Governments and terrorists are racing to prepare for war in cyberspace.
December 19, 2003
by Alan W. Dowd
Kahn published these ideas during Moscow’s reckless gambit in Cuba, which brought the world to the brink of the unthinkable. Thanks in no small part to Kahn’s willingness to contemplate the very worst, U.S. military and political leaders steadily shifted away from the defeatism of Mutually Assured Destruction, reoriented the country’s military strategy, and ultimately won the Cold War in a relatively peaceful fashion.
What was true in the Atomic Age, when Moscow’s transcontinental empire threatened civilization with nuclear annihilation, remains true in the Information Age, as stateless bands of terrorists and a handful of dictators threaten civilization with a range of weapons. Some of these weapons aren’t really even weapons, as we learned when commercial airliners were used as missiles on September 11, 2001. Some are simple and readily available, as the people of Israel, Iraq, Indonesia, and India are reminded every time a homemade bomb tears through a place of worship or commerce. Some are the offspring of the Information Age itself; they are easy to acquire, simple to use, and inexpensive. In the hands of a committed adversary, they are capable of wreaking death and destruction with the push of a button. Even now, they are being used to probe America for weaknesses and wage a new kind of war—cyberwar. After years of averting its gaze, Washington is finally taking notice.
One of the major ingredients for America’s disproportionate power in the twenty-first century is its mastery of new technologies and capacity—even eagerness—to incorporate them into its economy, culture, and military. Yet it is an irony befitting a Greek tragedy that the very thing that makes the United States so powerful also makes it more susceptible and vulnerable than any other nation to a crippling attack in cyberspace.
As President George W. Bush explained in a recent strategy document, “In the past few years, threats in cyberspace have risen dramatically.” It’s easy to see why. Given the amorphous, open, and ever-expanding nature of cyberspace, it is extremely difficult territory to secure and defend; and given America’s primacy in traditional fields of conflict (on the ground, at sea, in the air, and in space), cyberspace is increasingly where America’s enemies pick their fights. “Ironically, we have destroyed the war we do best,” Michael Vlahos of the Joint Warfare Analysis Department at Johns Hopkins University concludes. “No one can hope to win fighting our kind of war, so they will make war they can win.” Cyberwar may be such a war.
According to the Congressional Research Service, the Pentagon’s computer systems are attacked thousands of times each year. Some of the attacks are akin to a gnat biting an elephant, but some are more serious. In 1994, for example, the Rome Laboratory, a key node of U.S. Air Force researchers and computer specialists, was victimized by one hundred fifty separate cyber-attacks. After tearing through the Air Force system, the cyberterrorist (a sixteen-year-old Briton) also targeted NATO headquarters and Wright-Patterson Air Force Base. In 1998, a group of computer hackers in California and Israel attacked a number of computer networks at U.S. Air Force bases, universities, and businesses. A 1998 report found that hackers had made two hundred separate attempts to break into the computer systems at key U.S. nuclear labs. As late as April 1999, the cybersecurity situation was so grave that then-Secretary of Energy Bill Richardson ordered a systemwide shutdown for two weeks.
During the U.S.-led NATO operation against Bosnian-Serb forces in 1995, the Serbs used computer systems to research the backgrounds of U.S. pilots and then threaten their families. Four years later, during the air war over Kosovo and Serbia proper, teams of Chinese and Serbian hackers attacked cybertargets of opportunity in the West. The Chinese hacked into websites run by the Departments of Energy and Interior. They defaced and effectively hijacked the sites, forcing the White House and other government sites to shut down out of self-protection. Other attacks came in the form of countless emails sent to slow down and overload government servers.
The cyberbattle was not one-sided, of course. Independent Dutch and American hackers fired back early and often, and the U.S. military employed information warfare tactics against Belgrade throughout the war. For example, as MSNBC reported in 2001, a special U.S.-U.K. unit used email and computer systems to conduct psychological operations against Slobodan Milosevic’s generals and friends, who had been enriched—and would eventually be impoverished or killed—as a result of their close association with the Serbian dictator. (Similar efforts were made during the Iraq war.) However, no network-killing viruses were let loose against Milosevic, prompting former NATO Commander Wes Clark to dismiss the allied cyber-salvos as little more than “harassment.”
Nonetheless, this blending of cyberwar tactics into traditional war fighting will continue, and, like other military innovations, it promises to become more effective as technology and tactics improve. China, for example, is fielding a force of “shock computer troops” to wage war in cyberspace. Known as the “Net Force,” the unit of computer programmers has conducted annual training exercises since 1997. Some computer and defense experts have warned that China is training the force to serve as the vanguard of a conventional attack on Taiwan.
China is not alone in this. More than twenty nations have information-warfare capabilities, among them some of America’s most bitter enemies—Cuba, North Korea, Libya, Iran, and Syria. The Indian government, for example, blames Pakistani intelligence agents for hacking into the Indian army’s main website and effectively holding it hostage ahead of talks in 1998. According to Lt. Col. Timothy Thomas of the Army’s Foreign Military Studies Office, the Palestinian terrorist group Hezbollah has plans in place to cripple Israeli government, military, and financial networks with cyberattacks. The strategy includes attacks on e-commerce, Internet Service Providers, and the Israeli stock exchange with the intent of paralyzing Israel’s technology-dependent society.
