At this year’s iteration of RIMPAC, participants are holding their first cyberwarfare symposium as part of the biennial naval war game.
During a session on Tuesday, Senior Chief Petty Officer William Mumford, cyberspace planner for the U.S. Navy’s 3rd Fleet, told a room of assembled sailors in a conference room at Ford Island that “this isn’t the traditional warfare where we know who the enemy is, know where they’re coming from.”
But he added that as hacking and cyberattacks become more prevalent, military planners need to begin thinking of it as a day-to-day concern rather than as a niche issue or unconventional threat — particularly as technology continues to play a more prominent role in all aspects of life.
“We need to start evolving the way we think, just like cyberspace has been evolving” in recent decades, he said.
In December, several Hawaii state government agencies were hit with cyberattacks, though officials have not said where those attacks originated. And in April, federal agents with Homeland Security Investigations in Honolulu reportedly foiled an alleged cyberattack on an underwater cable that could have shut down telephone services, financial transactions, internet and cable connectivity in Hawaii. In that case officials said a suspect was arrested in an “international location.”
“What we have already learned in these times is that technology is awesome, and we have all taken advantage of that technology,” said Capt. Joshua Sanders, deputy commander of Joint Task Force Cyber. “But that technology has also made us vulnerable, and so we have to figure out how best to secure that technology and then figure out from there how to keep us fully operational.”
Sanders noted that the latest military ships and fighter aircraft, which include the F-35 Joint Strike Fighter, increasingly utilize the internet and cloud technology to gather and share information with each other and manage maintenance and operations. He said that while it allows those fighting systems to do things their predecessors never could, it also opens up potential back doors that enemies could exploit.
“Studying those things and understanding them are critically important,” said Sanders.
Some analysts have warned that the U.S. military is behind the curve on cyberwarfare. China and Russia have for years been investing in training hackers who can snoop on classified documents and release disruptive viruses into critical systems.
One problem, Sanders said, is that the U.S. military separates cybersecurity personnel from those trained to go on the offensive as hackers. He said the two sets don’t work together enough. Sanders told the Honolulu Star-Advertiser that when the Pentagon first began getting serious about cyberwarfare, it was acting mostly defensively as it sought to protect its networks from highly trained hackers who were infiltrating military networks.
Pointing out that some participants in the now underway Rim of the Pacific exercise — RIMPAC 2022 includes 26 countries and about 25,000 personnel — have experience with teams that are more integrated, Sanders said, “From an American perspective … I think we need to learn from our partnership … how to merge the two, offense and defense.”
Additionally, he said allied countries should prioritize learning how to coordinate and protect their systems, particularly as they step up work together — the more they connect, the more chances there are for systems to get breached. Participants in the symposium also discussed digital “hygiene” that stresses systems’ security.
Mumford said this year’s iteration is meant to pave the way for much more ambitious cyberwarfare discussions and, potentially, exercises.
“We’re building that strong foundation, so then going into RIMPAC 2024 … we get all these crazy ideas like maybe we can have a cyber range and all the countries can bring out their cyber hands-on keyboard guys,” said Mumford. “That’s where we want to go. We’re not there yet, so we’re starting really on the ground floor where we just started having conversations.”
