The Cyberwar Plan
It's not just a defensive game; cyber-security includes attack plans too, and the U.S. has already used some of them successfully.
Nov. 14, 2009
In May 2007, President Bush authorized the National Security Agency, based at Fort Meade, Md., to launch a sophisticated attack on an enemy thousands of miles away without firing a bullet or dropping a bomb.
At the request of his national intelligence director, Bush ordered an NSA cyberattack on the cellular phones and computers that insurgents in Iraq were using to plan roadside bombings. The devices allowed the fighters to coordinate their strikes and, later, post videos of the attacks on the Internet to recruit followers. According to a former senior administration official who was present at an Oval Office meeting when the president authorized the attack, the operation helped U.S. forces to commandeer the Iraqi fighters'
communications system. With this capability, the Americans could deceive their adversaries with false information, including messages to lead unwitting insurgents into the fire of waiting U.S. soldiers.
Former officials with knowledge of the computer network attack, all of whom requested anonymity when discussing intelligence techniques, said that the operation helped turn the tide of the war. Even more than the thousands of additional ground troops that Bush ordered to Iraq as part of the 2007 "surge," they credit the cyberattacks with allowing military planners to track and kill some of the most influential insurgents. The cyber-intelligence augmented information coming in from unmanned aerial drones as well as an expanding network of human spies. A Pentagon spokesman declined to discuss the operation.
Bush's authorization of "information warfare," a broad term that encompasses computerized attacks, has been previously reported by National Journal and other publications. But the details of specific operations that specially trained digital warriors waged through cyberspace aren't widely known, nor has the turnaround in the Iraq ground war been directly attributed to the cyber campaign. The reason that cyber techniques weren't used earlier may have to do with the military's long-held fear that such warfare can quickly spiral out of control. Indeed, in the months before the U.S. invasion of Iraq in March 2003, military planners considered a computerized attack to disable the networks that controlled Iraq's banking system, but they backed off when they realized that those networks were global and connected to banks in France.
By early 2007, however, two senior officials with experience and faith in the power of cyber-warfare to discretely target an adversary stepped into top military and intelligence posts. Mike McConnell, a former director of the National Security Agency, took over as director of national intelligence in February of that year. And only weeks earlier, Army Gen. David Petraeus became the commander of all allied forces in Iraq. McConnell, who presented the request to Bush in the May 2007 Oval Office meeting, had established the first information warfare center at the NSA in the mid-1990s. Petraeus, a devotee of counterinsurgency doctrine, believed that cyberwar would play a crucial role in the strategy he had planned as part of the surge. In September 2007, the general told Congress, "This war is not only being fought on the ground in Iraq but also in cyberspace."
Some journalists have obliquely described the effectiveness of computerized warfare against the insurgents. In The War Within, investigative reporter Bob Woodward reports that the United States employed "a series of top-secret operations that enable [military and intelligence agencies] to locate, target, and kill key individuals in extremist groups such as Al Qaeda, the Sunni insurgency, and renegade Shia militias. ... " The former senior administration official said that the actions taken after Bush's May 2007 order were the same ones to which Woodward referred.
<snip>
Cyber-defenders know what to prepare themselves for because the United States has used the kinds of weapons that now target the Pentagon, federal agencies, and American corporations. They are designed to steal information, disrupt communications, and commandeer computer systems. The U.S. is forming a cyberwar plan based largely on the experience of intelligence agencies and military operations. It is still in nascent stages, but it is likely to support the conduct of conventional war for generations to come. Some believe it may even become the dominant force.
A New Way Of War
Senior military leaders didn't come of age in a digital world, and they've been skeptical of computerized attacks. Mostly younger officers, who received their early combat education through video games and Dungeons & Dragons, wage these battles. To them, digital weapons are as familiar and useful as rifles and grenades.
Over the past few years, however, the cyber-cohort has gained influence among the ranks of military strategists, thanks in large part to the ascendancy of Gen. Petraeus. The man widely credited with rescuing the U.S. mission in Iraq is also a devotee of "information operations," a broad military doctrine that calls for defeating an enemy through deception and intimidation, or by impairing its ability to make decisions and understand the battlefield. In past conflicts, the military has jammed enemy communication systems with electromagnetic waves or dropped ominous leaflets from planes warning enemy forces of imminent destruction. Today, cyber-warriors use the global telecommunications network to commandeer an adversary's phones or shut down its Web servers. This activity is a natural evolution of the information war doctrine, and Petraeus has elevated its esteem.
Computerized tools to penetrate an enemy's phone system are only one part of the cyberwar arsenal. And they are perhaps the least worrisome. Alarmed national security officials, and the president himself, are paying more attention than ever to devastating computer viruses and malicious software programs that can disable electrical power systems, corrupt financial data, or hijack air traffic control systems. In 2007, after McConnell got Bush's sign-off for the cyber campaign in Iraq, he warned the president that the United States was vulnerable to such attacks.
Then-Treasury Secretary Henry Paulson Jr., who was present at the meeting, painted a chilling scenario for Bush. He said that in his former position as the CEO of Goldman Sachs, his biggest fear was that someone would gain access to the networks of a major financial institution and alter or corrupt its data. Imagine banks unable to reconcile transactions and stock exchanges powerless to close trades. Confidence in data, Paulson explained, supported the entire financial system. Without it, the system would collapse.
Click to expand...
