The Complex

Surrounded: How the U.S. Is Encircling China with Military Bases

The U.S. military is encircling China with a chain of air bases and military ports. The latest link: a small airstrip on the tiny Pacific island of Saipan. The U.S. Air Force is planning to lease 33 acres of land on the island for the next 50 years to build a "divert airfield" on an old World War II airbase there. But the residents don't want it. And the Chinese are in no mood to be surrounded by Americans.

The Pentagon's big, new strategy for the 21st century is something called Air-Sea Battle, a concept that's nominally about combining air and naval forces to punch through the increasingly-formidable defenses of nations like China or Iran. It may sound like an amorphous strategy -- and truth be told, a lot of Air-Sea Battle is still in the conceptual phase. But a very concrete part of this concept is being put into place in the Pacific. An important but oft-overlooked part of Air-Sea Battle calls for the military to operate from small, bare bones bases in the Pacific that its forces can disperse to in case their main bases are targeted by Chinese ballistic missiles.

Saipan would be used by American jets in case access to the U.S. superbase at Guam "or other Western Pacific airfields is limited or denied," reads this Air Force document discussing the impact building such fields on Saipan and nearby Tinian would have on the environment there. (Residents of Saipan actually want the Air Force to use the historic airbases on Tinian that the U.S. Marines are already refurbishing and flying F/A-18 Hornet fighters out of on an occasional basis.)

Specifically, the Air Force wants to expand the existing Saipan International Airport -- built on the skeleton of a World War II base used by Japan, and later the United States -- to accommodate cargo, fighter, and tanker aircraft along with up to 700 support personnel for "periodic divert landings, joint military exercises, and joint and combined humanitarian assistance and disaster relief efforts," according to Air Force documents on the project.

This means the service plans on building additional aircraft parking space, hangars, fuel storage tanks, and ammunition storage facilities, in addition to other improvements to the historic airfield. And it's not the only facility getting an upgrade.

View Possible bases of the U.S.'s Pacific Pivo in a larger map

In addition to the site on Saipan, the Air Force plans to send aircraft on regular deployments to bases ranging from Australia to India as part of its bulked up force in the Pacific. These plans include regular deployments to Royal Australian Air Force bases at Darwin and Tindal, Changi East air base in Singapore, Korat air base in Thailand, Trivandrum in India, and possibly bases at Cubi Point and Puerto Princesa in the Philippines and airfields in Indonesia and Malaysia, a top U.S. Air Force general revealed last month.

The Saipan announcement comes as Chinese defense minister, Gen. Chang Wanquan, visited Washington to talk with U.S. Defense Secretary Chuck Hagel. The specific topic of U.S. bases in the Pacific didn't come up during a joint press conference held by the two officials on Aug. 20, but Wanquan said in response to a question about the U.S. military's increased focus on the Pacific that "China is a peace-loving nation. And we hope that [America's] strategy does not target a specific country in the region."

While the U.S. military insists that Air Sea Battle, and the military's entire pivot to Asia, isn't about China, these bases are indeed a check against any future Chinese expansion into the Pacific ocean, according to Anthony Cordesman of the Center for Strategic and International Studies.

"China will be much more discreet throughout the entire region because U.S. power is already there, it's visible; you're not talking theory, you're already there in practice," he said.

This will also reassure America's allies in the region that the U.S. commitment to the Pacific is legit.

"As part of this rebalancing to the Pacific, you have to show people it's real at a time when so much of U.S. power is increasingly questioned by our budget debates," Cordesman added.

Gen. Herbert "Hawk" Carlisle, commander of all U.S. Air Force assets in the Pacific, said that the United States is planning on operating tankers, fighters, and bombers out of a string of bases throughout the South Pacific and Southwest Asia. Like the sites at Tinian and Saipan, these facilities aren't slated for permanent occupation by American aircraft -- or at least that's what American commanders say. Instead, these sites will see a steady stream of U.S. and northern Pacific based units visiting on a regular basis.

"We're not gonna build any more bases in the Pacific" to support the U.S. Air Force's increased presence there, said Carlisle. And technically, he's telling the truth: no "new" bases, just expansions of existing airports and rebuilds of abandoned facilities like the sites at Saipan and Tinian. In fact, one of the fields being rebuilt by the Marines on Tinian is the place where the B-29 Enola Gay took off on its mission to drop the atomic bomb on the Japanese city of Hiroshima.

The refurbished airfields also hearken back to the Cold War era, when American units were constantly rotated in and out of Europe to keep the Soviets at bay. To counter a new foe, the Air Force will continuously deploy units based in the United States and the northern Pacific to a string of airfields in Southeast Asia.

