Saturday, November 6, 2010

Cyber Command on the Offensive?

Today's Washington Post has an article by Staff Writer Ellen Nakashima on the Department of Defense's organization known as Cyber Command and its desire to have authority for more offensive operations.  Titled "Pentagon's Cyber Command seeks authority to expand its battlefield", the article talks about some of the issues regarding the limits of what this command is allowed to do in wartime and in peacetime.
Cyber Command's chief, Gen. Keith B. Alexander, who also heads the National Security Agency, wants sufficient maneuvering room for his new command to mount what he has called "the full spectrum" of operations in cyberspace.

Offensive actions could include shutting down part of an opponent's computer network to preempt a cyber-attack against a U.S. target or changing a line of code in an adversary's computer to render malicious software harmless.  They are operations that destroy, disrupt or degrade targeted computers or networks.

But current and former officials say that senior policymakers and administration lawyers want to limit the military's offensive computer operations to war zones such as Afghanistan, in part because the CIA argues that covert operations outside the battle zone are its responsibility and the State Department is concerned about diplomatic backlash.
I would hope that "senior policymakers and administration lawyers want to limit the military's offensive computer operations to war zones".  While some might argue, as does one former National Security Agency (NSA), below, that cyber attacks are going on all the time and thus no big deal, I think it is just the opposite.  For any government to attack the vital computers of another nation (say Viet-nam attacking Chinese computers) would be seen as a hostile act.  Where that hostile act would lead would depend on a number of factors, but it could lead to overt combat hostilities with lethal weapons.

When hackers attack your computer they are show boating.  When a government does it, or a commercial enterprise, they are doing it for an advantage.  It could be a small advantage, or short term advantage, but it is an advantage.  During the OVERLORD Operation in June of 1944 the Allies put up a major electronic spoofing operation against the Germans in the Pas-de-Calais area of France—part of Operation FORTITUDE.  It worked.  It fooled Hitler. It bought time.

The good news is that:
Senior defense officials are now inclined to "stay conservative" in line with the draft opinion, one senior military official said.  He said it is probable that policymakers will have Cyber Command propose specific operations in order to test the boundary lines.
On the other hand, we have this toward the end of the article:
Stewart A. Baker, a former NSA general counsel, said calling cyber-operations, such as dismantling terrorist Web sites, "covert action" incorrectly implies they carry the same risks.

"There are lots of hackers in lots of countries who regularly break into computers, regularly disguise their identities," he said.  "No one would think that discovering the U.S. had done that would lead to a scandal comparable to . . . the funding of Nicaraguan contras with secret Iranian arms sales, which are the kind of activities the covert action law was written for."
Maybe.  One thing we have to consider is that to attack the computers of others is inherently an offensive action, even if done for defensive purposes.  There is a lot we don't yet know about this kind of thing  Until we do there will be the lure of being able to achieve great ends without having to exert a lot of means or fear a lot of retribution.  That would be a deception, self-inflicted though it may be.

Regards  —  Cliff

2 comments:

  1. The traditional understanding of "hacking" is obsolete. As was demonstrated by the STUXNET attack against a physical target inside Iran, (the Bushehr nuclear site), the pervasive nature of computerized control systems makes "cyber" war REAL war, and if we're not leading it, we're losing it.

    The issue I have is the civil implications to a government proficient in such warfare. Like the Romans, we prefer to keep our military on the far side of the proverbial Rubicon. The internet essentially erases all such geographical distinction, and leaves our citizenry just as vulnerable to our government as any potential enemy.

    My feeling is that we need to examine, devise and then forcefully exert strong civilian controls while we are sparing no effort to become the baddest-ass cyber army on the planet.

    ReplyDelete
  2. I think that the emphasis on civil control is very important.  In times of "peace" the planning should be with the military, but the trigged should be with the civilian oversight.

    One of the things I worry about is civilian government leadership that thinks that the use of cyber attacks is free of any blow-back.  Civilians who think of it as being like launching cruise missiles from ships far at sea.  Your average person is looking for a quick and easy solution to their problems and their ability to see consequences several years out is limited.  Consequences may be in forms which we find unacceptable and we may condemn them (and put people in Gitmo), but they are still consequences.

    Quis custodiet ipsos custodes?  I am about 60% of the way through Reporter Bob Woodward's Obama's War and so far the civilian advisors, as a group, don't come across as being any better than the military advisors, as a group.

    But, the thing about a civilian leadership is that we get a chance to change them every two or four years and there are checks and balances, and further, even if we have never convicted a President in the US Senate, the threat of Impeachment is there, and it has been exercised in the past.  I hope it never comes to that.

    One big gap we face is in the area of education. Since the end of World War II the Executive Branch has grown quite a bit and the President is much further removed from military advice, or better put, that military voice is much more diluted.  While the military still spends time trying to educate senior officers with regard to policy and strategy, we don't do nearly as good a job with civilians, whether elected or appointed.  Reform is needed in that area.  Details to follow, some day.

    Regards  —  Cliff

    PS:  "Who will guard the guards themselves?"

    ReplyDelete

Please be forthright, but please consider that this is not a barracks.