There’s a great piece at Information Dissemination on the DOD’s Cyber Offense capabilities – while much has been written about the DOD’s ability (or inability) to defend US military and civilian networks against cyber attack, there’s been a lot less about our own capabilities. Of course, those capabilities are extremely sensitive – for the most part, those weapons only work if the enemy doesn’t know you have them (otherwise they’ll just patch the vulnerability).
This article focuses on the Command and Control aspects of Cyber Offense – if we get into a real conflict, who will make the determination to use a particular cyber weapon on a particular target? With traditional weapons, that’s usually been constrained to the theater commander, because the weapon itself generally has to come from a platform inside the theater of conflict (B-2 bombers notwithstanding).
In cyber though, the attack can come from anywhere and hit just about anywhere, so the problem of Command and Control – and control of collateral damage – is a thorny one:
Once entirely controlled by the U.S. National Security Agency (NSA), offensive cyber weapons are making their way into the hands of the U.S. military’s geographic combatant commanders.
The effort was alluded to by the NSA and the U.S. Cyber Command (CYBERCOM) chief, Army Gen. Keith Alexander, as part of congressional testimony March 20, and confirmed by sources. It means that combatant commanders will be able to employ the weapons as part of overall mission planning, pairing traditional kinetic attacks with newly developed cyber capabilities.
On collateral damage:
Many basic services taken for granted in the daily lives of civilian populations rely heavily on code and data, and the manipulation of code and/or data can disrupt these services for large groups of people, and create legitimate health concerns well beyond the scope of any specific, intended target. If you remember, the smartest smart Cyber bomb in history – stuxnet – reportedly had several unintended consequences taking down other services across Asia inadvertently – including potentially satellite services in India.
I am not suggesting the DoD should not have nor use these capabilities, but it would be wise to remember that Cyber is still in its infancy relative to other types of mdern warfare. One analogy would be to think of Cyber as an air campaign more similar to carpet bombing with unguided bombs from a B-52 rather than conducting a precision JDAM strike with a B-2.