Life is a balance. And nothing is cut and dried when it comes to security. We try to resolve many recurring questions. We create policy, regulation, and guidelines. But we cannot make a regulation for all contingencies. This is why we need cool-headed security professionals. We need people who can make wise judgements.
The Impact of Inadequate Testing on Classified Projects
The U.S. Navy dropped sonobuoys at sea. These devices were made to detect adversarial submarines, and broadcast back to roving S-3 antisubmarine aircraft. The enemy subs would then fall into our tracking system, even though they were well out to sea. Far enough, they thought, to be outside any radar detection by surface ships. The S-3s were on aircraft carriers. The equipment was tested in American lakes; the buoys worked quite well. The aircraft listening equipment worked well too. The devices were taken to sea. Nothing was recorded at sea. Seems the S-3 landings on the aircraft carriers were too abrupt, excessively tough on the monitoring equipment. The landings were rough enough to render the monitoring devices inactive. A great advance in submarine-listening capability suffered as a result of lack of adequate testing under actual conditions.
Balancing Failure and Guarding Information
Before every classified exercise security concerns are introduced. We want as few people to know about a test as possible. Sometimes, though, we have to balance what might be revealed to what can be learned. Tests of a proximity fuse on torpedoes worked like a charm. They exploded under a passing ship, requiring only to be near, not to hit, a target. Taken to the Pacific, this closely held secret failed when fired by our submarines. Why? We hadn’t taken it outside the cold Atlantic testing area. Warm Pacific waters caused its electronics to fail. Thus, fewer people knew about the secret testing, limited as it was to East Coast specialists. Upon deployment, failure. Failure happened because over concern with knowledgeability had prevailed over realistic testing. We learn too, however, that espionage is not always paramount. No spy had done this to us. We did it to ourselves. In fact, some years later a Soviet spy would steal American aviation proximity fuses, piece by piece, from factory discards. Reconstructed, the Red Air Force had our latest firing capabilities. They were stolen upon completion, although presumably they worked quite well, our having overcome earlier naval proximity failures. All our research and development studies, to include corrected failures, were stolen. Can we say all because of too-overly cautious security practices?
Ukraine is a Prime Example
We wonder at how all the new weapons systems of the world are tested in limited war zones. Ukraine today is a prime example. We can only speculate on all the technology being tested in real time combat conditions. We can observe new developments in armor, electronics, and a host of other weapons’ physics in every photograph sent back from the front lines. Nowadays, we who protect secure systems cannot be content to believe an exploded device can’t be reconstructed. Indeed, they can’t even be hidden. Whole companies now make good money studying battlefield photos and film. They are remarkably ingenious in where they get their information, soliciting even average soldiers for their private photographs. They conclude, often quite accurately, the current status of various military developments. This employment of on-the-ground real world testing dates at least to the Spanish Civil War. German aircraft pilots learned coordinated pattern bombing there, at Guernica. The terror value of single-bomb terror tactics by screaming Stuka dive-bombers was noted. Indeed, the successful British air raid on the Italian port of Tarranto was carefully studied by Japanese military attaches who sent home their reports to Tokyo. These same techniques were employed when the Japanese attacked Pearl Harbor shortly thereafter.
New Technologies and New Risks
Security professionals who seek to protect our capabilities face a massive new avalanche of technologies available to adversaries. It doesn’t mean that we can shy away from adequate testing. We need to be aware of what can be seen, heard, or sensed through study of adversarial capabilities. Knowing this, we can advise appropriately. No one ever won the next conflict sitting on his laurels. Yes, the only valuable systems are those which are used to effect. However, we need to be sure we don’t provide something useless because we didn’t test it properly. There are those counting on our secret equipment to keep them alive. Be sure all tests are done to make this happen in realistic environments. Don’t make security the reason we don’t do something because we couldn’t take an informed, calculated risk.
