Opportunities and Constraints in Applying Artificial Intelligence in Military Enterprise

Introduction

Artificial Intelligence (AI) stands out as a new magical way to transform the digital age even further heights. Are the Armed Forces, as part of modern society, ready to apply the AI and use it to gain advantages against adversaries or are they unable to benefit from discrete innovations? How can we assess the readiness of military enterprise in adopting or innovating new capabilities enhanced by the AI related technologies?

The short paper uses an enterprise architecture (EA) tool developed specially for military enterprises to assess the opportunities and challenges in adapting the benefits of AI. The EA tool analyses the strategic posture and operational processes of a military force. Furthermore, it focuses primarily on the command and control related capabilities including sensemaking, decision making, and organisational learning. Additionally, the tool helps to analyse the readiness of information, security and technical structures of armed forces.

Theory and literature review

A military enterprise can be defined as open, complex, a socio-technical system that exists in the national and geopolitical environment. The enterprise is evolving gradually being affected by its history,culture, surrounding society, and what opportunities are available for the future. The knowledge-driven evolutionary model is used to compose an EA tool that helps military architects to analyse opportunities and constraints in evolving the military with AI based capabilities.

Using the Thorpe et al. view of the evolution of business knowledge, Mattila and Parkinson define the evolutionary roadmap for strategic posture in confrontation, doctrinal improvement, command and control, and military information management. The supporting technical layers of information security and ICT infrastructure are studied correspondingly and combined in the framework. 

The EA tool merges the above layers and defines the forces acting within the structure presented in Figure 1.

Figure 1: Military enterprise structure from enterprise architecture viewpoint.

A literature survey was made to create an understanding of the current opportunities and challenges that enterprises feel they are facing when considering improving their business with AI enhanced features. The survey was done through an Internet search explained in Table 1. 
Table 1: Parameters of the literature survey on AI implementation

The four areas of AI opportunities and challenges and their eight key issues create the performance metrics for the EA tool in the following section.

Research

The approach of this research is pragmatic since the work intends to anticipate opportunities and constraints when military applies AI to accelerate their C4I transformations. The postulated EA tool is composed of previous work and separate studies using qualitative deduction. The literature review provides a statistical data concerning opportunities and challenges in applying AI in any enterprise. The collected AI data is projected to a case study of an anonymous Armed Forces (Blue Force) C4I structure and its intended improvement. The feasibility of the EA tool is measured by its ability to anticipate the accelerators and obstacles in the journey of AI implementation. Further study is needed to measure the value of the information concerning accelerators and barrier when AI features are being implemented.

The case study of the Blue Force uses the EA tool to make better sense of the whole situation of the enterprise in aiming to apply AI and gain an advantage over the adversaries is illustrated in Figure 2. The Blue Force seems to be gaining advantage against their adversaries from the evolutionary posture since it has been acquiring the modern armament steadily. There may, however, be a tendency towards the operational posture as the cost of contemporary armament is rising and the available workforce is diminishing. 

The Blue Force strategy for military process performance seems to be on a path towards coordination aiming for joint force capabilities. Subsequently, there are also indications towards unified logistics and replicated force generation. 

The essential parts of the Blue Force command and control capabilities are based on learning by drilling and somewhat by understanding.  Furthermore, the Blue Force decision making has an authoritarian approach with a touch of shared intent. The sensemaking seems to focus to the areas of known and knowable. 

The information management of the Blue Force is somewhere between folder and page management, and the information security is mainly based on controls within each domain. There seem to be advanced bandwidth and mobility services available, whereas computing seems decentralised and connected no further than forest level. ICT operations seem to be at system management level.

Figure 2: Military enterprise structure from enterprise architecture viewpoint.

Results and discussion

The specific concerns in AI implementation into generic enterprises are reflected against the results of analysis of the Blue Force enterprise structure. Table 2 is illustrating this reflection either positive, i.e., opportunity or negative, i.e., challenge. The direct guidance is either utilising the opportunities or trying to mitigate the challenges in coming AI implementation within the Blue Force.

Table 2: Testing the EA tool in analysing opportunities and challenges in applying AI within the Blue Force

The EA tool supports the analysis of enterprise from cultural dimension down to technical dimensions covering the indicated areas of concern in AI implementation. Therefore, the EA tool is sufficiently holistic in modelling the military enterprise structure.

The reflection of architectural analysis of the Blue Forces enterprise structure against eight key issues in AI implementation provides the enterprise architect with ten opportunities to accelerate the adaptation of AI and recognises four challenges requiring mitigation. Consequently, the EA tool recognises both driving and hindering forces within an enterprise.

