DOD issues new policy on electronic warfare
Policy could be the first of many for dealing with cyberthreats from Chinese hackers
- By Josh Rogin
- Feb 26, 2007
The Defense Department said it will respond to increasing threats from what some military officials characterize as nation-state hackers by consolidating and coordinating DOD’s substantial but disparate cyber resources. The response must include new policies and procedures for electronic warfare, military leaders said.
DOD cannot pursue cyberattackers in foreign countries because of sovereignty protections and restrictive rules of engagement, said Air Force Gen. Ronald Keys, commander of Air Combat Command.
“This is an area where technology has outstripped our ability to make policy,” Keys said. “We need to have a debate and figure out how to defend ourselves.”
DOD issued the first of what could be many new policies to deal with cyberthreats. “Joint Publication 3-13.1, Electronic Warfare,” published Jan. 25, establishes rules for electronic-warfare planning, preparation, execution and assessment. Those activities will support joint operations across U.S. military services and be a policy basis for the United States’ involvement in multinational cyber operations. The publication outlines the scope of electronic warfare and addresses the organizational responsibilities for protecting spectrum use and disrupting enemy forces’ spectrum use.
The largest cyberthreat comes from Chinese hackers, said a senior official of the Naval Network Warfare Command. The official, who spoke on background at a briefing with reporters earlier this month, said Chinese hackers are waging nonstop, unrestricted warfare on government computer networks in what has become a campaign-style, force-on-force engagement.
Netwarcom officials said they suspect but cannot prove that the Chinese government is behind the campaign, but they report that attacks from Chinese servers now outpace all other threats to DOD networks in number, volume, proficiency and sophistication.
DOD networks are attacked or probed hundreds of times each day by hackers who military officials say include amateurs, organized criminals and others gathering nation-state intelligence. The Netwarcom official said the command spends most of its time countering the actions of hackers who use servers located in China.
“They will exploit anything and everything,” the official said. “It’s hard to believe it’s not government-driven.”
Evidence that China is a major source of cyberthreats against DOD networks has been building for some time. Chinese hackers were responsible for an intrusion in November 2006 at the Naval War College that forced the institution to shut down its e-mail and Internet-connected computer system for several weeks, the Netwarcom official said.
The intentions of Chinese hackers are varied and appear to include stealing information about technology, gathering intelligence, conducting research on DOD operations and creating dormant presences in DOD networks, the official said.
In light of such threats, DOD officials are working on plans to treat cyberspace as a warfighting domain of comparable importance to land, sea, air and space. Netwarcom, for example, is developing command-and-control capabilities, and the Air Force is planning to open a Cyber Command that officials say will become a major warfighting command by 2009.
One concern of military officials is that DOD’s cyber forces operate as fiefdoms, an organizational weakness that undermines U.S. cyberspace operations, said Gen. James Cartwright, who leads the U.S. Strategic Command. Stratcom’s Joint Task Force for Global Network Operations is leading an effort integrate U.S. military cyberspace activities.
Keys said it would probably take a cyber version of the 2001 terrorist attacks to force the United States to re-evaluate the constraints on its activities in cyberspace. But he said DOD should consider taking more aggressive action against attackers by penetrating enemy networks and phishing for passwords, for example.Targeting NIPRNET
Experts disagree on whether attacks originating from Chinese servers can be blamed on the ruling Chinese government. Hackers often relay attacks through several notoriously vulnerable Chinese servers, and forensic analysis of Chinese code fails to prove culpability, military experts say. But the nature of the information sought points to the Chinese military, said James Mulvenon, deputy director for advanced analysis at the Center for Intelligence Research and Analysis in Washington, D.C.
Chinese doctrine specifically calls for targeting unclassified U.S. defense networks that support logistics and deployment, Mulvenon said. “In a crisis, they want to bring down [DOD’s Non-secure IP Router Network] with the goal of delaying and disrupting our logistics deployment of military forces to a Taiwan scenario.”Patience Wait, a senior writer at the 1105 Government Information Group, contributed to this story.