In what is seen as an anticipation of the expected expiration of the 2015 international agreement to limit its nuclear ambitions, Iran took steps to resume production of fissile material early this month, injecting uranium gas into centrifuges at its Fordo nuclear facility, the Military Times reports. US Secretary of State Pompeo was quoted by Reuters to the effect that “Iran’s expansion of proliferation-sensitive activities raises concerns that Iran is positioning itself to have the option of a rapid nuclear breakout," and that “It is now time for all nations to reject this regime’s nuclear extortion and take serious steps to increase pressure. Iran’s continued and numerous nuclear provocations demand such action.”
Iran is currently engaged in what remains, even after drone strikes against Saudi oil facilities, a low-level hybrid war against its regional rivals and those rivals' allies (especially the United States). Reuters reports that a high-level meeting in Tehran some four months before September's strikes against Saudi Aramco installations was urged, by leaders of the Revolutionary Guard, "to take out our swords and teach them," that is, the Saudis and their partners, "a lesson.” Iran's representatives at the United Nations deny that any such meeting took place, still less that any aggressive decision was taken, but then deniability is one of the defining characteristics of hybrid warfare. The US response to the drone strikes generally attributed to Iran has apparently been largely confined to cyber retaliation, and that, too, is one of the defining features of hybrid combat. Iran has itself stepped up its own offensive operations in cyberspace, Modern Diplomacy observes, as the Tehran-linked threat group Microsoft tracks as "Phosphorus" has shown increased activity against regional and Western opponents.
Space as an operational domain.
On November 20th NATO's foreign ministers formally voted to declare space an "operational domain," Defense News reports. That resolution will not commit the Alliance to weaponizing that domain, but it will make it easier for NATO to draw upon its members' space capabilities.
Following studies (noted here by Bloomberg) that outline an increasing challenge from peer and near-peer rivals to US space operations, Air Force leaders say they're resolved to change the way they do business so that the US will be able to maintain the dominance it's enjoyed since the end of the Cold War, Space.com reports. US Space Command (the combatant command not to be confused with the still-emerging Space Force) is, Air Force Magazine recounts, in the process of learning how to fight in this operational domain.
India's space agency acknowledges receipt of cyberattack warnings.
ISRO, the Indian Space Research Organisation, received warnings about the possibility of a cyberattack against September’s Chandrayaan-2 lunar mission. That flight was only partially successful: the orbiter functioned as intended, but control of the lander was lost during descent. The warnings are said, by the News Minute and various other Indian media outlets, to have been passed to ISRO by an unnamed American security company. The threat actor named was North Korea’s Lazarus Group, which has long been active against foreign targets.
The attack came at about the same time the Lazarus Group was also named as the principal suspect in an incident that affected the Nuclear Power Corporation of India Limited’s Kudankulam Nuclear Power Project, a summary of which may be found in the Washington Post. The Lazarus Group is best known for the financially motivated operations designed to address Pyongyang’s persistent, sanctions-induced, economic crisis, but according to the Indian Express, the malware believed to have been used against both ISRO and Kudankulam was a variant of DTrack, which is a known information-stealing tool.
In the case of Kudankulam, the malware infection was confined to business as opposed to plant control systems. What systems were affected at ISRO remains unclear, but the episode does highlight the vulnerability of space organizations to cyberattack.
Drone and counter-drone: threats, technologies, and authorities.
As drones become increasingly commodified, commercial tools readily accessible to any number of potential threat actors, a study by Booz Allen warns that they pose threats beyond both overhead imagery collection and kinetic strike. Those threats are undoubtedly real, and have seen recent operational use in the Gulf region, but drones also pose a cyber threat to poorly protected networks. They can readily serve as "rogue access points," that is, "initial network infection vectors," especially with respect to wireless protocols like Bluetooth. Bluetooth users have often approached security with benign neglect, since Bluetooth offers a relatively low-power, short-range capability. But drones, of course, can easily move close enough to a Bluetooth signal for their operators to gain access to a network. It's an updated form of the old practice of war-driving, when hackers would drive through a neighborhood scanning for unprotected WiFi networks. Booz Allen recommends dusting off old defenses against war-driving, and also that organizations extend their security perimeter, and their anti-drone perimeter, to the limits of their WiFi networks.
The UK Ministry of Defence's DASA (Defence and Security Accelerator) has allocated £1.8 million for the development of anti-drone capabilities, Infosecurity Magazine reports. DASA is aware of, and interested in addressing, the threat to networks Booz Allen pointed out, but they're interested in ways of denying drones access to any sort of sensitive airspace. The UK has been troubled by wayward drone activity near facilities like Gatwick Airport, where the mere presence of quite ordinary drones has on several occasions posed a threat to flight safety.
In the US, the Department of Homeland Security is also showing an interest in counter-drone technologies. Defense Systems reports that the Coast Guard is using authorities granted under last year's Preventing Emerging Threats Act to "develop processes and procedures for deploying anti-drone capability." The pilot program underway includes deploying radar and imaging systems that could detect and track drones with the ultimate goal of being able to "seize control of airborne contacts" (that is, seize control of drones) when such contacts pose a threat that warrants doing so.
Not all members of Congress agree that DHS actually has the authority under the Preventing Emerging Threats Act or the FAA Reauthorization Act of 2018 to do these things, according to Drone Life. They're particularly concerned about plans to give TSA Air Marshals the means and authority to neutralize drones operating over airports. Representatives Sam Graves (Republican of Missouri) and Mark Rogers (Republican of Alabama) wrote acting Homeland Security Secretary Wolf that "If Congress had wanted to provide specific C-UAS [counter-unmanned aerial systems) authority to TSA it would have done so in FAARA.”