The EA tool identified four inter-layer dependencies (ID) in implementing AI. Consequently, the EA tool recognises inter-dependencies through the enterprise structure compared to layer-oriented models.

Conclusions

The pragmatic research uses evolutionary enterprise architecture tool in analysing the opportunities and challenges in applying artificial intelligence features in a military enterprise.
The proposed EA tool covers the whole area of concern in an AI implementation. The tool recognises both opportunities and challenges that can be addressed in an AI implementation plan. The tool models also more complex inter-dependencies within the enterprise structure.
The EA tool appears to help military enterprise architects in analysing the status of military force aiming to benefit from artificial intelligence features. Nevertheless, this case study and the initial stage does not prove the feasibility of the EA tool entirely. Therefore, there is a need for further study both within the specific case study and possibly broader cases among Armed Forces to improve the EA tool.

Vulnerability in Pretty Good Privacy (PGP) and Secure MIME email encryption services

PGP is a public key encryption-based program that is used often to secure emails. S/mime is a standard defining the encryption of the email ensuring confidentiality, integrity and originality. Now experts have found a vulnerability that may allow outsiders to read even the earlier encrypted emails.

Münster University of Applied Sciences signalled on 14th May that PGP and S/MIME have both vulnerabilities enabling the third party to reveal the plain-text of ongoing encrypted email traffic and even access the earlier sent secure emails.
"The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim's email client decrypts the email and loads any external content, thus ex-filtrating the plain-text to the attacker."

The following general advice may apply:

• Remove the installed and automatic PGP and S/MIME services from your email-service until the vulnerability has been patched
• Use other end-to-end email encryption services like Signal
• Wait for detailed analysis and guidance to remedy the services.
• Consider what has been sent earlier using the above encryption and assess the risks if they are revealed.

References

1. https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now 
2. https://www.forbes.com/sites/thomasbrewster/2018/05/14/pgp-encrypted-email-vulnerability-exposes-private-messages/#61cbede13e2a
3. https://ssd.eff.org/en/module/how-use-signal-ios
4. https://efail.de/efail-attack-paper.pdf

Wi-Fi air interface will have a new encryption protocol, WPA3

Situation

The current Wi-Fi encryption protocol WPA2 has a weakness when joining a new node into network. A man-in-the-middle within the wireless coverage can manipulate, KRACK, the handshake procedure and reset the WPA2 encryption using all-zero keys. The assumed encryption is then substituted by a simple coding. Thea weakness is in the standards itself and affects all modern Wi-Fi networks. 

The Wi-Fi Alliance has announced a new standard, WPA3, will include “robust protection” when passwords are weak, and will also simplify security configurations for devices that have limited or no display interface. It will also include individualised data encryption when using public access network.

Solution

The Wi-Fi Protected Access 3 (WPA3) standard will be published later this year, but currently it seems to include:

• 192-bit key aligned with the Commercial National Security Algorithm
• Opportunistic Wireless Encryption which establishes encryption without authentication
• Protection against weak passwords and brute-force dictionary -based attacks
• Individualised data encryption when accessing open networks.

Once the standard is published, it will take months for device manufacturers to support it in their devices. First compliant devices may be shipped in the end of this year.

What to do

The following general advice may apply:

• The WPA2 vulnerability can be exploited only within the range of the Wi-Fi transceiver so all sensitive Wi-Fi should be positioned and effective radiated power configured so that outsiders find it hard to tap.
• A second layer of encryption should be established end-to-end (e.g., https, IPSEC, SSH) to protect the actual communication (COMSEC) and keep user identities and passwords safe together with the content.
• All sensitive Wi-Fi devices should be planned to be renewed within next two years.

References

1. https://www.helpnetsecurity.com/2017/10/16/wpa2-weakness/
2. https://www.theverge.com/2018/1/9/16867940/wi-fi-alliance-new-wpa3-security-protections-wpa2-announced
3. https://latesthackingnews.com/2018/01/12/wpa3-new-wi-fi-standard-improve-security/
4. https://thehackernews.com/2018/01/wpa3-wifi-security.html

Lazy hackers are automating their attacks

Introduction

Hackers are using widely bots (automated Web robots that run scripts over the Internet) to seek out and subvert vulnerable servers in Internet or Intranets they have gained access. Once the potential target is located, a human usually carries out the actual breaching operation. 

Cybereason company created a “honeypot” installation and observed first time an automated breach of system executed by a bot.

