A recent report by a task force of the Defense Science Board on cyberconflict makes clear that all is not well in preparing for this new domain of warfare.
The U.S. military often uses “red” teams to challenge established “blue” teams in exercises. According to the report, small red teams, with only a short amount of time and using tools downloaded from the Internet, have been able to “significantly” disrupt blue team military operations. The task force said, “If this level of damage can be done by a few smart people, in a few days, using tools available to everyone, imagine what a determined, sophisticated adversary with large amounts of people, time, and money could do.”
In another part of the report, the task force hints that U.S. nuclear weapons, hardened to survive an atomic blast in the Cold War, may not be ready to survive a cyber-onslaught.
What would cyberwar be like? Potentially, “hundreds” of simultaneous, synchronized offensive and defensive cyber operations would be needed, and yet the task force found the U.S. military is not ready. In a recommendation that underscores the larger direction of U.S. policy, the task force declared, “time is of the essence in developing a broader offensive cyber capability.”
But the task force offered an important caution: In the past, on nuclear weapons, counterterrorism, counterinsurgency and all manner of conventional military missions, we’ve had decades of policy debate. “In contrast,” they said, “relatively little has been documented or extensively debated concerning offensive cyber operations.”
This is a worrisome facet of how the United States is entering the age of cyberconflict. President Barack Obama has signed off on a new doctrine, but it remains classified. There’s a new national intelligence estimate of cyber-espionage and its economic costs, but it remains under wraps. That secrecy is necessary for specific operations, but the public needs an informed, robust debate about policy in this expanding realm.
The Washington Post (March 12)