Digital collateral damage blurs cyber warfare strategies

Lack of a map of network connections endangers friends' and foes' systems

Collateral damage is the fearsome, official-sounding name we use to describe the ripple effects of war. It traditionally describes some of the ugliest parts of combat: civilian casualties, communities destroyed, sacred grounds reduced to rubble.

Network warfare, on the other hand, has a different connotation. There are no deafening explosions or horrifying images flitting across the TV screen.

Collateral damage doesn't become palpable in the context of electronic warfare until a cyberattack shuts down a major banking system or a maneuver deep inside a government network spurs a physical retaliation.

Collateral damage "is the biggest constraint on using a cyberattack,” said James Lewis, director of the Center for Strategic and International Studies' Technology and Public Policy Program. “We don’t have a good map of how networks connect,” he added. For example, an attack on North Korea could damage Japan or China, or an attack on Serbia’s banking system could undermine other European countries.

Or as Vice Adm. Bernard McCullough, commander of the Navy Fleet Cyber Command, described in a theoretical scenario: A U.S. cyberattack on Country X could require dismantling the router box of Country Y — and then we could discover that the financial data of our close ally, Country Y, is stored in the same router box.

“Is that an acceptable amount of collateral damage?” McCullough asked. It’s a rhetorical question because nobody knows what could happen next.

Concerns about network warfare’s peripheral effects might be rooted in the ambiguity of how to handle cyberattacks and the delicate diplomatic concerns those attacks create. Technology develops rapidly, and the laws that govern cyberspace are not up to speed. Even the highest-level officials aren’t sure what to make of the situation.

Lt. Gen. Keith Alexander, President Barack Obama’s nominee to lead the new Cyber Command, told Congress that cyber warfare is changing so fast that there is a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.”

Congress is taking a closer look at cyber warfare and the damage it could potentially cause — damage that hasn’t necessarily been considered before.

“This policy gap is especially concerning because cyber weapons and cyberattacks potentially can be devastating, approaching weapons of mass destruction in their effects,” said Sen. Carl Levin (D-Mich.), chairman of the Senate Armed Services Committee, according to a New York Times report.

The Defense Department hasn’t caught up either. DOD does not have formal guidance for responding to cyberattacks on civilian institutions, such as banks, power grids, financial networks and telecommunications, Marc Rotenberg, executive director of the Electronic Privacy Information Center, told TechNewsWorld.

Rotenberg said it’s not a new issue. In 2003, a directive from President George W. Bush called for a freeze on billions of dollars in Iraqi assets to prevent the country from buying war supplies or paying its troops. But the plan was abandoned when the collateral damage was considered. The effects of the freeze could have extended beyond Iraq and resulted in worldwide financial havoc.

DOD considers similar problems as it prepares to launch the Cyber Command in September and the military services establish their respective cyber agencies. But answers to the question of how the department should mitigate damage from cyber operations vary, depending on whom you ask.

Some say the challenges aren’t that different from those of traditional combat.

“In the battlefield, [soldiers] have to figure out how to jam an IED but not jam their own communications," said David Weddell, assistant deputy chief of naval operations for information dominance. "It continues to be a problem. I would challenge industry to help find a solution."

Lewis said it’s DOD’s responsibility to ensure the public’s safety amid cyber war. “DOD needs to do a lot more work on modeling the consequences of a cyberattack — the way we have done for other weapons,” Lewis said, adding that the department needs “advanced reconnaissance before any attack, and it needs to make sure that it is the civilian political leadership that authorizes a strike.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.