Recommendations on Cyber Threats and Warfare - Part 2

Central Organization in the DoD to Fight Cyberwarfare

Recommendation No. 3. There must be a clear central organization in the DoD that is trained and equipped to fight cyberwarfare and respond to large-scale foreign attacks by governments, terrorists, and extremists.

The Threat. Malicious e-mail and other cyber attacks on Tibet advocacy groups in the United States are linked to Internet servers used in past hacker intrusions that U.S. law enforcement traced to China.  Based on publicly available data, the link is the first direct evidence that the recently intensified attacks against the Tibet groups were launched from China.  These attacks were reported by United Press International in March 2008.  However, it is unclear whether or to what extent the Chinese government or military were involved (Waterman, 2008).  With this threat, the United States must establish a clear, central organization in the DoD to fight a cyber war.  The ensuing paragraphs indicate that various organizations in the United States are attempting to do just that.

Air Force Cyber Command.  With U.S. civil and military officials increasingly concerned about cyber attacks against American networks, the USAF is planning to establish what will probably be the largest and most comprehensive military organization to defend against cyber attack.  Additionally, unlike the apparent efforts of the other U.S. military services in this field, the Air Force will conduct offensive cyberwarfare (Polmar, 2008).

The massive Air Force effort will pull together existing cyber-related units and establish new ones, all under the Air Force Cyber Command – AFCYBER in milspeak – and its operating arm, the 24th Air Force.  According to Major General William T. Lord, the provisional commander of AFCYBER, the command and 24th Air Force will achieve “initial operational capability” on 1 October 2008.  However, many components of the command are already operational (Polmar, 2008).  But October 6, 2008, the Air Force announced that the command would not be brought into permanent activation, and that that the cyber mission would be transferred, with the standup of the 24^thAir Force, to Air Force Space Command (Anonymous, 2008).

On May 14, 2009, the Air Force announced that Lackland AFB in San Antonio, Texas, “has been selected as headquarters of the 24^thAir Force, the Air Force’s downgraded version of its provisional Cyber Command.”  However, it was also reported that “continued separate armed services cyber operations exist under a cloud of uncertainty…in light of recent reports that Secretary of Defense Robert Gates is considering creation of a multi-service Cyber Command to be based at Fort Meade, Maryland” (Wikipedia, 2010).

Federal Bureau of Investigation (FBI). In the summer of 2007, the FBI quietly established a task force involving U.S. intelligence and other agencies to identify and respond to cyber-threats against the United States.  Called the National Cyber Investigative Joint Task Force, the group has “several dozen” personnel working together at an undisclosed location in the Washington area, said Shawn Henry, the FBI’s deputy assistant director of its cyber-division.  The task force looks at “all cyber-threats,” he said, but is focused on “organizations that are targeting U.S. infrastructure” (Waterman, 2008).

Homeland Security Department (HSD). The HSD has launched an overhaul of the government’s computer security efforts “almost … like a Manhattan Project” in response to concerns that the nation’s Internet system is vulnerable to hackers and online terrorists, former Secretary Michael Chertoff said on April 8, 2008.  “The time has come to take a quantum leap forward, to really engage in what I’d call a game-changer in how we deal with (cyber) attacks,” Chertoff said (Keefe, 2008).

Cyber Defense Post to Entrepreneur. The Bush administration had tapped a Silicon Valley entrepreneur to head a new inter-agency group charged with coordinating the federal government’s efforts to protect its computer networks from organized cyber attacks.  The White House selected Rod A. Beckstrom as a top-level adviser based in the DHS.  Beckstrom is an author and entrepreneur best known for starting Twiki.net, a company that provides collaboration software for businesses.  Beckstrom had reported directly to DHS Secretary Michael Chertoff (Krebs, 2008).  Under the Obama administration, Beckstrom resigned to DHS Secretary Janet Napolitano on March 13, 2009.

Beckstrom’s candidacy was backed chiefly by top brass at the DoD and the NSA.  However, Beckstrom’s appointment raised a number of questions.  James Lewis, director of technology and public policy for the Center for Strategic and International Studies, noted that DHS only recently had appointed Greg Garcia as assistant secretary for cyber security and telecommunications.  Garcia is former head of the Information Technology Association of America. Lawmakers on Capitol Hill, who believed DHS was not placing a strong enough emphasis on cyber, fought for and won this position through tireless lobbying (Krebs, 2008).

Garcia, in turn, answers to Robert D. Jamison, who serves as Under Secretary for National Protection and Programs Directorate.  When asked at a press briefing about a simulated cyber attack against the United States who would lead the government’s response in the event of a sustained cyber attack on the federal government, Jamison said that duty would fall to him (Krebs, 2008).  Obviously, U.S. cyber security was an organizational mess.

