|
|
 |
home > September 10, 2007 issue > article
|
|
 |
|
| Les Talusan |
|
| “Traditionally the Air Force has carried out strategic bombing. Strategic cyberwarfare could be seen as an extension of that mission.” — James Lewis, analyst at the Center for Strategic and International Studies |
|
The battle is afoot
By Peter A. Buxbaum
Special to Defense Systems
Military leaders are quickly learning to adapt to the demands and pitfalls of cyberops
While shooting wars flare in Iraq and Afghanistan, the real third World War has already begun in cyberspace, said Maj. Gen. Jeffrey Sorenson, the Army’s chief information officer-designate.
Sorenson isn’t the only one who thinks so. Other top military leaders agree that cyberspace is an increasingly vital military domain. They have seen enough to be certain about that.
They have acknowledged that hackers attempt to penetrate Defense Department computers on a daily basis. And they know that adversaries and potential adversaries are adept at and interested in using technology to their advantage. Terrorists, for example, use the Web for communications, recruiting and finance. Insurgents in Iraq exploit the electromagnetic spectrum to detonate improvised explosive devices. The Chinese military has adopted an “informationized warfare” doctrine that advocates carrying out a network attack in conjunction with military strikes.
But for all these certainties, there is still much Pentagon officials do not know.
For starters, given the nonkinetic nature of cyberattacks — nothing explodes — it isn’t always obvious when an attack is under way. Sometimes the attack is apparent, as seen earlier this year when the Estonian government, media and banks were hit by a two-week denial-of-service attack originating from Russian government computers. But those are the exceptions.
Military leaders also need clear rules of engagement for cyberspace, especially as they move beyond merely defending systems from enemy attack to taking the battle to the adversary. At the strategic level, cyberwar capabilities include quietly infiltrating enemy systems or taking them out of commission. At the tactical level, ground units want to disable enemy surveillance and electronic interference while assuring their own freedom to communicate.
Even as the battle continues to brew in cyberspace, the military services are working to resolve these uncertainties and create a clear path forward.
In pursuit of dominance
There is no time left for foot-dragging, some officials say. The military is already playing catch-up.
“Our current and potential adversaries already operate in cyberspace, exploiting the low entry costs and minimal technological investment needed to inflict serious harm,” said Air Force Secretary Michael Wynne in a presentation to Congress in February.
“We cannot allow them to expand their foothold. We seek to deny our adversaries cyberspace sanctuary while ensuring our access and operations in this domain,” he said. “Our nation’s ability to deliver effects in air, in space, on land and at sea depends on control of this domain.”
But the U.S. military lacks dominance in cyberspace, Gen. James Cartwright, commander of the Strategic Command, told Congress earlier this year.
“We could grow increasingly vulnerable if we do not fundamentally change how we view this battle space,” Cartwright said. To date, the United States’ military establishment has concentrated its time and resources on network defenses, including firewalls, antivirus protection and vulnerability scanning, he said. “History teaches us that a purely defensive posture poses significant risks. If we apply the principles of warfare to the cyberdomain we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries.” Stratcom has overall responsibility for the military’s cybersecurity efforts.
U.S. armed forces should develop a full range of capabilities, including offensive weapons, to use in cyberspace, said cybersecurity expert Bruce Schneier. “It would be foolish for a military to disregard the strategic or tactical possibility of launching an offensive cyberattack against an enemy during wartime.”
The Air Force has emerged as the key strategic cyberwar player among the U.S. armed services, but other services are also at work to develop cyberwar capabilities, with the Army paying particular attention to the tactical dimension.
Both the Air Force and the Army have recently issued requests for information to industry, inquiring about offensive capabilities.
The Army declined to comment on its “Offensive Information Operations Technologies” Broad Agency Announcement (BAA), published in May, because of national security concerns. But according to the announcement, “the overall goal of this solicitation is to design and develop operationally functional OIO technologies that have the ability to defeat enemy communication networks without causing serious or permanent damage while using methods and techniques that protect technologies and methodologies.”
The announcement also emphasizes that the “technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used; protecting the ability whenever possible to permit future use.”
The Air Force is requesting that industry supply it with “concepts relevant across the whole spectrum of information operations, to include network attack, network defense and network warfare support,” said Monica Morales, a spokeswoman for the Electronic Systems Center at Hanscom Air Force Base, Mass.
The Air Force BAA defines a network attack as the use of network-based capabilities to “destroy, disrupt, corrupt or usurp information resident in or transiting through networks.”
Despite the ostensible similarities between descriptions of the Army and Air Force cyberactivities, the Army will likely concentrate at the tactical level while the Air Force’s scope will be more strategic.
The Air Force seems to be pulling ahead of other military services in cyber warfighting for several reasons. One key reason is that the Air Force revised its mission statement last year to add cyberspace to its air and space mission areas.
Following quickly on the heels of that development came an announcement that the Air Force would be organizing a Cyber Command.
The other armed services also have organizations focused on cyberspace, but they are inward looking, concerned primarily with the defense of their own networks. The Air Force Cyber Command, in contrast, has been included as an operational unit of Stratcom, carving out a pre-eminent space for itself among the armed services in the cyberwar arena. The Naval Network Warfare Command and the Army’s Network Enterprise Technology Command are not part of Stratcom.
“The new U.S. Air Force Cyber Command is considered a warfighting command, intended to operate in offensive and defensive operations,” said Mackenzie Eaglen, a senior policy analyst for national security at the Heritage Foundation. “This is not surprising given that the 8th Air Force in charge of the new command has also been leading information operations mission since 2000.”
