[Infowarrior] - Cyberwarfare Emerges From Shadows For Public Discussion By U.S. Officials

Thu Sep 27 06:57:32 CDT 2012

New York Times
September 27, 2012
Cyberwarfare Emerges From Shadows For Public Discussion By U.S. Officials

By Scott Shane

http://www.nytimes.com/2012/09/27/us/us-officials-opening-up-on-cyberwarfare.html?_r=0

WASHINGTON — For years, even as the United States carried out sophisticated cyberattacks on Iran’s nuclear program and the Pentagon created a Cyber Command, officials have been hesitant to discuss American offensive cyberwarfare programs openly. Since June, in fact, F.B.I. agents have been investigating leaks to The New York Times about the computer attacks on Tehran.

But the reticence is giving way. The chorus of official voices speaking publicly about American cyberattack strategy and capabilities is steadily growing, and some experts say greater openness will allow the United States to stake out legal and ethical rules in the uncharted territory of computer combat. Others fear that talking too boldly about American plans could fuel a global computer arms race.

Next month the Pentagon’s research arm will host contractors who want to propose “revolutionary technologies for understanding, planning and managing cyberwarfare.” It is an ambitious program that the Defense Advanced Research Projects Agency, or Darpa, calls Plan X, and the public description talks about “understanding the cyber battlespace,” quantifying “battle damage” and working in Darpa’s “cyberwar laboratory.”

James A. Lewis, who studies cybersecurity at the Center for Strategic and International Studies in Washington, says he sees the Plan X public announcement as “a turning point” in a long debate over secrecy about cyberwarfare. He said it was timely, given that public documents suggest that at least 12 of the world’s 15 largest militaries are building cyberwarfare programs.

“I see Plan X as operationalizing and routinizing cyberattack capabilities,” Mr. Lewis said. “If we talk openly about offensive nuclear capabilities and every other kind, why not cyber?”

Yet like drone aircraft, which similarly can be used for both spying and combat, American cyberattack tools now are passing through a zone of semisecrecy, no longer denied but not fully discussed. President Obama has spoken publicly twice about drones; he has yet to speak publicly on American cyberattacks.

Last week, at a public Cyber Command legal conference, the State Department’s top lawyer, Harold H. Koh — who gave the Obama administration’s first public speech on targeted killing of terrorists in 2010 — stated the administration’s position that the law of war, including such principles as minimizing harm to civilians, applies to cyberattacks.

In August, the Air Force raised eyebrows with a bluntly worded solicitation for papers advising it on “cyberspace warfare attack capabilities,” including weapons “to destroy, deny, degrade, disrupt, deceive, corrupt or usurp” an enemy’s computer networks and other high-tech targets.

And a few weeks earlier, a top Marine commander recounted at a public conference how he had used “cyber operations against my adversary” in Afghanistan in 2010. “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire,” said Lt. Gen. Richard P. Mills, now deputy commandant of the Marine Corps.

Cyberwarfare was discussed quite openly in the 1990s, though technological capabilities and targets were far more limited than they are today, said Jason Healey, who heads the Cyber Statecraft Initiative at the Atlantic Council in Washington.

“Our current silence dates back 8 or 10 years, and N.S.A. is a big reason,” said Mr. Healey, who is working on a history of cyberwarfare.

The National Security Agency, which plays a central role in Cyber Command, traditionally breaks foreign codes and eavesdrops on foreign communications; it is among the most secretive agencies in government. Years ago it pioneered the field of cyberespionage: breaking into foreign computer systems in order to collect intelligence. The same skills and reflexive secrecy of spies carried over to cyberwarfare, Mr. Healey said. American officials have long preferred to talk cyberdefense, leaving the attack side in the shadows.

The increased candor recently about cyberoffense results not from a policy change, officials say, but from an inevitable acceptance of attacks on computer networks as a standard part of military and intelligence capabilities. The fact that dozens of Beltway contractors see cyberwarfare as one of the few parts of the defense budget that are likely to grow is also a factor.

When Darpa announced a “proposers’ day workshop” for its Plan X program, the “overwhelming response from industry and academia” led the defense research agency to expand the event to an extra day, the agency said in a statement. (A Darpa spokesman declined to comment further on Plan X.)

Just as drone-fired missiles have never been a secret to those on the ground, so cyberattacks have consequences that cannot be hidden, even if their origin may be initially uncertain. The computer worm called Stuxnet, devised by the United States and Israel to destroy Iran’s nuclear centrifuges, was quickly detected by computer security experts when it infected networks around the world in 2010 — but remains highly classified.

Hence the Cyber Command legal conference, which avoided specific cases while dwelling on principles. Mr. Koh, of the State Department, told the conference that the United States carries out “at least two stages of legal review” on cyberwarfare operations — considering whether the law of war prohibits the use of “new weapons” altogether and, if not, how the law governs their use in “each particular operation.”

Matthew Waxman, a law professor at Columbia and former Defense Department official, said speaking openly about cyberwarfare policy was important because it allowed the United States to make clear its intentions on a novel and fast-emerging form of conflict.

Because both the Bush and Obama administrations were slow to speak publicly about their use of armed drones, Mr. Waxman said, “they ceded a lot of ground to critics to shape the narrative and portray U.S. practices as lawless.” As a result, he said, “the U.S. is trying to play catch-up, giving speech after speech, saying ‘We abide by the law.’ ”

Now, Mr. Waxman said, because the United States “occupies a position of advantage on offensive cyber capabilities, it should seize the opportunity to lay out a set of rules for itself and others.”

That is a worthy goal, said Daryl G. Kimball, executive director of the Arms Control Association. But he said that came with a hazard: more talk about the United States’ cyberwarfare capabilities might prompt other countries to step up their own programs at a time when the world is “on the cusp of a cyber arms race,” he said.

Mr. Kimball said Darpa’s sweeping public statement about the goals of its Plan X for cyberwarfare might be a case in point.

“It makes it sound like the U.S. is preparing to be able to wage a full-out cyberwar,” Mr. Kimball said. “Those kinds of statements could come back to haunt the U.S. down the road.”

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.