The automation and in future artificial intelligence enhanced bot will increase further the probability of the breach. Currently, Cisco security organisation blocks more than 20 million attacks every day including booby-trapped emails, malicious web pages, and new malware.

Threat case

About two hours after the “honeypot” server for the fake finance firm was put online it was found by a bot which then aggressively set about taking it over. Passwords to protect some of the server's functions were left intentionally weak to tempt the bot which duly cracked them and then went on to plunder information on the machine.

Within 15 seconds of getting access, the bot:

• sought out and exploited several known vulnerabilities
• scanned the network to which the server was connected
• stole and dumped credentials for other vulnerable machines
• created new user accounts for its creators to use.

Once the bot had done its work, the attackers went quiet for two days but returned to steal data to which the compromised server allowed access. In total, the attackers took about four gigabytes of data, all of which was fake.

Recommendation

Since the attacker is improving and automating their processes and tools so should the defender. Artificial Intelligence enhanced Security Incident, and Event Management systems will increase the probability of catching the crooks on-time, while the human operator cannot maintain focus all the time and is not able to reach far to the historical data.

References:

1. http://www.bbc.com/news/technology-43788337

Russian state-sponsored actor preparing network infrastructure devices for further cyber attacks

What is claimed to happen?

USA and UK issued a joint technical alert accusing Russian state-sponsored actors of mounting a malicious manipulation and cracking the Internet communications devices. The actor's target government institutions, private sector companies, and Internet providers. The operation has been monitored for months this far by FBI, US Department of Homeland Security and UK NCSC. The mission of this GRIZZLY STEP operation seems to be to prepare the network devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices) servicing the target organisations to be a man-in-the-middle attack. Once the front yard network device is compromised, it can capture all IP traffic going through and act as packet capturer. 

How the action seems to take place?

1. Reconnaissance: Cyber actors scan the possible vulnerable protocols as Telnet, HTTP, SNMP, SMI. 
2. Weaponization: Actors trigger the device to send them their configuration file. The configuration file contains information like password hash values and SNMP community strings. These user credential are brute-force hacked to reveal the authorised Telnet or SSH login credentials.
3. Exploitation: Armed with real credentials, the actors access the network devices and activate for example Cisco SMI service thus gaining full control of the device. Once logged in, the actors can: 

• extract additional configuration information,
• export the OS image file to an externally located cyber actor-controlled FTP server,
• modify device configurations,
• create Generic Routing Encapsulation (GRE) tunnels, or
• mirror or redirect network traffic through other network infrastructure they control.

What to do?

The following general advice may apply:

• All network devices should be treated as any other server or PC in the network, harden them by removing unnecessary processes, update them regularly, prefer out-of-band management over in-band-management, install IDS detectors to monitor management traffic.
• For more detailed countermeasures visit the reference 2.

References:

1. https://www.theguardian.com/technology/2018/apr/16/us-and-uk-blame-russia-for-malicious-cyber-offensive
2. https://www.us-cert.gov/ncas/alerts/TA18-106A

Military Interoperability part I

This is a first part of article on Military Interoperability. The part will introduce the Interoperability measure and explore why military have been seeking it. The second part will focus in building interoperability and benefiting from it in operations.

1. Introduction

Interoperability is at simple “a measure of the degree to which various organisations or individuals can operate together to achieve a common goal.”  Let’s explore this from general system viewpoint:

• There are two or more entities A and B functioning purposefully
• There is an environment E where both entities are executing their functions
• There is a common goal G that both entities aspire to achieve
• If the common aspiration to achieve G is strong enough there are two ways to cooperate:

1.The entities in A and B may coordinate their separate effort to create an effect in attaining the G, i.e., a hierarchical hub that ensures the synchronisation of independent efforts as depicted in Figure 1.

Figure 1: a simple need for interoperability

2. The entities A and B may choose to channel their combined effort through the shared delivery chain in achieving the common G, i.e., shared value chain as in Figure 2.

Figure 2: a value chain need for interoperability

Applying the above with military systems thinking  viewpoint, the definition for interoperability looks like the one in Figure 3:

• There are two or more value chains GENERATE, SUPPLY and UTILISE consuming resources from SOCIETY to create an effect on ADVERSARY that is considered valuable to GOVERNANCE (Compiling Clausewitz triangle model with value chain). 
• The value chains take place in an ENVIRONMENT that effects the open systems, which adjust their functions to adapt to environmental changes or co-evolve with the environment E. 
• The military system of systems value chain prefers the following definition to interoperability: “The ability of systems, units, or forces to provide services to and accept services from other systems, units, or forces, and to use the services so exchanged to enable them to operate effectively together. ”

Figure 3: a military system of systems need for interoperability

For this work, the interoperability is defined as the ability of systems to provide services to and accept services from other systems and use the exchanged value to gain higher goals effectively. In this context, the system is considered as a socio-technical structure with defined functions and processes to purposeful action.  A system can be a military unit that has been given a mission to accomplish.

