[Infowarrior] - Panel Warns U.S. on Cyberwar Plans

Richard Forno rforno at infowarrior.org
Thu Apr 30 02:04:22 UTC 2009 

Panel Warns U.S. on Cyberwar Plans
By JOHN MARKOFF and THOM SHANKER

http://www.nytimes.com/2009/04/30/science/30cyber.html?_r=1&hp=&pagewanted=print

The United States has no clear military policy about how the nation  
might respond to a cyberattack on its communications, financial or  
power networks, a panel of scientists and policy advisers warned  
Wednesday, and the country needs to clarify both its offensive  
capabilities and how it would respond to such attacks.

The report, based on a three-year study by a panel assembled by the  
National Academy of Sciences, is the first major effort to look at the  
military use of computer technologies as weapons. The potential use of  
such technologies offensively has been widely discussed in recent  
years, and disruptions of communications systems and Web sites have  
become a standard occurrence in both political and military conflicts  
since 2000.

The report, titled “Technology, Policy, Law, and Ethics Regarding U.S.  
Acquisition and Use of Cyberattack Capabilities,” concludes that the  
veil of secrecy that has surrounded cyberwar planning is detrimental  
to the country’s military policy. The report’s authors include Adm.  
William A. Owens, a former vice chairman of the joint chiefs of staff;  
William O. Studeman, former deputy director of the Central  
Intelligence Agency; and Walter B. Slocombe, former under secretary of  
defense for policy. Scientists and cyberspecialists on the panel  
included Richard L. Garwin, an I.B.M. physicist.

Admiral Owens said during a news conference in Washington on Wednesday  
that the notion of “enduring unilateral dominance in cyberspace” by  
the United States is not realistic in part because of the low cost of  
the technologies required to mount attacks. He also said the idea that  
offensive attacks wre “nonrisky” military options was not correct.

In the United States, the offensive use of cyberweapons is a highly  
classified military secret. There have been reports going back to the  
1990s that United States intelligence agencies have mounted operations  
in which electronic gear was systematically modified to disrupt the  
activities of an opponent or for surveillance purposes. But these  
activities have not been publicly acknowledged by the government.

The report concludes that the United States should create a public  
national policy regarding cyberattacks based on an open debate on the  
issues. The authors also call on the United States to find common  
ground with other nations on cyberattacks to avoid future military  
crises.

The authors point to a Pentagon statement on military doctrine issued  
in 2004, indicating that the United States might respond to a  
cyberattack with the military use of nuclear weapons in certain cases.  
“For example,” the Pentagon National Military Strategy statement says,  
“cyberattacks on U.S. commercial information systems or attacks  
against transportation networks may have a greater economic or  
psychological effect than a relatively small release of a lethal agent.”

Pentagon and military officials confirmed that the United States  
reserved the option to respond in any way it chooses to punish an  
adversary responsible for a catastrophic cyberattack. While the range  
of options could include the use of nuclear weapons, officials said,  
such an extreme counterattack was hardly the most likely response.

“The United States reserves the right to respond to intrusions into  
government, military and national infrastructure information systems  
and networks by nations, terrorist groups or other adversaries in a  
manner it deems appropriate,” said one senior Pentagon official.

Another senior Pentagon official added, “While the United States would  
always reserve the right to respond appropriately to defend the nation  
and its citizens, this kind of scenario is extremely speculative and  
requires an enormously vivid imagination.”

The two officials spoke on the condition of anonymity because of the  
highly classified nature of planning for cyber and nuclear warfare.  
Both officials emphasized that in American military planning, there  
are only rare instances when any specific option would be declared off- 
limits in advance.

This effort to specifically project a lack of clarity is viewed as  
important to keeping an adversary uncertain of the severity of an  
American counterattack. Introducing that uncertainty into the thinking  
of an adversary’s government and military has historically been an  
essential element of deterrence, whether traditional nuclear  
deterrence or today’s cyberwar planning.

For example, during the cold war, when the Soviet Union and its Warsaw  
Pact allies stationed an overwhelming conventional force in Central  
Europe, American planners were never certain that NATO’s tanks and  
artillery could hold back the Soviet-led armor if an offensive was  
begun across the Fulda Gap in Germany.

Thus, the United States never declared that it would be bound to  
respond to a Soviet and Warsaw Pact conventional invasion with only  
American and NATO conventional forces. The fear of escalating to a  
nuclear conflict was viewed as a pillar of stability and is credited  
with helping deter the larger Soviet-led conventional force throughout  
the cold war.

Introducing the possibility of a nuclear response to a catastrophic  
cyberattack would be expected to serve the same purpose.

More information about the Infowarrior mailing list