For other versions of this document, see http://wikileaks.org/wiki/CRS-RL32411 ------------------------------------------------------------------------------ ¢ ¢ ¢ Prepared for Members and Committees of Congress ¢ Network Centric Operations (also known as Network Centric Warfare) is a key component of DOD planning for transformation of the military. Network Centric Operations (NCO) relies on computer equipment and networked communications technology to provide a shared awareness of the battle space for U.S. forces. Proponents say that a shared awareness increases synergy for command and control, resulting in superior decision-making, and the ability to coordinate complex military operations over long distances for an overwhelming war-fighting advantage. NCO technology saw limited deployment in Afghanistan and, more recently, increased deployment in Operation Iraqi Freedom (OIF). Several DOD key programs are now underway for deployment throughout all services. Congress may be concerned with oversight of the DOD organization and the individual services as they transform through NCO programs that are intended to promote a management style and culture with joint objectives. Oversight may involve a review of service efforts to improve interoperability of computer and communications systems, and may also involve questions from some observers about whether DOD has given adequate attention to possible unintended outcomes resulting from over-reliance on high technology. Updates may also be required on emerging threats that may be directed against increasingly complex military equipment. This report describes technologies that support NCO, and includes (1) questions about possible vulnerabilities associated with NCO; (2) a description of electronic weapons, and other technologies that could be used as asymmetric countermeasures against NCO systems; (3) descriptions of several key military programs for implementing NCO; (4) a list of other nations with NCO capabilities; and, (5) a description of experiences using NCO systems in recent operations involving joint and coalition forces. The final section raises policy issues for NCO that involve planning, network interoperability, acquisition strategies, offshore outsourcing, technology transfer, asymmetric threats, coalition operations, and U.S. military doctrine. Appendices to this report give more information about the global network conversion to Internet Protocol version 6 (IPv6), views on Metcalfe's Law of Networks, and possible perverse consequences of data-dependent systems. This report will be updated to accommodate significant changes. Introduction ..................................................................................................................................... 1 Background ..................................................................................................................................... 1 Defense Transformation ............................................................................................................ 1 Definition of Network Centric Operations................................................................................ 2 Advantages of the Net Centric Approach.................................................................................. 3 Questions About the Net Centric Approach .............................................................................. 5 NCO Theory Remains Scientifically Untested ................................................................... 5 Overconfidence about the Effectiveness of NCO ............................................................... 6 Reduced Effectiveness for Urban Counter-Insurgency Operations .................................... 7 Underestimating our Adversaries........................................................................................ 7 Overreliance on Information............................................................................................... 8 Management of Information Overload ............................................................................... 9 Increasing Complexity of Military Systems ....................................................................... 9 Vulnerabilities of Military Software and Data.................................................................. 10 Vulnerabilities of Military Equipment to Electronic Warfare........................................... 12 Net Centric Technologies and Related Issues ......................................................................... 12 Command, Control, Communications, Computers, and Intelligence ............................... 12 Interoperability.................................................................................................................. 13 Space Dominance.............................................................................................................. 13 Networked Weapons ......................................................................................................... 15 Bandwidth Limitations...................................................................................................... 15 Unmanned Robotic Vehicles (UVs).................................................................................. 16 Sensor Technology............................................................................................................ 16 Software Design................................................................................................................ 16 Computer Semiconductors and Moore's Law................................................................... 17 Technology Transfer Threat to U.S. Net Centric Advantages ................................................. 17 Weak Export Controls for High Technology..................................................................... 18 Microchip Manufacturing Moves Offshore ...................................................................... 18 Increased Offshore Outsourcing of R&D ......................................................................... 18 Operational Experiences ......................................................................................................... 19 Network Communications ................................................................................................ 20 Sensors .............................................................................................................................. 20 Satellites............................................................................................................................ 21 Bandwidth and Latency .................................................................................................... 21 Air Dominance.................................................................................................................. 22 Operations in Iraq with Coalition Forces.......................................................................... 22 Network Capabilities of Other Nation States .......................................................................... 23 NATO................................................................................................................................ 24 Australia............................................................................................................................ 24 France................................................................................................................................ 24 Germany............................................................................................................................ 25 United Kingdom ............................................................................................................... 25 Israel.................................................................................................................................. 25 China................................................................................................................................. 25 Network Capabilities of Extremist Groups ............................................................................. 26 Attacks by Unknown Foreign and Domestic Adversaries ................................................ 26 Hizballah........................................................................................................................... 27 Hamas ............................................................................................................................... 27 Al Qaeda ........................................................................................................................... 28 Key Military Programs............................................................................................................ 28 Global Information Grid (GIG) ........................................................................................ 28 Air Force Advanced Tactical Targeting Technology (AT3) .............................................. 29 Air Force Link 16 ............................................................................................................. 29 Navy Cooperative Engagement Capability (CEC) ........................................................... 29 Army Force XXI Battle Command Brigade and Below (FBCB2) ................................... 29 Joint Tactical Radio System (JTRS) ................................................................................. 29 Army WIN-T and JNN ..................................................................................................... 30 Army FCS ......................................................................................................................... 30 Oversight Issues for Congress ....................................................................................................... 30 Sufficient Information for Effective NCO Oversight.............................................................. 30 Sufficiently Joint NCO Planning............................................................................................. 31 Future Combat System (FCS) ................................................................................................. 31 Satellites .................................................................................................................................. 31 Unmanned Vehicles................................................................................................................. 32 FBCB2 (Blue Force Tracker) .................................................................................................. 32 Joint Tactical Radio System (JTRS)........................................................................................ 33 Value of NCO Information...................................................................................................... 33 Networking Classified Data with Coalition Forces................................................................. 33 NCO Technology Transfer ...................................................................................................... 34 Speeding Acquisition for NCO Technologies ......................................................................... 35 NCO Doctrine ......................................................................................................................... 36 Related Legislation........................................................................................................................ 36 Possible Vulnerabilities ........................................................................................................... 39 ¡ Appendix A. The Transition from Internet Protocol Version 4 (IPv4) to IPv6.............................. 37 Appendix B. Changing Views on Metcalfe's Law of Networks.................................................... 40 Appendix C. Perverse Consequences of Data-Dependent Systems .............................................. 42 Author Contact Information .......................................................................................................... 44 This report provides background information and discusses possible oversight issues for Congress regarding DOD's strategy for implementing a network centric approach to warfare, otherwise known as Network Centric Operations (NCO). NCO forms a central part of the Administration's plans for defense transformation. Proponents argue that a Network Centric approach may improve both the efficiency and effectiveness of U.S. combat operations. However, when NCO was originally envisioned, the U.S. military was structured to counter conventional threats, including possibly, two regional war scenarios involving national armies.1 Now, partly from recognition that U.S. forces were inadequately prepared for the insurgency in Iraq and the wider hunt for terrorists worldwide, DOD reportedly may be considering new policy that places less emphasis on waging conventional warfare and more on dealing with counterinsurgency, terrorist networks, and other non-traditional threats.2 Some observers now question the effectiveness of Network Centric Operations, and its relevance to different types of conflict, including close urban combat. Others argue that technology may be dictating military strategy, and point out that the military's extreme reliance on high technology may also present a new vulnerability that adversaries may exploit.3 Still others pose questions about (1) the interoperability of information systems for joint and coalition forces, (2) a shortage of available bandwidth to support Net Centric Operations, and (3) possible unexpected outcomes when organizations rely on data-dependent systems. NCO is recognized as the cornerstone of military transformation that is occurring in many countries around the world. Defense transformation for the U.S. military involves large-scale and possibly disruptive changes in military weapon systems, organization, and concepts of operations. These changes are the result of technology advances, or the emergence of new international security challenges.4 Many observers believe that a U.S. military transformation is necessary to ensure U.S. forces continue to operate from a position of overwhelming military advantage in 1 Vice Adm. A. Cebrowski, John Gartska, Net-Centric Warfare: Its Origin and Future, Proceedings, U.S. Naval Institute, January 1998, http://www.usni.org/Proceedings/Articles98/PROcebrowski.htm. Ivan Eland, Bush Versus the Defense Establishment, Issues Online, National Academy of Sciences, Summer 2001, http://www.issues.org/17.4/ eland.htm. U.S. Defense Policy, GlobalSecurity.Org, http://www.globalsecurity.org/military/intro/intro.htm. 2 Bradley Graham, Pentagon Prepares to Rethink Focus on Conventional Warfare, Washington Post, January 26, 2005, A2. 3 Military technology emulates commercial technology in the hope that adapting the latest commercial innovation to war may bring to national security the same benefits that accrued to commercial enterprises. Alfred Kaufman, Caught in the Network: How the Doctrine of Network-Centric Warfare Allows Technology to Dictate Military Strategy, Armed Forces Journal, February 5, 2005, p.20-22. 4 For more information, see CRS Report RL32238, Defense Transformation: Background and Oversight Issues for Congress, by Ronald O'Rourke. support of national objectives.5 The Administration has stated that DOD must transform to achieve a fundamentally joint, network centric, distributed force structure capable of rapid decision superiority. To meet this goal, DOD is building doctrine, training, and procurement practices to create a culture of continual transformation that involves people, processes, and systems. Past experimentation to stimulate wider innovation for military operations and NCO has been coordinated by the DOD Office of Force Transformation (OFT). However, DOD plans to shift many ongoing technology initiatives formerly managed by the OFT into the DOD Research and Engineering Directorate. In addition, a reorganization of the office of the DOD Undersecretary for Policy will lead to establishment of a new Office of Strategic Futures, which will examine technology issues that may affect U.S. defense policies. The reorganization is reportedly planned for early 2007, and will require congressional approval for a new assistant secretary position.6 NCO is a theory which proposes that the application of information age concepts to speed communications and increase situational awareness through networking improves both the efficiency and effectiveness of military operations. Proponents advocate that this allows combat units to be smaller in size, operate more independently and effectively, and undertake a different range of missions than non-networked forces.7 Networked sensors are sources of data, and data is processed into information. NCO is intended to increase collaboration through enabling the free flow of information across the battlespace so that acquired data is shared, processed into information, and then provided quickly to the person or system that needs it.8 Proponents argue that a strong and flexible network linking military forces will speed up the pace of warfare, prevent or reduce fratricide, and also provide the means for getting more combat power out of a smaller force.9 These proponents also argue that theory and practice have merged through achieving proof of concept in the major operations phase of Operation Iraqi Freedom, and that NCO is now an accepted and enduring part of current and future combat.10 Procurement 5 U.S. Department of Defense, Transformation Planning Guidance, April 2003. 6 Gopol Ratnam, Pentagon to dissolve transformation office, AirForceTimes, August 29, 2006, http://www.airforcetimes.com/story.php?f=1-292925-2066882.php. 7 The Office of Force Transformation (OFT) and the Command and Control Research Program (CCRP) of the Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (ASD/C3I) have been collaborating to develop metrics to support experiments, studies, and analyses related to Military Transformation and Net Centric Operations. To date the effort has been led by RAND, with support from Evidence Based Research, Inc. (EBR), and participation of the government sponsors. The NCO theory posits that the application of information technologies has a positive impact on military effectiveness. Independent variables include networking, information sharing, collaboration, etc. Dependent variables include speed of command and force effectiveness. Dr. Kimberly Holloman, Evidence Based Research, Inc., "The Network Centric Operations Conceptual Framework," Presentation at the Network Centric Warfare 2004 Conference, Washington, D.C., January 20, 2004, http://www.oft.osd.mil/library/ library.cfm?libcol=2. 8 Ted McKenna, Developers of Net-Centric Warfare Battle Complexity, Journal of Electronic Defense, July 2005, No.7, p. 23. 9 John Tirpak, The Network Way of War, Air Force Magazine, March 2005, p. 31. 