“In the past, cyberspace has been viewed as merely an enabler for other combat operations,” said Lt. Gen. Robert Elder, commander of the 8th Air Force and the Air Force Cyber Command. “The Air Force has taken a very proactive approach to both secure and defend the cyberdomain. Our warfighting approach to cyberops recognizes that cyber is now a contested domain that must be proactively defended, and not just secured.”
Critical for the Air Force
All military services rely on the availability of cyberspace to ensure mission accomplishment, Elder said. But for the Air Force, he argued, cyberspace is absolutely vital. “The Air Force intends to present forces to Stratcom for global operations, and through theater Air Force commanders, for regional operations.”
These operations will include offensive capabilities, Elder emphasized. “We look at offensive actions from the standpoint of warfighting, which means denying an adversary situational awareness, reducing their confidence in decision support systems, and degrading command-and-control connectivity. We would expect offensive cyberops to be used in the context of interdependent joint ops, as part of integrated air, space and cyber effects.”
The Air Force Cyber Command, then, is positioned to be a strong magnet for cyberwar funding and capabilities development.
“The military is thinking more about the nonkinetic effects of warfare,” said Barry Watts, a senior fellow at the Center for Strategic and Budgetary Assessments. “It makes sense to have the guys delivering most of the precision ordnance from the air to have control over both the kinetic and the nonkinetic aspects of the operation.”
Strategic operations often targets infrastructure, including economic infrastructure, said James Lewis, an analyst at the Center for Strategic and International Studies. “Traditionally, the Air Force has carried out strategic bombing. Strategic cyberwarfare could be seen as an extension of that mission.”
Terry Ryan, general manager of federal government business at software developer Mercury Computer Systems, said he believes the Air Force will emerge as the execution command for cyberwarfare, the likely focal point for acquisitions.
“The Army is more interested in tactical operations and on capabilities at the small-unit level,” he said. “Increasingly, adversaries are using the electromagnetic spectrum, and the Army needs to work around that and use it to their advantage.”
Mercury, which already works with several defense and national security agencies, is developing algorithms and software which exploit computing power to shorten reaction times in data-intensive environments, such as DOD’s computer systems and networks.
A difference in tactics
At the tactical level, offensive Army cyberoperations could include disruption of an adversary’s local surveillance and communications, said Peter Swire, a senior fellow at the Center for American Progress.
“That is different from developing big attacks launched from overseas,” he said. “The Army’s role will likely be limited to protecting Army personnel from cybersurveillance and attacks.”
The nonkinetic nature of cyberwar means that operations can get a little tricky. For one thing, it is not necessarily the goal to shut down an adversary’s network. “A military only wants to shut an enemy’s network down if they aren’t getting useful information from it,” Schneier said.
“The best thing to do is to infiltrate the enemy’s computers and networks, spy on them and surreptitiously disrupt select pieces of their communications when appropriate,” he said. “The next best thing is to passively eavesdrop. After that, the next best is to perform traffic analysis, analyze who is talking to whom and the characteristics of that communication. Only if a military can’t do any of that do they consider shutting the thing down.”
Cyberwar can take on aspects of espionage and does not necessarily involve open warfare, Schneier said.
“Since much of cyberwar will be about seizing control of a network and eavesdropping on it, there may not be any obvious damage from cyberwar operations,” he said. “This means that the same tactics might be used in peacetime by national intelligence agencies.
There’s considerable risk here. The deliberate penetration of a country’s computer networks might be viewed as an act of war.”
The nonkinetic and espionage-like aspects of cyberattacks also means they do not necessarily have an obvious origin. “Misdirection is a more likely feature of a cyberattack,” Schneier said.
Legal pitfalls
That type of activity, if taken on by U.S. forces, could run the U.S. military into a legal snare, Swire said. Offensive cyberactivities in which actors hide their identities could violate the Geneva Conventions, he said. But the Army would not be legally constrained if it were involved in protecting troops by suppressing local cyberactivities.
Similarly, “the legal problems are less thorny in the case of a counterattack, because countries have greater scope to respond to attacks than to initiate attacks pre-emptively,” Swire said.
Nonkinetic though they may be, cyberattacks can also produce significant collateral damage, Schneier said. “When the Allies bombed German railroad bridges during World War II, that affected both civilian and military transport. When the United States bombed Iraqi communications links in both the first and second Iraq wars, that affected both civilian and military communications.
Cyberattacks, even attacks targeted as precisely as today’s smart bombs, are likely to have collateral effects.”
Advanced but vulnerable
Another collateral implication of cyberwarfare is that militaries that are most dependent on computer systems are also most vulnerable to the effects of a successful cyberattack. “The Russians and Chinese are less dependent on computer systems at this point, as are the insurgents the U.S. military faces in Iraq,” Lewis said.
“The idea is that a technologically poor country might decide that a cyberattack that affects the entire world would disproportionately affect its enemies,” Schneier said. “That is the dark side of the digital divide.”
As in other warfare and intelligence arenas, the involvement of multiple organizations in cyberoperations involves the potential for mission conflicts.
“The National Security Agency may have tapped into a foreign command-and-control system while the Air Force simultaneously has plans to take it out,” said Ira Winkler, an author and former NSA analyst. A successful attack against the system could deny the warfighting community important intelligence, he said.
“I would love to say there should be an information warfare czar to coordinate these types of activities,” Winkler said, “but we often find there is not good coordination even at the higher levels.”
Lewis agreed there is no substitute for appointing an overall authority “to sit the responsible managers down together to coordinate activities jointly.”
But turf wars over cyberspace are likely to crop up. Fifty years later, they are still squabbling over which is the lead service in space, Lewis said.
|
|
|
|
![1105 Media [valor]](/images/ds1_pntmlogo.gif "1105 Media [valor]"){kind=small}
