This Week at War: COIN.com

Pentagon planners are dusting off the Cold War deterrence playbook to plan for cyberattacks, but Iraq and Afghanistan would be better models.

BY ROBERT HADDICK | JUNE 3, 2011

The Pentagon's cyberwarfare doctrine begins to emerge

This week, the Wall Street Journal revealed that Pentagon strategists are completing a document that outlines the government's cyberwarfare strategy. The Pentagon is expected to publish an unclassified version next month. According to the Journal, Pentagon strategists are prepared to declare that a sufficiently damaging cyberattack against the United States could be viewed as an "act of war," warranting equivalent retaliation. And that retaliation would not necessarily be a U.S. cyber-counterstrike. As one official put it, "If you shut down our power grid, maybe we will put a missile down one of your smokestacks." It is good that the government is finally establishing a doctrine for dealing with cyberwarfare. But strategists still must grapple with a challenging form of warfare that combines elements of Cold War-era deterrence theory and modern counterinsurgency doctrine.

According to the Washington Post, the Pentagon has developed a list of cyberweapons, including various worms and viruses, for use either in support of an existing military campaign or for use, with presidential approval, at the strategic level. According to the emerging doctrine, U.S. military commanders in existing war zones would have the authority to use cyberweapons to collect intelligence from adversary networks and support tactical operations in a broader military campaign. At the strategic level, presidential approval would be required for attacks against an adversary's industrial infrastructure like the Stuxnet worm against Iran's nuclear complex.

It is not so simple to find a neat divide between strategic cyberattacks requiring presidential approval and tactical attacks delegated to field commanders. The doctrine appears to reserve to the president the decision to attack portions of an adversary's civilian infrastructure. But in an ongoing military campaign, adversary military forces will use portions of the civilian infrastructure -- for example, the telecommunications system -- for tactical military purposes. This will certainly be true if the adversary is a nonstate actor. A local commander's tactical use of cyberweapons could have wider strategic effects. As with all doctrine, the emerging cyberwarfare doctrine will undergo many changes after decision-makers encounter practical experience.

The Journal article highlighted the threat to use traditional military power in retaliation for a cyberattack that cripples U.S. infrastructure. Reserving the right to expand the boundaries of retaliation should not come as a surprise. Earlier this year, Gregory Schulte, deputy assistant secretary of defense for space policy, discussed a similar retaliatory policy when he rolled out the National Security Space Strategy. As I discussed in a column at that time, that strategy seeks to use diplomacy and soft power to protect U.S. assets and interests in space. But if it became necessary, Schulte asserted a broad retaliatory policy to deter attacks on U.S. space interests. The emerging cyberwarfare doctrine appears to follow the same principle.

Announcing such a policy is one thing. Implementing it in a crisis won't be easy, as Cold War policymakers discovered to their discomfort. Recently, anonymous hackers attempted to penetrate Lockheed Martin's networks and apparently did succeed in cracking into Google's Gmail service. Having caused no deaths or widespread economic calamity, such attacks wouldn't seem to rise to the level requiring the kind of punitive retaliation discussed in the Wall Street Journal piece.

But these incidents expose some of the dilemmas cyberwarfare strategists will face. Who exactly were the attackers? The problem of attribution remains unsolved, at least to the degree necessary to convince world opinion that punitive and deadly U.S. retaliation would be legally and morally justified. The emerging U.S. cyberwarfare doctrine will presumably seek to hold governments responsible for the cyberattacks that originate from their territory. Such a policy is designed to elicit cooperative behavior from governments. But it creates opportunities for mischief by nonstate actors and will set up an agonizing test of the U.S. government's retaliatory credibility.

Policymakers are tempted to view cyber warfare through the lens of deterrence theory. But as long as the attackers remain anonymous, cyberwarfare more closely resembles counterinsurgency -- a form of warfare where the U.S. government is still struggling to crack the code.

JEWEL SAMAD/AFP/Getty Images

 SUBJECTS:
 

Robert Haddick is managing editor of Small Wars Journal.

WILLIAMHO

11:00 PM ET

June 3, 2011

none

seems to me that the cyber terorists are the nsa, mi6, google, cia, and hbgary

 

MORPHEYOUS

4:28 AM ET

June 4, 2011

Well its about time

Cyber war, what a concept, but totally plausible given that the whole world is run on computers. You only need to see the latest movies to get the gist of how terrible it would be.

I am surprised that America has yet to deal with a major threat like that already.
Script Kiddies and Hackers are everywhere, surely some well funded group of terrorists could quite easy razz up some Hackers and cause some substantial damage to the USA being able to operate.

Should someone throw the first cyber punch, how could and should we respond, does someone have to run down to the bottom of the silo and pull one of those huge switches like you see in the old Frankenstein movies.

I don't think I would like to be the president on this one - a cold war perhaps in the making...

 

CQIANQIAN

4:31 AM ET

June 4, 2011

War of world

Unfortunately, as any water sports enthusiast would tell you, wearing sunglasses while reveling in one’s favorite sport can be a bit of a hassle.
Dirty Dog Wet Sunglasses come equipped with the latest optical technology called Hydrophobic coating which allows the lens to repel water.
sunglasses

 

ABLITZ

5:50 AM ET

June 5, 2011

Cyber Terrorists?

The front page states "Why Missiles Won't Scare Cyber Terrorists", yet this article has nothing to do with terrorism.

Cyber Terrorism exists in theory only. And by most accounts terrorist groups are at least a decade away from having the capabilities to cause physical damage through digital means (re: cyber terrorism).

Penetrating networks for information is espionage not terrorism and was probably performed by a state or a state sponsored entity. Either the author is missing the point of this doctrine or FP editor's didn't both to read the blog before posting a title. This isn't about terrorism its about warfare and espionage most likely coming from states or state sponsored groups

 

GREGORY M

1:30 PM ET

June 5, 2011

Cyber Warfare Is Highly Underestimated

I think that cyber warfare is definitely highly underestimated and may be fishing getting just a little bit of the attention that it deserves.

Nowadays with theinternet, so much more is possible. This includes the ability to break into "secure" databases without leaving a single trace. There are hackers out there that can hack into USA army, CIA, NSA, FBI and other secure databases that have highly confidential information.

They can steal this information and then erase all tracks of who they are and what they even saw. The worldwide brands of information today is one of computers and Internet based - and we need to be aware of the clear and present dangers that are around with information technology. And that does not even include the damage that worms and viruses can do to our computer data bases.

Information is just so prevalent on computers today that I think we all need to be more aware of cyber warfare and technology. The USA and our wealthyaffiliates, or other wealthy countries spend so much on physical war - I think we need to spend a little more on cyber warfare and realize just how dangerous that this can be unfortunately.

With a world that is basically dependent on computers and information technology I think it's essential that we start spending more money and attention on this issue.

And hopefully we do that before it's too late!

 

LORRINE156

7:08 AM ET

July 2, 2011

This Week at War: COIN.com

Pentagon planners are dusting off the Cold War deterrence playbook to plan for cyberattacks, but Iraq and Afghanistan would be better models. Cyber war, what a concept, but totally plausible given that the whole world is run on computers. You only need to see the latest movies to get the gist of how terrible it would be. I am surprised that America has yet to deal with a major threat like that already. Script Kiddies and Hackers are everywhere, surely some well funded group of terrorists could quite easy razz up some Hackers and cause s pest exterminator Unfortunately, as any water sports enthusiast would tell you, wearing sunglasses while reveling in one’s favorite sport can be a bit of a hassle. Dirty Dog Wet Sunglasses come equipped with the latest optical technology called Hydrophobic coating which allows the lens to repel water. sunglasses.