10 Dan Gonzales, et.al., Assessing the Value of Information Superiority for Ground Forces--Proof of Concept, National Defense Research Institute, 2001, RAND, Sant Monica, California. Dennis Murphy, Network Enabled Operations in Operation Iraqi Freedom: Initial Impressions, Center for Strategic Leadership, U.S. Army War College, March 2005, vol. 06-05, p. CSL-4. policy to support joint NCO efforts is also intended to improve economic efficiency by eliminating stove-pipe systems, parochial interests, redundant and non-interoperable systems, and by optimizing capital planning investments for present and future information technology systems. Command and control objectives of NCO include the following: (1) Self-synchronization, or doing what needs to be done without traditional orders. (2) Improved understanding of higher command's intent. (3) Improved understanding of the operational situation at all levels of command. (4) Increased ability to tap into the collective knowledge of all U.S. (and coalition) forces to reduce the "fog and friction" commonly referred to in descriptions of fighting.11 Some argue that as new concepts and technologies are proven over time, NCO may also become a stabilizing deterrence against extended conflict. For example, if adversary targets are neutralized by NCO systems before they can engage in fighting with U.S. forces, then the battle can be finished before it has really begun.12 Others argue that wealthy countries now only have a temporary advantage which may be reduced as NCO technology becomes less expensive and as technical knowledge spreads to other nations, and also to terrorist groups.13 Hence, to maintain its advantage, the United States must continue to refine the uses of technology to increase adaptability for both joint and coalition NCO operations. Other observers have wondered whether proponents of NCO are making claims that create unrealistic expectations. They wonder if the DOD model for network centric operations may underestimate an enemy's ability to deceive high technology sensors, or block the information necessary for NCO to be effective. A possible vulnerability cited by observers may be the fact that DOD has openly published its plans for using NCO technologies in future warfare, thus giving an enemy time to create strategies to avoid strengths and attack weaknesses.14 National security in the "Information Age" involves a complex environment, where U.S. forces are confronted by instantaneous media coverage, insurgencies, terrorist cells, regional instability, and adversaries using commercially available state-of-the-art high technology devices. Therefore, military operations are now characterized by greater complexity. Events involving greater complexity are less effectively controlled through traditional industrial-age methods that de- 11 "Fog" is the term that describes the uncertainty about what is going on during a battle, while "Friction" is the term that describes the difficulty translating a commander's intent into battlefield actions. 12 Dr. Kimberly Holloman, Evidence Based Research, Inc., The Network Centric Operations Conceptual Framework, Presentation at the Network Centric Warfare 2004 Conference, Washington, DC, January 20, 2004, http://www.oft.osd.mil/library/library.cfm?libcol=2. 13 Scott Renner, C2 Information Manager, MITRE Corporation, Building Information Systems for NCW, 4th Annual Multinational C4ISR Conference, McLean, Virginia, May 6, 2004. 14 Alfred Kaufman, "Be Careful What You Wish For: The Dangers of Fighting with a Network Centric Military," Journal of Battlefield Technology, vol 5, no.2. July 2002, and "Networking in an Uncertain World," Journal of Battlefield Technology, vol 5, no.3, November 2002. construct problems into a manageable series of predictable pieces.15 However, the command and control objectives of NCO seem to align closely with many of the key properties of complexity-- nonlinear interaction, decentralization, and self-organization. Proponents of NCO support the theory that power is increasingly derived from information sharing, information access, and speed. This view is reportedly also supported by results of recent military operational experiences16 showing that when forces are truly joint, with comprehensively integrated capabilities and operating according to the principles of NCO, they can fully exploit the highly path-dependent17 nature of information age warfare. Some resulting military advantages that are expected from applying NCO systems to military operations include the following: (1) Networked forces can consist of smaller-size units that can travel lighter and faster, meaning fewer troops with fewer platforms and carrying fewer supplies may be able to perform a mission effectively, or differently, at a lower cost. (2) Networked forces can fight using new tactics. During OIF, U.S. Army forces utilized movement that was described by some as "swarm tactics." Because networking allows soldiers to keep track of each other when they are out of one another's sight, forces in Iraq could move forward spread out in smaller independent units, avoiding the need to maintain a tight formation. Using "swarm tactics," unit movements are conducted quickly, without securing the rear. Network technologies enable all units to know each other's location. If one unit gets into trouble, other independent units nearby can quickly come to their aid, by "swarming" to attack the enemy from all directions at once. Benefits may include the following: (1) it is harder for an enemy to effectively attack a widely dispersed formation; (2) combat units can cover much more ground, because they do not have to maintain a formation; (3) knowing the location of all friendly units reduces fratricide during combat operations; and (4) swarming can allow an attack to be directed straight into the heart of an enemy command structure, undermining support by operating from the inside, rather than battling only on the periphery. (3) The way individual soldiers are expected to think and act on the battlefield is also changing. When a unit encounters a difficult problem in the field, they can radio the Tactical Operations Center, which types the problem into an online chat room, using Microsoft Chat commercial software. The problem is then "swarmed" by experts who may be located as far away as the Pentagon.18 15 Murray Gell-Mann, "What is Complexity?" Complexity, John Wiley and Sons, 1995, Vol. 1, No.1. 16 John Garstka, "Network-Centric Warfare Offers Warfighting Advantage," Signal Forum, Signal Magazine, May 2003. 17 Path-dependence means that small changes in the initial conditions will result in enormous changes in outcomes. Therefore, a military force must define initial conditions that are favorable to their interests, with the goal of developing high rates of change that an adversary cannot outpace. Dan Cateriniccia and Matthew French, "Network-Centric Warfare: Not There Yet," Federal Computer Week, June 9, 2003, http://www.fcw.com/fcw/articles/2003/0609/cov- netcentric-06-09-03.asp. 18 Joshua Davis, "If We Run Out of Batteries, This War is Screwed," Wired Magazine, June 2003, http://www.wired.com/wired/archive/11.06/battlefield.html. (4) The sensor-to-shooter time is reduced. Using NCO systems, soldiers in the field may have the capability to conduct an "on site analysis" of raw intelligence from sensor displays, rather than waiting for "return analysis" reports to arrive back from the continental United States.19 This has led some to question the investment in NCO. DOD officials have stated that it is irregular and unconventional conflicts, rather than confrontations with standing armies, that will dominate U.S. military operations for the foreseeable future.20 Accordingly, some observers question the utility of NCO in urban combat operations and for counterinsurgency operations, and ask whether the U. S. military currently places too much emphasis on high-technology. In operations in Afghanistan and in urban warfare in Iraq, NCO has reportedly reduced fratricide among friendly forces.21 However, in Afghanistan and Iraq, the insurgents mix in with the population, and are able to get very close to U.S. forces. This tactic alone reportedly may negate much of the technological and military advantage of superior coalition forces.22 Others question whether information itself may be overrated as a useful military asset (See Appendix C, "Perverse Consequences of Data-Dependent Systems"). ¢ ¢ Proponents say that a growing body of evidence highlights a very strong relationship between information advantage, cognitive advantage, and increased lethality and survivability at the tactical level.23 DOD has conducted several exercises to demonstrate the effectiveness of network centric strategies to improve success in combat scenarios.24 However, some researchers warn that thorough testing of NCO concepts is vital before systems are deployed25, and others argue that NCO theory may manifest important and pervasive flaws.26 These researchers state that "... the 19 For example, one UAV equipped with multiple sensors can survey the same area as ten human sentries, or one could monitor areas contaminated with radiological, chemical or biological agents without risk to human life. Today, DOD has in excess of 90 UAVs in the field; by 2010, this inventory is programmed to quadruple. U.S. Department of Defense, Office of the Secretary, Unmanned Aerial Vehicles Roadmap, 2002-2007, December 2002. 20 Donna Miles, Army Experts: Unconventional Conflicts to Dominate Future Operations, American Forces Information Service News Articles, October 12, 2006. John Doyle, Conuterinsurgency Forces Need to Control Cyberspace, Aviation Week and Space Technology, October 23, 2006, p.64. 21 Rodney Pringle, NCW Changing Urban Warfare, Official Says, AviationWeek NetDefense, February 3, 2005, http://www.aviationow.com/avnow/news/channel_netdefense_story.jsp?view=story&id=news/NCW02035.xml. 22 Jim Garamone, No Silver Bullet to Counter Explosive Devices, Head of Anti-IED Office Says, American Forces Information Services DefenseLink, September 7, 2006, http://www.defenselink.mil/News/NewsArticle.aspx?ID=743. 23 John Garstka, Network-Centric Warfare Offers Warfighting Advantage, Signal Magazine, May, 2003. Walter Perry, et.al., Exploring Information Superiority: A Methodology for Measuring the Quality of Information and Its Impact on Shared Awareness, National Defense Research Institute, 2004, RAND, Santa Monica, California. 24 Guy Norris, Major Exercise to Prove Net Warfare, Flight International, December 2004, p.5. 25 Walter Perry, James Moffat, Information Sharing Among Military Headquarters, http://www.rand.org/pubs/ monographs/MG226/. 26 Metcalfe's Law observes that the potential value of a communications network increases (or scales) as a function of the square of the number of nodes that are connected by the network. Critics of NCO argue that Metcalfe's Law breaks down at a sufficiently large number of nodes. The military symptoms are chronic bandwidth deficiency, information overload, and increasing costs for information management solutions, such as "data fusion" centers. Ralph Griffin and Darryn Reid, A Woven Web of Guesses, Proceedings of the 8th International Command and Control Research and (continued...) theory of network-centric warfare ... cannot substantiate a claim to scientific status, despite its mesmerizing transformational luster." They also state that "... the [NCO] thesis simultaneously overstates the promise of information and communications technology, while being incapable of adequately realizing the great potential the technology does offer."27 Their argument is that NCO theory has several paradoxes, including (1) no proper definition of NCO yet exists, but proponents claim that experimentation supports the NCO hypothesis, (2) experimental evidence equally supports multiple alternative explanations for potentially improved performance with networking, and (3) the conclusions of proponents are based on an invalid notion of knowledge development, known as "inductivisim". These researchers maintain that a close examination of the structure of repeated NCO experiments shows that the only hypothesis that has actually been tested is a refutation of the theory that networks cannot yield improvements. Finally, these researchers have asked how it can be possible for faults to remain unrecognized despite troubling results found through critical review and testing. They warn that contemporary military theory may be encouraging NCO proponents to seek confirmation and ignore refutation of their ideas. Proponents of NCO say that shared situational awareness enables collaboration and self- synchronization and enhances speed of command, which increasing mission effectiveness. Critics, however, are concerned that dangerous assumptions are being made by military planners about how future forces will benefit from "information dominance" to such a degree that fewer soldiers will be needed, or that U.S. forces will not require as much protection because they will be able to act ahead of enemy action. They believe that the doctrine of "see first, act first", that underlies NCO, may be flawed because the tempo of operations may outpace the ability of U.S. forces to assess and respond.28 While a network may provide better access to information, usually about the activities of one's own side, that information may not be complete and may not necessarily enable an accurate understanding of the situation. They have indicated that sensor-based situational awareness may not reflect an accurate picture of operational reality.29 Other observers say that the military leadership's commitment to NCO may stifle useful criticism from operational commanders. These observers question whether the U.S. military is constructing it forces to prepare to fight the type of wars they want to fight, and rather than the wars they are (...continued) Technology Symposium, Washington D.C., June 17-19, 2003. For more information on Metcalfe's Law, see Appendix B, "Changing Views on Metcalfe's Law of Networks." 27 Darryn Reid et. al., All that Glitters: Is Network-Centric Warfare Really Scientific?, Defense and Security Analysis, vol.21, No.4, p. 359 and p.360. 28 Proponents of NCO say that Information Age technology makes time and distance less relevant, thus increasing the pace of events and the operational tempo of warfare. David Alberts, John Garstka, Frederick Stein, Network Centric Warfare, DOD Command and Control Research Program, October 2003, p. 21. Ted McKenna, Promises, Promises, Journal of Electronic Defense, November 2005, vol. 28, No.11, p. 10. 29 Giles Ebbutt, Flaws in the system: modern operations test the theory of network centricity, Jane's International Defence Review, July 2006, Vol 39, p.67. likely to fight. For example, if NCO is intended to make wars short in duration, then inferior adversaries may likely try to draw U.S. forces into a protracted conflict of lower intensity, and will seek to win merely by avoiding defeat, while U.S. political will dissolves as expenses mount. The inferior opponent may avoid superior U.S. firepower by simply denying a target for our complex and sophisticated weapons.30 ¢ Some military researchers say that opponents using guerilla tactics can significantly reduce the value of high-technology security measures, and that the utility of NCO can be less certain in urban counter-insurgency operations.31 When NCO is employed against conventional forces, a sensor detects a target, passes information to a decision-making process, the most effective weapon available is selected, and the target is engaged. However, when opponents hide behind walls, in sewers, or inside buildings, they may be difficult for NCO sensors to detect. If the enemy is better at concealment than U.S. forces are at finding them, then our forces may also become more vulnerable.32 Some observers report that during Operation Iraqi Freedom (OIF), in order to understand the enemy, U.S. forces had to "go out and meet them on the ground", meaning that effective reconnaissance often required engaging the enemy in close combat. These observers say that interviews with OIF warfighters suggested that modern surveillance technology did not alter that condition, and in some instances did not "...provide forces in Iraq in Spring 2003 and onwards with very much insight on the opposing forces".33 This suggests that DOD should perhaps reexamine several of its basic assumptions about NCO and the power of technology for surveillance and information dominance. NCO relies heavily on deployment of a network of sensors to detect movement and position of both friendly and enemy forces. However, a study by the Rand Corporation in 2002 concluded that, "...as remote assets become more capable, it is likely that a future [enemy] force will develop counter technologies and become more sophisticated at cover, concealment, deception, and electronic warfare. Taking all of these into consideration, the net effect may actually be a decrease of knowledge and ultimately of situational awareness on the battlefield."34 30 J. Bailey, "Over by Christmas: Campaigning, Delusions and Force Requirements, AUSA Land Warfare Institute, The Land Warfare Papers, No. 51, September 2005, http://www.ausa.org/pdfdocs/LWP_51WBailey.pdf. 31 Brian Jackson, Breaching the Fortress Wall: Understanding Terrorist Efforts to Overcome Defensive Technologies, presentation by RAND corporation at the Rayburn House Office Building, October 24, 2006. J.A. Bailey, Over by Christmas: Campaigning, Delusions and Force Requirements, The Institute of Land Warfare, Association of the United States Army, Land Warfare Papers, No. 51, September, 2005. 32 Giles Ebbutt, Flaws in the system: modern operations test the theory of network centricity, Jane's International Defence Review, July 2006, Vol 39, p.57. 33 Curtis Taylor, Trading the Saber for Stealth: Can Surveillance Technology Replace Traditional Aggressive Reconnaissance?, AUSA Land Warfare Institute, The Land Warfare Papers, No. 53, September 2005, http://www.ausa.org/pdfdocs/LWP_53.pdf. 34 John Matsumura, et. al., Preparing for Future Warfare with Advanced Technologies, Rand, Arroyo Center, 2002, p.11. Our adversaries in Iraq and Afghanistan have taken actions to directly bypass U.S. NCO sensors, and to negate the usefulness of U.S. high technology NCO weapons. Examples include (1) use of suicide bombings and Improvised Explosive Devices (IEDs); (2) hostile forces intermingling with civilians used as shields; or (3) irregular fighters and close-range snipers that swarm to attack, and then disperse quickly.35 Other possible uses of technology by adversaries of the United States to attack NCO capabilities may include use of (1) powerful directed energy devices to disrupt commercial satellite signals;36 (2) smaller directed energy devices to burn out computer circuits at a distance,37 and (3) malicious computer code to subvert controls for complex weapon systems. Some observers state that huge information resources may be overrated as an asset for creating effective military operations, and that important military decisions may not always lend themselves to information-based rational analysis.38 They argue that discussions of military transformation have been overwhelmingly focused on the rewards of information, and that the military services, national security establishment, and intelligence community have not thoroughly studied the risks associated with data-dependent military doctrine.39 Some issues raised by these observers include: (1) Reliance on sophisticated information systems may lead to management overconfidence.40 (2) Quantitative changes in information and analysis often lead to qualitative changes in individual and organizational behavior that are sometimes counter-productive; e.g., as information technology reveals more targets, ammunition may be expended faster, leading to greater dependence on logistics support.41 35 For more information, see CRS Report RS22330, Improvised Explosive Devices (IEDs) in Iraq and Afghanistan: Effects and Countermeasures, by Clay Wilson. 