NFP- Nebraskans for Peace <NFP_Nebraskans_for_Peace@mail.vresp.com>
Mon., Aug 15, 2011
StratCom the Cyber Warrior
A new Pentagon strategy released July 13 assigns the primary duty of cyber operations to U.S. Strategic Command, with secondary missions assumed by U.S. Cyber Command, based at the National Security Agency headquarters in
Scare tactics were in abundance at the July announcement with the Department of Defense [sic] disclosing that a foreign agency had collected more than 20,000 documents in a cyber-assault on a
The Defense Department announcements came in the aftermath of two months’ worth of assaults on government databases that morphed into online war with anonymous groups of hackers—the two best-known going by the names of “LulzSec” and, aptly enough, “Anonymous.” LulzSec, in particular, had moved from humorous assaults on PBS news sites (where it had inserted fake stories about the rap musician Tupac Shakur) to an all-out attack on CIA databases.
The impact of these individual hacker attempts to disrupt the operations of government was the subject of a workshop on cyberwarfare at the “Global Network Against Weapons and Nuclear Power in Space” annual conference in North Andover, Massachusetts this past June. Regardless of the motives inspiring these intrusions (mischief, economic gain, espionage by foreign governments, or an anarchist assault against ‘Big Brother’), these hacker attacks invariably wind up serving the interest of entities like Cyber Command and the NSA. Each new attack makes the case for even greater government encroachment on our civil liberties. Every new intrusion builds the case for government waging offensive forms of cyber-warfare to pre-emptively defend our national security. And StratCom now serves as the command center for conducting this 21st-century brand of war.
The implications of this new cyber strategy for StratCom’s already multi-faceted role and mission are huge. In locations as diverse as
The Stuxnet Worm
Sometimes, the damage caused by cyberwar is not evident until months after the online events. Earlier this year, a small news item suggested that
Given that a major nuclear accident carries the potential to kill dozens, if not hundreds, of Iranians, it is odd that some people think of Stuxnet as a preferable alternative to an Israeli military air assault on Iranian nuclear sites. But that’s the funny thing about military capabilities that are considered ‘defensive’ by
Stuxnet was one of the first worms in history designed to attack embedded computers used in factories, instead of desktop and laptop computers used by consumers. In fact, its malicious payload was specific enough that it only caused harm when it encountered computers built by Siemens for industrial process control. Even when Siemens computers are present, Stuxnet only disrupts operations of certain kinds of pumps and motors that might be used in a uranium-enrichment plant. One analyst called this a “highly-targeted sniper type of computer attack.” So we shouldn’t expect much collateral damage, right?
It is all too common for military planners working on secret deniable assaults to minimize or ignore the danger of unintended consequences. In the case of Stuxnet’s authors (who are believed to be computer experts in
While the primary impetus for the attack appears to have come from
Waging war by computer has been an important part of
The efforts conducted in the 1990s by both Space Command and the NSA to secretly control the computer networks run by both allies and adversaries remains one of the most classified elements of
StratCom gained control of computer attack-and-defense activities when U.S Space Command was folded into StratCom at the end of 2002. Nevertheless, the NSA remained the agency of expertise in this relationship. The command authority exercised by StratCom (which had also acquired the mission of “Intelligence, Surveillance and Reconnaissance” in 2003) was useful to the U.S. government because it established a layer of deniability for the NSA—an agency so secretive during its 60 years of existence that its three-letter designation was said to stand for “Never Say Anything” or “No Such Agency.”
When the Secretary of Defense [sic] asked StratCom in 2009 to create a dedicated sub-command for computer warfare, it was no surprise that the resulting Cyber Command would be based at NSA headquarters, or that Cyber Command’s new chief would be Gen. Keith Alexander, director of the NSA. There are two reasons why StratCom’s relationship with NSA represents a unique opportunity for the Pentagon. First, the NSA is the intelligence agency with the closest ties to the military, going back to the NSA’s founding in 1952. Most of agency’s secret electronic listening posts worldwide are staffed by uniformed military personnel, not civilians. Second, the NSA has been involved in various types of ‘dirty tricks’ throughout its history, ranging from ‘black bag jobs’ to steal codes at foreign embassies, to participation in the overthrow of governments in
In theory, any computer attacks within
Defense Is Offense
In his confirmation hearings for Cyber Command before Congress, Alexander said that the purpose of Cyber Command was not “about militarizing cyberspace, but about safeguarding military assets.” Reassuring as that sounds, many of the so-called ‘defensive’ structures created by StratCom’s component commands—allegedly to avoid all-out warfare—end up being just as aggressive in practice as a first-strike military assault. A book on this very subject has just been published. Inventing Collateral Damage: Civilian Casualties, War and Empire by Stephen Rockel and Rick Halperin argues that most ‘near-war’ methods are as hazardous as the means they replace.