"Back in the late, great days of the Cold War, we had a thing called Checkered Flag: We rotated almost every CONUS [Continental United States] unit to Europe," said Carlisle. "Every two years, every unit would go and work out of a collateral operating base in Europe. We're turning to that in the Pacific."

Not only does this dispersal allow the United States to hide its planes from destruction, it's also "a way to build up relations with partners in that part of the word," explains Jan Van Tol of the Center for Strategic And Budgetary Assessments, a Washington think tank that helped the Pentagon develop of the Air-Sea Battle concept. "It has to do with establishing interoperability, relationships, and experience in the actual areas" where the United States may have to fight.

When asked what other old bases the United States might consider expanding to, Van Tol said "people in different discussions will mention bases they might like to see, like Wake Island or, I think, Palau." Both feature the remains of American airstrips from World War II. Wake, in fact, already has a very limited American military presence. Meanwhile, Palau has openely invited the U.S military to return and use one of its World War II airstrips there. 

Cordesman says the U.S. is likely looking at a three-tiered system of such bases in the Pacific. Some will be strictly American, others like those in Australia to India will be operated by allies who host the Americans on deployments, and the third tier will probably be a more secret string of austere, emergency bases.

"You want forward bases in some areas to show that the United States can operate on its own, then you want that build up interoperability and cooperation with our allies, and then you want contingency capabilities -- and with those you want to leave people guessing," said Cordesman.

It's another sign that, when comes to the Pacific, what's old is new again.

Mark Wilson/Getty Images

National Security

DOD's Huge Plan to Stop the Next Snowden Is Going to Take A While

The U.S. military is betting they can stop the next Edward Snowden by putting nearly all of their data onto a massive -- and more easily secured -- cloud computing network. There's just one small hitch: the Pentagon has no idea how long it will take to do this, what it will cost, or even what this so-called "Joint Information Environment" will look like when it's done.

The Pentagon started the push long before Snowden began spilling secrets about the NSA. But the massive leak has reinforced the need to consolidate its tens of thousands of networks down to about 3,000 -- and its hundreds of data centers to 14 to 17 sites around the globe. These new networks will be easier to operate, upgrade and monitor for data theft, Pentagon officials promise.

However, "we don't really know what the up-front cost is yet, because we're still getting the plans in place," DOD Chief Information Officer Teri Takai told Killer Apps. "We'll need to shift some monies up front but, over the course of the [next five years] -- and we're still trying to figure out how long it's going to take -- we believe that we're going to recover that up front cost and then have significant savings."

These data centers and mini networks "will be connected on a [cloud] network that is secure," Takai added. U.S. Cyber Command -- the National Security Agency's military twin -- "will be able to see into that network," said Takai.

(One of Cyber Command's central missions is to defend DOD networks from cyber attack. To do this, it must be able to monitor the these networks for malicious activity in real time, Cyber Command and NSA chief Gen. Keith Alexander has repeatedly said.)

DOD's current collection of networks were built up over last few decades on an ad hoc basis. However, many of these separate networks connect to each other, meaning that poor security on one of these small networks can allow a hacker to access the rest with relative ease. Making matters worse it that it's very hard to quickly monitor them for cyber attacks due to the sheer volume of networks, many of which have their own individual configurations.

This chaotic digital infrastructure also makes it way too easy for someone on the inside to steal information. Case in point: Edward Snowden, the NSA contract systems administrator who lifted highly classified files from agency servers using nothing but a thumb drive. When Snowden took the files, NSA systems administrators had special authorization to pull data off of agency servers using thumb drives in order to transfer information to another network or backup data. The problem is, no one was monitoring to see what data the systems administrators were pulling.

In the wake of the Snowden affair, the military is restricting the use of thumb drives and is trimming the number of systems administrators, and requiring them to operate in pairs when accessing server rooms. These short-term solutions are too cumbersome, say military officials. What's needed is a system that allows people to easily share information while making sure it is protected at the same time.

"It is the main reason we need to jump to the Joint Information Environment," said NSA chief, Army Gen. Keith Alexander while discussing post-Snowden security needs during the Aspen Security Forum last month. Under JIE, the military will encrypt individual pieces of data instead of just putting it behind firewalls where it is vulnerable to theft by insiders.

When asked by Killer Apps if the move to a massive cloud will simply make a bigger, easier target for outside hackers, Takai replied, "if people think JIE is going be vulnerable, they actually don't understand how vulnerable their networks are today."

In theory, people who are supposed to have access to certain data on the JIE will be given an online ID confirming they are who they claim to be and that they are allowed to view specific pieces of information. Those pieces of data are also tagged to prove they aren't malware and they will generate a list of everyone who has ever touched them. This means that it will be tougher for outsiders and insiders alike to illegally access DOD's digital information.

"You may get into the [network] but you won't get into the information unless your identity is actually certified to the data that is being protected," said Takai.

