The Chinese Ministry of State Security intelligence service disclosed in October that the U.S. National Security Agency has been engaged in a three-year cyber campaign to break into the official National Time Service Center.
The center is located in the north-central city of Xian. It provides precision time services that state media say are vital for military systems, communications, finance, electricity, transportation and mapping.
The NSA had no comment on the report, but defense analysts say the Chinese report is a significant clue to one of the most secret programs in support of an advanced form of strategic missile defense called “left of launch.”
Left of launch refers to a timeline for using various military tools, such as cyberattacks that could cause missiles to blow up in silos when launch buttons are pushed, special operations commandos and on-the-ground sabotage after a missile is detected being readied for firing.
The project to conduct prelaunch attacks and sabotage of missile systems has been underway for at least a decade, and its elements are among the U.S. military’s most closely guarded secrets.
Asked recently how left of launch will be used in President Trump’s forthcoming Golden Dome defense system to prevent a missile from being fired, Space Force Gen. Michael A. Guetlein, vice chief of space operations, said cryptically: “Can’t talk about it.”
PNT satellite system
Gaining access to China’s central time system would provide a major advantage to the U.S. military and military intelligence services during a conflict by allowing hackers to disrupt missile strikes before launch or shortly after launch, known as the boost phase.
The time center is a key element of China’s BeiDou satellite navigation system, a copy of the U.S. GPS, which uses more than 35 satellites to provide the People’s Liberation Army with vital PNT — positioning, navigation and timing — for its missile systems.
The satellite system is said to provide “centimeter-level” precision and is linked to the National Time Service Center.
Theoretically, NSA cyber sleuths, by breaching the time center, could have planted malicious software inside the PNT data chain that could then be used for intelligence gathering on missile targets and providing false navigation parameters for missile strikes.
U.S. advanced artificial intelligence technology also could fashion prelaunch disruptions that could retarget Chinese missiles against Beijing.
A Chinese state media report on the NSA cyberattacks stated that control over timing is equivalent to “controlling the heartbeat of modern society.”
“Once the timing system is interfered with or hijacked, the consequences are unimaginable,” the online Chinese communications outlet C114 reported. It noted potential disruptions of financial markets, power grids, rail lines and military systems.
For missile systems, PNT is an essential element for real-time location, direction and precise time data used for accurate targeting, trajectory control and command and control.
“There’s no doubt that the best time to defeat a missile is before it’s launched,” said Todd Harrison, a defense expert with the American Enterprise Institute. “The most obvious way is to track and destroy the launchers and the command and control infrastructure and sensors that enable them.”
Conducting the attacks is difficult because of the distances involved and the risks of escalation.
Various non-kinetic tools can be used to defeat a missile “kill chain” before launch, including jamming sensors and communications, and cyberattacks on command and control systems, Mr. Harrison said.
Electronic disruptions before launch can produce uncertain effectiveness during combat, even if they initially produce impacts, because thinking adversaries will adapt and overcome the disruptions.
“The question for Golden Dome is how much relative effort the architecture puts toward left of launch versus other phases of flight,” Mr. Harrison said. “Left of launch will surely be part of the approach, but we still don’t know how much emphasis it will garner.”
Sensors and capabilities
Mr. Trump’s executive order on missile defense, signed in January, specifically calls for developing and deploying left-of-launch capabilities for Golden Dome.
The order states that in addition to deploying defenses targeting missiles in midflight and terminal phases, the new system must “defeat missile attacks prior to launch and in the boost phase.”
Gen. Stephen Whiting, commander of U.S. Space Command, said in September that left-of-launch defenses will provide a next-generation missile defense capability.
Prelaunch defenses are needed because enemy missiles are becoming more precise and more lethal, he said at a defense conference.
“We are seeing both the capacity and the capability of the threat missiles we’re now facing rapidly increase,” Gen. Whiting said at the annual Air, Space & Cyber Conference. “Just look over the last 18 months in the Israel-Iran conflict … multiple salvos of missiles, not single-digit missiles, not double-digit missiles. We’re talking triple-digit missile salvos paired with one-way attack drones.”
