Cyber Defense

Is the U.S. ready for cyber war?

sphere of binary data

With talk of the potential use of cyber weapons in the Syrian conflict, discussions inevitably have turned to the U.S. arsenal of cyber capabilities. Both the use of cyber weapons against Syria and the defense against Syrian attacks would raise serious questions -- not just about U.S. capabilities but the policies behind their use.

Those involved in debate have plenty of fodder, but some are looking even further ahead to future conflicts – including whether Syria could be a run-up to Iran or another future cyber war.

Others are dubious that the United States would roll out cyber weapons against Syria, given the reluctance already shown on the question of a conventional attack.

"If you use it, you've exposed it," said Thomas Rid, reader in war studies at King's College London and author of "Cyber War Will Not Take Place," Published by Oxford University Press earlier this month. "The question is whether [a strike on Syria] is so difficult to do with conventional capabilities that you'd want to depend on cyber, and secondly, whether you want to give away that capability if indeed you're confident that you're willing to apply that."

Rid, speaking on a Sept. 9 panel at the Brookings Institution in Washington, D.C., noted that the United States walks a fine line, since a cyberattack on Syria would have broader implications on foreign and national security policies.

"The key question is the balance between offense and defense," Rid said. "Some of these capabilities essentially would be a one-shot weapon; you could only use them against one specific target. So that's one example of how investments in the offense are not necessarily making us any safer on the defense. The [leaked National Security Agency] black budget showed that the U.S. is spending too much money on the offense and not enough in the defense."

The emphasis on cyberspace as a military domain puts greater pressure on the balance between offense and defense – and the policies that govern both. The central role of the Pentagon in cyberspace affects more than just Syria or any hot issue of the moment, others said.

"We've allowed our cyberspace policy to be taken over on the ground and in the network by Fort Meade," said Jason Healey, director of the Atlantic Council's Cyber Statecraft Initiative, referring to the military complex in Maryland that houses NSA and U.S. Cyber Command. "American cyberspace policy is not made by the Homeland Security Department or White House anymore. Our international posture is not decided by the State Department. We've made it predominantly a place about our immediate national security questions in the short term, rather than what we need the Internet and cyberspace to be 10 years or 20 years in the future."

That future portends an era of increased cybersecurity threats amid the rise of the so-called Internet of things: the online connectedness of what we use in everyday lives that is designed to make life easier, but also creates unprecedented security concerns. It represents the beginnings of a society that increasingly will rely on cyber policy in ways that the current concept of cyber warfare does not cover, the panelists said.

"Now you're connecting things made of concrete and steel to the Internet. And when concrete and steel fail, it's not just a short-term disruption...it's real failure, real destruction, real death," Healey said. "We're going to remember these days not as the days of cyber war, like some people want to scare you into believing – but as the halcyon days when all you had to worry about was credit card theft."

But for now, as the United States juggles Syria, formal cybersecurity policy and a changing technological reality, it is critical not to overlook history and the lessons that still apply today.

"We've been having these things that are understandable as [electronic] national security conflicts since 1986. And that includes things that range between espionage and sabotage to high-end attacks that don't cross into war," Healey said. "We still haven't seen anyone die from a cyberattack. But there is this conflict that's happening at the technology level with these very strong national security implications that we can look at and learn from, and most importantly, try to understand what's happening next."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Mon, Sep 30, 2013

No, no we are not ready. But hey, who cares? How can we be asking such a goofy question while people are actually thinking "cloud" computing is an option. We can't even avoid being sold snake oil, so what makes anybody think we can understand that it's going to be our undoing? So no, we're not ready, we don't even accept, really, that there's a war, we just talk about understanding it.

Wed, Sep 11, 2013

Government and critical systems comms should never have been on public IP universe in the first place. The .mil and a subset of the .gov domain should have been moved to a private network when internet took off. Any links should have been through a very few very tightly controlled gateways. Hard to attack through an air gap.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group