Thursday, March 06, 2008

Giving it Away On-Line?—Dissecting an OPSEC Case Study

A recent Air Force briefing suggests that an on-line forum revealed extensive information about the F-22 fighter, but much of the data was already in the public arena. Was it a violation of Operational Security (OPSEC)--or simply a veiled effort to discourage internet activity by military personnel?

Part II of II

By Nate Hale

In December 2007, a "vigilant witness" approached members of the Air Force Office of Special Investigations (AFOSI), the service’s clandestine investigative service. The "witness"—an AFOSI term for a confidential informant—voiced concerns about suspicious information regarding the F-22 stealth fighter, posted at a popular on-line forum about military and civilian aircraft.

The tip eventually mushroomed into an OSI inquiry. Monitoring the website—and its participants—government agents found literally hundreds of posts about the F-22, the Air Force’s newest fighter jet which incorporates sensitive, state-of-the art technology. By one estimate, posts on the stealth jet attracted new users to the forum, and generated almost 70,000 page views.

More disturbingly, the probe revealed that many of the posts had been written by an Air Force F-22 pilot. For more than 18 months, the pilot (who used the handle dozerf22) shared information about his aircraft and responded to on-line queries. That raised concerns about a potential breach of operations security (OPSEC), through the disclosure of sensitive data in a public forum—in this case, a website that could be easily accessed by potential adversaries, anxious to learn more about the F-22.

Concerns about the possible, on-line disclosure of critical data were recently summarized in an OPSEC case study, reportedly produced by the AFOSI, the Navy’s Criminal Investigative Service (NCIS), the FBI and the Department of Homeland Security.

According to a PowerPoint briefing based on their analysis, "Dozer’s" various postings provided a wealth of information on issues relating to the F-22, including aircraft "lot" numbers at different bases; the function of specific doors and flaps on the fifth-generation fighter; fuel loads and their impact on performance, the status of radar upgrades, and operational details about the jet’s weapons systems. A copy of the briefing--which is unclassified--was obtained by this blog.

But the study fails to address an essential question; how much of the information discussed by the F-22 pilot—and other forum participants—was already in the public domain, provided through press releases and media coverage, or through on-line comments on other web sites?

The answer to that question is surprising, and suggests that OPSEC concerns raised by the assessment may be overstated. Using search engines available to anyone the internet, In From the Cold found scores of references to the F-22, covering many of the topics addressed by Dozer at the aircraft site he frequented. That "discovery" tends to confirm something suggested by the various queries cited in the OPSEC study. Based on the tone and phrasing of their questions, any foreign "spies" on the forum were looking for confirmation of already-available information.

Consider a question about the Raptor’s lack of a Joint Helmet-Mounted Cueing System (JHMCS), which slaves the aircraft’s weapons to the pilot’s line of sight. The Air Force’s decision to forego this capability in the F-22 has been discussed publicly for more than eight years, and Aviation Week’s Bill Sweetman provided an update on the issue last June:

Most fighters today are available with a high off-boresight missile and its essential complement, a helmet-mounted display (HMD) to point it accurately at its intended victim. Big exception: the air-dominance F-22 Raptor. Plans to put the USAF-standard Joint Helmet Mounted Cueing System (JHMCS) on the Raptor were deferred some years ago, the intention being to use the JSF's bug-eyed helmet instead, but there is still no firm timetable for either that or the AIM-9X missile, leaving the F-22 as the only fighter limited to the old AIM-9M. Program executive vice-president and general manager Larry Lawson defers the question to the air force.

The most logical answer is that there is only so much money and only so many test assets available and that the USAF's priorities are elsewhere. Just getting under way are development tests of the GBU-39 Small Diameter Bomb, which quadruples the fighter's count of air-to-ground weapons and - launched a t high altitude and supersonic speed - gives it a 60-mile standoff range. Weapon releases are due late in 2008 and the SDB should enter service on the F-22 in 2010.

Similarly, another Aviation Week piece—from January 2007--detailed the F-22’s ability to locate mobile ground targets and share information with other platforms. The article was based on the fighter’s first deployment outside the CONUS--to a major exercise in Alaska. Aviation Week writers David A. Fulghum and Michael J. Fabey were invited to watch the exercise, and they interviewed a number of participants. From their report:

The F-22's advanced electronic surveillance sensors also provided additional awareness of ground activity.