36 A group of Iranians last summer reportedly jammed a U.S.-built commercial satellite broadcasting pro-rebel information into that Middle Eastern country. The specific transponder that was carrying the broadcast was disrupted for about two weeks by Iranians operating at a teleport in Cuba, according to industry sources. Amy Butler, "Heavy DoD Reliance On Commercial SATCOM Prompts Questions of Protection," Defense Daily, April 13, 2004. 37 Directed energy weapons could include a High-Energy Microwave device (HPM), activated by a chemical explosion. Such a bomb-driven device, the size of a suitcase and using a specially-shaped antenna, could theoretically direct a narrow-beam energy pulse that could damage a computer within a distance of 1 kilometer. Prof. Robert Harney, Naval Postgraduate School, personal communications, April 12, 2004. 38 Martin Burke, Information Superiority Is Insufficient To Win In Network Centric Warfare, Joint Systems Branch, Defense Science and Technology Organization, 2001, http://www.dodccrp.org/events/2000/5th_ICCRTS/cd/papers/ Track4/024.pdf. 39 Michael Schrage, Perfect Information and Perverse Incentives: Costs and Consequences of Transformation and Transparency, Security Studies Program Working Paper, Massachusetts Institute of Technology, E38-600, May 2003, p.15. 40 Michael Schrage, Perfect Information and Perverse Incentives: Costs and Consequences of Transformation and Transparency, Security Studies Program Working Paper Massachusetts Institute of Technology, E38-600, May 2003, p.4. 41 Dr. Kimberly Holloman, Evidence Based Research, Inc., "The Network Centric Operations Conceptual Framework," Presentation at the Network Centric Warfare 2004 Conference, Washington, D.C., January 20, 2004, http://www.oft.osd.mil/library/library.cfm?libcol=2. (3) An information-rich, opportunity-rich environment may shift the value of the information, redefine the mission objectives, and possibly increase the chances for perverse consequences. (See Appendix C, "Perverse Consequences of Data-Dependent Systems.") The proliferation of sensors in the battlefield has created what some would call "data overload", where large inflows of real-time data could overwhelm users, and jeopardize the decision-making process. DOD is examining using new "data fusion" centers, which would use special software to filter out battlefield data that is unneeded by warfighters. Also, to make sure that radio frequencies in use don't encounter interference, the US Air Force Electronic Systems Center is working to design a universal tool called the Joint Interface Control Officer (JICO) Support System, which is intended to manage all radio communications traffic in tactical situations.42 ¡¢ ¢ ¢ Military systems and software are becoming increasingly complex. Software is used to process sensor data, identify friend and foe, set targets, issue alerts, coordinate actions, and guide decisions for manned and unmanned combat vehicles on land, sea, and in the air. For example, observers estimate that at least 31 million lines of computer code will be required to operate the Army Future Combat System.43 Also, many military combat systems which now operate as stand- alone equipment will eventually be tied into network systems.44 However, as complexity grows, components of networked systems may sometimes process information received from other systems whose capabilities, intentions, and trustworthiness are not always known.45 A recent article published by the Carnegie Mellon Software Engineering Institute about the growing complexity of military computerized systems argues the following: With modern complex systems of systems, most systems are described as "unbounded" because they involve an unknown number of participants or otherwise require individual participants to act and interact in the absence of needed information. For the complex systems of systems being constructed today and defined for the future, it is no longer possible for any human or automated component to have full knowledge of the system. Each component must depend on information received from other systems whose capabilities, intentions, and trustworthiness are unknown. Unbounded systems of systems are fast becoming the norm in many of the most demanding military and commercial applications. These include command-and-control systems, air traffic control systems, the electric power grid, the Internet, individual aircraft, enterprise database systems, and modern PC operating systems. For example, in 42 Staff, U.S. Forces in Iraq Face Obstacles in Getting Intelligence They Need, Inside the Pentagon, May 5, 2005, Vol. 21, No.18, p.10. Ted McKenna, Orchestrating Tactical Communications, Journal of Electronic Defense, August 2005, No 8, P. 22. 43 David Talbot, How Technology Failed in Iraq, Technology Review, November 2004, p. 1. 44 Goodrich Engine Control Systems, http://www.enginecontrols.goodrich.com/small/products/ecu.shtml. 45 David Fisher, Dennis Smith, Emergent Issues in Interoperability, Carnegie Mellon Software Engineering Institute, No.3, 2004, http://www.sei.cmu.edu/news-at-sei/columns/eye-on-integration/2004/3/eye-on-integration-2004-3.htm. net-centric warfare as applied by U.S. troops at the beginning of the current war in Iraq, agility and rapid progress were achieved by direct interactions among ground troops, helicopters, artillery, and bombers using equipment whose designs did not anticipate such usage and the accompanying mission changes. Most systems of systems use their component systems in ways that were neither intended nor anticipated. Assumptions that were reasonable and appropriate for individual component systems become sources of errors and malfunction within systems of systems. As a result, the individual systems--and the system of systems as a whole--acquire vulnerabilities that can be triggered accidentally by normal actions of users and automated components, or exploited consciously by intelligent adversaries. Often when problems of interoperability arise in complex systems, there is a tendency to try to gain greater visibility, to extend central control, and to impose stronger standards. Not only are these actions ineffective in complex systems, they also increase the likelihood of certain kinds of accidents, user errors, and other failures. What are called normal accidents are inherent and occur naturally in complex systems. The frequency of normal accidents increases with the degree of coupling in systems. Coupling is increased by central control, overly restrictive specifications, and broadly imposed interface standards. Developers of systems of systems should strive for loose coupling.46 ¢ Military computers are continuously threatened by attack from hackers, or others with malicious intent. One example of a hacker attack is the British programmer, Gary McKinnon, who reportedly used commercially-available off-the-shelf software in several attacks through the Internet to successfully penetrate hundreds of military computers, causing measurable damage,47 and forcing portions of several military network to shut down temporarily.48 Also, in Afghanistan, stolen military portable computer drives, some containing classified data and software, were recently discovered for sale in the streets, in public markets, and in local shops.49 46 David Fisher and Dennis Smith, Emergent Issues in Interoperability, News@ SEI, 2004, No.3, http://www.sei.cmu.edu/news-at-sei/columns/eye-on-integration/2004/3/eye-on-integration-2004-3.htm. 47 Gary McKinnon has been indicted for breaking into approximately 100 military networks between 2001 and 2002. He is charged with installing Trojan Horses and back doors, stealing military passwords, and disabling networks at Fort Meyers, Fort McNair, the Pentagon, and other locations belonging to the Army, Navy, and Air Force. However, DOD officials claim that no classified data was taken. In May 2006, the U.S. prosecutors secured his extradition from Britain to the United States, where he could face 70 years in prison, plus fines. Larry Greenmeier, To Catch A Hacker, Information Week, May 15, 2006, p. 31. Maija Palmer, "Hacker Cites Easy Access to U.S. Data", Los Angeles Times, May 8, 2006. Brooke Masters, "Briton Indicted as Hacker," Washington Post, November 13, 2003, p. A11, http://www.washingtonpost.com/wp-dyn/articles/A45963-2002Nov12.html. MARADMIN, "Marine Corps Announcement of Website Breach," Inside Defense, October 15, 2003, http://www.insidedefense.com. 48 U.S. Attorney's Office, District of New Jersey, Public Affairs Office, November 11, 2002, http://www.usdoj.gov/ usao/nj/publicaffairs/NJ_Press/files/mc1112_r.htm. 49 Stolen portable hard drives from military computers, some containing sensitive and classified military information, were found for sale at a local bazaar in Afghanistan. The drives may have come from the main U.S. air base in Bagram, Afghanistan. In addition to launching an investigation, military officials reportedly coped with the problem by sending staff to buy up all the portable computer drives at the local bazaar. Paul Watson, U.S. Military Secrets for Sale at Afghan Bazaar, Los Angeles Times, April 10, 2006, p.A1. Carlotta Gall, At Afghan Bazaar, Military Offers Dollars for Stolen Data, The New York Times, Asia Pacific, April 15, 2006, http://www.nytimes.com/2006/04/15/world/asia/ 15afghanistan.html?ex=1145332800&en=e12bbb6b87a5b3fb&ei=5087%0A. There is growing controversy about whether the U.S. military should rely on general purpose "open-source" commercial computer software for the command, control, and communications functions in advanced defense systems for tanks, aircraft and other complex equipment. An example of open-source code is the popular computer operating system known as Linux, which has been developed by a worldwide community of programmers who continuously add new software features by building on each others' openly-shared source code. Subscriptions can be purchased from different commercial vendors who will provide technical support for specific versions of the Linux open-source software. In contrast, proprietary code created by other commercial vendors is called "closed-source", and includes software products such as Microsoft Windows. Both open-source and closed-source products which are supported by commercial software vendors are commonly referred to as commercial-off-the-shelf (COTS). However, open- source software appears much less expensive than proprietary software, and the reputation it has earned for general soundness and reliability is helping open-source software gain acceptance by different government organizations and the global business community. NSA has researched a secure version of Linux, but it is not clear that all military computer systems that use Linux are restricted by the results of that research.50 Some experts believe that open-source software violates many security principles, and may be subverted by adversaries who could secretly insert malicious code to cause complex defense systems to malfunction. Other computer experts disagree, stating that precisely because Linux is openly reviewed by a worldwide community of contributing programmers, it has security that cannot easily be compromised by a foreign agency. The open review by many contributors acts as a safeguard against insertion of malicious code. A recent study by the Defense Information Systems Agency (DISA) states that DOD currently uses a significant variety of open-source computer software programs, and concluded that open- source software is vital to DOD information security. This is partly because many information security tools used by DOD are built using open-source code, and effective counterparts are not available from proprietary COTS products. The study also states that DOD web services and DOD software development would be disrupted without continued use of open-source software. This is because many tools that are basic to web design and software development are based on open-source code.51 Experts at the Naval Post Graduate School reportedly have stated that "software subversion" can only be avoided by using "high-assurance" software that has been proven to be free of any malicious code.52 Because of the added development rigor and intensive test procedures required to achieve such proof, high-assurance software would cost considerably more than open-source software.53 However, researchers at the Massachusetts Institute of Technology have reportedly 50 See NSA Security Enhanced Linux, http://www.nsa.gov/selinux/index.cfm. 51 DISA, "Use of Free and Open-Source Software (FOSS) in the U.S. Department of Defense," Mitre Report No. MP 02 W0000101, Version 1.2, October 2002, p. 20, http://unix.be.eu.org/docs-free/dodfoss.pdf. 52 Alexander Wolfe, "Green Hills calls Linux `Insecure' for Defense," EETimes, April 9, 2004, http://eetimes.com/ showArticle.jhtml?articleID=18900949 and Charles J. Murray, April 19, 2004, "Linux: Unfit for National Security?," EETimes, http://eetimes.com/showArticle.jhtml?articleID=18901858. 53 Research at the Naval Postgraduate School has resulted in new security tools for protecting against unauthorized computer and network intrusions. The new technology has been licensed to Lancope Inc. of Alpharetta, Georgia, which has created a new commercial version of the intrusion detection tool, called "StealthWatch." The license was granted because the Naval Postgraduate School intended that the technology become more developed through marketing in the commercial world. William Jackson, "Hasta La Vista, Attacks," Government Computer News, vol.23, no.6, March 22, 2004, p.27. found that as the complexity of a system increases, additional testing does not always reduce the number of vulnerabilities that can remain hidden in computer software.54 ¢ U.S. military forces may be vulnerable to electronic warfare attacks, such as Electromagnetic Pulse (EMP), which is an instantaneous, intense energy field that can overload or disrupt at a distance numerous electrical systems and high technology microcircuits, which are especially sensitive to power surges. A single, specially designed low-yield nuclear explosion high above a local battlefield area can produce a large-scale electromagnetic pulse (EMP) effect that could result in widespread disruption of electronic equipment, without any fatalities due to blast or radiation. A similar EMP effect on a more limited scale could also be produced by using a high- power microwave device, triggered by a conventional explosive.55 Commercial electronic equipment is now used extensively to support logistics to support the operation of complex U.S. weapons systems. For example, a large percentage of U.S. military communications during Operation Iraqi Freedom was carried by commercial satellites, and much military administrative information is currently routed through the civilian Internet.56 Many commercial communications satellites, particularly those in low earth orbit, reportedly may degrade or cease to function shortly after a high-altitude EMP attack.57 Special shielding could reduce this vulnerability in future commercial satellites. However, the current vulnerability of high technology equipment and communications to the effects of EMP could create a new incentive for other countries, or terrorists and extremists, to develop or acquire electronic warfare weapons. The following is a list of key technology areas used to implement NCO for U.S. forces, and related issues. C4I capabilities are the nervous system of the military. DOD is seeking to move from a policy of information "push", where information is labeled and sent by data "owners" only to recipients who are deemed appropriate, to a policy of information "pull", where authenticated users within a given community of interest can request and receive all information available to solve a problem, regardless of the data owner. This shift in policy is intended to promote more widespread information sharing and collaboration.58 54 Simson Garfinkel, Battling Bugs: A Digital Quagmire, Wired News, November 9, 2005, http://www.wired.com/ news/technology/bugs/0,2924,69369,00.html. 55 For more on EMP, see CRS Report RL32544, High Altitude Electromagnetic Pulse (HEMP) and High Power Microwave (HPM) Devices: Threat Assessments, by Clay Wilson. 56 Jefferson Morris, "DISA Chief Outlines Wartime Successes," Federal Computer Week, June 6, 2003; and "GAO: DOD Needs New Approach to Buying Bandwidth," Aerospace Daily, December 12, 2003. 57 U.S. Congress, House Armed Services Committee, Hearing on Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack, July 22, 2004. 58 Memorandum by John Stenbit, DoD Net-Centric Data Management Strategy: Metadata Registration, April 3, 2003. NCO relies on a high-bandwidth communications backbone consisting of fiber optics and satellites, all communicating using Internet Protocol (IP). By 2008, DOD is planning to switch all communications systems from IPV4 to the newer IPV6 to improve communications mobility, create more IP addresses, and reduce system management problems. (For more on IPV6, See Appendix A, "The Transition from Internet Protocol Version 4 (IPv4) to IPv6.")59 ¢ NCO is highly dependent on the interoperability of communications equipment, data, and software to enable networking of people, sensors, and manned and unmanned platforms. Parts of NCO technology rely on line-of-sight radio transmission for microwave or infrared signals, or laser beams. Other parts of the technology aggregate information for transmission through larger network trunks for global distribution via fiber optic cables, microwave towers, or both low- altitude and high-altitude satellites. The designs for this technology must enable rapid communications between individuals in all services, and rapid sharing of data and information between mobile platforms and sensors used by all military services.60 The architectures must also have the ability to dynamically self-heal and re-form the network when one or more communications nodes are interrupted. DOD officials have noted that the new military Global Information Grid (GIG) must be also designed to interoperate securely with the networks of other organizations outside of DOD, including state and local governments, multinational military commands, and the commercial and research communities.61 Some observers question whether the U.S. military can achieve true network and systems interoperability among all services. DOD reportedly intends to integrate the architectures of network systems used by all branches of the military to create a network centric capability linked to the GIG (see section below). To help accomplish this integration, the DOD Joint Staff has created a new Force Capability Board (FCB) to monitor NCO programs for mismatches in funding, or mismatches in capability. When an issue is detected, the FCB reports to the Joint Requirements Oversight Council, which then provides guidance during budget deliberations at the Pentagon.62 Satellites are crucial for enabling mobile communications in remote areas, as well as for providing imagery, navigation, weather information, a missile warning capability, and a capability to "reach back" to the continental United States for added support. For example, the Global Positioning System (GPS), consisting of 28 navigation satellites, helps identify the location of 59 Rodney Pringle, DOD Faces Challenges, Risks in Transition to IPV6, GAO Study Says, Aviation Week NetDefense, June 6, 2005, http://www.aviationnow.com/avnow/news/channel_netdefense_story.jsp?view=story&id=news/ IPV606095.xml. 60 For more information about military network interoperability issues, and the Global Information Grid, see CRS Report RS21590, Defense Program Issue: Global Information Grid, Bandwidth Expansion (GIG-BE), by Clay Wilson. 