There is need to retrofit the components of the military system of systems to improve their ability to interoperate when they are not integrated. Parts of the system of systems can be designed from the beginning and generated together creating a fully integrated entity.
Whether the interoperability or integration, the intention is to exchange the services over the system boundaries. In the socio-technical system , this requires interoperability at least at three levels of the boundary structure as illustrated in Figure 4:

• People are competent  (i.e., possess understanding, skills and right attitude), share language, are culturally understanding and socially open to cooperate
• The processes of the cooperating units can exchange transactions both at logical and physical level (i.e., they can exchange information and goods among themselves)

Figure 4: levels of interoperability in the boundary of two units

• The technical means of exchange services and information are compatible enough to support the transactions over the organizational boundaries. Focusing only to information and communications technological boundaries, the interoperability may be defined as “the ability of distinct systems to share semantically compatible information and to process and manage that information in semantically compatible ways, to enable their users to perform desired tasks.” 

There is also categorisation according to the levels of military hierarchy , which can be used in defining the interoperability :

• Strategic level seeks to harmonise worldviews, strategies, doctrines, force structures and efforts within coalitions and alliances. “Interoperability is an element of coalition willingness to work together over the long term to achieve and maintain shared interests against common threats.” 
• Operational level seeks to minimise inefficiencies between multinational command and control, force elements, and ways to prepare, project and sustain the forces in theatre. 
• Tactical level seeks alignment in engagement and protection. “The benefits of interoperability at the tactical level derive from the fungibility or interchangeability of force elements and units.” 
• Technical level seeks integration at service and data exchange and compatibility by means of transport and communications. “Technical level interoperability reflects the interfaces between organisations and systems. Benefits of interoperability come primarily from their impacts at the operational and tactical levels regarding enhancing fungibility and flexibility.” 

2. Why military seek interoperability?

Military enterprise seeks interoperability for three main reasons:

1. To achieve better efficiency within the force means that command coordination between separate units is not providing sufficient performance, but the units need to synchronise their efforts directly.
2. To achieve better efficiency in multinational coalition or cooperation means that political level requires shared contribution, which directs the military to create multinational units at the operational level.
3. To achieve better efficiency within national defence means that the homeland defence requires closer cooperation and integration between different governmental agencies.

The above three interoperability drivers are studied in the following sections.

2.1. Efficiency within the force

In seeking the understanding of the military enterprise inner interoperability requirements, one may use Beer’s Viable System Model  in Figure 5. A simple enterprise is composed of one or many operational units (L and A) that provide their effect in their specific areas of operation (AOO L and AOO A). These functional units are commanded by the Command element (JC), which balances the use of resources between current and future operations. Militaries have kept for example Land Force separate from Air Force as they are operating differently in their specific areas of operation. Both Services have been commanded by Joint Command that delegates mission command to Service level but may guide more closely the development of future capabilities (or another way around as in U.S. Armed Forces).

Figure 5: Traditional Armed Forces described with Viable System Model

As the units specialise and coordination becomes too detailed and slow, there is a tendency to create value chains through units that are supporting each other in the quest for achieving the same goal set by the Joint Command as in Figure 6. For example, Joint Logistics (JL) is supporting both Services Land and Air in the same Area of Operation (JA). The value chain arrangement required direct interoperability between the supporter and supported as the exchange of services becomes more detailed and higher paced for the Command to be able to coordinate.

Figure 6: Armed Forces organised as value chain

The Ross et al. developed model for enterprise business architecture  as pictured in Figure 7, explains the movement from diversification towards coordination and further to unification. Armed Forces tend to build their new capabilities in diversified units, but once they meet a joint adversary, they prefer the unified order of battle since the Joint Command coordination is too slow and lacks the necessary details. In unified joint force, the interoperability becomes a force enabler. All specialised force components share the same situational awareness of current and planned operations, can synchronise their manoeuvring, engagement, and protection between themselves and exchange their dedicated services to achieve the common goal. 

Figure 7: Business Architecture model for military affairs

2.2. Efficiency in coalition or cooperative

The political level has recently required a multinational contribution in military operations (except Russian operations in Georgia, Ukraine, and Syria). In multinational, combined operations either the force units are coordinated in detail under one command, or they are a part of force group that has one host nation providing joint Command and Control as in Figure 8.

