine for the employment of U.S. military forces should remain in step with the selection and acquisition of new weapons systems, including C3I systems, to ensure their consistency and dependability under all threats in all scenarios.
The United States provides the best armament for its military forces; but a lesson of the past is that the most costly, sophisticated and complex systems are not always the best. The proper mix of cost-effective, simple. dependable systems with the more sophisticated and complex is a serious challenge for the defense systems planner, to ensure our future national security will survive computer failure.