61 Sebastian Sprenger, GIG CONOPS Stresses Interoperability with Non-DOD Agencies, Allies, Inside the Pentagon, September 39, 2005. 62 Brigadier General Marc Rogers, Director Joint Requirements and Integration Directorate/ J8, for U.S. Joint Forces Command, in U.S. Congress, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, Hearing on Military C4I Systems, October 21, 2003 http://www.cq.com, and Rich Tuttle, "New Organization to Stress Importance of Network Programs," Aerospace Daily, January 30, 2004. U.S. forces, as well as the locations of targets for guided U.S. weapons, such as cruise missiles. The United States maintains 6 orbital constellations for Intelligence, Surveillance, and Reconnaissance (ISR): one for early warning, two for imagery, and three for signals intelligence. Recently, the Army deployed the Coalition Military Network, a new satellite communications system designed to add bandwidth to support coalition forces in remote areas of Iraq. However, despite the growing number of military satellites, the Defense Information Systems Agency (DISA) reported that up to 84 percent of the satellite communications bandwidth provided to the Operation Iraqi Freedom (OIF) theater was supplied by commercial satellites.63 Some drawbacks using commercial satellite services became apparent during OIF. U.S. Army officials indicated that the high volume of traffic on Iridium communications satellites at times overwhelmed that system, which also had to suspend service periodically for updates. In addition, the military reportedly was unable to get encrypted data transmission services from the Inmarsat satellite system at transmission rates of 128 kilobits per second, and instead had to settle for rates of 64 kilobits per second, which was too slow for the Army's needs.64 The Transformational Satellite Communications (TSAT) program, run by the Air Force, is part of a plan to build a satellite-based military Internet. The future TSAT program involves launching 5 military satellites in geosynchronous orbit, with laser communication links and Internet-like routers to provide high-speed, high-capacity communications to U.S. warfighters worldwide.65 The first TSAT satellite is scheduled to be launched in 2014, with full operational capacity scheduled for 2018.66 The United States remains highly-dependent on space assets, and has enjoyed space dominance during previous Gulf conflicts largely because its adversaries simply did not exploit space, or act to negate U.S. space systems. However, the United States may not be able to rely on this same advantage in the future. For example, a non-state group could possibly take advantage of commercial space-based technology by leasing satellite bandwidth, or by purchasing high- resolution imagery from suppliers in the Soviet Union, China, or other countries that own and operate space assets. Also, less-technically advanced nations and non-state actors may employ electronic jamming techniques, or launch attacks against satellite ground facilities.67 News reports show that over a period of several years China has fired high-power laser weapons at U.S. military optical spy satellites as they fly over Chinese territory. Experts say this may have been testing of a new ability to blind the spacecraft. It is not clear how many times China may have 63 DOD satellites could not satisfy the entire military demand for satellite bandwidth, and therefore DOD has become the single largest customer for commercial satellite services. DOD sometimes leases commercial satellite bandwidth through DISA, and at other times bypasses the process to buy directly from industry. Bypassing DISA may reduce interoperability and increase redundancies. Jefferson Morris, "GAO: DOD Needs New Approach to Buying Bandwidth," Aerospace Daily, December 12, 2003; "DISA Chief Outlines Wartime Successes," Federal Computer Week, June 6, 2003. 64 Warren Ferster, Military Bandwidth Demand Energizes Market, SpaceNews, September 2, 2003, http://www.space.com/spacenews/archive03/militaryarch_090203.html. 65 Rebecca Christie, DoD Space Program's Costs Rise as New Plan Takes Shape, Wall Street Journal, February 21, 2006. 66 James Canan, Timing in Battle: The T-Sat Edge, American Institute of Aeronautics and Astronautics, Inc., Aerospace America, January, 2006, p. 39. 67 Testimony from the hearing on Army Transformation, Senate Armed Services Committee, Subcommittee on Airland, March 12, 2003, CQ.com, http://www.cq.com/aggregatedocs.do. tested their ground-based laser system against U.S. satellites, or whether the tests were successful.68 Individual air-to-ground weapons will be integrated into network centric operations. Recent tests under the Weapons Data Link Network (WDLN) Advanced Concept Technology Demonstration have shown that various weapons can use standard methods to report their status after release from an aircraft, and provide information on their impact. When pilots and ground controllers have two-way communications with network-enabled weapons after they are in flight, new information can be continually supplied to shift the weapon as the target changes location, or to shift the attack to a different target, or to abort the attack. Networked weapons with these capabilities are projected to become operational by 2010.69 However, if a large volume of weapons are used concurrently in a conflict, this may add considerably to the demand for network bandwidth. Bandwidth is the transmission capacity for any given channel on a network. Since 1991, there has been an explosive increase in military demand for bandwidth, largely due to efforts to speed up the delivery of digital information. Defense officials remain concerned about whether the bandwidth available through DOD communications systems will grow to keep up with increasing military demand in the future. Some observers question whether enough bandwidth will be available in the future to support DOD plans for major NCO systems, such as the Future Combat System, Warfare Information Network - Tactical, and Joint Tactical Radio System.70 When the supply of bandwidth becomes inadequate during combat, military operations officers have sometimes been forced to subjectively prioritize the transmission of messages. They do this by literally pulling the plug temporarily on some radio or computer switching equipment in order to free up enough bandwidth to allow the highest-priority messages to get through. This can delay messages, or cancel other data transmissions. Latency, or delays in information updates resulting from a bandwidth shortage could leave some units attempting to fight on their computer screens with outdated information, when the enemy changes position faster than the screen image data can be updated. An example of this type of problem occurred in April 2003, when a U.S. Army battalion was surprised by a large force of Iraqi tanks and troops because intelligence systems were unable to update enemy information in databases quickly enough to keep front line units accurately informed.71 By the year 2010, the Congressional Budget Office estimates that the supply of effective bandwidth in the Army is expected to fall short of peak demand by a ratio of approximately 1 to 10.72 According to former Assistant Secretary of Defense for Networks and Information 68 Vago Muradian, China Tried to Blind U.S. Sats with Laser, Defense News, September 25, 2006, p.1. 69 Rich Tittle, Promise of Networked Weapons is Shown in Eglin Demos, NetDefense, January 19, 2006, http://www.aviationnow.com/avnow/news/channel_netdefense_story.jsp?view=story&od=news/EGLIN01196.xml. 70 Scott Nance, Krepinevich: FCS Revolutionary But Irrelevant?, Defense Today, March 31, 2005, p. 3. 71 Greg Grant, "Net-Centric Warfare Experts Look to Improve Communications", C4ISR The Journal of Net-Centric Warfare, October 11, 2005, http://www.isrjournal.com/story.php?F=1166143 72 Anticipated hardware improvements by 2010 will shift the existing bandwidth bottleneck from the brigade level to (continued...) Integration (ASD/NII), Paul Stenbit, the primary barrier to achieving the NCO Internet paradigm is finding new ways to meet the demand for bandwidth. Communications infrastructure must have enough bandwidth to allow, for example, several people at different locations in the battlefield to pull the same problem-solving data into their computer systems at the same time, without having to take turns sharing and using the same limited local bandwidth.73 UVs, also known as Unmanned Aerial Vehicles (UAVs), Ground Vehicles (UGVs), and Underwater Vehicles (UUVs) are primarily used for surveillance. However, their mission is evolving to also include combat, under the title Unmanned Combat Vehicles (UCVs).74 During OIF, approximately 16 Predator and 1 Global Hawk UAVs were in operation, and all were controllable remotely via satellite link from command centers in the continental United States. UVs each require a large amount of bandwidth for control and for transmission of reconnaissance images.75 ¢ Sensors are being developed to remotely detect movement and heat signatures of enemy equipment. However, some observers have warned that it is likely that future foes will develop technologies to counter U.S. weapons, and will become more sophisticated in cover and concealment, with the possible net effect that U.S. situational awareness on the battlefield could decrease, depending upon the sophistication of the adversary.76 Software is an important component of all complex defense systems used for NCO. GAO has recommended that DOD follow best practices of private sector software developers to avoid the schedule delays and cost overruns that have plagued past DOD programs dependent on development of complicated software.77 Many observers of the software industry believe that (...continued) the corps level. If the Joint Tactical Radio System (JTRS) performs as the Army projects, the new radio may provide more than enough bandwidth for the lower tactical levels of command, with a margin for growth of demand beyond 2010. However, at the division and corps level, the projected demand is still expected to be much greater than the likely supply. U.S. Congressional Budget Office, "The Army's Bandwidth Bottleneck," August 2003, http://www.cbo.gov. 73 In certain situations, some commanders had access to only one communications channel. If someone else was using it first, the commander had to wait until it was free for him to use. Matthew French, "Bandwidth in Iraq a subject of debate," Federal Computer Week, October 20, 2003, p. 43. 74 The two key programs for UAV development are the USAF's X-45 and the Navy's carrier-capable X-47. Both projects are under the Joint Unmanned Combat Air System (J-UCAS) program, which is led by DARPA. DOD believes that merging these two projects will lead to greater efficiencies and reduced acquisition costs. Adam Herbert, "New Horizons for Combat UAVs," Air Force Magazine, December 2003. 75 For more information about UVs, see CRS Report RS21294, Unmanned Vehicles for U.S. Naval Forces: Background and Issues for Congress, by Ronald O'Rourke. 76 Greg Grant, "Net-Centric Warfare Experts Look to Improve Communications", C4ISR The Journal of Net-Centric Warfare, October 11, 2005, http://www.isrjournal.com/story.php?F=116143. 77 U.S. General Accounting Office, "DEFENSE ACQUISITIONS: Stronger Management Practices Are Needed to Improve DOD's Software-Intensive Weapon Acquisitions," GAO-04-393, March 2004. globalization of the economy dictates a global process for software development. In keeping with the GAO recommendation, contractors for DOD often outsource software development to smaller private firms, and in some cases, programming work is done by offshore companies. This raises questions about the possibility of malicious computer code being inserted to subvert DOD computer systems. However, DOD is currently investigating ways to increase confidence in the security of both foreign and domestic software products, for example, by co-sponsoring with the Department of Homeland Security a series of software assurance forums where government, industry, and academic leaders discuss security methodologies that promote integrity and reliability in software.78. Gordon Moore's Law of Integrated Microprocessor Circuits observes that computer semiconductor chips follow an 18-month cycle of evolution where they will become twice as dense and twice as fast for about the same cost. Commercial industries have long relied on the predictability of Moore's Law as a guide for investing in future technology systems. DOD plans for NCO also rely on the predictable growth in computer processing power, but this predictability may be affected by advances in new technologies. New technology developments could be disruptive, for example by reducing circuit size to nanometer units giving rise to extreme miniaturization, or by quickly lowering costs and giving adversaries and terrorist groups easier access to more sophisticated and powerful commercial high-technology equipment.79 ¢ Electronic technologies are critical to the operation of modern, complex systems for communications and weaponry, and much of the technology for U.S. military data networking reportedly comes from Commercial-Off-The-Shelf (COTS) products.80 Much of this same state- of-the-art COTS technology is readily available on the open market, and is also available to our adversaries. Some officials in DOD also say that off-shore outsourcing of critical design and manufacturing capabilities, along with other factors, has contributed to the erosion of the U.S. lead in key defense technologies.81 These DOD officials warn that the United States may some 78 It is virtually impossible to find unauthorized and malevolent code hidden deep within a sophisticated computer program module that may have originated from a company in one of more than a half-dozen countries commonly used for software outsourcing. Mark Willoughby, "Hidden Malware in offshore products raises concerns," Computerworld, September 15, 2003, http://www.computerworld.com. 79 Today's electronic transistors are reaching physical limits where electrical circuits can leak across microscopic insulators, and the manufacturing process is increasingly expensive. Photonic computers will use photons of laser light instead of electrons, will be thousands of times faster than electronic computers, and far less expensive to manufacture. However, the effort to produce the necessary inexpensive nonlinear crystals that switch light beams quickly, and at reasonable power levels, has so far not been successful enough for commercial application. The CoolScience Center, http://www.rmrc.org/photonics/photon1.htm. 80 Ted McKenna, US Military Slow to Adapt to Net-Centric Warfare, Journal of Electronic Defense, August 2005, No 8, p.24. 81 In 2003, of the 2,027 doctorates awarded by U.S. universities for electrical engineering and computer science, 63 percent were earned by foreign nationals. Of the 15,906 master's degrees awarded in these same fields, 56% were earned by non-U.S. residents. Eric Chabrow and Marianne McGee, "Immigration and Innovation," Information Week, February 23, 2004, p. 20. day no longer have the asymmetric technology advantage it once had over our existing and potential adversaries.82 ¡ ¢ The Defense Science Board has reported that the 1996 voluntary Wassenaar Arrangement, which replaced the Cold War-era international regime that governed semiconductor exports, is not an effective tool for assuring that potential adversaries do not have access to technology for leading- edge design and fabrication equipment for integrated circuits.83 In addition, non-allied foreign acquisition of any U.S. company that manufactures or develops items of defense significance can erode the security of the defense industrial base. China, in particular, has reportedly procured advanced weapons and technology from abroad to make up for deficiencies in its domestic military sector. In doing so, China has reportedly developed an active policy of acquiring foreign industrial and manufacturing production lines, and then seeking U.S. export licenses for advanced semiconductor fabrication instruments and equipment.84 The Defense Science Board has also identified the increasing shift of U.S. semiconductor fabrication and design technology offshore as a critical national security challenge. Past supplies of classified integrated circuits have come from government-owned facilities operated by the National Security Agency (NSA) and Sandia National Laboratory. However, technological evolution, and new methods for mass production, have reportedly raised the cost of low- production-volume custom integrated circuits used by DOD, and made government facilities obsolete. As a result, there is no longer a diverse base of U.S. integrated circuit fabricators capable of meeting DOD needs.85 The DSB report calls for DOD and the defense industry to develop a new economic model for profitably producing a limited number of custom circuits and equipment for U.S. military systems. U.S. corporations are now sending more high-level research and development (R&D) work to off-shore partners. For example, as early as 1998, Intel Corporation, Microsoft Corporation, and other IT vendors opened new R&D facilities in Beijing and other parts of Asia. Microsoft also reportedly has 200 Ph.D. candidates and 170 researchers currently working in its Asia R&D facilities.86 The Gartner Group research firm has reported that corporate spending for offshore 82 OSD Memorandum accompanying the March 2006 Joint Report from the U.S. Defense Science Board, U.K. Defence Scientific Advisory Council Task Force on Defense Critical Technologies. 83 Defense Science Board Task Force on High Performance Microchip Supply, U.S. Department of Defense, February 2005, http://www.acq.osd.mil/dsb/reports/2005-02-HPMS_Report_Final.pdf. 84 John Tkacik, China's Military Power, testimony before the House Committee on Armed Services, July 27, 2005, p. 7. 