On the Cyberwar Path

Will the next major hack attack be casus belli for a traditional act of war?

• By Ronnie Rittenberry
• Sep 01, 2011

If, like me, you’re geeky enough to still recall certain scenes from 1983’s “WarGames” (and right now I can still pretty clearly see Barry Corbin as the general saying to Dabney Coleman’s character, “After very careful consideration, sir, I’ve come to the conclusion that your new defense system sucks”), then the news permeating the summer about the Pentagon publishing (in part) its first formal cyberwar strategy probably was no big surprise. In fact, the only eye-opening part might have been that prior to this summer it didn’t already have one.

It’s no secret that cyber attacks against U.S. networks have been on the rise the past few years, and most experts agree that the next major conflict will involve a cyber element. We’re not talking about some lone loser hacking into a department store’s system to steal credit card numbers, though those incidents are clearly on the rise, too. Rather, we’re talking about hacking on a grand, international scale—hacking designed to bring down electrical grids, halt transportation systems, stymie stock markets and otherwise bring a nation to its knees. We’re talking espionage, sabotage and terrorism.

Cyberwarfare has been called the new domain in warfare—the fifth domain, alongside those of land, sea, air and space. Anyone who does not recognize it as such has not given the matter enough thought, has not considered how deeply dependent our lives now are on computer networks and communication links in general, nor what a breach or break in those links could mean. From our power sources and food processing procedures to our banking transactions, weapons production and more—all is on the grid and thus subject to risk.

Rules of Engagement
In June, the news came out that President Obama had, sometime in May, signed executive orders outlining global ground rules for U.S. military commanders in carrying out cyber attacks against other countries. In addition to spelling out the conditions under which the U.S. military can respond to a cyber attack by blocking cyber intrusions and taking down servers in other countries, the guidelines allow the military to transmit computer code to another country’s network to test the route and make sure connections work in preparation for an actual assault.

In the wake of this news, security experts came out of the woodwork, and many of them were scratching their heads. Kenneth Wisnefski, founder and CEO of Internet security firm WebiMax, for example, appeared on FOX News in June and said he found the new White House orders “curious” at best and “counterproductive” at worst.

“I find it hard to believe that there are rules of engagement to really put in place for this,” he said. “If you’re interested in doing some type of cyber attack, I think part of it would be to not announce it. It gives somebody time to prepare for it, much like any type of military strike would.

“The interesting point that I thought about when this all came into play is that the face of warfare, if you will, has really changed from the iconic images you saw during World War II and Vietnam to potentially [now] someone in a dark room with a soda next to him typing away at his computer. So it’s really changed just the mindset and maybe the mentality of what really is going to take place moving forward.”

The China Syndrome
Enemies in cyberspace could certainly include a “lone gunman” with a soda in a dark room, but the Pentagon’s strategy seems much more focused on the concerted efforts of adversarial nation-states interested in harming U.S. national interests. Chief among those adversaries is China, with Russia and Iran racing to catch up.

Though Chinese officials deny involvement, China is widely thought to be behind the cyber attacks earlier this year at Lockheed Martin, Northrop Grumman, and other U.S. government contractors. China is also the top suspect in a phishing attack against Gmail accounts Google announced in early June. Former U.S. national security official Richard Clarke says such actions are part of the “daily guerrilla cyberwar” between the two countries that has been going on for years.

“Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations,” Clarke wrote in a June 15 op-ed piece for the Wall Street Journal. “Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledgebased economies, Chinese cyberoperations are eroding America’s advantage.”

What’s more, Clarke wrote, the U.S. government “has no strategy to stop the Chinese cyberassault.”

If that was true at the time Clarke wrote the piece, it was less true a month later, when, in mid-July, the Pentagon unveiled its cyber plan—or, in any case, the unclassified version of it. That version is a discussion in general terms of the strategy, calling for partnerships with other U.S. government departments and the private sector while also building relationships with U.S. allies and international partners to “leverage U.S. expertise through promotion of a cyber workforce and technological innovation.”

The unclassified version of the document does not make clear when a cyber attack would trigger a conventional military response—or if, in other words, when a country tries to infiltrate U.S. infrastructure, the U.S. military has clearance to put a missile down the smokestacks of the perpetrator, as one Pentagon official allegedly said would be the case. But in releasing the strategy, Deputy Defense Secretary William Lynn said, “The United States reserves the right, under the laws of armed conflict, to respond to serious cyber attacks with a proportional and justified military response at the time and place of its choosing.”

Not surprisingly, China, for its part, is telling its citizenry that the United States is the leading aggressor on the cyberspace battleground. “The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak,” the Chinese military wrote in its official newspaper, Liberation Army Daily. “Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army.”

In the face of such rhetoric, it’s hard not to think the winds of cyberwar are swirling. It also makes one hope our leaders are devoting enough focus and forces to maintain a virtual firewall that is in all ways more effective than the actual fence they’re maintaining on the U.S.-Mexico border.

This article originally appeared in the September 2011 issue of Security Today.