Gen. Whiting said current missile defenses are capable of providing warning and tracking of traditional ballistic missiles, but newer high-speed hypersonic maneuvering missiles and space-based hypersonic missiles are “incredibly destabilizing.”
“Our missile defenses have done broadly a good job during the most recent conflicts, but most of those are focused on terminal engagement,” the general said.
“We want to be able to push that engagement to the left, and eventually left of launch,” he said.
To conduct such prelaunch strikes, greater sensor integration is needed, and more sophisticated cyberattacks will be used to “drive capabilities that allow us to affect targets before they even begin to launch,” Gen. Whiting said.
Robert Peters, senior research fellow for strategic deterrence and The Heritage Foundation, said one of the more promising elements of the Golden Dome will be deploying better overhead sensors and coupling them with theater defense sensors. The advanced sensors will enhance homeland missile defenses by providing significantly greater awareness of when enemy missiles are being readied for launch, and then provide more accurate data once a missile is fired.
“This better integration of data and sensors greatly increases a state’s ability to intercept missiles before they hit their targets,” Mr. Peters said.
Launch preparations for solid-fuel missiles in silos, such as China’s new fields of more than 350 intercontinental ballistic missiles in western China, will be more difficult to detect before launch.
Mobile ICBMs moved out of garrison in preparation for launch have signatures that can be tracked more easily as part of left-of-launch defenses, Mr. Peters said.
“Golden Dome, if done properly, will invest heavily in these types of sensor architectures, not simply on more and more modern interceptors, as critical as those are,” Mr. Peters said.
Israel’s military conducted a series of left-of-launch strikes on Iranian missiles before the joint U.S.-Israeli bombing raid on Iran’s key nuclear facilities.
The Israel Defense Forces released videos of airstrikes on several Iranian mobile missiles that were blown up before they could be fired in retaliatory attacks.
Israeli forces also conducted sabotage operations inside Iran. They neutralized some key missile technicians in the days before the June raid on three nuclear facilities, according to an Israeli think tank report.
In addition to better sensors and increased cyberattack capabilities, special operations forces also will be developed for prelaunch strikes on targets.
Left-of-launch options
Lt. Gen. Sean Farrell, deputy commander of U.S. Special Operations Command, said special operations commandos are working on left-of-launch missile defense capabilities for missiles and drones.
“We have been working left of launch on behalf of the [Defense] Department to try to understand how we can get after the threats before they become a threat,” Gen. Farrell said at the conference with Gen. Whiting. “I think a lot of that will translate as well if we’re able to synchronize and plan together at the strategic level on where we can bring left-of-launch attention to a layered approach to homeland defense.”
The ultimate goal of the layered and integrated missile defense is to deploy an array of forces across all military domains that can detect, disrupt and potentially stop missile threats before they emerge.
Left-of-launch capabilities have been a topic within the Pentagon since at least 2014, when a memorandum was disclosed from Chief of Naval Operations Adm. Jonathan Greenert and Army Chief of Staff Gen. Ray Odierno to the secretary of defense warning that missile defense spending was “unsustainable” because of sharp defense cuts.
The two military leaders called for building more cost-effective left-of-launch capabilities.
Defense officials at the time said the research for left of launch included non-kinetic weapons, such as cyberattacks and electronic warfare, including electromagnetic pulse attacks against missile command and control systems.
These weapons would be used after missile launch preparations are detected. They would disrupt or disable launch controls or send malicious commands to cause the missiles to explode on their launchers.
In 2016, Adm. William Gortney, then commander of U.S. Northern Command, stated in prepared congressional testimony that most missile defenses are designed to intercept missiles after launch, using ground-based interceptors, mobile regional defenses and ship-based anti-missile systems.
“We need to augment our defensive posture with one that is designed to defeat ballistic missile threats in the boost phase as well as before they are launched, known as ‘left of launch,’” Adm. Gortney said.
Other potential boost-phase defenses could include high-powered lasers deployed on drones or aircraft that can strike missiles just after launch.
