Small Wars

This Week at War: Waiting for the Cyberbarbarians

If cyberwar is such a threat, why is the Pentagon doing so little to prepare for it?

Cyberwarfare unleashes confusion on Washington

Last month, while reviewing his career a few days before retirement, former Joint Chiefs Chairman Adm. Mike Mullen discussed what he sees are the two "existential" threats facing the United States. After nuclear weapons, Mullen listed cyberattacks, which, he said, "actually can bring us to our knees." During the Cold War, the United States developed an elaborate deterrence doctrine, backed up by an enormous investment in strategic nuclear weapons. Asked about similar preparation for the cyber threat, Mullen said, "We're a long way from that right now." This week, Air Force Gen. C. Robert Kelher, commander of Strategic Command, the command responsible for the Pentagon's cyber operations, said there still needs to be "a full conversation" about doctrine, rules of engagement, and legal issues regarding the Pentagon's responses to cyberattacks.

While policymakers in Washington converse, a new computer worm called Duqu arrived in Europe. Duqu, apparently a derivative of the Stuxnet worm that briefly crippled Iran's uranium enrichment plant at Natanz, has been quietly gathering intelligence data and documentation on certain industrial control systems. Stuxnet set back Iran's nuclear program by delivering false instructions to the industrial control system at Natanz. Duqu, termed "extremely sophisticated" by the computer security firm Symantec, seems to be performing reconnaissance for a future attack on a discrete industrial control system.

If, as Mullen asserted, a sophisticated cyber attack "can bring us to our knees," why does the U.S. government seem to have such difficulty formulating a doctrine to adequately address the threat? The Pentagon's official cyberstrategy, a brief and vague document unveiled in July, called for better cooperation and training, but apparently failed to give Kelher and his command the guidance and authorities he needed to establish a retaliatory doctrine and cyberwar rules of engagement.

Why is the Pentagon struggling to make progress on an issue that Mullen, Kelher, and others view with such gravity? The simplest explanation may be that the obstacles to establishing deterrence and rules of engagement in cyberspace are formidable and continue to resist policymakers' attempts at a solution.

For example, this week the New York Times revealed that, last March, Obama administration officials considered, then rejected, a proposal to use cyberweapons to attack Libya's air defense system at the beginning of NATO's air campaign. One reason for rejecting this course of action was that the cyber-reconnaissance necessary to prepare the way for the attack would have taken too long while a government armored column was approaching Benghazi; U.S. Navy Tomahawk land-attack cruise missiles made much quicker work of Libya's air defense system.

But a more important argument against a cyberattack was the desire to avoid setting a precedent that other adversaries could later exploit against the United States. Similarly, the U.S. government considered hacking Osama bin Laden's bank accounts but refrained because officials feared that such an attack could cause investors to lose faith in the safeguards underpinning the global financial system. The common theme is that the United States, including its military forces, is among the heaviest users of computer networks and thus has the strongest incentive to avoid escalating combat in this domain.

Effective deterrence requires demonstrating a threatening capability that intimidates would-be adversaries. Nuclear weapons tests in the 1950s, not to mention the attacks on Hiroshima and Nagasaki, served this purpose for the United States and the Soviet Union during the Cold War. This week, Kelher hinted at his command's offensive cyberpower. But until demonstrated, it remains hypothetical and likely of little deterrent value, especially against anonymous non-state actors. And for the reasons stated above, such a demonstration seems unlikely.

The "full conversations" on doctrine and rules of engagement that Kelher are waiting for are not likely to occur any time soon. Wanting to avoid escalation in cyberspace, U.S. policymakers are forced into a reactive posture, war-gaming how they would respond to attacks and mitigate their consequences. The difficulty of the cyber issue is one more example of how irrelevant the lessons of the Cold War are to many current problems. Meanwhile Duqu is out there ... somewhere.

Rulers everywhere are studying Qaddafi's demise

Muammar al-Qaddafi's death marks the end of the first phase of Libya's revolution. The leaders of that revolution were united by the goal of toppling Qaddafi and his regime. With that task accomplished, it remains to be seen whether the task of bringing stable governance to Libya will also keep them united. Meanwhile, U.S. and European policymakers will make an assessment of what they learned from their intervention in Libya. But perhaps the most attentive students of Qaddafi's sudden demise will be other authoritarian rulers, who will want to avoid his bloody end.

U.S. Secretary of State Hillary Clinton made a surprise visit to Tripoli the day before Qaddafi was gunned down. Washington naturally wants to take advantage of the opportunity to establish positive relations with a country that was an international pariah during most of Qaddafi's time in power. Who and what the United States will ultimately be dealing with in Tripoli remains in flux; a senior U.S. government official traveling with Clinton noted that some of the militias that fought Qaddafi have not joined the transitional governing structure, such as it is.