"I could talk to an EA-6B Prowler electronic attack crew and tell them where a surface-to-air missile site was active so they would immediately know where to point their electronic warfare sensors," Tolliver says. "That decreased their targeting time line considerably."

In addition, the F-22 can use its electronic surveillance capabilities to conduct precision bombing strikes on emitters--a capability called destruction of enemy air defenses.

"And future editions of the F-22 are predicted to have to have their own electronic attack capability so that we'll be able to suppress or nonkinetically kill a site like that," he says.

The same account described the Raptor’s impressive abilities in air-to-air combat, providing details sought by questioners on the aviation forum:

The F-22 is proving it's a dogfighter after all.

While it wasn't part of a hard-turning furball, an F-22--with its Amraams and Sidewinders expended--slipped into visual range behind an F-16 and undetected made a simulated kill with its cannon during the stealth fighter's first large-scale exercise and deployment outside the continental U.S.

Those and other revelations about the F-22's emerging capabilities are increasingly important as the first combat unit, the U.S. Air Force's 27th Fighter Sqdn., begins its initial Air Expeditionary Force deployment this month to an undisclosed site. And the first F-22 unit, the 94th Fighter Sqdn., will participate in Red Flag in February.

The gun kill is a capability Air Force planners hope their F-22s won't use. The fighter is designed to destroy a foe well beyond his visual and radar range. Within visual-range combat and, in particular, gun kills are anachronisms. In amassing 144 kills to no losses during the first week of the joint-service Northern Edge exercise in Alaska last summer, only three air-to-air "kills" were in the visual arena--two involving AIM-9 Sidewinders and one the F-22's cannon.


With its high-resolution radar, the F-22 can guarantee target altitudes to within a couple of hundred feet. Its ability to identify an aircraft is "sometimes many times quicker than the AWACS," he says. "It was a combination of high-resolution sensors and being closer to the targets."

The F-22's radar range is described only as being more than 100 mi. However, it's thought to be closer to 125-150 mi., which is much farther than the standard F-15's 56-mi. radar range. New, active electronically scanned radar technology--optimized for digital throughput--is expected to soon push next-generation radar ranges, in narrow beams, out to 250 mi. or more.


In Alaska, because the F-22 remained far forward at high altitude, with an advanced radar it could monitor rescue missions that the AWACS 150 mi. away could not. "We could see the helicopters down in the valleys and protect them," Tolliver says.

In addition to AWACS, the F-22 also can feed data to the RC-135 Rivet Joint signals intelligence aircraft to improve situational awareness of the battlespace.

"If a Rivet Joint is trying to get triangulation [on a precise emitter location], he can get more [voice] information" from an F-22, Keys says. "If an AWACS sees a heavy group 40 mi. to the north, Raptor can come up and say it's two F-18s, two F-15s and four F-16s."

It also proved easy to find information on another forum topic—Dozer’s planned move to a new assignment. In June 2006, an Air Force press release identified him as the commander of the "Ready Elmendorf" detachment, who would command the first F-22 squadron at the Alaskan base.

There were also multiple references to aircraft tail numbers and production lots—two other bits of sensitive information identified in the OPSEC study. A Lockheed-Martin media release from March 2002 listed the tail numbers and delivery location for aircraft in Production Lot 3. The highly popular defense site has even more information the F-22 production schedule, including the number of aircraft in each lot.

With that information—and a January, 2007 entry from, it was possible to calculate the introduction of Active Electronically Scanned Array (AESA) radars in the F-22 fleet, and the number of aircraft with that capability. Those sources—and others—were the first to report what Dozer later confirmed; incorporation of AESA technology in the Raptor began with Lot 5 jets.