Figure 8: A case for multinational interoperability 

The 1991 coalition against Iraq was a typical U.S. led operation where all units were under the U.S. control, but only the most compatible coalition units could participate the main operations.

The Ackoff (1972) model for purposeful systems  provides a framework to understand types of multinational relationships as pictured in Figure 8. A coalition is formed when nations ends are compatible, but their means may not be interoperable. The cooperation is possible when both ends and means are compatible as presented in Figure 9.

Figure 9: Types of multinational relationships by Ackoff

The more cost-effective and performing the allied military force, the more compatible their means of waging war needs to be. There may even be aiming to unify all troops like the Warsaw Pact was manoeuvring with multinational units, which were mainly using aligned tactics and standard technology.   NATO is currently seeking for similar kind of status among their 26 members and several partners. Their mission statement is that” Interoperability allows forces, units or systems to operate together. It requires them to share common doctrine and procedures, each others’ infrastructure and bases, and to be able to communicate with each other. It reduces duplication in an Alliance of 26 members, allows pooling of resources, and even produces synergies among members.” 

2.3. Efficiency within national defence

There are two dimensions in interoperability concerning national defence: cooperation between governmental agencies in homeland defence and Armed Forces integration with the society itself.

The USA woke up in 911 realising that their homeland is not the sanctuary they were assuming. At the same time, it appeared that the US government organisations were not cooperating in their homeland. Thus, the Department of Homeland Security was established 2002 to coordinate the functions of about 22 different federal departments and agencies.  With establishing this cabinet agency, the USA stepped from diversification to coordination on the business architecture map in Figure 10.

Figure 10: Ross et al. quadrant for business architecture models

Other nations like Finland had exercised the homeland defence since the II WW and were more towards unification as they were sharing weapons, vehicles, C2 systems, etc. 
The other dimension of national defence is the military need to be integrated into the society that is providing it. There are two primary functions of Force generation and supply that cannot be done separated from the society as illustrated in Figure 11.

Figure 11: Interoperability between military and the society it provides

The force generation requires draftees or conscripts. The armament needs to be acquired. The logistics need a feed of supplies, services, and consumables to sustain the forces both in generation and utilisation.

Slingshot: Sophisticated Cyber Espionage Platform

Definition

Slingshot is an advanced, cyber-espionage threat actor that has been persistently infiltrating and collecting data since 2012 while avoiding detection until February 2018. Some research organisations have lately detected some hundred infected cases mainly from Africa and Middle-East. 

The attack routes for Slingshot remain mainly unidentified, but there is evidence that it may infect their target through 0-day vulnerabilities in routers. Once on-board, the Slingshot collects information from the target and sends it to the C2 server invisible to the user. The code seems to be unique referring to nation level manufacturer using English as mother language.

Attack vector

The one known attack vector for Slingshot is through a type of router. The attackers use a faulty feature of the router to take over and download their application. Then they start distributing ipv4.dll files to targets, have it loaded into their memory and execute. The DLL application connects back to the router, downloads other malicious components, and runs them. Slingshot avoids detection by using two mechanics: one is the use of encrypted virtual file system located in an unused part of the hard disk, and the other is to encrypt all text strings avoiding the virus detection with text string seeking. 

As the Slingshot is a collection of separate modules, each module is also downloaded in diverse ways. During the downloading and gaining the kernel rights, the Slingshot tampers the system logs leaving no tracks.


The Slingshot operates in the kernel, so it has access to all data stored in drives or internal memories. It has been reportedly logging content from screenshots, keyboard, network, passwords and USB connections. There is no hard-coded lines of C2 but listens to the address from each incoming IP packet to kernel.

Protection

The following general advice may apply to protection against likes of this kind of espionage:

• The military should build a deepness for their cyber environment which makes it harder to reach the valuable targets.
• Keep the versions of the ICT infrastructure as updated as possible.
• Have several layers of detection, not only fingerprints but traffic patterns in and out of the system.
• Have access to newest threat intelligence data through the cyber defence coalition network. 
• Exercise your cyber defence crews having red teams attacking them also using persistent ways.

References

• https://thehackernews.com/2018/03/slingshot-router-hacking.html
• https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf
• https://arstechnica.com/information-technology/2018/03/potent-malware-that-hid-for-six-years-spread-through-routers/
• https://www.businesswire.com/news/home/20180309005046/en/Kaspersky-Lab-Uncovers-Slingshot-Spy-Router