Clinton was able to visit Libya's revolutionary leaders in a conquered Tripoli because of NATO's military assistance to the rebels. As I noted when Qaddafi's rule collapsed in August, the campaigns in Kosovo in 1999, Afghanistan in 2001, Iraq in 2003, and Libya in 2011 show that it takes surprisingly little military power to overthrow brittle authoritarian regimes. In three of those cases, air power plus special forces support to local rebels were eventually decisive. The effectiveness of this military model creates a tempting tool for U.S. policymakers.

But these cases also display the now well-known long-term costs that follow the overthrow of fragile dictatorships. For Libya, it is still too early to determine whether the United States and Europe even achieved their original objectives. NATO's intervention in March was sparked by an urgent need to prevent a humanitarian disaster as Qaddafi's armored column approached Benghazi. That particular incident was prevented and Brother Leader was eventually toppled. But Libya's revolutionary leaders now need to avoid an outbreak of tribal and factional fighting to prevent a different, but equally worrisome, humanitarian crisis.

NATO has yet to see whether its campaign in Libya has helped or hurt its security interests. Libya's vast warehouses of weapons, most notably those holding stocks of man-portable surface-to-air missiles which could threaten airliners, have been thoroughly looted. The U.S. government has hired contractors to attempt to repair these breaches, but likely much too late.

The policy alternative would have been to do nothing for the rebels and watch as Qaddafi crushed the rebellion, a course the West seems resigned to in Syria. The Obama administration and European leaders took a gamble that has produced short-term humanitarian benefits and the chance of a new start in Libya. That is something. But it is still early in the game.

Finally, what will other authoritarian leaders learn from Qaddafi's downfall? They will be well-advised to cultivate their relationships with China and Russia, countries which can protect them with vetos at the U.N. Security Council. It was surprising that China and Russia did not veto the Security Council resolution that authorized the Libyan intervention. By contrast, China and Russia quickly shot down in the Security Council a recent attempt to condemn the crackdown in Syria. China similarly protected Sri Lanka from any international interference when it crushed its Tamil rebellion, with awful consequences to the civilian Tamil population.

As the fighters closed in on him, Qaddafi may have lamented his decision in 2003 to turn over his nuclear weapons program to the United States. His chemical weapons stockpile was no deterrent to NATO intervention. But nuclear weapon states like North Korea seem to have achieved a protected status.

U.S. policymakers will have to live with the possibility that intervention in Libya may have enhanced the utility of nuclear weapons and the diplomatic positions of China and Russia. The other side of the ledger is the realization of how frail many authoritarian regimes really are. And how the United States may have a workable military model to use against these regimes if required.

Brendan Smialowski/Getty Images

Small Wars

This Week at War: Waiting for the First Punch

Why the U.S. won't pre-emptively attack Iran.

Why Washington is destined to take the first punch

Residents of Washington, D.C., may have been both disturbed and relieved to hear that U.S. law enforcement and intelligence officers this week skillfully foiled an alleged plot by Iran's Quds Force to blow up the Saudi Arabian ambassador to the United States while he dined in a local restaurant. Investigators were no doubt assisted by the plot's seeming ineptitude, which involved a used-car salesman from Texas and a paid informant in Mexico who posed as a drug gang member. Secretary of State Hillary Clinton summed up the conclusions many had reached about the bizarre story: "The idea that they would attempt to go to a Mexican drug cartel to solicit murder for hire to kill the Saudi ambassador? Nobody could make that up, right?"

Even so, the U.S. Justice Department did charge Gholam Shakuri, a member of the Quds Force, with a long list of conspiracy offenses and thus connected the Iranian government to the plot. Even though this particular bombing attempt seems amateurish, it should be little comfort that elements of the Iranian intelligence service now seem to have Washington in their cross hairs. Indeed, this week U.S. soldiers in Iraq were targets of the Quds Force; according to the New York Times, on Oct. 12 militants trained by the Quds Force wounded three U.S. troops in a rocket attack in southern Iraq. U.S. policymakers will now be under pressure to find ways to actively prevent or deter future attacks. However, a variety of barriers will prevent the Obama administration from taking any strong action against Iran, at least until a major attack actually succeeds. Washington will thus have to brace for the big first punch.

After the United States levied unilateral sanctions on four Quds Force officials this week, U.S. diplomats fanned out across the world to rally international support for deepening the sanctions against Iran. However, according to the New York Times, the ham-fisted nature of the plot is undercutting the U.S. plea for cooperation. In this case, the Quds Force may ironically be receiving protection from the incompetence it allegedly exhibited in this case -- the plot's seeming implausibility is causing the diplomats' pleas to fall on deaf ears. In addition, memories of the failure to find weapons of mass destruction in Iraq in 2003 apparently continue to weigh on the international audience that U.S. diplomats are struggling to persuade. Without an attack having actually occurred, with the plot seemingly out of character for the elite Quds Force, and with U.S. intelligence claims now suspect, U.S. diplomats seem unlikely to get cooperation on additional sanctions that would alter the behavior of Iranian policymakers.