Google and Yahoo searches also turned up substantial reporting—and speculation—about reported training between the Raptor and Royal Air Force Eurofighter Typhoons. According to various accounts, the Typhoons deployed to Nellis AFB, Nevada in 2005, and participated in mock dogfights with the F-22, with (supposedly) surprising results. Aviation Week provided a summary of the event in its October 3, 2005 issue:

Unconfirmed reports--that is, rumors-- making the rounds in European aerospace industry circles contend that Royal Air Force Eurofighter Typhoons, temporarily operating from Nellis AFB, Nev., were able to pick up U.S. Air Force F/A-22s on their radars, stealth notwithstanding. Similar reports appeared during the 1991 Iraq war concerning the ability of British ships, using large radar arrays, to detect the F-117 and, in later conflicts, the B-2. U.S. officials confirm that the Typhoons were at Nellis to fly with the 422nd Test & Evaluation Sqdn. However, they discount that the Typhoons had seen an F/A-22 in full-configuration stealth. First, they say, the Typhoons and F/A-22s were never in the air at the same time. Second, the F/A-22s always have an enhanced signature for positive air control, except when they go to war or when the range has been cleared for F/A-22-only operations"

Other unclassified sources offered details on the Raptor’s supercruise abilities. Then-Air Force Chief of Staff General John Jumper alluded to the jet’s performance after a 2005 flight:

"Today I flew the Raptor at speeds exceeding (Mach 1.7) without afterburners," General Jumper said. "To be able to go that fast without afterburners means that nobody can get you in their sights or get a lock-on. The aircraft’s impressive stealth capability, combined with its super cruise (capability), will give any adversary a very hard time."

An F-22 pilot at Langley AFB, Virginia was even more revealing. As he told Defense Daily in February of last year:

Raptor pilots are cleared to fly the aircraft up to Mach 2.0 and altitudes up to 50,000 feet, he said.

"To be able to operate at those altitudes at milpower is not something I am used to in an Eagle," he said.

This combination of speed and altitude offers advantages when firing one of the F-22's complement of air-to-air missiles, such as Raytheon's [RTN] AIM-120 Advanced Medium-Range Air-to-Air Missile (AMRAAM), against an opponent, he said.

"If I am at 50,000 feet and going Mach 2, that AMRAAM loves that. It will go forever and it will give [the missile] increased endgame energy," he said.

Other open-source publications suggest that the Raptor can operate at altitudes approaching 65,000 feet.

For virtually every example cited by the OPSEC study, it was possible—with only a little effort—to find other sources that provided as much (if not more) information on questions addressed by the F-22 pilot in the on-line forum.

And, that doesn’t account for intelligence gathering by our adversaries. In some cases (say Dozer’s comments about F-22s pulling alert at Langley), such claims could be confirmed by spy satellites, which could spot aircraft configured for alert duty.

The same holds true for assessments on the Raptor’s various external features. The aircraft has appeared at numerous airshows that are open to the public, with ample opportunities for close-up photography. U.S. intelligence agencies have devoted considerable resources to such collection efforts in the past; there is no reason to believe that our adversaries don’t engage in similar efforts, using hand-held photos, along with classified data, to determine the capabilities and performance features of American aircraft.

So, if much of the information discussed by Dozer on-line was already available in other sources, why did four government agencies devote considerable time (and effort) to their OPSEC study?

For one thing, it’s their job. Ferreting out security threats in cyberspace represents a growth industry, particularly for organizations like the AFOSI and NCIS. The F-22 incident could be used to justify greater on-line surveillance of military personnel and IT systems—and the budgets needed to support that mission.

Secondly, there is little doubt that web sites, chat rooms and discussion boards represent a security risk. Sometimes, the simple confirmation of a bit of data can save time and money for hostile intelligence powers, or allow them to focus collection on higher-priority targets. "Waaay too many spies on this forum," observed one poster, questioning the disclosure of F-22 information on the discussion board.

But the Raptor case also highlights the conundrum facing the Air Force and other military organizations in the information age. While the service can limit or block internet access on its own systems, personnel can still access—and participate--in blogs, chat rooms, message boards and other forums from computers at home, in libraries or other locations.

Faced with that reality, the USAF has imposed even tighter information restrictions. Last month, the service began blocking virtually all websites with "blog" or "blogspot" in their URL. The service maintains that blogs are not legitimate news outlets, and shouldn’t be available to airmen at work.

By comparison, the U.S. Army takes a slightly more liberal approach, allowing soldiers to blog, but mandating that commanders approve their posts before publication. However, the Army has also banned access to many blogs and other websites through its computer systems.

