Hacking could become weapon in U.S. arsenal
Igniting a provocative new debate, senior military officials are pushing the Pentagon to go on the offensive in cyberspace by developing the ability to attack other nations’ computer systems, rather than concentrating on defending America’s electronic security.
Under the most sweeping proposals, military experts would acquire the know-how to commandeer the unmanned aerial drones of adversaries, disable enemy warplanes in mid-flight and cut off electricity at precise moments to strategic locations, such as military installations, while sparing humanitarian facilities, such as hospitals.
An expansion of offensive capabilities in cyberspace would represent an important change for the military. For years, U.S. officials have been reluctant to militarize what is widely seen as a medium for commerce and communication -- much like space.
But a new National Military Strategy for Cyberspace Operations, declassified earlier this year, fueled the Pentagon debate and gave the military a green light to push for expanded capabilities.
The monthslong debate took on added urgency after the electronic attacks that coincided with the Russian military’s early August push into Georgia and reflects a newfound uncertainty over the state of global cyber-warfare capabilities.
Military officials have not concluded whether the electronic network attacks in Georgia were coordinated by Moscow or were the work of freelance hackers or paramilitary groups. Still, the use of cyberspace by Russia and other countries is drawing intense scrutiny by the Pentagon.
“As we go forward in time, cyber is going to be a very important part of our war-fighting tactics, techniques and procedures,” said Michael W. Wynne, a former Air Force secretary.
Under Wynne, the Air Force established a provisional Cyber Command in 2007 and made operating in the cyber domain part of its mission statement, on par with air operations. Wynne clashed with superiors over the Air Force approach to cyberspace and other issues and was fired in June after breakdowns in U.S. nuclear weapons security procedures. New Air Force leaders now are reassessing plans for a permanent Cyber Command, which under Wynne’s leadership would have included some offensive capabilities.
Most other U.S. efforts focus on defending military and government networks and mining international systems for intelligence. Both the Army and Navy have long-standing operations but primarily focus on intelligence gathering. The Army, in particular, has used a variety of electronic networks to gather intelligence on insurgents in Iraq and Afghanistan.
The most advanced expertise on operating in cyberspace is held by the National Security Agency, the Defense Department intelligence arm that monitors foreign phone calls, e-mails and other communication. A senior defense official said the NSA “is where the mother lode of expertise is. Those are the folks that have been looking at the capability for the longest period of time.”
Overseeing all of these various military efforts in cyberspace is the Defense Department’s Strategic Command, which is primarily responsible for the nation’s nuclear arsenal.
Several senior Pentagon officials would discuss the Defense Department’s cyberspace work only if their names were withheld because of sensitive intelligence issues. But officials involved in the cyberspace debate are sparring over not only what to do but who within the military should do it.
Because of the difficulty of training cyber-warriors and the need to closely monitor their work long term, many top Pentagon officials believe that the most advanced cyber-experts should remain at the NSA.
A senior Pentagon official said that “exploiting” computer networks to gather intelligence is currently the most important use of cyber-power. “Clearly, the exploitation activities have been preeminent,” the official said.
But citing Russia’s use of cyberspace, some current and former officials believe that the U.S. military services, if allowed, could move beyond intelligence gathering and develop a broad array of offensive capabilities that would fit well with conventional combat.
“Let’s not mistake intelligence collection with military operations,” said Lani Kass, a senior Air Force official and former director of the service’s Cyberspace Task Force. “The mission of the NSA is to collect signals intelligence, and it is very good at it. But the NSA is not a war-fighting organization.”
If the military is allowed to develop more advanced cyber-warfare methods, the United States would be able to routinely launch an airstrike at a target and simultaneously use an electronic attack to disable defenses or spread disinformation, said Wynne, the former Air Force secretary.
“It isn’t just about protecting your networks,” Wynne said. “It is about having a soldier with an invasive tool he can fire at an antenna, and put some information into it, and from there do some damage.”
While declining to specify every cyberspace activity they might want to develop, military officials emphasized that all such efforts would be governed by the laws of war and international treaties.
Other senior officials are skeptical of what they see as “Buck Rogers” scenarios and argue that defending U.S. computer systems is more urgent. The Pentagon is probed every day by hackers and would-be cyber-intruders, making protection of military networks the top priority, said the senior defense official.
More importantly, potential U.S. adversaries are unlikely to depend on electronic networks as much as the Pentagon does, the official said. That means defending U.S. capabilities is more vital than disrupting enemy capabilities.
“The United States, more than any other military, is a Net-centric operation,” the senior official said. “Any adversary we would tend to go after -- anyone we can currently foresee -- wouldn’t use it to the same extent. Therefore, defending that capability and making sure it is not denied to you -- that has to be critical.”
To some, the tension over cyberspace echoes military debates through the centuries. Maj. Gen. William T. Lord, head of the Air Force cyber-effort, said that such discussions were akin to an old military puzzle known as “intelligence gain-loss.”
“Do you not destroy a target because you can exploit it? Or do you destroy the target -- and lose the ability to exploit -- because troops are in harm’s way?” Lord said. “That is not a debate. It is a discussion that goes on in war fighting.”
Wynne agrees that there will always be such arguments. But unless the military services are given the resources to develop strong offensive capabilities, top officials will not have the option of using them, he said.
“This is all about preparedness and making sure the U.S. military is awake and alert,” Wynne said. “And I say: Make sure we can do it to them before they can do it to us.”