All current missile defense systems use kinetic kill interceptors that require precision targeting data to knock out high-speed warheads. They include Patriot, Terminal High Altitude Area Defense, or THAAD, and large Ground-Based Interceptors in Alaska and California, an Aegis missile defense based mostly on ships and in several ground locations.
The Golden Dome will deploy space-based interceptors for the first time, providing greater coverage against missile threats.
Kenneth Todorov, former deputy director of the Missile Defense Agency and now vice president at Northrop Grumman Missile Defense Solutions, said the company is working on left-of-launch capabilities and counter-hypersonic missile efforts.
“With decades of experience supporting mission-critical defense programs across the entire kill chain, the company is bringing to bear a portfolio of advanced, innovative capabilities from left of launch, through detection and tracking, all the way to assessment of kill, delivering mission agility in addressing the evolving hypersonic threat,” Mr. Todorov said on the Northrop website.
Patrycja Bazylczyk, associate director of the Missile Defense Project at the Center for Strategic and International Studies, said left-of-launch defenses include a broad category of kinetic and non-kinetic efforts to counter enemy launches. They can include strikes on missile launchers, jamming enemy communications or infiltrating a missile factory.
“Left-of-launch efforts are not alternatives to active missile defenses; they work in tandem, allowing U.S. forces to more effectively counter enemy action rather than merely respond to it,” Ms. Bazylczyk said.
This joint guide highlights important considerations for organizations seeking to transition toward more secure software development practices
Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development.
Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design.
CISA’s Secure by Design program advocates for integrating proactive security measures throughout the software development lifecycle, with MSLs as a central component. Consistent support for MSLs underscores their benefits for national security and resilience by reducing exploitable flaws before products reach users.
This joint guide outlines key challenges to adopting MSLs, offers practical approaches for overcoming them, and highlights important considerations for organizations seeking to transition toward more secure software development practices. Organizations in academia, U.S. government, and private industry are encouraged to review this guidance and support adoption of MSLs.
In addition to the product published today, CISA and the NSA previously released the joint guide, The Case for Memory Safe Roadmaps. To learn more about memory safety, visit Secure by Design on CISA.gov.
Please share your thoughts with us via our anonymous product survey; we welcome your feedback.
China on Tuesday accused three alleged employees of the U.S. National Security Agency of carrying out cyberattacks on the Asian Winter Games in February.
More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.
OpenAI has appointed Paul M. Nakasone, a retired general of the US Army and a former head of the National Security Agency, to its board of directors.
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
#APT28 #Computer #Credential #Escalation #Exploit #GooseEgg #InfoSec #NSA #Print #Privilege #Security #Spooler #Theft #Windows
Spy agency argues the practice is entirely legal — until a US court says otherwise
NSA Cybersecurity Director Rob Joyce said the spy agency has seen hackers use chatbots like ChatGPT to perfect their English for phishing schemes.
Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing.
"We must build a robust understanding of AI vulnerabilities, foreign intelligence threats to these AI systems and ways to counter the threat in order to have AI security," Gen. Paul Nakasone said. "We must also ensure that malicious foreign actors can't steal America’s innovative AI capabilities to do so.”
"Operation Triangulation" stole mic recordings, photos, geolocation, and more.
Learn how the U.S. National Security Agency (NSA) issued a joint cybersecurity advisory highlighting a cluster of activity it attributes to a People’s Republic of China (PRC) state-sponsored threat group.
I had covered this topic in my 2021 talk “In nation-state actor’s shoes” but after my recent blog post I saw again people referring to the EQGRP as the NSA which is not entirely c…
The National Security Agency (NSA) and partner cybersecurity authorities released a Cybersecurity Information Sheet today recommending that Microsoft Windows® operators and administrators properly
The U.S. government "kill[s] people based on metadata," but it doesn't do that with the trove of information collected on American communications, according to former head of the National Security Agency Gen. Michael Hayden.
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats.
Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network.
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million…
A Chinese security firm released a detailed report about what it says is malware created by Equation Group, a hacking group widely believed to be the NSA.
Bvp47 - a Top-tier Backdoor of US NSA Equation Group