While the military has long maintained that individual blogs and other internet venues pose a security risk, that claim runs counter to the Pentagon’s own data. Last August, Noah Shachtman of the defense site The Danger Room published results of an Army OPSEC audit, which revealed that official military sites pose a far greater security threat than blogs:

The audits, performed by the Army Web Risk Assessment Cell between January 2006 and January 2007, found at least 1,813 violations of operational security policy on 878 official military websites. In contrast, the 10-man, Manassas, Virginia, unit discovered 28 breaches, at most, on 594 individual blogs during the same period.

The results were obtained by the Electronic Frontier Foundation, after the digital rights group filed a lawsuit under the Freedom of Information Act.

Against that backdrop, opponents argue, the military needs a more coherent policy on internet activity and information sharing. As illustrated by the case of the F-22 pilot, members of the armed forces will inevitably find a way to blog, or share their thoughts on-line, regardless of "official restrictions" or other forms of discouragement.

Rather than trying to deflect the information tsunami, critics say it might be easier for the military to set realistic guidelines for on-line activity, and train personnel to required standards.


halojones-fan said...

It's a bit funny that you're writing a column about OPSEC and citing AvLeak as a positive example.

I think that you're taking the wrong direction, here. Confirmation is information, and it has value. People can "speculate" all the want, but having someone confirm their speculations is just like telling them in the first place.

So yes, people had been "discussing" the HMS for eight years; but (presumably) the specifics of Dozer's statements regarding it were not yet common knowledge. Sure, it was in "the press", but Dozer wasn't saying "I read this in the papers", he was saying "I know this because I work on the F-22".

Mrs. Davis said...

If what Dozer did was so bad, why is he still in the USAF?

Storms24 said...

Thought you would get a kick out of the latest BlueCoat msg .mil users get when trying to access your website:

Access Denied (content_filter_denied)

"Your request was denied because of its content categorization: "Newsgroups/Forums"
If this site is required for official government business, please contact your local NCC/Helpdesk to submit a BlueCoat Excpetion Request."

"Your request was categorized by Blue Coat Web Filter as 'Newsgroups/Forums'.
If you wish to question or dispute this result, please click here."

Note the spelling.... Amazing that AF is willing to spend huge $$$ on a website filter, but can't even use a simple spell check! If this is an example of the direction and leadership CyberCommand is producing, we are in for a lot of trouble!

DRPK said...

That presentation WAS NOT from any official AF/DOD investigation. It was simply a power point presentation with some impressive JPEG's patches of FBI, NSA, Dept. of Justice and Homeland security on the title page …They had NO part in it!! That “presentation” came from a lone OSI Agent from Davis Monthan (DM) AFB, NOT some all encompassing DOD investigation. That "agent" took it upon himself to make a slanderous, misleading, and false hit piece. The facts:
- "Dozer" was ordered, by several General Officers, to be the F-22 Spokesman and use “any and all media,” INCLUDING THE BLOGISPHERE, to blunt negative press during at a time when the F-22 program was in peril
- Everything said was open source…HE DID NOTHING WRONG, he obeyed orders!
- He is an American Patriot who does not deserve having his name dragged through the mud like this!

Don't believe me? Check it out yourself, call The OSI at DM and ask them…I trust this Blog and its members have the integrity to do that. Oh, by the way, heads are rolling at the OSI over this character assassination…that’s where the REAL story is!

DM Operator 520-228-1110 ask to be connected to the OSI office.

Storms24 said...

DRPK - I hope you've got it right because this whole thing smelled from day one. As I mentioned on Day One, Dozier's was a demo pilot and his numerous interactions with the public, industry, and politicos (in both MSM and non-traditional media outlets) was wholly blessed by AF hierarchy.

Though I have a lot of respect for a GS-1811, in this case the pooch was royally screwed.

DRPK said...

Yes Sir it's correct. On the surface that presentation looks like, just what the author of this blog presented, an official investigation into criminal wrong doing...but it's not, it’s (IMO) a intentional political hit piece. One slide actually encourages the reader to Google "DOZER F-22" to find the person's real identity, has anyone in the legal world ever heard of that? clearly an intentionally smear attempt. People dutifully forward it on without checking the facts...and we wind up with stories like this. Now the very few people that know him and have the facts are trying to save his reputation. Many of us are waiting for Senior AF leadership to come out with some kind of a statement or response. I understand this has gone all the way to the SECDAF/CS.