Department of Cyber Defense. From the previous paragraphs, it is apparent that no coordinated approach exists to establish a central organization in the DoD to fight a cyber war.  This is why this recommendation is a most important one in dealing with cyber threats and warfare.  To be successful, we must create a single, strong, focused organization to execute decisive, successful cyberwarfare.  Kevin Coleman (2007) wrote that a Department of Cyber Defense is an organization whose time has come.  He suggested that the United States create and empower an organization to work with business, industry, and government agencies in a collaborative manner that allows for the defense of information assets owned by or operating within the United States.  This organization should be responsible for coordinating defensive capacity across business, industry, and government.  In addition, they would coordinate offensive capabilities across the multiple organizations within the DoD (Coleman, 2007).

A Clear Response Doctrine

Recommendation No. 4. The U.S. government needs to develop a clear response doctrine.

This is a most important recommendation because even if we possess the will to take the offensive, own the tools of warfare, and maintain a focused central organization, we must have a clear response doctrine.  We must maintain the goals/objectives, strategies/tactics, plans of action, and guiding principles for winning a cyber war.

National Strategy to Secure Cyberspace. Our National Strategy to Secure Cyberspace is part of our overall effort to protect the United States.  It is an implementing component of the National Strategy for Homeland Security and is complemented by a National Strategy for the Physical Protection of Critical Infrastructures and Key Assets.  The purpose of this document is to engage and empower Americans to secure the portions of cyberspace that they own, operate, control, or with which they interact.  Securing cyberspace is a difficult strategic challenge that requires coordinated and focused effort from our entire society – the federal government, state and local governments, the private sector, and the American people (Anonymous, 2003).

Consistent with the National Strategy for Homeland Security, the strategic objectives of this National Strategy to Secure Cyberspace are to (Anonymous, 2003):

• Prevent cyber attacks against America’s critical infrastructures (CIs)
• Reduce national vulnerability to cyber attacks
• Minimize damage and recovery time from cyber attacks that do occur

The National Strategy to Secure Cyberspace identifies eight major actions and initiatives for cyberspace security response (Anonymous, 2003):

1. Establish a public-private architecture for responding to national-level cyber incidents
2. Provide for the development of tactical and strategic analysis of cyber attacks and vulnerability assessments
3. Encourage the development of a private sector capability to share a synoptic view of the health of cyberspace
4. Expand the Cyber Warning and Information Network to support the role of DHS in coordinating crisis management for cyberspace security
5. Improve national incident management
6. Coordinate processes for voluntary participation in the development of national public-private continuity and contingency plans
7. Exercise cyber security continuity plans for federal systems
8. Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities

National Strategy Needs More Clarity. The National Strategy to Secure Cyberspace states that the private sector now has a crucial role in protecting national security because it largely runs the nation’s CIs.  Tightly coupling business and industry into the cyber war defense strategy is arguably the most critical component.  It represents the one area that the government has the worst track record, which must be improved.  In addition, if we are to protect our nation, the National Strategy to Secure Cyberspace must contain language that requires by law that business, industry, and government adopt a set of minimal cyber security measures to protect our nation’s information assets (Coleman, 2007).

2006 National Military Strategy for Cyberspace Operations (NMSCO).  Cyberspace is also not confined only to the Internet.  A presentation by Dr. Lani Kass titled “Cyberspace: A Warfighting Domain” cites the classified NMSCO defines cyberspace as a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.  The NMSCO also states that as a war-fighting domain … cyberspace favors the offense.  Offensive capabilities in cyberspace offer both the United States and our adversaries an opportunity to gain and maintain the initiative (Kass, 2006).

Right to Respond Unilaterally

Recommendation No. 5.  The United States should reserve the right to respond unilaterally to attacks against its infrastructure.

To close out our five most important recommendations, for our survival, we must always reserve the right to respond unilaterally to attacks against our CIs.  This recommendation is extremely important for our survival as a country.  Whatever it takes to vanquish those who chose to attack our CIs, we must do first or subject ourselves to annihilation or bondage.

The Precedence Has Been Set. Former President Bush said that terrorism cells in countries that make up close to one-third of the globe must be actively sought and dismantled.  “We must take that battle to the enemy, disrupt his plans, and confront the worst threats before they emerge,” he said, adding that Americans must be “ready for pre-emptive action when necessary to defend our liberty and to defend our lives.”  He further said, “In the world we have entered, the only path to safety is the path of action.  And this nation will act.”  President Bush took the Global War on Terrorism (GWOT) to Iraq in a preemptive first strike on Saddam Hussein’s regime.  That set the precedence for a first strike cyber attack on any country (such as Russia and China) bent on cyberwarfare (Doran, 2002).

