THE SOURCE: “The Cyberwar Plan” by Shane Harris, in National Journal, Nov. 14, 2009.
The military of the United States reigns supreme on land, in the air, and at sea. But who will rule cyberspace remains an open question.
Shane Harris, a correspondent for National Journal, reports that cyberwarfare—attacks on a nation’s power grid, air traffic control system, banks, Web servers, or phones—is now an integral part of U.S. military strategy. The government has made its efforts to keep American computers secure well known, but now evidence that the United States has engaged in an offensive cyber-strategy is piling up. Harris reveals that in May 2007 President George W. Bush authorized an attack on the cell phones and computers of insurgents in Iraq. Unnamed former officials credit such operations with helping to “turn the tide of the war.” Some suggest they were even more instrumental than the thousands of additional troops President Bush sent to Iraq as part of the surge in 2007.
With the creation of high-level posts to coordinate U.S. cyberstrategy and the emergence of a younger generation of leaders, the new way of war is getting more attention from the defense establishment. But the United States faces major challenges in keeping pace with Russia and China. An independent study published in July found the nation’s cyberwar staff fragmented and inadequate; the study blamed low salaries and a hiring process that can stretch on for months.
Secretary of Defense Robert Gates has said that the military is “desperately short” of cyberwarriors. The Defense Department graduates about 80 students each year from schools devoted to teaching cyberwarfare and hopes to quadruple that number in the next two years. But the government must compete with the private sector for top talent. For example, defense contractor Raytheon Company recently posted a “Cyber Warriors Wanted” advertisement on its Web site and announced 250 open spots.
The United States appears to have proceeded cautiously, in part out of awareness that the weapons of cyberwarfare are very different from conventional ones, producing systemic effects that can be hard to anticipate. Planners considering an attack on the Iraqi banking system before the 2003 U.S.-led invasion backed off when they realized that the Iraqi networks were tied to ones in France that would also be affected. Moreover, the computer coding used in any assault is at risk of being captured by an adversary, refined, and redeployed. Mike McConnell, a former director of national intelligence, has said that a coordinated cyberattack “could create damage as potentially great as a nuclear weapon over time.”
Old-fashioned Cold War–style deterrence theory plays a big role in the new thinking. Harris writes, “Presumably, China has no interest in crippling Wall Street, because it owns much of it. Russia should be reluctant to launch a cyberattack on the United States because, unlike Estonia or Georgia [which Russia is believed to have cyber-attacked in 2007 and 2008, respectively], the United States could fashion a response involving massive conventional force. . . . If nations begin attacking one another’s power grids and banks, they will quickly exchange bombs and bullets.”