85 Defense Science Board Task Force on High Performance Microchip Supply, U.S. Department of Defense, February 2005, http://www.acq.osd.mil/dsb/reports/2005-02-HPMS_Report_Final.pdf. 86 Patrick Theobald and Sumner Lemon, "R&D Starts to Move Offshore," Computerworld, vol. 38, no. 9, March 1, 2004, p. 1. information technology (IT) services will increase from $1.8 billion in 2003 to more than $26 billion in 2007, with half of the work going to Asian countries such as India and China.87 Contracting for national defense is reportedly among the most heavily outsourced of activities in the federal government, with the ratio of private sector jobs to civil service jobs within DOD nearly five to one.88 However, a 2004 study by DOD concluded that utilizing foreign companies as sources for high-technology equipment does not affect long-term military readiness.89 ¡ Operation Iraqi Freedom (OIF) might be more accurately characterized as a transitional rather than transformational operation because NCO technology was not fully deployed in all units during OIF, and some systems proved not to be user-friendly.90 Nevertheless, some observers feel that OIF proved the effectiveness and potential of network enhanced warfare,91 while others believe that it is hard to interpret the NCO experiences objectively, partly because the review process may sometimes be distorted by the internal military bias that favors force transformation. Still others point out that experiences using NCO technology may be misleading because recent U.S. adversaries were relatively weak militaries, including Panama (1990), Iraq (1991), Serbia (1999), and Afghanistan (2001).92 A March 2005 report from the U.S. Army War College asserts that network-enabled operations achieved proof of concept in the major combat operations phase of Operation Iraqi Freedom. The report further states that net centric operations enhanced the ability of U.S. forces to conduct battles and campaigns by providing a common operating picture and situational awareness never before experienced in combat.93 A case study by the Office of Force Transformation concluded that the deployment of some net centric technologies during OIF improved operational 87 Paul McDougall, "Optimizing Through Outsourcing," Information Week, March 1, 2004, p. 56. 88 Ann Markusen, Director, Project on Regional Industrial Economics, University of Minnesota, "Statement Made to David Walker, Chairman Commercial Activities Panel, GAO, June 5, 2001 and Pender M McCarter, "500,000 U.S. IT Jobs Predicted to Move Overseas by Year-end 2004; IEEE Sees Continued Loss in U.S. Economic Competitiveness, National Security," IEEE-USA News, July 21, 2003, http://www.ieeeusa.org/releases/2003/072103pr.html. 89 U.S. Department of Defense, Office of the Deputy Undersecretary of Defense for Industrial Policy, Study on Impact of Foreign Sourcing of Systems, January 2004. 90 Some argue that OIF experiences validate Admiral Cebrowski's view that technology is not NCW, but rather only the enabler of NCW. Loren B. Thompson, CO Lexington Institute, ISR: Lessons of Iraq, Defense News ISR Integration Conference, November 18, 2003. See also CRS Report RL31946, Iraq War: Defense Program Implications for Congress, by Ronald O'Rourke. 91 Lt. General William Wallace, Commander Combined Arms Center, in U.S. Congress, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, Hearing on Military C4I Systems, October 21, 2003, http://www.cq.com. 92 Some traditional virtues such as air superiority, may be under emphasized. The review process may exaggerate the role of "jointness" and special operations, according to Loren B. Thompson, Analyst at the Lexington Institute, "ISR: Lessons of Iraq, Defense News ISR Integration Conference," November 18, 2003. "The Iraqis made so many mistakes it would be foolish to conclude that defeating them proved the viability of the new strategy," Dan Cateriniccia and Matthew French, "Network-Centric Warfare: Not There Yet," Federal Computing Week, June 9, 2003, http://www.fcw.com/fcw/articles/2003/0609/cov-netcentric-06-09-03.asp. 93 Dennis Murphy, Network Enabled Operations in Operation Iraqi Freedom: Initial Impressions, CSL Issue Paper, March 2005, Vol. 06-05, http://www.oft.osd.mil/initiatives/ncw/docs/csl_issue_paper_0605.pdf. effectiveness specifically for planning, command and control agility, tempo, and synchronization.94 Increased networking during OIF reportedly allowed U.S. forces to develop a much improved capability for coordinating quick targeting. In Operation Desert Storm in 1991, coordinating efforts for targeting required an elapsed time of as much as four days. In Operation Iraqi Freedom, U.S. forces reduced that time to about 45 minutes.95 During April 2003, the Marine Corps Systems Command compiled comments from some soldiers about their experiences using several new communications systems during combat operations in Iraq. Comments from soldiers and other observers follow: (1) Several communicators, operations officers, and commanders reportedly stated that they felt generally overloaded with information, and sometimes much of that information had little bearing on their missions. They stated that they received messages and images over too many different networks, requiring them to operate a large number of different models of communications equipment.96 (2) Some troops stated that when on the move, or when challenged by line-of-sight constraints, they often used military email and "chat room"97 messages for communications (This usually required linking to a satellite). (1) Force XXI Battle Command, Brigade and Below (FBCB2), with Blue Force Tracker, received widespread praise from troops for helping to reduce the problem of fratricide. Blue Force Tracker (BFT) is a generic term for a portable computer unit carried by personnel, vehicles, or aircraft that determines its own location via the Global Positioning System, then continuously transmits that data by satellite communications. The position of each individual unit then appears as a blue icon on the display of all other Blue Force Tracker terminals, which were used by commanders on the battlefield, or viewed at remote command centers. Clicking on any blue icon would show its individual direction and speed. A double-click reportedly would enable transmission of a text message directly to that individual unit, via satellite. (2) Objective Peach involved U.S. forces defending a captured bridge from Iraqi forces on the morning of April 3, 2003. The commander of the U.S. forces reportedly complained that he received no information from sensors to provide warning when his position was 94 Office of Force Transformation, US/UK Coalition Combat Operations during Operation Iraqi Freedom, March 2, 2005, http://www.oft.osd.mil/library/library_files/ document_389_Final_Cleared_US_UK_Coalition_Combat_Ops_in_OIF.pdf. Other NCO case studies can be found at http://www.oft.osd.mil/initiatives/ncw/studies.cfm. 95 Dan Cateriniccia and Matthew French, "Network-Centric Warfare: Not There Yet," Federal Computing Week, June 9, 2003, http://www.fcs/com. 96 Matthew French, "Technology a Dependable Ally in Iraq War," Federal Computer Week, vol. 18, no.8, March 29, 2004, p. 46. 97 John Breeden, "Bantu Sails with the Navy," Government Computer News, May 26, 2003, p. 1. attacked by 5,000 Iraqi soldiers approaching under cover of night, backed up by 25 tanks and 70 armored personnel carriers. Subsequent investigation revealed that at division level and above, the sensor information was adequate, but among front-line Army commanders, there was inadequate support to aid situational awareness on the ground.98 (3) During a blinding sandstorm lasting from March 25 to 28, 2003, a U.S. radar plane detected Iraqi forces maneuvering near U.S. troops. U.S. bombers attacked the enemy units using satellite-guided bombs that were unaffected by poor visibility. The Blue Force Tracker system ensured that friendly forces were identified and not harmed during the successful bombing attack.99 Satellite communications played a crucial role for transmitting message and imagery data during OIF operations, and also enabled U.S. forces in the field to "reach back" to the continental United States for support. However, a growing dependence on space communications may also become a critical vulnerability for NCO. (1) Commercial satellites were used to supplement military communications, which lacked capacity despite the fact that a number of military satellites were moved to a better geostationary orbital position for both Afghanistan and Iraq.100 DOD satellites cannot satisfy the entire military demand for satellite bandwidth, and therefore DOD has become the single largest customer for commercial or civilian satellite services. DOD sometimes leases commercial satellite bandwidth through DISA, and at other times bypasses the process to buy directly from industry. However, bypassing DISA may reduce interoperability between the services, and may increase redundancies. (2) During the OIF conflict, communications trunk lines, including satellite transmissions, were often "saturated", with all available digital bandwidth used up. The peak rate of bandwidth consumed during OIF was approximately 3 Gigabits-per-second, which is about 30 times the peak rate consumed during Operation Desert Storm in 1991.101 ¢ Some problems with delayed arrival of messages during OIF may have occurred due to unresolved questions about managing and allocating bandwidth. Sometimes, when demand for bandwidth was high, NCO messages with lower priority were reportedly dropped deliberately so that other messages with a higher priority could be transmitted.102 98 David Talbot, "How Technology Failed in Iraq", MIT Technology Review, November 2004, http://www.technologyreview.com/articles/04/11/talbot1104.asp. 99 Ibid. 100 Brigadier General Dennis Moran, U.S. Central Command/ J6, in U.S. Congress, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, Hearing on Military C4I Systems, October 21, 2003, http://www.cq.com . 101 Jefferson Morris, "GAO: DOD Needs New Approach to Buying Bandwidth," Aerospace Daily, December 12, 2003 and "DISA Chief Outlines Wartime Successes," Federal Computer Week, June 6, 2003, 102 U.S. Congressional Budget Office, The Army's Bandwidth Bottleneck, August 2003, http://www.cbo.gov, and Lt. General William Wallace, Commander Combined Arms Center, in U.S. Congress, House Armed Services (continued...) (1) The speed with which U.S. forces moved, a shortage of satellite communications, and the inability to string fiber nationwide hampered efforts to provide adequate bandwidth. At times, some commanders were required to share a single communications channel, forcing them to wait to use it whenever it became free.103 (2) Brigade-level command posts could view satellite and detailed UAV images, but battalion-level commanders, and lower command levels, could not view those same images. The lower-level commands are where greater detail is critical. (3) Although the Army has invested in military-only decision-support systems, some of the planning and collective decision-making during OIF was handled through email and chat- rooms that soldiers were familiar with, that were "user-friendly" and reliable, that were available when other systems experienced transmission delays, and that required little or no training.104 UAVs sometimes carry thermal cameras that can see through darkness or rain. These reportedly gave military planners so much confidence when orchestrating raids, they often skipped the usual time-consuming rehearsals and contingency planning.105 However, without early air dominance, UAVs and other Intelligence Surveillance and Reconnaissance (ISR) aircraft could not have been used to provide information needed for NCO systems. UAVs, and other support aircraft, such as refueling support tankers, are nearly defenseless and reportedly cannot operate without early air dominance. Using NCO technology with coalition forces resulted in reduced fratricide during OIF. However, during OIF, coalition assets reportedly operated as separate entities, and were often locked out of U.S. planning and execution because most information was posted on systems accessible only to U.S. forces. For example, most major air missions, that used NCO technology for coalition operations, involved only U.S. aircraft.106 Policy for sharing of classified information requires a separate contract agreement between the United States and each coalition partner. DOD currently maintains 84 separate secure networks for NCO coalition operations: one for each coalition partner. This is because U.S. National Disclosure Policy restricts what information may be released to coalition partners.107 In addition, (...continued) Subcommittee on Terrorism, Unconventional Threats and Capabilities, Hearing on Military C4I Systems, October 21, 2003, http://www.cq.com. 103 Matthew French, "Bandwidth in Iraq a Subject of Debate," Federal Computer Week, October 20, 2003, http://www.fcw.com/fcw/articles/2003/1020/tec-iraq-10-20-03.asp. 104 U.S. Congressional Budget Office, "The Army's Bandwidth Bottleneck," August 2003, http://www.cbo.gov. 105 "In Iraq, Soldiers Wage War Via Computer," Baltimore Sun/A.P., January 4, 2004. 106 Lt. General Daniel Leaf, Vice Commander for U.S. Air Force Space Command, in U.S. Congress, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, Hearing on Military C4I Systems, October 21, 2003,http://www.cq.com. 107 Each coalition partner must agree to protect classified military information that the United States shares with them. (continued...) each coalition partner nation has a corresponding policy for release of its own sensitive information. As a result of these policies, operations planning information was distributed to coalition forces using a manual process, and the transfer of data fell behind combat operations.108 A secure single network is required to efficiently share information among multiple partners, with a capability to dynamically add and subtract coalition partners. DOD has initiated a program called "Network Centric Enterprise Services" (NCES, also known as "Horizontal Fusion") to make information immediately available to coalition partners, while also providing strong security through network encryption technologies and dynamic access controls.109 However, this technical solution may not affect the differences in the individual policies that restrict information sharing among coalition partners. Military operations today generally are generally conducted with coalition partners. A coalition member that is unable to efficiently communicate situational information and other data electronically exert an unacceptable drag on the collective operations of all coalition members. Therefore, militaries of some other countries have developed Network Enabled Capability (NEC) technologies similar to those used by joint U.S. forces.110 NEC is the European equivalent of NCO, and is at the heart of defence transformation ongoing in militaries throughout Europe. NEC is defined as the coherent integration of sensors, decision- makers and weapon systems along with support capabilities to create superior decision-making. This will enable military forces to operate more effectively in the future strategic environment through the more efficient sharing and exploitation of information.111 Some countries also view NEC as a way to reduce their military budgets by gaining efficiency through networking with coalition partners.112 Observers note that European and other coalition partners now deploying NEC equipment are still not yet interoperable with NCO equipment operated by the U.S. military.113 (...continued) DOD Directive 5230.11, June 16, 1992, implements the October 1, 1988 "National Policy and Procedures for the Disclosure of Classified Military Information to Foreign governments and International Organizations," or the National Disclosure Policy, within the Department of Defense, http://www.dtic.mil/whs/directives/corres/pdf/d523011_061692/ d523011p.pdf. 108 Meagan Scully, "Out of Touch: Policies, Technology Hindered Data-Sharing with Allies in Iraq," ISR Journal, vol. 3, no. 4, May 2004, p. 32. 109 Cheryl Roby, Deputy Secretary of Defense, OASD, NII, Information Sharing Challenges in Coalition Operations, presentation at the 4th Annual Multinational C4I Conference, McLean, Virginia, May 4, 2004 and Matthew French, "DOD Blazes Trail for Net-centric Strategy," FCW.com, June 9, 2003, http://www.fcw.com/fcw/articles/2003/0609/ news-dod-06-09-03.asp. 110 The military organizations of Denmark, Norway and the Netherlands have also adopted the term Network Centric Warfare. Australia uses the term Network-Enabled Warfare, while the U.K. uses the term Network-Enabled Capability, and the Republic of Singapore uses the term Knowledge-Based Command and Control. John Garstka, "Network- Centric Warfare Offers Warfighting Advantage," Signal Forum, Signal Magazine, May 2003. 111 From the Network Enabled Capabilities Conference, December 2006, Brussels, Belgium, http://www.marcusevans.com/events/cfeventinfo.asp?eventID=10885. 112 Frederick Stein, Senior Engineer, MITRE Corporation, Presentation on Network Centric Warfare Operations, 4th Annual Multinational C4ISR Conference, McLean, Virginia, May 6, 2004. 113 Brooks Tigner, Fixing a Disconnect: EU Tries to Assess Compatibility Problems, Defense News, October 31, 2005, (continued...) NATO is currently building a NEC capability for dynamic interoperability with U.S. forces in the future and is developing a framework for high-technology warfare using the combined forces of multiple nations. Called the NATO Network Enabled Capabilities (NNEC), it is similar to the U.S. military's Joint Vision 2020.114 The confidential NATO 2005 Defense Requirements Review reportedly describes newer capabilities needed by allied commanders, including a description of technologies for sensors for sharing intelligence among allied warfighters.115 However, problems have been encountered with the U.S. National Disclosure Policy, which restricts release of classified information, and with the International Traffic in Arms rules which govern the export of unclassified technical data, and affect technology transfer (see previous section titled, "Technology Transfer Threat to U.S. Net Centric Advantages").116 Initially, the DOD Office of Force Transformation constructed a conceptual model to study net centric operations. However, NATO has since developed another conceptual model to test newer network centric approaches to military command and control (C2).117 To resolve differences, and establish open, interoperable standards for NEC and NCO, a new Network Centric Operations Industry Consortium has been created. The consortium consists of about 80 defense and information technology companies, of which 19 are European.118 The Australian Defense Force is developing innovative networked sensor technologies, and testing autonomous unmanned vehicles to offset the small size of their military. They are testing network communications that will allow one operator to control a formation of unmanned aerial vehicles that can be programmed to peel off independently for surveillance, or to launch an attack.119 The French reportedly are implementing a concept called "Guerre Infocentre", or Infocentric Warfare, which emphasizes the importance of information flows rather than the network itself. The initial program is called the Future Air Land Combat Network System, which will enable different combat platforms to contribute to cooperative engagement of targets.120 (...continued) p.11. 114 "NATO Network Enabled Capability (NNEC)," Times staff, March 3, 2003, "NATO Starts `Transformation' Process," NavyTimes.com, February 5, 2004, http://www.navytimes.com/. 115 Sebastian Sprenger, NATO to Unveil Plan for Wartime Information Sharing by Next Summer, Inside the Pentagon, December, 2005. 116 Rati Bisnoi, Report: Net-Centric Warfare Training Needed for NATO Response Force, Inside the Pentagon, November 3, 2005. 117 David Alberts and Richard Hayes, Understanding Command and Control, The Future of Command and Control, CCRP Publication 2006, P.200, http://www.dodccrp.org/publications/pdf/Alberts_UC2.pdf. 118 Brooks Tigner, Standards Urged To Smooth Allied Network-Centric Ops, Defense News, January 2, 2006, p.10. 119 David Fulghum, Cyber-Hammer, Aviation Week and Space Technology, May 29, 2006, p.48. 