This is nothing new for the
In commenting on the recent cyber incursions, former StratCom Commander and current Vice Chair of the Joint Chiefs of Staff General James Cartwright bluntly stated that the
Northrop Grumman’s top vice president for missile defense, Russell Anarde, a former director of plans at Air Force Space Command, echoed this all-too-common Pentagon thinking in a January 2011 media interview, when he said that “offense and defense sometimes go together.” That is certainly true in the area of Anarde’s expertise, missile defense. The weapon systems under StratCom’s oversight are touted to be missiles that are only used to defend against other missiles. Yet the sea-based missile-defense systems used by both the Bush/Cheney and Obama Administrations are carried on Aegis cruisers that sail directly into the territorial waters of nations such as
In a recent lawsuit, the ACLU charges that using drones to target individuals essentially performs the same functions that the outlawed CIA efforts to assassinate foreign leaders did in decades past. Drones certainly offer a sterilized way to take out small groups of troublemakers, often without risking any
Virtual Warfare; Realtime Casualties
The nominal success seen in the Stuxnet assault on
To date though, has anyone in the State Department or StratCom actually tried to calculate the collateral damage that would result from bringing down a utility network in a targeted nation by an offensive computer attack? If a Cyber Command assault were to bring down a grid and black out hospitals, schools, law enforcement and transportation services, how many people would suffer? And who would we hold accountable for such a devastating computer attack? Some nameless spooks at the NSA? StratCom’s insulated command structure?
A small scandal erupted this past February when the Associated Press reported that CIA officers who chose the wrong targets for extraordinary rendition were not fired, but instead were promoted inside the agency. This lack of accountability for deniable activities in the intelligence community is precisely what is worrisome about Cyber Command. If the Stuxnet worm spreads to any Iranian factory or energy plant with a Siemens computer, will programmers in
But StratCom’s management of military efforts ‘short of war’—Missile Defense, drone attacks, and cyber war—should never be seen as victimless. The consequences of relying on such slow-motion covert war alternatives can end up being just as deadly, particularly if the quiet successes they experience permit military leaders to rely on these silent (and faceless) warfare methods too often.
The anonymity… The lack of accountability… These are also the very traits that—by definition—make cyber-hackers of all stripes so problematic. Operating the shadows as they do, it’s almost impossible to know who or what you’re dealing with. One government’s ‘terrorist’ hacker could be another government’s ‘freedom fighter.’ Certainly, activists who participated in the ‘distributed denial of service’ computer attacks against the Iranian government to protest the crackdown on dissent might be seen as merely going one step farther than those who provided Twitter or Facebook help to anti-government protesters. The same can be said for U.S.-based activists who helped protesters in Egypt, Syria, Bahrain and other nations defeat efforts by their governments to initiate ‘kill switches’ on Internet services.
But in early June, front-page reports in the New York Times revealed that Cyber Command was financing efforts in other nations to defeat governments’ kill-switch technologies and keep pirate Internet services open, even as the U.S. government was working on its own kill-switch technology for use within the U.S.—a perfect example of ‘the Cyber Command giveth, and the Cyber Command taketh away.’ All of which raises the question of whether U.S. citizens involved in helping protesters in developing nations create Internet ‘route-arounds’ are unwittingly doing the bidding of Cyber Command?
The ethical issues become even more profound when private citizens engage in outright computer assault. Many alleged assaults on
With the advent of space- and cyber-warfare, the face of warfighting has altered forever. The Pentagon and the State Department project force nowadays in ways far beyond deploying ground troops in
A whole host of strategic, legal and ethical questions about what StratCom is now doing urgently need to be addressed:
· Constitutional questions over executive branch authority in launching an offensive cyber attack...
· Legal questions over the cyber encroachment on our civil liberties and privacy rights...
· Questions of international law over preemptive cyber attacks or ‘killing without warning’—be it a drone strike on an unsuspecting target or a hospitalized child on a respirator when a cyber assault takes down the grid… and
· Strategic questions over the unintended consequences resulting from the methods of ‘near-war’…
All of which have yet to be discussed in public.
A dangerous new era in the history of warfare is now going unfolding all around us. And it’s got an
Get a copy of a new Pentagon strategy released July 13 at at http://www.defense.gov/news/d20110714cyber.pdf.
Mark Vasina, President
Nebraskans for Peace
941 'O' Street,