Some additional info; there WAS an investigation…for about 15 minutes. When the OSI at an F-22 base received the data and contacted the people who own program they learned there was no violation. UNFORTUNATLY that was after that IDIOT at DM made his slides and forwarded it to the world. He knew NOTHING of the F-22 program, he was IGNORANT on what could/could not be said and fired off his hit piece before ANY questions were answered.

I strongly encourage the author of this piece to call the OSI at the number above and check the facts. After he gets the answer he can print a retraction blogg to help save a good man and perhaps prevent legal action.

Signed…a VERY pissed-off AF member in the F-22 program who has to deal with the fall-out from this crap.

halojones-fan said...

I should admit, at this point, that all I know about this subject is what I've read here at this blog.

Storms24 said...

Looks like the backlash has begun? Snippet from email currently being distributed throughout USAF:

"From Col XXXXXXXXX, AFOSI Region 2 Commander:

If anyone in 2FIR comes into contact with any version of briefings titled "Cyber OPSEC: An F22 Case Study" do not distribute them and delete them.

In addition, if you come into contact with anyone who has any version of this briefing advise them to not distribute it and to delete it.

Please - if you have disseminated the F22 brief, forward this message."

Anonymous said...

I am currently in the Air Force, and I can assure you that the slides are in fact true and were created by the Air Force for purposes of educating its members to not do something like this again. As stated eariler, regardless of wither or not info is already public, having someone on the inside confirm things that are speculated about is a breach in OPSEC. In the military things are considered as OPSEC when they are not classified but could still cause potential harm. That is the case here.

patriot.100 said...

If this brief is true then why is the OSI in a full scramble to get this briefing retracted as fast as possible? I'll tell you why.

The OSI defamed the character of an honorable officer who did what he was told (by several GO's and you don't say no to that), and did that job well (helping to sell the F-22 to the public because it was his job as the F-22 airshow pilot). There's ALWAYS validity in worrying about security, but you DON'T defame a person when doing it, you DON'T violate the SAME Opsec rules you're making the brief about (put a whole lot of identifying data, FOUO information, and personal privacy data out to the WORLD via the internet). That's absolutely insane, who in their RIGHT mind can possible agree with how this was done and what has happened to this guy? And not the least of which they obviously twisted the truth and biased the brief in such a way as to make the pilot LOOK guilty when in fact the truth is a whole lot different than what this brief potrays. For example he writes a whole lot of questions asked of Dozer, but the answers he then shows that Dozer gives have nothing to do with the "sensitive" questions he shows were asked, why? Because Dozer didn't answer them, that's usually called lying to make your point.

Or to many of you I guess maybe this means the ends justify's the means? So the OSI can break the rules but no one else can?

And if the information wasn't classified, as has been now shown by the OSI's own admission after two investigations, but was even sensitive (that seems to be the new buzzword now since classified isn't working anymore to crucify this guy), then aren't the air force, the US government, and the contractors guilty of already having released, discussed and presented this information to the world? How come "they" aren't being talked about or held accountable? Aren't "they" all on the "inside" as you suggest? Or are senior officials excused? Seems to me like this pilot has become the quintessential scapegoat (ESPECIALLY after being told to do what he did, talk about being between a rock and a hardplace).

This whole thing smells of covering their tail to protect a major screwup on the OSI's part by allowing this to happen.

It is a travesty that the air force has allowed this to happen to anyone, especially someone who by all appearances has done nothing wrong other than try to do what he was told and is a pilot who has honorably served his country for so long.

Seems to me this "reminder" of opsec could have occurred without pinpointing or slandering an individual but could have been done discreetly to show the point. However it has gone way over the line, look at the nightmare this has turned into for the air force, what an embarrassment.

I hope someone steps up to his defense. If not, I have lost all respect for the brass in the air force to let something like this happen to one of their own. I also hope someone in the OSI is being appropriately reprimanded for defaming the character of an officer and breaking the very rules they purport to uphold by putting together and then sending out this brief.

aliens said...

is a costim work dissecting an opsec is very nice

Online and Offline projects