120 Giles Ebbutt, Flaws in the System: Modern Operations Test the Theory of Network Centricity, Jane's International (continued...) ¢ Plans call for development of a future soldier system for the German Army, called "Infanterist der Zuknft", which will introduce new ways of networking between combat units and higher command levels. The system includes optical components, soldier-level computing equipment, and a tactical military internet which links voice and data systems.121 The UK is reportedly building its own Global Information Infrastructure, which is a single, general purpose network, with a specialized security architecture and a family of joint command battlespace management applications.122 The UK system design will expand to allow multinational forces, such as the United State, Canada, Australia, and New Zealand to also reach through each others' protective electronic boundaries to share a common operating picture through Voice Over IP and video teleconferencing.123 During the brief 2006 conflict with Syrian- and Iranian-supported Hizballah, Israel reportedly combined tactical unmanned aerial vehicles with their new Tzayad digitized command-and- control systems to locate and destroy many of Hizballah's rocket launchers. Experts reported that Israeli brigades that were equipped with the latest digital equipment were able to apply firepower in a very effective manner.124 China reportedly has considerable and growing capabilities for developing information technology and networks. Chinese officials have reportedly noted that future military plans call for China to focus on developing new-concept weapons, such as electromagnetic pulse (EMP) systems for jamming adversary networks, and new satellites for establishing a unique GPS network for the Chinese military.125 China has also reportedly networked its forces using the European "Galileo" space-based global positioning system126 (...continued) Defence Review, July 2006, p. 61. 121 Staff, "German Soldier Networking System Evolves", International Defense Digest, Jane's International Defense Review, July 2006, p.10. 122 Giles Ebbutt, Flaws in the System: Modern Operations Test the Theory of Network Centricity, Jane's International Defence Review, July 2006, p.57. 123 Giles Ebbutt, Flaws in the System: Modern Operations Test the Theory of Network Centricity, Jane's International Defence Review, July 2006, p.61. 124 Babara Opall-Rome, Israel Wants More Active Defenses, Better Intel, DefenseNews, August 14, 2006, p.8. 125 Mary Fitzgerald, China plans to control space and win the coming information war, Armed Forces Journal, November 2005, p.40. 126 David Gompert, Irving Lachow, and Justin Perkins, "Battle-Wise: Gaining Advantage in Networked Warfare", Center for Technology and National Security Policy, National Defense University, January 2005, p.13. Recent publications from China on security and national defense policy use terms such as "informationalization" and "Integrated Network-Electronic Warfare" (INEW), while describing how warfare is becoming more information oriented. Chinese military officials have stated that the INEW concept is comparable to U.S. Net Centric Operations. However, while INEW involves acquiring both defensive and offensive information operations capabilities, there is a priority placed on developing active strategies for offensive information operations. 127 DOD officials acknowledge that China has been conducting research to develop ground-based laser anti-satellite weapons. Some officials claim that China in recent years may have tested the means to harm or destroy U.S. satellites. However, a recent statement by DOD did not confirm or deny this possibility. The United States military relies on commercial satellites for up to 80 percent of DOD space-based communications, according to space officials.128 DOD officials also report that hacker attacks directed against U.S. military networks increased approximately fifty percent between 2003 and 2004. Officials also state that most of these computer intrusions were originating from within China, with one extended attack involving the theft of perhaps 10 to 20 terabytes of data from the DOD Non-Classified IP Router Network. These attacks may indicate that China, and perhaps other countries, are developing or testing skills to defeat U.S. Network Centric Operations.129 ¡ Other non-state groups also watch as the United States and other countries network their forces. In many cases, these groups are able to bypass much of the R&D associated with creating and testing new networked services, and instead are able to purchase Commercial-Off-Shelf (COTS) products and equipment adequate for their purposes. These sophisticated commercial technologies may enable smaller countries, or Al Qaeda or Hamas, to project an advanced and adaptive electronic warfare threat.130 ¢ In 2003 the U.S. government launched an investigation code named "Titan Rain" after detecting a series of persistent intelligence-gathering cyberattacks directed at military computer systems. The attackers demonstrated a high level of sophistication, and the investigation led many security experts to believe that the computer intrusions originated from sources in China. The targeted systems included (1) the U.S. Army Information Systems Engineering Command at Fort Huachuca, Arizona, (2) the Defense Information Systems Agency in Arlington, Virginia, (3) the Naval Ocean Systems Center in San Diego, California, (4) the U.S. Army Space and Strategic Defense installation in Huntsville, Alabama, and many other installations. In 2004, the Army base 127 Timothy Thomas, Chinese and American Network Warfare, Joint Forces Quarterly, Issue 38, #rd Quarter 2005, p. 76. 128 Elain Grossman, Top Commander: Chinese Interference with U.S. Satellites Uncertain, Inside the Pentagon, October 12, 2006. 129 Peter Brookes, The Art of Cyber War, The Conservative Voice, August 29, 2005, http://www.theconservativevoice.com/articles/article.html?id=7860. 130 J.R. Wilson, High-Tech Challenge: Terrorists present Electronic Warfare Threat, Too, Armed Forces Journal, February 5, 2005, pp. 38-39. at Fort Campbell, Kentucky initiated a multimillion-dollar program to secure its computer systems after its networks were penetrated for a period of approximately two months, during a sustained intelligence-gathering cyberattack.131 Although these attacks persisted over a long period of time, the U.S. government claims that no classified information was compromised.132 Recently, China was also blamed for cyber intrusions that disabled the computer networks of the Department of Commerce Bureau of Industry and Security, which is responsible for controlling U.S. exports of software and technology for both commercial and military use. The attacks were traced to websites registered with Chinese Internet service providers.133 However, other analysts caution that a sophisticated opponent, such as China, would not leave clues pointing back to itself. Instead, another sophisticated opponent could use China as a platform for third party computer attacks. China's civilian computer networks are very vulnerable to viruses. Some estimates reportedly say that up to 90% of the software used in China is pirated, lacking in the most important security patches, and especially vulnerable to being taken over by malicious code. Therefore, any attack that can be traced back to China may actually demonstrate very little about the true source. Sophisticated hacking tools are widely available on the Internet, and some hackers advertise their cybercrime skills for hire to other organizations, which could include extremists, both domestic and international.134 £ After the 34-day war with Israel in 2006, Hizballah was described by some Israeli officials as a well-equipped, networked force still capable of commanding its combat units after weeks of high- intensity fighting. Hizballah's units were supported by a well-fortified terrestrial communications network supplemented by satellite telephone and broadcast services, including the Al-Manar television network. Hizballah units also reportedly had the capability to attempt eavesdropping on Israeli cellular networks.135 Hamas was reportedly inspired by the way Hizballah fought against Israel in Lebanon, and the organization continues to receive increasing support from both Iran and Hizballah in the form of weapons, funding, and training. Hizballah is also reportedly sharing with Hamas operatives many of the lessons they learned from the recent military engagement with Israel.136 131 Frank Tiboni, Army Rebuilds Networks after Hack Attack, Federal Computer Week, September 6, 2004, http://www.fcw.com. 132 Tom Espiner, Security Experts Lift Lid on Chinese Hack Attacks, ZDNet, November 23, 2005, http://www.zdnet.co.uk/print/?type=story&at=39237492-39020375t-10000025c. Nathan Thronburgh, The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them), Time, August 29, 2005, http://www.time.com/time/ magazine/printout/0,8816,1098961,00.html. 133 Alan Sipress, Computer System Under Attack, Washington Post. October 6, 2006, A21. 134 James Lewis, Computer Espionage, Titan Rain and China, Center for Strategic and International Studies, December 14, 2005, http://www.csis.org/index.php?option=com_csis_pubs&task=view&id=2576. 135 Barbara Opall-Rome, Combating the Hizballah Network, Defense News, October 9, 2006, p.6. 136 Alon Ben-David, Hamas Boosts its Weapons Stocks, Janes Defence Weekly, October 25, 2006, http://www4.janes.com/subscribe/jdw/doc_view.jsp?K2DocKey=/content1/janesdata/mags/jdw/history/jdw2006/ jdw30827.htm@current&Prod_Name=JDW&QueryText=. Al Qaeda networks, in addition to technology, often rely on dispersed cells of people that are under central direction, which allows the organization to be highly flexible, elusive, and adaptable. As Al Qaeda evolves to using newer commercially available communication systems, dispersed cells may become more coordinated and self-organizing, with increased situational awareness, with the possible future capability of conducting their own network operations, in ways similar to the network operations of current U.S. military units.137 ¢ ¢ The following are key DOD programs related to NCO. The GIG is the communications infrastructure that supports DOD and related intelligence community missions and functions, and enables sharing of information between all military bases, mobile platforms, and deployed sites. The GIG also provides communications interfaces to coalition, allied, and non-DOD users and systems. Key service network architectures for implementing an important NCO capability through the GIG are the Air Force C2 Constellation, Navy and Marine Corps ForceNet, and Army LandWarNet.138 The Joint Task Force - Global Network Operations is tasked with operation and defense of the GIG. DOD is planning that 2008 military communications equipment will use the new Internet Protocol version 6 (IPv6) as the standard for all transmission through the Global Information Grid (GIG), and for all Defense Information System Network systems that will interoperate with the GIG.139 The new IPv6 protocol offers greater message security and better tracking of equipment, supplies, and personnel through use of digital tags (See Appendix A, "The Transition from Internet Protocol Version 4 (IPv4) to IPv6"). It is noteworthy that in a 2006 study, the Government Accountability Office found that the GIG lacks clearly defined leadership able to cut across organizational lines. GAO warned that without adequate leadership the GIG program could exceed cost and schedule requirements, partly due to development and acquisition methods characterized as "stovepiped" and "uncoordinated".140 137 David Compert et. al, Battle-Wise: Gaining Advantage in Networked Warfare, Center for Technology and National Security Policy, National Defense University, January 2005, p. 15. 138 For more information about the GIG, see CRS Report RS21590, Defense Program Issue: Global Information Grid, Bandwidth Expansion (GIG-BE), by Clay Wilson. 139 Staff, "DOD Now Preparing for Rapid Move to IPv6, Hi-Tech Chief Says," LookSmart, July 2, 2003, http://www.findarticles.com/cf_dls/m0PJR/13_1/110307574/p1/article.jhtml. 140 Zachery Peterson, Report Finds DOD Management Style Hindering Development of GIG, Inside the Navy, February 6, 2006. ¢ The AT3 system combines information collected by an airborne network of sensors to identify the precise location of enemy air defense systems. The system relies on coordination of information from different systems aboard multiple aircraft.141 Tactical Data Links (TDLs) are used in combat for machine-to-machine exchange of information messages such as radar tracks, target information, platform status, imagery, and command assignments. The purpose of this program is to insure the interoperability of Air Force TDLs. TDLs are used by weapons, platforms, and sensors of all services. ¢ ¢ The CEC system links Navy ships and aircraft operating in a particular area into a single, integrated air-defense network in which radar data collected by each platform is transmitted in a real-time to the other units in the network. Each unit in the CEC network fuses its own radar data with data received from the other units. As a result, units in the network share a common, composite, real-time air-defense picture. CEC will permit a ship to shoot air-defense missiles at incoming anti-ship missiles that the ship itself cannot see, using radar targeting data gathered by other units in the network. It will also permit air-defense missiles fired by one ship to be guided by other ships or aircraft.142 ¢ FBCB2, used with Blue Force Tracker computer equipment, is the U.S. Army's main digital system that uses the Tactical Internet for sending real-time battle data to forces on the battlefield. During Iraq operations, this system was used in some Bradley Fighting Vehicles and M1A1 Abrams tanks, and replaced paper maps and routine reporting by radio voice communication. The computer images and GPS capabilities allowed tank crews to use Blue Force Tracker to pinpoint their locations, even amid Iraqi sand storms, similar to the way pilots use instruments to fly in bad weather. Officials stationed at the Pentagon using Blue Force Tracker receivers were also able to observe the movements of U.S. forces.143 ¢ The software-based JTRS Program is intended to bring together separate service-led programs into a joint software-defined radio development effort.144 JTRS is a family of common, software- 141 Hampton Stephens, "USAF Will Begin Air-Defense Targeting Demonstration In FY-04," IDGA, June 27, 2003, http://www.idga.org/iowa-robot/document.html?topic=196&document=30568. 142 For more information, see CRS Report RS20557, Navy Network-Centric Warfare Concept: Key Programs and Issues for Congress, by Ronald O'Rourke. 143 Frank Tiboni and Matthew French, "Blue Force Tracking Gains Ground," Federal Computer Week, vol. 18, no. 7, March 22, 2004, p. 49. 144 GAO report to the U.S. House of Representatives Committee on Appropriations, Subcommittee on Defense, Challenges and Risks Associated with the Joint Tactical Radio System Program, August 2003. defined, programmable radios that are intended to interoperate with existing radio systems and provide the additional capability to access maps and other visual data by allowing the war fighter to communicate directly with battlefield sensors.145 DOD has determined that all future military radio systems should be developed in compliance with the architecture for JTRS. JTRS will initially be used by the Army as its primary tactical radio for mobile communications, including satellite communications. Acquisition for the JTRS program is being carried out through a series of five separate but interrelated clusters, with each cluster intended to meet a specific DOD requirement. ¢ The Warfighter Information Network (WIN-T) is a high-capacity network system that will allow units and command centers to communicate while on the move. The Joint Network Nodes (JNN) is the bridge between the Cold War legacy 30-year-old Mobile Subscriber Equipment and the WIN-T. JNN currently gives brigade and battalion command posts a "reach-back" capability for direct contact with bases in the continental United States, or other locations. JNN provides a significant increase in capability to Army modular units by providing satellite-based high bandwidth communications down to the battalion level.146 ¢ The Future Combat System (FCS) is intended to be the U.S. Army's multi year, multi-billion- dollar program at the heart of the Army's transformation efforts. It is to be the Army's major research, development, and acquisition program consisting of 18 manned and unmanned systems tied together by an extensive communications and information network. FCS is intended to replace such current systems as the M-1 Abrams tank and the M-2 Bradley infantry fighting vehicle with advanced, networked combat systems.147 Potential oversight issues for Congress pertaining to NCO include the following. Does Congress have sufficient information on the full scope of the Administration's strategy for implementing NCO to conduct effective oversight? Are programs critical for NCO adequately identified as such in the DOD budget? Does the Administration's plan for defense transformation place too much, too little, or about the right amount of emphasis on NCO? Is the strategy for implementing NCO paced too quickly, too slowly, or at about the right speed? Does the 145 Stephen Trimble, "Pentagon Adds `Network Router' to List of JTRS Missions," Aerospace Daily, vol. 206, no 13, April 17, 2003. 146 Lieutenant General Steven Boutelle, U.S. Army, testimony at the Congressional hearing on Information Technology Issues and Defense Transformation, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities Holds Hearing, April 6, 2006. 147 See CRS Report RL32888, The Army's Future Combat System (FCS): Background and Issues for Congress, by Andrew Feickert. Administration's strategy for implementing NCO programs call for too much, too little, or about the right amount of funding? How are "network centric" items identified separately in the budget line items? ¢ Is the Administration's strategy for implementing NCO sufficiently joint? Officials at DOD have recently said that when individuals responsible for program management fail to collaborate properly, program offices sometimes move forward working on requirements tailored for their specific service, rather than working on joint requirements.148 Is there adequate overall DOD information architecture or enterprise architecture? Do the current service network architectures--Army LandWarNet, Navy ForceNet, Air Force C2 constellation--allow systems to work together through the GIG, or do they function along service boundaries inconsistent with the joint environment? Has DOD provided industry with sufficiently clear definitions of the architectures for its various desired NCO systems? If not, when does DOD plan to provide industry with such definitions? What are the potential risks of inadequately defined architectures? What is the role of the Defense Information Systems Agency (DISA) in managing the DOD implementation of NCO? Does DISA have too much, not enough, or about the right amount of policy and funding authority to fulfill its role? Has DISA developed an adequate NCO roadmap to help guide investments, and if not, when does DISA plan to issue such a roadmap? ¢ The FCS concept originally consisted of consisting of 18 manned and unmanned systems to be tied together by a network of advanced offensive, defensive, and communications/information systems, including WIN-T and the JTRS.149 The FCS is experiencing a number of program development issues - with some technologies advancing quicker than anticipated, others progressing along predicted lines, while still others are not meeting the Army's expectations.150 Is the FCS high technology concept appropriate for the types of conflicts that the U.S. will likely experience in the Global War on Terror? Some additional security features that help protect satellites from electronic attack may consume portions of bandwidth that could otherwise be used for communications. News reports note that 148 John Bennett, C4ISR Programs Need Fewer Milestone Decision-Makers, Myers Says, InsideDefense, January 20, 2006, http://www.insidedefense.com/secure/defense_docnum.asp?f=defense_2002.ask&docnum=AIRFORCE-17-3-9. 