Nation-states, however, are neither the sole targets nor the sole practitioners of cyberwarfare. The “White Hat” computer virus, for example, devastated the Air Canada computer system in the summer of 2003. In another incident, a manmade computer “worm” chewed through Lockheed Martin’s system, forcing the defense giant to shut down parts of its network in August 2003. Exactly a week after the September 11 terrorist attacks on Manhattan and Washington, the Nimda virus used the Internet to skip across the world’s interconnected web of computer networks, leaving in its wake billions of dollars in damaged systems and corrupted computers. Although the Nimda attack was overshadowed by the attacks on the Pentagon and World Trade towers, Thomas notes that cybersecurity experts call it September 11’s cyberspace equivalent. “Nimda’s creator,” Thomas adds ominously, “has never been identified.”
Together, the disparate groups, governments, and individuals that create and launch these invisible weapons are taking the postmodern warfare we witnessed firsthand on September 11 to a new level: The enemy is no longer just stateless—he is nameless, faceless, and place-less. The enemy is not just transnational—he is non-national, living and hiding and attacking in a world where there are no borders. The enemy is no longer virtually invisible—he is, well, virtual.
That is one reason why critics of cyber-preparedness argue that a war waged in cyberspace, with bytes and streams of code rather than bullets and bombs, can’t really hurt us, since we live in a world of tangible elements—land and sea, flesh and blood.
One doesn’t have to be a Matrix fanatic to recognize that vast stretches of “the real world” are controlled by the invisible world of cyberspace. Water-pumping and purification stations, electrical utilities, hospitals, banks, and airports simply cannot function today without computer networks. Winn Schwartau, an expert on information security and infrastructure protection, has noted that cyberterrorists have successfully attacked and disabled all of these types of network-dependent targets in recent years.
Americans are steadily coming to grips with this reality. Since 1999, for example, the Pentagon has assigned cyberwar preparedness to a four-star general. In 2003, President Bush ordered U.S. military planners to develop guidelines for the use of cyberweapons by U.S. forces; the Department of Defense invested 28 percent more than in 2002 on programs aimed at attacking enemies’ information-warfare capabilities and defending our own; and Pentagon spending on programs to manipulate and master information technology of all kinds jumped by 125 percent.
On the offensive front, the Pentagon’s new Joint Task Force on Computer Network Operations has begun helping U.S. military forces incorporate cyberweapons into traditional war fighting. On the defensive side, the Department of Defense is updating all of its new Internet-related equipment and software to meet the latest Internet security protocols. The Pentagon’s entire fleet of computers and networks will be switched over to the new protocols within four years.
Also in 2003, Bush approved the aforementioned strategy to secure the civilian stretches of cyberspace. “The cornerstone of America’s cyberspace security strategy,” according to Bush, “is and will remain a public-private partnership. . . . Only by acting together can we build a more secure future in cyberspace.” I observed one such effort firsthand while writing this article. After clicking onto the White House website to download and read the president’s National Strategy to Secure Cyberspace, the Microsoft software grafted onto my PC’s hard drive stopped me dead in my cyber-tracks and warned me to think twice before going any further: Some files can contain viruses or otherwise be harmful to your computer, the message reminded me. It is important to be certain this file is from a trustworthy source. (Whether or not the White House is a trustworthy source is a subject for another essay, but since I am of the opinion that it is, I took the risk and downloaded the document.)
This is just one small example of cross-sector cooperation in preventing, slowing, and if necessary, tracking and monitoring the spread of cyber-viruses and cyberattacks. There are many others we never see.
For instance, the White House is calling on industry leaders to improve computer training, enhance technology safeguards, identify and remove vulnerabilities (hence, the endless flow of “patches” and automatic updates), and cooperate with one another on cybersecurity. At the same time, government agencies such as the Department of Homeland Security are developing redundancies, conducting cyber-drills, building cyberwarning systems, hardening government computer networks, and developing recovery plans in the event of the unthinkable— a virtual attack that would have crippling real-world consequences.
As Mr. Kahn put it in an earlier age of terror, “We must appreciate these possibilities. We cannot wish them away.”
Alan W. Dowd is a senior fellow at the Sagamore Institute for Policy Research. He is a frequent contributor to The World & I, The American Enterprise, National Review Online, and The American Legion Magazine, where he publishes policy commentaries and a monthly column covering national security and military issues.
Home | Learn About Hudson | Hudson Scholars | Find an Expert | Support Hudson | Contact Information | Site Map
Policy Centers | Research Areas | Publications & Op-Eds | Hudson Bookstore
Hudson Institute, Inc. 1015 15th Street, N.W. 6th Floor Washington, DC 20005
Phone: 202.974.2400 Fax: 202.974.2410 Email the Webmaster
© Copyright 2013 Hudson Institute, Inc.