Offensive Strategies to Attack Enemy Cyber Assets. The Pentagon’s network warriors have traditionally focused on defense.  Not anymore.  There’s been a “radical change in U.S. policy when it comes to its cyber war-fighting stance,” according to Inside the Air Force.  [Just] a few months back, Pentagon officials were saying that “the military had no plans to shift its cyberwarfare focus from a defensive mindset to an offensive one.” But now that the Air Force has declared themselves the service in charge of all things electronic, “high-ranking service officials say they are developing offensive strategies to attack enemies’ cyber assets” (Shachtman, 2007).

Cyber Favors the Offense. “Cyber, as a warfighting domain … like air, favors the offense,” said Lani Kass, director of the Air Force’s Cyberspace Task Force, while presenting the elements of the NMSCO in September 2007.  This is the first time the Air Force formally acknowledged it has plans to take an offensive approach to cyberwarfare.  The first battle of the next war will be fought and won in the cyberspace arena, she insisted (Reed, 2007).

China’s First-strike Capabilities. China’s military has developed cyberwarfare first-strike capabilities that include units charged with developing viruses to attack enemy computer networks, a DoD report warned in May 2007.  “The PLA [People’s Liberation Army] has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks,” the Pentagon’s annual report to Congress on China’s military power said.  “In 2005, the PLA began to incorporate offensive CNO [computer network operations] into its exercises, primarily in first strikes against enemy networks” (Keizer, 2007).

Conclusion

One thing is for sure: success in future conflicts will depend less on bombs and bullets and more on bits and bytes (Coleman, 2007).  In the end, the cyber threat is revolutionary, officials said, because it has no battle lines, the intelligence is intangible, and attacks come without warning leaving no time to prepare defenses.  Education and training of computer users, not enforcement, are the most effective defense measures, officials said (Rogin, 2007).

If our enemies conduct a cyber war against us, we must be prepared to defend ourselves and also be capable of taking the offensive.  The best defense is a good offense.  Little is known about the precise nature of Washington’s offensive capabilities.  State-sponsored or group-sponsored attacks against our information systems using computer viruses and other techniques should be considered an act of war.  Tightly coupling business and industry into the cyber war defense strategy is arguably the most critical component.  It represents the one area that the government has the worst track record, which must be improved.  As a war-fighting domain, cyberspace favors the offense.  The first battle of the next war will be fought and won in the cyberspace arena.

References

Anonymous (2003, February). The National Strategy to Secure Cyberspace. Washington, DC: The White House.

Anonymous (2008, October 7). Air Force senior leaders take up key decisions. Air Force Link. United States Air Force. Retrieved from http://www.af.mil/news/story.asp?id=123118700.

Coleman, K. (2007, November). Department of Cyber Defense: An organization whose time has come! The Technolytics Institute, 7 pp.

Doran, J. (2002, June 3). Terror war must target 60 nations, says Bush. Times Online. Retrieved from http://mprofaca.cro.net/crimorder.html.

Kass, L. (2006, September 26). Cyberspace: A warfighting domain. AF Cyberspace Task Force PowerPoint presentation charts.

Keefe, B. (2008, April 8). Government trying to improve internet security. Cox News Service. Retrieved from http://homelandsecurity.osu.edu/focusareas/cyberterrorism.html.

Keizer, G. (2007, May 29). China makes viruses for cyberwar first-strike. Computerworld.com. Retrieved from http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9021663.

Krebs, B. (2008, March 19). White House taps tech entrepreneur for cyber defense post. Washingtonpost.com. Retrieved from http://homelandsecurity.osu.edu/focusareas/cyberterrorism.html.

Polmar, N. (2008, March 25). Cyber defense – and attack. Military.com. Retrieved from http://www.military.com/forums/0,15240,164702,00.html.

Reed, J. (2007, October 5). As effort ramps up …: Officials announce Cyber Command will take an offensive posture. Inside the Air Force. Retrieved from http://integrator.hanscom.af.mil/2007/October/10112007/10112007-14.htm.

Rogin, J. (2007, February 13). Cyber officials: Chinese hackers attack ‘anything and everything.’ FCW.com. Retrieved from http://www.fcw.com/online/news/97658-1.html?type=pf.

Shachtman, N. (2007, October 9). Air Force readying cyber strikes. Wired.com. Retrieved from http://blog.wired.com/defense/2007/10/also-nsa-target.html.

Waterman, S. (2008, March 24). Cyber-attacks on Tibet groups tied to China. The Washington Times. Retrieved from http://homelandsecurity.osu.edu/focusareas/cyberterrorism.html.

Waterman, S. (2008, April 21). FBI organizes defense against cyber-attacks. The Washington Times. Retrieved from http://homelandsecurity.osu.edu/focusareas/cyberterrorism.html.

###