Cyber Defense

Is the U.S. ready for cyber war?

sphere of binary data

With talk of the potential use of cyber weapons in the Syrian conflict, discussions inevitably have turned to the U.S. arsenal of cyber capabilities. Both the use of cyber weapons against Syria and the defense against Syrian attacks would raise serious questions -- not just about U.S. capabilities but the policies behind their use.

Those involved in debate have plenty of fodder, but some are looking even further ahead to future conflicts – including whether Syria could be a run-up to Iran or another future cyber war.

Others are dubious that the United States would roll out cyber weapons against Syria, given the reluctance already shown on the question of a conventional attack.

"If you use it, you've exposed it," said Thomas Rid, reader in war studies at King's College London and author of "Cyber War Will Not Take Place," Published by Oxford University Press earlier this month. "The question is whether [a strike on Syria] is so difficult to do with conventional capabilities that you'd want to depend on cyber, and secondly, whether you want to give away that capability if indeed you're confident that you're willing to apply that."

Rid, speaking on a Sept. 9 panel at the Brookings Institution in Washington, D.C., noted that the United States walks a fine line, since a cyberattack on Syria would have broader implications on foreign and national security policies.

"The key question is the balance between offense and defense," Rid said. "Some of these capabilities essentially would be a one-shot weapon; you could only use them against one specific target. So that's one example of how investments in the offense are not necessarily making us any safer on the defense. The [leaked National Security Agency] black budget showed that the U.S. is spending too much money on the offense and not enough in the defense."

The emphasis on cyberspace as a military domain puts greater pressure on the balance between offense and defense – and the policies that govern both. The central role of the Pentagon in cyberspace affects more than just Syria or any hot issue of the moment, others said.

"We've allowed our cyberspace policy to be taken over on the ground and in the network by Fort Meade," said Jason Healey, director of the Atlantic Council's Cyber Statecraft Initiative, referring to the military complex in Maryland that houses NSA and U.S. Cyber Command. "American cyberspace policy is not made by the Homeland Security Department or White House anymore. Our international posture is not decided by the State Department. We've made it predominantly a place about our immediate national security questions in the short term, rather than what we need the Internet and cyberspace to be 10 years or 20 years in the future."

That future portends an era of increased cybersecurity threats amid the rise of the so-called Internet of things: the online connectedness of what we use in everyday lives that is designed to make life easier, but also creates unprecedented security concerns. It represents the beginnings of a society that increasingly will rely on cyber policy in ways that the current concept of cyber warfare does not cover, the panelists said.

"Now you're connecting things made of concrete and steel to the Internet. And when concrete and steel fail, it's not just a short-term disruption...it's real failure, real destruction, real death," Healey said. "We're going to remember these days not as the days of cyber war, like some people want to scare you into believing – but as the halcyon days when all you had to worry about was credit card theft."

But for now, as the United States juggles Syria, formal cybersecurity policy and a changing technological reality, it is critical not to overlook history and the lessons that still apply today.

"We've been having these things that are understandable as [electronic] national security conflicts since 1986. And that includes things that range between espionage and sabotage to high-end attacks that don't cross into war," Healey said. "We still haven't seen anyone die from a cyberattack. But there is this conflict that's happening at the technology level with these very strong national security implications that we can look at and learn from, and most importantly, try to understand what's happening next."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.