[Infowarrior] - Pentagon's Plan X: How It Could Change Cyberwarfare

[Richard Forno]

(+1 to Adam's quotes.  --rick)


Christian Science Monitor (csmonitor.com)
October 12, 2012

http://www.csmonitor.com/USA/Military/2012/1012/Pentagon-s-Plan-X-how-it-could-change-cyberwarfare

Pentagon's Plan X: How It Could Change Cyberwarfare

The Pentagon has always been secretive about its desire and ability to carry
out offensive cyberwarfare. Now, Plan X makes it clear that offensive
cyberattacks will be in the Pentagon playbook.

By Anna Mulrine, Staff writer

Washington--The same Pentagon futurologists who helped create the Internet
are about to begin a new era of cyberwarfare.

For years, the Pentagon has been open and adamant about the nation's need to
defend itself against cyberattack, but its ability and desire to attack
enemies with cyberweapons has been cloaked in mystery.

Next week, however, the Pentagon's Defense Advance Research Products Agency
(DARPA) will launch Plan X – an effort to improve the offensive cyberwarfare
capabilities “needed to dominate the cyber battlespace,” according to an
announcement for the workshop.

Though the program will be closed to the press, the relatively public
message is a first for the Pentagon. For one, it shows that the Pentagon is
now essentially treating its preparations for cyberwar the same way it
treats its preparations for any potential conventional war. Just as it takes
bids from aerospace companies to develop new jet fighters or helicopters,
Plan X will look at bids from groups that can help it plan for cyberwarfare
and expand technologies.

Moreover, it opens a window into the highly secretive world of offensive
cyberwarfare. No longer is it unclear whether the US is in the business of
planning Stuxnet-style cyberattacks. Plan X indicates that such capabilities
– which experts say could range from taking out electrical grids to
scrambling computer networks in top-secret facilities to causing the
pacemaker implanted in an enemy official to go haywire – will be an explicit
part of the military playbook.

“If we can have a robust public discussion of nuclear weapons why not a
robust discussion of cyberstrategy?” says Jim Lewis, director of the
Technology and Public Policy program at the Center for Strategic and
International Studies in Washington. “Up until now, cyber has been kind of
ad hoc. What they’re doing now is saying that this is going to be a normal
part of US military operations.”

The US is already engaged in offensive cyberwar. Media reports claim that
the US helped develop and deploy the Stuxnet digital worm, which inflicted
serious harm on Iran’s uranium enrichment program.

In his most wide-ranging speech to date on cyber warfare Thursday, Defense
Secretary Leon Panetta hinted at the need for increased offensive
capabilities, warning that America “won’t succeed in preventing a cyber
attack through improved defenses alone.”

“If we detect an imminent threat of attack that will cause significant
physical destruction in the United States or kill American citizens, we need
to have the option to take action against those who would attack us, to
defend this nation when directed by the president,” Mr. Panetta said. “For
these kinds of scenarios, the department has developed the capability to
conduct effective operations to counter threats to our national interests in
cyberspace.”

But the lack of discussion surrounding offensive cyber capabilities – and a
clear US military plan for pursuing them – has been a significant roadblock
for US military forces interested in honing those skills, says retired Col.
Joe Adams, a former West Point professor who coached the military academy’s
cyber team.

In the past there has been a “skittishness about teaching cadets offensive
skills like how to hack” into systems, says Dr. Adams, now executive
director of research and cybersecurity for Merritt Network, Inc. “We’ve
really ramped up the defensive part, but there hasn’t been any work done to
identify people who have the intuitive ability to conduct operations on the
offensive side.”

Many of the threats the US faces – and may in turn inflict on other
countries and non-state actors – will be nuanced.

The notion of a “cyber Pearl Harbor,” as Panetta has characterized it, is a
misnomer, Adams adds.

“Everybody’s looking for a cyber Pearl Harbor – we don’t need a Pearl Harbor
to really mess things up. That’s the very nature of this advanced,
persistent threat: We’re not kicking people’s doors in anymore.”

Instead, cyber incursions will be more subtle. Just imagine what could
happen in a hospital, Adams says. “I don’t even have to turn off the
refrigerators. I just have to change the thermostat so they’re too warm, or
too cold, or make some blood supplies go bad, or spoil a little medicine, or
just reroute where they send ambulance alerts.”

In particular, offensive cyberskills “are more art than science,” says
Adams. “These kids need to be screened right, and they need to be utilized.
A career path in the military is built on building their skills, but also
retaining them. We’ve done really poorly with that.”

Part of the problem is that American military training has long emphasized
traditional skills, which are often are at odds with developing cyber
warriors. You could have an outstanding cyberthinker in a class, but
tradition dictates that “he’s going to be a tank platoon leader, or a rifle
platoon – he’s going to have to prove himself as an Army officer before
they’re going to make use of his talent,” says Adams.

In the meantime, his cyberskills atrophy. “The cadets I was teaching, there
just wasn’t another outlet for them in the military yet.”

Plan X is designed to help the Pentagon “understand the cyber battlespace”
and to develop skills in “visualizing and interacting with large-scale cyber
battlespaces,” according to the DARPA proposal.

These, too, are unique skills that must be cultivated within the military,
says Adams. “Another art piece is mapping a network [that could be a
potential target]. How do you do it – and how do you do it subtly – without
knocking things over and turning things off? And if it’s hostile, how do we
do it without getting caught?”

Plan X hints at some of these needs – and makes it clear that the Pentagon
is grappling with how to establish a framework for fighting cyberwar, too.

“Plan X is an attempt by the national security bureaucracy to come to grips
with the multitude of issues around use of cyberweapon in an offensive form
– the legal, diplomatic, ethical issues,” says Matthew Aid, a historian and
author of "Intel Wars: The Secret History of the Fight Against Terror."

“We can’t have a public discussion about Stuxnet, about these brand new
weapons – or their ethical implications – until the White House pulls back
just a little the veil of secrecy that surrounds the entire program,” Mr.
Aid adds.

For example, Stuxnet revealed how unwieldy such weapons can be when it
inadvertently “jumped” into friendly computer systems that were never meant
to be targeted.

Indeed, “One of the biggest problems in cyberwarfare is the potential for
collateral damage,” says Mr. Lewis of the Center for Strategic and
International Studies.

“You just can’t attack stuff and not worry that innocent civilians will be
harmed – you have to take steps to mitigate the risk.”

Aid says now is the time to have these conversations. “We can only see one
tenth of one percent lurking beneath the surface – what’s beneath the
surface scares ... me," he says. "This is combat – this is war by a by a different name.”

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.