Digital collateral damage blurs cyber warfare strategies

Lack of a map of network connections endangers friends' and foes' systems

Collateral damage is the fearsome, official-sounding name we use to describe the ripple effects of war. It traditionally describes some of the ugliest parts of combat: civilian casualties, communities destroyed, sacred grounds reduced to rubble.

Network warfare, on the other hand, has a different connotation. There are no deafening explosions or horrifying images flitting across the TV screen.

Collateral damage doesn't become palpable in the context of electronic warfare until a cyberattack shuts down a major banking system or a maneuver deep inside a government network spurs a physical retaliation.

Collateral damage "is the biggest constraint on using a cyberattack,” said James Lewis, director of the Center for Strategic and International Studies' Technology and Public Policy Program. “We don’t have a good map of how networks connect,” he added. For example, an attack on North Korea could damage Japan or China, or an attack on Serbia’s banking system could undermine other European countries.

Or as Vice Adm. Bernard McCullough, commander of the Navy Fleet Cyber Command, described in a theoretical scenario: A U.S. cyberattack on Country X could require dismantling the router box of Country Y — and then we could discover that the financial data of our close ally, Country Y, is stored in the same router box.

“Is that an acceptable amount of collateral damage?” McCullough asked. It’s a rhetorical question because nobody knows what could happen next.

Concerns about network warfare’s peripheral effects might be rooted in the ambiguity of how to handle cyberattacks and the delicate diplomatic concerns those attacks create. Technology develops rapidly, and the laws that govern cyberspace are not up to speed. Even the highest-level officials aren’t sure what to make of the situation.

Lt. Gen. Keith Alexander, President Barack Obama’s nominee to lead the new Cyber Command, told Congress that cyber warfare is changing so fast that there is a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.”

Congress is taking a closer look at cyber warfare and the damage it could potentially cause — damage that hasn’t necessarily been considered before.

“This policy gap is especially concerning because cyber weapons and cyberattacks potentially can be devastating, approaching weapons of mass destruction in their effects,” said Sen. Carl Levin (D-Mich.), chairman of the Senate Armed Services Committee, according to a New York Times report.

The Defense Department hasn’t caught up either. DOD does not have formal guidance for responding to cyberattacks on civilian institutions, such as banks, power grids, financial networks and telecommunications, Marc Rotenberg, executive director of the Electronic Privacy Information Center, told TechNewsWorld.

Rotenberg said it’s not a new issue. In 2003, a directive from President George W. Bush called for a freeze on billions of dollars in Iraqi assets to prevent the country from buying war supplies or paying its troops. But the plan was abandoned when the collateral damage was considered. The effects of the freeze could have extended beyond Iraq and resulted in worldwide financial havoc.

DOD considers similar problems as it prepares to launch the Cyber Command in September and the military services establish their respective cyber agencies. But answers to the question of how the department should mitigate damage from cyber operations vary, depending on whom you ask.

Some say the challenges aren’t that different from those of traditional combat.

“In the battlefield, [soldiers] have to figure out how to jam an IED but not jam their own communications," said David Weddell, assistant deputy chief of naval operations for information dominance. "It continues to be a problem. I would challenge industry to help find a solution."

Lewis said it’s DOD’s responsibility to ensure the public’s safety amid cyber war. “DOD needs to do a lot more work on modeling the consequences of a cyberattack — the way we have done for other weapons,” Lewis said, adding that the department needs “advanced reconnaissance before any attack, and it needs to make sure that it is the civilian political leadership that authorizes a strike.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.