Furthermore, going to a smaller number of standardized networks and data centers will mean the military needs "fewer people that actually have the keys to get in" like systems administrators. These people can be monitored more easily than the large numbers of system administrators operating thousands of disparate networks can.

While moving to fewer networks and data centers won't be perfect, it will be "far better than a heterogeneous environment if you want to protect your systems," because it makes it much easier to monitor them "and thereby do much better protection," Allen Paller, founder of the SANS Institute, told Killer Apps in an email.

Without this focus on protecting individual sets of data, the move to the JIE would mean little in terms of security, according to Richard Bejtlich, chief security officer of the cybersecurity firm, Mandiant.

"Cloud is good if it raises the security level of those who aren't equipped to defend themselves but cloud is bad if the security applied to the data still isn't sufficient to counter the adversary," said Bejtlich in an email to Killer Apps. "I'm not familiar with JIE so I don't know how it might turn out. Right now the adversary can get to the data he needs, despite it being ‘distributed' [on many DOD networks]. I'm not sure centralization is going to be any worse off!"

To Paller, the real story of the JIE and Edward Snowden is that his actions are already leading to a large reduction in the power and number of IT systems administrators like him.

"The big story [from the Snowden affair] is that every organization with information worth protecting has a group of people called ‘system administrators' who have unlimited power to read, change, and disclose data," Paller told Killer Apps in an email. "Their power is extensive -- it can even be used to close down the operations of an enterprise as an IT admin closed down San Francisco's computers."

We have been here before, points out Paller. In the late 1960s when most business computers came from IBM, there were people called "systems programmers" with similar powers as today's systems administrators.

"One CEO told me, speaking of his system programmer back in 1971, ‘he doesn't work for me; he owns me'," said Paller. "Between 1968 and 1985 IBM made enormous changes in its systems to give managers control of their computers even if a system programmer ‘went rogue.'  Then UNIX and Windows happened and we are back to 1968."

"The cloud has many definitions," added Paller. "In this case it is being used to centralize and control the system administration function."

Despite the fact that DOD has been working on consolidating its networks and data centers for several years, IT officials have no idea how much this massive shift will cost or how long it will take.  "Whether we can get this done over [the next five years] or not" remains to be seen, said Takai.

In fact, the Pentagon's own definition for the JIE is incredibly ambiguous; as this Pentagon press release from May says, "the term ‘Joint Information Environment' simply describes the ability to deliver data to the Defense Department's military and civilian personnel wherever and whenever they need it."

"We're not looking for a perfect solution," said Maj. Gen. Mark Bowman, director of command, control, communications and computers for the Pentagon's Joint Staff last year when describing the JIE last year. "We're looking for 60, 70, 80 percent solutions. Provide us capability we don't have today, and we'll move on."

"The enemy's using [commercial tech], and we can't have them ahead of us," said Bowman, who also said the JIE is far more complex than the military's problem-plagued F-35 Joint Strike Fighter program. "We need to adapt as we go.

That means that the Pentagon is making the JIE up as it goes along, using the latest commercial technology as it pops up. All it seems to know is that it wants a secure, cloud-based system that everyone in DOD can connect to via computers and smartphones.

This nebulous project going to be pretty darn expensive, judging by the fact that in April Lockheed Martin was given a five-year, $215 million JIE-related contract for "IT equipment, software development tools, and other services necessary to support the DoD CIO in all matters related to information technology, information assurance, and information management." Then, in late June, Pentagon gave Digital Management Inc., a three-year, $16 million contract to build a secure, 4G network for DOD's new smartphones and tablets by 2014 as part of the JIE effort.

In addition to shrinking the number of networks and data centers, DOD will be switching its phones to Voice over Internet Protocol (VoIP); consolidating the department's many email systems to one; putting digital applications ranging from health records tracking tools to intelligence-sharing systems on the new data centers; and coming up with a way of tagging data so that Cyber Command can see where it is inside the JIE and ensure only the right people are looking at it.

"There's this impression that there's this JIE in a box and that you just pull it out and implement it, and that's not really the case," said Takai. "What we're trying to do is set the, architecture, the standards, the policies" and then leave it to each of the armed services figure out how they will get their information onto this cloud.

This massive yet ambiguous project has left some in charge of the individual service's networks a bit confused as to how they are supposed to integrate their networks into the overall JIE.

"I think the debate is how do you get there, what are the priorities, and on what timeline can we get to the end-state of truly being in a joint information environment where all the data can be shared seamlessly?" asked the Navy's CIO, Terry Halvorsen earlier this month.

One of the world's largest organizations is trying to consolidate all of its digital information with hundreds of thousands of users, all with sometimes different needs and competing priorities. What could possibly go wrong?