Cyber Defense

Is the U.S. ready for cyber war?

sphere of binary data

With talk of the potential use of cyber weapons in the Syrian conflict, discussions inevitably have turned to the U.S. arsenal of cyber capabilities. Both the use of cyber weapons against Syria and the defense against Syrian attacks would raise serious questions -- not just about U.S. capabilities but the policies behind their use.

Those involved in debate have plenty of fodder, but some are looking even further ahead to future conflicts – including whether Syria could be a run-up to Iran or another future cyber war.

Others are dubious that the United States would roll out cyber weapons against Syria, given the reluctance already shown on the question of a conventional attack.

"If you use it, you've exposed it," said Thomas Rid, reader in war studies at King's College London and author of "Cyber War Will Not Take Place," Published by Oxford University Press earlier this month. "The question is whether [a strike on Syria] is so difficult to do with conventional capabilities that you'd want to depend on cyber, and secondly, whether you want to give away that capability if indeed you're confident that you're willing to apply that."

Rid, speaking on a Sept. 9 panel at the Brookings Institution in Washington, D.C., noted that the United States walks a fine line, since a cyberattack on Syria would have broader implications on foreign and national security policies.

"The key question is the balance between offense and defense," Rid said. "Some of these capabilities essentially would be a one-shot weapon; you could only use them against one specific target. So that's one example of how investments in the offense are not necessarily making us any safer on the defense. The [leaked National Security Agency] black budget showed that the U.S. is spending too much money on the offense and not enough in the defense."

The emphasis on cyberspace as a military domain puts greater pressure on the balance between offense and defense – and the policies that govern both. The central role of the Pentagon in cyberspace affects more than just Syria or any hot issue of the moment, others said.

"We've allowed our cyberspace policy to be taken over on the ground and in the network by Fort Meade," said Jason Healey, director of the Atlantic Council's Cyber Statecraft Initiative, referring to the military complex in Maryland that houses NSA and U.S. Cyber Command. "American cyberspace policy is not made by the Homeland Security Department or White House anymore. Our international posture is not decided by the State Department. We've made it predominantly a place about our immediate national security questions in the short term, rather than what we need the Internet and cyberspace to be 10 years or 20 years in the future."

That future portends an era of increased cybersecurity threats amid the rise of the so-called Internet of things: the online connectedness of what we use in everyday lives that is designed to make life easier, but also creates unprecedented security concerns. It represents the beginnings of a society that increasingly will rely on cyber policy in ways that the current concept of cyber warfare does not cover, the panelists said.

"Now you're connecting things made of concrete and steel to the Internet. And when concrete and steel fail, it's not just a short-term's real failure, real destruction, real death," Healey said. "We're going to remember these days not as the days of cyber war, like some people want to scare you into believing – but as the halcyon days when all you had to worry about was credit card theft."

But for now, as the United States juggles Syria, formal cybersecurity policy and a changing technological reality, it is critical not to overlook history and the lessons that still apply today.

"We've been having these things that are understandable as [electronic] national security conflicts since 1986. And that includes things that range between espionage and sabotage to high-end attacks that don't cross into war," Healey said. "We still haven't seen anyone die from a cyberattack. But there is this conflict that's happening at the technology level with these very strong national security implications that we can look at and learn from, and most importantly, try to understand what's happening next."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Mon, Sep 30, 2013

No, no we are not ready. But hey, who cares? How can we be asking such a goofy question while people are actually thinking "cloud" computing is an option. We can't even avoid being sold snake oil, so what makes anybody think we can understand that it's going to be our undoing? So no, we're not ready, we don't even accept, really, that there's a war, we just talk about understanding it.

Wed, Sep 11, 2013

Government and critical systems comms should never have been on public IP universe in the first place. The .mil and a subset of the .gov domain should have been moved to a private network when internet took off. Any links should have been through a very few very tightly controlled gateways. Hard to attack through an air gap.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group