What about military retaliation, such as a night of airstrikes against Quds Force targets inside Iran? The purpose would be to correct the impression seemingly held by policymakers in Iran that they don't risk consequences from a bomb attack on Washington. If, on the other hand, the Washington plot was engineered by midlevel "rogues" in the Quds Force, military retaliation would be a signal to top-level Iranian officials that they will be held responsible for their subordinates' actions. My FP colleague Will Inboden noted that in 1993 President Bill Clinton ordered the destruction of Iraq's intelligence headquarters after a failed attempt to assassinate former President George H.W. Bush. The message this time would be that Quds Force operations are no longer risk-free.

However, the Obama administration, with undoubtedly much support from the Pentagon brass, is in no mood right now to start another shooting war. Airstrikes on Quds Force targets would appear to the rest of the world as a severe overreaction to an inept bomb plot, with the aforementioned international skepticism of U.S. intelligence only adding to the doubt. Diplomatically, the United States would be on its back foot from the start. Air strikes were likely never a serious consideration inside the White House.

Pentagon planners will resist having to execute an air operation while they are in the midst of the final withdrawal from Iraq and attempting to manage a fragile situation in Afghanistan and Pakistan. They also know that a U.S. strike would not be the last move -- Iran's response to the attack would likely affect Saudi Arabia, Israel, Afghanistan, and others. If such an action has to occur, Pentagon planners likely prefer it to happen some other time and under more favorable logistical and diplomatic circumstances.

Deterrence doesn't seem to be working against Iran. Either Iran's top leaders don't fear U.S. retaliation, or they aren't in control of their subordinates -- neither explanation bodes well for deterrence theory. If the U.S. government hopes to dissuade a future Quds Force operation against Washington or some other important target, it will have to make some demonstration that will impress Iranian decision-makers. Until that happens, Washingtonians will have to brace and hope for the best.

Think you don't need boots on the ground? Think again.

In last week's column I discussed how corporate downsizing is coming to the Pentagon, with the Army and Marine Corps, the most labor-intensive of the services, likely to get the most cuts. But before Pentagon budget planners sharpen their red pencils, they will want to read "U.S. Ground Force Capabilities Through 2020," a new report from the Center for Strategic and International Studies (CSIS). Lead author Nathan Freier, a senior fellow at CSIS and a retired Army officer, led a large team that prepared a detailed analysis of what U.S. ground forces should be ready for during the remainder of this decade. Freier's report bucks today's conventional wisdom in many ways. His report doesn't recommend how big the Army and Marine Corps should be. But Freier does assert that the Pentagon might be overpreparing its ground forces for some scenarios while leaving other contingencies exposed.

Freier and his team gathered two panels of experts to discuss the future "demand" and "supply" of U.S. and allied ground-combat power. Freier's panels began by describing the various missions ground forces could be called up for and assigning probabilities to those missions. High-probability missions included humanitarian assistance operations, training foreign security forces, short-term raids against threats, and long-term special-operations-led counterterrorism campaigns. Freier's experts judged large opposed stabilization campaigns, such as those waged in Iraq and Afghanistan, or a major combat campaign such as the 1991 Gulf War, as much less likely.

Freier's team then assessed what the troop demands of each case were likely to be, how long each scenario was likely to last (ranging from a few hours for a raid to years for a stabilization mission), and how much strategic warning planners would likely get for each type of crisis. After taking into account scenario probability, size, duration, and warning time, the study team then compared the likely demands for ground forces to the Pentagon's current plans for ground forces over the rest of the decade.

In contrast to conventional wisdom, Freier concluded that the Pentagon may be putting too many resources and training time into preparing for future stabilization and foreign security force assistance operations. By contrast, Pentagon planners may be underestimating the need for rapid response to regional crises, the need for offensive "forcible entry" capability, and the need for armored forces able to maneuver against prepared enemy positions. Freier noted that after planned cutbacks, while U.S. allies will retain some stabilization and foreign assistance capabilities, only the United States will have useful amounts of the high-intensity ground-combat capabilities that he judges the Pentagon is underestimating.

Freier's report makes its recommendation on the capabilities and operational tasks U.S. forces should be able to perform. His report says much less on how large U.S. ground forces should be at the end of the decade. He acknowledges that air and naval challenges in Asia are real and that "large numbers of heavy ground forces are clearly unrealistic in the current context."

Ground force totals are undoubtedly headed much lower. Freier and his team only ask that planners take a hard look at what those soldiers should be ready for. According to Freier, the current conventional wisdom they are preparing for may be dangerously wrong.

Win McNamee/Getty Images