149 Lieutenant General Steven Boutelle, U.S. Army, testimony at the Congressional hearing on Information Technology Issues and Defense Transformation, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, Hearing, April 6, 2006. 150 See CRS Report RL32888, The Army's Future Combat System (FCS): Background and Issues for Congress, by Andrew Feickert. DOD may, in some cases, be designing military satellites with reduced security features in order to free more bandwidth to support growing communications needs.151 Over 100 different UAVs of 10 different types were used in Operation Iraqi Freedom. Worldwide spending on UAVs will likely increase over the next decade to $4.5 billion annually, according to one defense analyst.152 However, officials from the Government Accountability Office recently reported that DOD lacks a "viable and strategic" plan for developing and acquiring unmanned vehicles. This problem has resulted in cost overruns, delivery delays, and duplication of effort. As a result of the Quadrennial Defense Review, the joint structure of the Joint Unmanned Combat Aerial System (J-UCAS) program was ended, and some UAV programs are now being developed separately by the Navy and Air Force. The J-UCAS program had combined the efforts previously conducted under the DARPA/Air Force Unmanned Combat Air Vehicle (UCAV) program and the DARPA/Navy Naval UCAV (UCAV-N) program, for a common architecture to maximize interoperability. It is uncertain how many crossover benefits can be mutually provided by separate Navy and Air Force efforts because requirements are now very divergent. Other problems reportedly include issues of interoperability of UAVs with ground forces, limited availability of bandwidth, and problems with having both manned and unmanned aerial vehicles share airspace.153 "Blue Force Tracker" describes a technical capability that has received widespread praise from troops for helping to reduce the problem of fratricide. During the 1991 Gulf War, friendly fire accounted for about 24 percent of 148 U.S. combat deaths, however, the rate declined to about 11 percent of 115 U.S. deaths during major combat in Iraq in 2003. Many top leaders credit Blue Force Tracker (BFT) technology with saving lives during combat.154 The Blue Force Tracking System reportedly proved so successful in Iraq and Afghanistan that the Army is fielding it to additional units. Observers state that BFT is directly responsible for significant reduction in vehicle-to-vehicle fratricide, and, for example, allowed the Third Infantry Division to fight through darkness and sandstorms on its way to Baghdad.155 Some questions remain that may affect the future development of BFT equipment and capabilities. Will the Blue Force Tracker database be designed with sufficient categories to enable 151 Vago Muradian, China Tried to Blind U.S. Sats with laser, Defense News, September 25, 2006, p.6. 152 Doub Beizer, Network Centric warfare Takes Flight, Washington Technology, July 18, 2005, http://www.washingtontechnology.com/cgi-bin/udt/im.display.printable?client.id=wtonline-test&story.id=26588. 153 Testimony by Sharon Pickup, Hearing on FY2007 Budget: Unmanned Aerial Vehicles and Intelligence, Surveillance, and Reconnaissance Capabilities, House Armed Services Subcommittee on Tactical Air and Land Forces, April 6, 2006. 154 Charles Dervarics, "Broadening Blue Force Tracking," Defense News, October 11, 2004. 155 Lieutenant General Steven Boutelle, U.S. Army, testimony at the Congressional hearing on Information Technology Issues and Defense Transformation, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, April 6, 2006. tracking of different weapon types, vehicles, and individual soldiers for future joint, and coalition operations? Is training adequate for military operators to handle complex BFT capabilities? Will the military have sufficient bandwidth available for future needs? As technology evolves, will the supply of bandwidth support the deployment of miniaturized BFT communications equipment for the individual soldier? Is BFT adequately supported when operating in urban areas and complex terrains, where structures may block radio signals? ¢ The Joint Tactical Radio System (JTRS) is intended to enable faster, more streamlined communications among many different types of forces, but stalled development of this system may have created an obstacle to the full implementation of net-centric operations.156 Originally, the JTRS program was intended to replace DOD legacy radios operating between 2 megahertz and 2 gigahertz, and which were not designed to communicate with each other. However, requirements were modified in 2004 so that future JTRS radios would also include frequencies above 2 gigahertz, to allow communication with satellites and to support future access to the military Global Information Grid. To spur development of JTRS, DOD in November 2004, developed a policy that restricted the purchase of non-JTRS radios already on the market. However, this policy was cited by Congress as an impediment to meeting the needs of operational commanders in the field.157 JTRS is seen now as a program to enhance, rather than replace, existing legacy radios, and JTRS systems will eventually replace legacy radios as they wear out.158 Is information overrated as an asset for NCO? How thoroughly has the administration studied the risks associated with data-dependent military doctrine? Several observers have argued that DOD plans stress only the rewards of information without including adequate analysis of the risks associated with possible over-reliance on data-driven systems. Some elite network centric corporations with state-of-the-art systems that offer "information superiority" have experienced perverse results, and sometimes even catastrophic economic losses (See Appendix C, "Perverse Consequences of Data-Dependent Systems"). Congress could encourage DOD to examine the economics of information in order to avoid similar perverse consequences on the battlefield that may be created by "information abundance."159 How well are coalition forces adapting to NCO? How are U.S. forces affected if coalition networks to which we must link are not as secure and robust? What are implications for future 156 For more information about JTRS, see CRS Report RL33161, The Joint Tactical Radio System (JTRS) and the Army's Future Combat System (FCS): Issues for Congress, by Andrew Feickert. 157 H.Rept. 108-622, July 20, 2004, p.170. 158 Scott Nance, "Army Sets Narrower Aims on Radio System," Defense Daily, February 18, 2005, p.4. 159 Modern portfolio theory, Baysian analysis, and Monte Carlo simulation are quantitative tools that can be used to examine when and where the benefits of information transparency consistently outweigh the costs. Michael Schrage, Perfect Information and Perverse Incentives: Costs and Consequences of Transformation and Transparency, Security Studies Program Working Paper, Massachusetts Institute of Technology, E38-600, May 2003. NCO operations when there is a need to share classified information with coalition forces and foreign countries? Is it possible to give Allies access to C4ISR information to improve collaboration during high-speed combat operations, while still protecting other information that is sensitive or classified? Will differences in the national disclosure policies for each coalition nation restrict sharing of necessary information among all partners during training operations, and if so, will this threaten the effectiveness of training? Will U.S. analysts or warfighters be overwhelmed by the vast increase in information that will flow if all coalition NCO networks are seamlessly linked to the U.S. NCO network? Will potential enemies probe for weaknesses in the links between the different networks operated by less sophisticated coalition forces, and thus find a way to disrupt the networks of U.S. forces? The same issues that affect DOD operations with coalition partners may also affect coordination with U.S. first-responders during domestic attacks by terrorists. Should DOD networks also be extended to first-responders who may need support during possible widespread attacks involving nuclear bombs or biological weapons; for example, geo-spatial images from UAVs monitoring domestic areas? Should policy allow domestic first-responders to input, view, or update important data during such an attack, even though some may not have appropriate security clearances? ¢ The global diffusion of technology will lead to the eventual loss of the monopoly position now enjoyed by U.S. forces using sophisticated networks and communications equipment. The United States may eventually face adversaries equipped with COTS technologies that provide many NCO capabilities. Technology transfer and offshore outsourcing may also increase the number of foreign-nationals who are experts in newer Internet technologies and software applications (See Appendix A, "The Transition from Internet Protocol Version 4 (IPv4) to IPv6"). Does the Administration's strategy pay sufficient attention to possible national security issues related to technology transfer? What controls does DOD have in place regarding offshore subcontracting that ensure security? Several potential adversaries reportedly have a military strategy that focuses on engaging the United States asymmetrically, rather than with conventional forces. China, for example, is reportedly tailoring its military capabilities to directly, or indirectly, undermine U.S. technological advantages.160 Does the Administration's strategy for implementing NCO pay sufficient attention to asymmetric threats and growth of technology skills in other countries? How is DOD working with industry to find ways to protect software against cyber threats, including those possibly related to offshore outsourcing of R&D and information technology services? Several policy options that may reduce risk to the effectiveness of NCO due to growth of technology skills in foreign countries may include (1) encourage companies to maintain critical design and manufacturing functions inside the U.S., (2) encourage highly skilled individuals to relocate to areas in the U.S. where industries are in need of technical professionals, or (3) encourage U.S. high technology workers to update and increase their set of job skills.161 160 Vago Muradian, China Tried to Blind U.S. Sats with Laser, Defense News, September 25, 2006, p.6. 161 Paul J. Kostek, Chair, American Association of Engineering Societies, Globalization vs Outsourcing and Their Impact on Competitiveness, October 30, 2003, http://www.planetee.com/Forums. Does the Administration's strategy for implementing NCO incorporate the right technologies and strategy for acquisition? Some observers have stated there is not enough coordination between DOD and the private sector officials involved in information technology acquisition.162 Others have suggested that the acquisitions community must communicate more directly with the most forward areas of the military, where the business processes deliver value to the war-fighter, so that needs are more clearly understood.163 DOD Directive 5000 requires that acquisition for all equipment and systems must follow a standard process which involves an examination of requirements, safety testing, developmental testing, and operational testing.164 However, the acquisition for an information system sometimes requires the same processes as that used for acquiring a major weapons system. For a critically needed system, an operational needs statement (ONS) can sometimes shorten the debate about requirements, and also shorten the traditional testing process, thereby speeding acquisition and deployment of critical systems to warfighting units. Also, in some circumstances, to reduce delays in deployment of critical equipment and systems, the Secretary of Defense was given rapid acquisition authority to waive all federal acquisition regulations for acquisition of equipment.165 Some observers have suggested that another possibility for speeding up the process for acquisition and deployment would be to give Combatant Commanders limited acquisition authority. For example, the United States Special Operations Command (SOCOM) already has been granted acquisition authority, and reportedly they use it efficiently, and find they are able to buy off-the-shelf technologies to meet some requirements.166 Future research into areas such as nanotechnology will likely lead to radically new innovations in material science, fabrication, and computer architecture. However, the basic research to develop new technologies requires high-risk investment, and increasingly involves international collaboration. Maintaining a U.S. military advantage for NCO may require stronger policies that encourage domestic education in science and high-technology, and that nurture long-term research that is bounded within the United States private sector, universities, and government laboratories.167 (1) Technologies: Is DOD making sufficient investments for R&D in nanotechnology? Nanoscience may fundamentally alter military equipment, weapons, and operations for U.S. 162 Representatives Kline and Meehan, Congressional Hearing on Information Technology Issues and Defense Transformation, Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, April 6, 2006. 163 Paul Brinkley, Deputy Undersecretary of Defense, Congressional Hearing on Information Technology Issues and Defense Transformation, Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, April 6, 2006. 164 DOD Directive 5000.1, The Defense Acquisition System, May 2003, http://akss.dau.mil/dag/ DoD5000.asp?view=document&doc=1. 165 Lieutenant General Steven Boutelle, U.S. Army, testimony at the Congressional hearing on Information Technology Issues and Defense Transformation, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities Hearing, April 6, 2006. 166 Representative Saxton, Congressional Hearing on Information Technology Issues and Defense Transformation, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, April 6, 2006. 167 Gerald Borsuk and Timothy Coffey, Moore's Law: A Department of Defense Perspective, Defense Horizons, Center for Technology and National Security Policy, National Defense University, No. 30, July 2003. forces, and possibly for future U.S. adversaries. Does the Administration's plan pay sufficient attention to creating solutions to meet bandwidth requirements for implementing NCO? Latency, which is often caused by a bandwidth bottleneck, is an important complaint of warfighters. How do messages that are either dropped, lost, or delayed during transmission alter the effectiveness of Network Centric Operations? (2) Acquisition: All DOD acquisition programs require a key performance parameter for interoperability and for successful exchange of critical information.168 Development of some weapons in the past has rendered them obsolete by the time they are finally produced, sometimes 15 to 20 years later. Admiral Arthur Cebrowski, former director of the DOD Office of Force Transformation reportedly proposed that program development cycles be brought in line with those of commercial industry, which are typically measured in months and years, instead of decades.169 How does the traditional DOD long acquisition cycle keep up with new commercial developments for high technology?170 NCO enables the military to fight with smaller units, moving rapidly using "swarming tactics". Has DOD developed adequate joint doctrine for NCO? Do training exercises involve coalition partners with complimentary NCO capabilities? How do differences in NCO capabilities of other coalition partners affect U.S. warfighting capabilities? What are the potential risks of inadequately developed doctrine for joint or coalition operations using NCO? Does doctrine for NCO also stress civilian casualty prevention and protection? What are the changing requirements for finding and recruiting personnel who are qualified to operate high- technology NCO equipment? Finally, if terrorist groups become more local and smaller in size, will law-enforcement activities, coupled with good intelligence, displace military operations as a more effective pre-emptive strategy for the future, partly because it may be seen as less controversial? No bills have yet been introduced in the current congress that are directly related to network centric operations. This report will be updated as events warrant. 168 Lt. General Daniel Leaf, Vice Commander for U.S. Air Force Space Command, in U.S. Congress, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities, hearing, Military C4I Systems, October 21, 2003, http://www.cq.com. 169 Keith Phucas, "The New Military: Proposing Change," Norristown, Pennsylvania Times-Herald, November 28, 2003. 170 The Army Science Board recently completed a study of high-risk technologies that will be developed as part of the Army Future Combat System (FCS) program. The study identifies 7 major technology areas that will be emphasized throughout the FCS incremental acquisition strategy: joint interoperability, network survivability, bandwidth efficiency, smart antennas, software, transparent battle space, and systems reliability, https://webportal.saalt.army.mil/sard-asb/ ASBDownloads/FCS-Exec-Briefing.pdf. ¡ The Internet Protocol version 4 (IPv4) is the name of the digital signal transport protocol that has been used for global communications through the Internet since the 1970s. The U.S. military now uses several transport protocols for digital communications in addition to IPv4. However, DOD planners see a need for more network capabilities to support future NCO operations. By 2008, DOD is planning to convert digital military communications to use the newer Internet Protocol version 6 (IPv6) as the standard for all transmission through the Global Information Grid (GIG), and for all systems that are part of the Defense Information System Network (DISN) that will interoperate with the GIG. IPv6 technology is considered the next-generation Internet transport protocol, and all commercial network communications equipment (also heavily used by the military) will eventually transition to its use, and gradually reduce support for IPv4. This is because IPv6 offers advantages in speed, capacity, and flexibility over IPv4. For example, IPv6 will enable network users to more easily set up a secure virtual private network (also known as secure tunneling through a network) than with IPv4. Using IPv6, hardware devices can be attached to a network and configured more easily, which will also provide mobile users with easier and faster access to network services.171 However, because use of IPv4 is so firmly embedded in the commercial systems now used in the United States, the transition for the civilian communications infrastructure in other countries may go more smoothly and quickly. This is because new communications infrastructures now being built in other countries will use the newest equipment with IPv6 capability already built in. This may also mean that much of the talent for managing the new IPv6 technology may eventually belong to technicians and programmers who reside in countries outside the United States. Research has shown that regional agglomeration of technical expertise increases active sharing of tacit knowledge among groups of innovators.172 Some of that tacit knowledge may also include sharing of information about newly-discovered vulnerabilities for the IPv6 technology. What follows is a brief explanation of some technical differences between IPv4 and IPv6, and a discussion of possible economic and security issues related to the coming transition to the new Internet protocol. Information is sent through the Internet using packets (approximately 4000 digital bits per packet), and which include the address of the sender and the intended destination. Internet Protocol version 4 (IPv4) has been used globally since before 1983. However, IPv4 information 171 Brian Robinson, "IPv6: Built for Speed," Federal Computer Week, August 30, 2004. 172 Geographic concentration of information technology employment increases labor productivity among IT workers. Research indicates that geographic proximity matters most where tacit knowledge plays an important role in the generation of innovative activity, and tacit knowledge does play an very important role during the early life cycle of an information technology system. Christian Le Bas and Frederic Miribel, "Is the Death of Distance Argument Relevant: The Agglomeration Economies Associated with Information Technology Activities," http://www.ish-lyon.cnrs.fr/labo/ walras/Objets/Membres/Miribelebas_paper.pdf, p. 20. packets are designed to carry an address in a 32-bit field, which means that IPv4 can only support approximately 4,000,000,000 Internet devices (computers, routers, websites, etc.). With Internet access expanding globally, and with more types of equipment now using Internet addresses (e.g., cell phones, household appliances, and PDAs) the number of Internet addresses needed for connected equipment could soon exceed the addressing capacity of the IPv4 protocol. For example, slightly more than 3 billion of the 4 billion possible 32-bit IPv4 addresses are now allocated to U.S.-operated ISPs. In contrast, China and South Korea, with a combined population of more than 1.3 billion, are allocated 38.5 million and 23.6 million respectively. Therefore, Asian counties are especially interested in the possibilities that come with adoption of IPv6. Internet Protocol version 6 (IPv6) quadruples the size of the address field from 32 bits to 128 bits (IPv1-IPv3, and IPv5 reportedly never emerged from testing in the laboratory). IPv6 could theoretically provide each person on the planet with as many as 60 thousand trillion-trillion unique Internet addresses. Theoretically, by switching to IPv6, humanity will never run out of Internet addresses. IPv6 is also believed to be more secure than IPv4 because it offers a feature for encryption at the IP-level. However, several drawbacks may slow the global adoption of the IPv6 standard. Switching to IPv6 means that software applications that now use Internet addresses need to be changed. Every Web browser, every computer, every email application, and every Web server must be upgraded to handle the 128-bit address for IPv6. The routers that operate the Internet backbone now implement IPv4 via computer hardware, and cannot route IPv6 over the same hardware. By adding software to route IPv6 packets, the routers will operate more slowly, which may cripple the Internet. Alternatively, upgrading and replacing the hardware for millions of Internet routers would be very costly. IPv4 also uses a technology feature called Natural Address Translation (NAT) which effectively multiplies the number of IP address that may exist behind any single firewall. This technology trick is widely employed within the United States, and its usage also adds an extra layer of security to both commercial networks and home PC networks that have a router. NAT allows a home user to connect multiple PCs to their home network, so they all can share a single IPv4 address behind the router/firewall. By using NAT, it is possible, and certainly much cheaper, to put off or ignore the problem of running out of IPv4 addresses. At least temporarily, in the United States, most technologists prefer sticking with NAT rather than switching over to IPv6. Also, despite the new feature that allows IP-level encryption, there may be new security problems associated with converting to IPv6. Whenever new code is deployed onto computers, undiscovered bugs are usually soon discovered through study and repeated experimentation by hackers. Therefore, IPv6 may well hold security surprises that the designers have simply not found through extensive testing. And because switching over to IPv6 will be a global undertaking, some of the newly discovered security problems could possibly become critical, and even threaten the functioning of the Internet itself. IPv6 also offers other technical advantages over IPv4. For example, IPv6 makes peer-to-peer communication between individual computers much easier than with IPv4. This will make applications like Internet telephony and next generation multi-media groupware work much more smoothly. ¢ The opportunity to leapfrog past older Internet technology may someday result in increased expertise in newer technology for technicians and engineers who reside outside the United States. For example, countries such as India, North Korea, Iran, Pakistan, and Iraq that are now building new communications infrastructures for Internet commerce, may initially adopt the latest network switching equipment using the newer IPv6 technology, and thus leapfrog over IPv4. Meanwhile, industries in the United States, which are already heavily invested in older IPv4 technology, may remain tied to IPv4 using the NAT technology for a longer time. This is because NAT can extend the useful life of older IPv4 applications, and can defer the cost of conversion by transferring that cost to the ISPs, who would then set up gateways to translate between all IPv4 and IPv6 Internet traffic going into and out of the United States. The U.S. could then become divided from the technology used in the rest of the world, at least for a while, by an IPv4/IPv6 difference that is similar to the U.S./metric divide we see today.173 U.S. military forces, to save time and expense, sometimes connect staff at multiple locations to the DOD secure SIPRNET network by using an encryption technique known as tunneling, which lets users traverse a non-secure network to access a top-secret one. For example, Marine Corps staff recently began using tunneling through the non-classified NIPRNET to extend the DOD classified SIPRNET to 47 sites in the Marine Forces Pacific Command.174 However, during OIF as much as seventy percent of NIPRNET traffic reportedly was routed through the civilian communications infrastructure. This means that when there is need for a high volume of U.S. military communications, security may be partly dependent on reliability of IPv6 equipment found in the civilian infrastructure and in commercial satellites.175 Countries with emerging communications infrastructures, and purchasing the latest commercial network equipment, may also be the home countries of those best able to exploit IPv6 technical vulnerabilities. If this includes countries where the United States may be involved in military activity, hostile groups with appropriate technical knowledge of IPv6 vulnerabilities may be positioned to attempt to interfere with U.S. military communications. 173 Simson Garfinkel, The Net Effect, January 7, 2004, http://www.simson.net/pubs.php. 174 Dan Cateriniccia, "Marines Tunnel to SIPRNET," FederalComputerWeek, December 9, 2002, http://www.fcw.com. 175 Christopher Dorobek and Diane Frank, "Dod May Pull Key Net from the Internet," InsideDefense, December 26, 2002, http://www.insidedefense.com. ¡ Differing interpretations of what is known as "Metcalfe's Law" may lead to different priorities for acquisition and deployment of NCO technologies, systems, and equipment. In the past, some observers have stated that according to Metcalfe's Law, "the `power' of a network is proportional to the square of the number of nodes in the network."176 Proponents of NCO in the past have also stated that network centric computing is governed by Metcalfe's Law, which asserts that the "power" or "payoff" of network-centric computing comes from information-intensive interactions between very large numbers of heterogeneous computational nodes on the network.177 However, Metcalfe's Law observes that the potential value of a communications network increases (or scales) as a function of the square of the number of nodes that are connected by the network. After some deliberation, many of the same proponents now argue differently about the applicability of Metcalfe's Law to NCO, saying that it only provides insight into the fact that the "value" of a network to its users depends mainly on the interaction between the following:178 1) content, quality, and timeliness of information interactions enabled by the network; 2) network-enabled, value-creation logic; and 3) user-value functions. These proponents further state that NCO does not focus on network-centric computing and communications, but rather on information flows and the nature and characteristics of battlespace entities. However, it is also noteworthy that other military observers now propose a corollary to Metcalfe's Law: the complexity of a system is proportional to the cube of the number of nodes, and the reliability of a system is inversely proportional to its complexity.179 In line with this corollary, some observers propose that different types of networks could have indirect limitations that may begin to appear as those networks reach very large numbers of nodes. Briscoe et. al. (2006) use observations of the rise and fall of Internet companies to propose that use of Metcalfe's Law to predict organizational success can sometimes result in organizational damage, if expectations are set too high.180 Other observers agree, stating that, with 176 Col. T.X. Hammes, War Isn't A Rational Business, Proceedings, U.S. Naval Institute, July 1998, http://www.usni.org/Proceedings/Articles98/PROhammes.htm. 177 Vice Admiral Arthur Cebrowski, John Garstka, Network-Centric Warfare: Its Origin and Future, Proceedings U.S. Naval Institute, January 1998, http://www.usni.org/Proceedings/Articles98/PROcebrowski.htm. 178 David Alberts, John Garstka, Frederick Stein, Network Centric Warfare: Developing and Leveraging Information Superiority, 2nd edition, February 2000, pp. 103, 252, 265. 179 Col. T.X. Hammes, War Isn't A Rational Business, Proceedings, U.S. Naval Institute, July 1998, http://www.usni.org/Proceedings/Articles98/PROhammes.htm. 180 Bob Briscoe, Andrew Odiyzko, Benjamin Tilly, Metcalfe's Law is Wrong; Communications Networks Increase in Value as they Add Members--but by How Much? The Devil is in the Details, IEEE Spectrum, July 1, 2006, vol.43, no. 7. very large networks, other negative factors begin to emerge. For example, the number of messages increases beyond the capacity of the reader to handle. Many network users may then see a strong need to operate within a "less-noisey" network by using editors, moderators, or automatic filters to limit the number of messages.181 These observers agree that more research is need in the area of indirect limitations of networks. 181 Brad Templeton, The Opposite of Metcalfe's Law, Comments on IEEE article by Briscoe, Andrew, and Tilly, July 2006, http://www.templetons.com/brad/metcalfe.html. ¡ ¢ The Office of Force Transformation http://www.oft.osd.mil/ has indicated that DOD must continue to refine the rules and theory of network centric operations through simulation, testing, and experimentation. This section notes that although some experiences have shown that networking may increase certain advantages in warfare, other experiences may also indicate that relying on information systems can sometimes lead to unexpected results. Information-Age warfare is increasingly path-dependent, meaning that small changes in the initial conditions will result in enormous changes in outcomes. Speed is an important characteristic for NCO because it enables a military force to define initial conditions favorable to their interests, and then pursue a goal of developing high rates of change that an adversary cannot outpace.182 To this end, whenever data-links are employed between military units and platforms, digital information can be shared and processed instantaneously, which produces a significant advantage over other military units that must rely on voice-only communications. Examples that illustrate this advantage are found in several training exercises conducted in the 1990's between Royal Air Force jets equipped with data-links, referred to as Link-16, and U.S. Air Force jets with voice-only communications. A series of air-to-air engagements showed that the RAF jets were able to increase their kill ratio over the U.S. jets by approximately 4-to-1. Other training engagements, involving more than 12,000 sorties using 2-versus-2, or 8-versus-16, aircraft showed that jets equipped with Link-16 increased their kill ratio by 150 percent over those aircraft having voice-only communications. Similar results were seen in training exercises involving Navy and Army units equipped with new networking technology.183 However, some observers believe that important military decisions may not always lend themselves to information-based rational analysis.184 They argue that the military services, national security establishment, and intelligence community have not thoroughly studied the risks associated with a data-dependent military doctrine. Issues raised by these observers include the following: (1) Information flows may be governed by a diminishing marginal utility for added effectiveness. Quantitative changes in information and analysis may lead to qualitative changes in individual and organizational behavior that are sometimes counter-productive. (2) An information-rich, opportunity-rich environment may shift the value of the information, redefine the mission objectives, and possibly increase the chances for perverse consequences. 182 Dan Cateriniccia and Matthew French, "Network-centric Warfare: Not There Yet," Federal Computer Week, June 9, 2003, http://www.fcw.com/fcw/articles/2003/0609/cov-netcentric-06-09-03.asp. 183 John Garstka, "Network-Centric Warfare Offers Warfighting Advantage," Signal Forum, Signal Magazine, May 2003. 184 Martin Burke, Information Superiority Is Insufficient To Win In Network Centric Warfare, Joint Systems Branch, Defence Science and Technology Organisation, 2001, http://www.dodccrp.org/events/2000/5th_ICCRTS/cd/papers/ Track4/024.pdf. In 1999, large-scale army experimentation with better visualization of the battlefield resulted in surprises such as requests for up to five times the normally-expected amounts of ammunition. Instead of concentrating on only critical targets, the experimental army units were overwhelmed with the vast array of potential targets they could now see. The unprecedented requests for larger quantities of ammunition caused logistical failures. More information did not assure better decision-making, but rather it exposed doctrinal flaws.185 A similar effect was observed in later experiments conducted as part of the Network Centric Operations Conceptual Framework. Ammunition was expended at a faster rate, possibly because more information creates a target-rich environment. These observations imply a possibly greater demand for logistics support.186 Issues raise by other observers of data-driven systems are: (3) Reliance on sophisticated information systems may lead to management overconfidence. (4) Different analytical interpretations of data may lead to disagreements among commanders about who is best situated to interpret events and act on them. The past economic under-performance of many hedge fund organizations and other technology firms that have employed very sophisticated network centric management techniques may serve as examples to caution DOD against over-reliance on data-driven military information systems. For example, Long-Term Capital Management (LTCM), a highly-leveraged multi-billion dollar hedge fund, and Cisco Systems, a well-respected high-tech firm, both used sophisticated systems to track market conditions and expand their data-driven "situational awareness" to gain and maintain competitive advantage. However, in 1998 a U.S. government-led consortium of banks bailed out LTCM after its trading losses put the entire world's financial system at risk of meltdown. Also, in 2001 Cisco was forced to take a $2.25 billion inventory write-down. While there is yet no professional consensus explaining these poor performance problems, many analysts agree that the presumed excellence of information systems may have invited managerial over-reliance, and that over-reliance led to overconfidence. Executives may have ignored unambiguous external signals in favor of their own networked data.187 Finally, some believe that more information imposes a higher degree of accountability on actions. Failure to minimize casualties or protect civilians may be digitally reviewed and used to politicize flawed military decisions. These observers suggest that modern portfolio theory, Bayesian analysis, and Monte Carlo simulation are three quantitative tools that military decision makers should explore if they want the benefits of information transparency to consistently outweigh its costs. These tools could answer questions, such as: (a) if information were to be managed as a portfolio of investment 185 Robert R. Leonhard, "Principles of War for the Information Age," (Novato, CA: Presidio Press, 2000) p. 156, and p.224. 186 Dr. Kimberly Holloman, Evidence Based Research, Inc., "The Network Centric Operations Conceptual Framework," Presentation at the Network Centric Warfare 2004 Conference, Washington, DC, January 20, 2004, http://www.oft.osd.mil/library/library.cfm?libcol=2. 187 Michael Schrage, Perfect Information and Perverse Incentives: Costs and Consequences of Transformation and Transparency, Security Studies Program Working Paper, Massachusetts Institute of Technology, E38-600, May 2003, p.4. risks much as asset classes like equities, fixed income, and commodities, how would commanders diversify to maximize their returns; (b) what information asset classes would they deem most volatile; (c) what information would they see as most reliable; and (d) which information classes would be co-variant, and which would be auto-correlated?188 Clay Wilson Specialist in Military Information Technology cwilson@crs.loc.gov, 7-8748 188 Ibid, 15. ------------------------------------------------------------------------------ For other versions of this document, see http://wikileaks.org/wiki/CRS-RL32411