[IP] Thinking the Unthinkable, 2.0 Hudson Institute American Outlook Quarterly
http://www.americanoutlook.org/index.cfm?fuseaction=ao_issue_toc&id=Fall2003
Thinking the Unthinkable, 2.0
"Governments and terrorists are racing to prepare for war in cyberspace."
Fall 2003
by Alan W. Dowd
?How do we come to grips with the problems that modern technology and
current international relations present us?? So began Herman Kahn?s
landmark work on preventingand if necessary, waging and winninga nuclear
war with the Soviet Union. ?Thermonuclear war may seem unthinkable,
immoral, insane, hideous, or highly unlikely,? he observed in Thinking
about the Unthinkable (1962), ?but it is not impossible.? And because the
unthinkable was quite possible, Kahn concluded that it was his duty as a
thinker and scientist to wrestle with what so many of his peers ignored or
hoped would just go away. In Kahn?s view, to prevent the unthinkable, it
was essential to think ?about how to fight, survive, and terminate a war,
should it occur.?
Kahn published these ideas during Moscow?s reckless gambit in Cuba, which
brought the world to the brink of the unthinkable. Thanks in no small part
to Kahn?s willingness to contemplate the very worst, U.S. military and
political leaders steadily shifted away from the defeatism of Mutually
Assured Destruction, reoriented the country?s military strategy, and
ultimately won the Cold War in a relatively peaceful fashion.
What was true in the Atomic Age, when Moscow?s transcontinental empire
threatened civilization with nuclear annihilation, remains true in the
Information Age, as stateless bands of terrorists and a handful of
dictators threaten civilization with a range of weapons. Some of these
weapons aren?t really even weapons, as we learned when commercial airliners
were used as missiles on September 11, 2001. Some are simple and readily
available, as the people of Israel, Iraq, Indonesia, and India are reminded
every time a homemade bomb tears through a place of worship or commerce.
Some are the offspring of the Information Age itself; they are easy to
acquire, simple to use, and inexpensive. In the hands of a committed
adversary, they are capable of wreaking death and destruction with the push
of a button. Even now, they are being used to probe America for weaknesses
and wage a new kind of warcyberwar. After years of averting its gaze,
Washington is finally taking notice.
Destroying War
One of the major ingredients for America?s disproportionate power in the
twenty-first century is its mastery of new technologies and capacityeven
eagernessto incorporate them into its economy, culture, and military. Yet
it is an irony befitting a Greek tragedy that the very thing that makes the
United States so powerful also makes it more susceptible and vulnerable
than any other nation to a crippling attack in cyberspace.
As President George W. Bush explained in a recent strategy document, ?In
the past few years, threats in cyberspace have risen dramatically.? It?s
easy to see why. Given the amorphous, open, and ever-expanding nature of
cyberspace, it is extremely difficult territory to secure and defend; and
given America?s primacy in traditional fields of conflict (on the ground,
at sea, in the air, and in space), cyberspace is increasingly where
America?s enemies pick their fights. ?Ironically, we have destroyed the war
we do best,? Michael Vlahos of the Joint Warfare Analysis Department at
Johns Hopkins University concludes. ?No one can hope to win fighting our
kind of war, so they will make war they can win.? Cyberwar may be such a war.
According to the Congressional Research Service, the Pentagon?s computer
systems are attacked thousands of times each year. Some of the attacks are
akin to a gnat biting an elephant, but some are more serious. In 1994, for
example, the Rome Laboratory, a key node of U.S. Air Force researchers and
computer specialists, was victimized by one hundred fifty separate
cyber-attacks. After tearing through the Air Force system, the
cyberterrorist (a sixteen-year-old Briton) also targeted NATO headquarters
and Wright-Patterson Air Force Base. In 1998, a group of computer hackers
in California and Israel attacked a number of computer networks at U.S. Air
Force bases, universities, and businesses. A 1998 report found that hackers
had made two hundred separate attempts to break into the computer systems
at key U.S. nuclear labs. As late as April 1999, the cybersecurity
situation was so grave that then-Secretary of Energy Bill Richardson
ordered a systemwide shutdown for two weeks.
During the U.S.-led NATO operation against Bosnian-Serb forces in 1995, the
Serbs used computer systems to research the backgrounds of U.S. pilots and
then threaten their families. Four years later, during the air war over
Kosovo and Serbia proper, teams of Chinese and Serbian hackers attacked
cybertargets of opportunity in the West. The Chinese hacked into websites
run by the Departments of Energy and Interior. They defaced and effectively
hijacked the sites, forcing the White House and other government sites to
shut down out of self-protection. Other attacks came in the form of
countless emails sent to slow down and overload government servers.
The cyberbattle was not one-sided, of course. Independent Dutch and
American hackers fired back early and often, and the U.S. military employed
information warfare tactics against Belgrade throughout the war. For
example, as MSNBC reported in 2001, a special U.S.-U.K. unit used email and
computer systems to conduct psychological operations against Slobodan
Milosevic?s generals and friends, who had been enrichedand would
eventually be impoverished or killedas a result of their close association
with the Serbian dictator. (Similar efforts were made during the Iraq war.)
However, no network-killing viruses were let loose against Milosevic,
prompting former NATO Commander Wes Clark to dismiss the allied
cyber-salvos as little more than ?harassment.?
Nonetheless, this blending of cyberwar tactics into traditional war
fighting will continue, and, like other military innovations, it promises
to become more effective as technology and tactics improve. China, for
example, is fielding a force of ?shock computer troops? to wage war in
cyberspace. Known as the ?Net Force,? the unit of computer programmers has
conducted annual training exercises since 1997. Some computer and defense
experts have warned that China is training the force to serve as the
vanguard of a conventional attack on Taiwan.
China is not alone in this. More than twenty nations have
information-warfare capabilities, among them some of America?s most bitter
enemiesCuba, North Korea, Libya, Iran, and Syria. The Indian government,
for example, blames Pakistani intelligence agents for hacking into the
Indian army?s main website and effectively holding it hostage ahead of
talks in 1998. According to Lt. Col. Timothy Thomas of the Army?s Foreign
Military Studies Office, the Palestinian terrorist group Hezbollah has
plans in place to cripple Israeli government, military, and financial
networks with cyberattacks. The strategy includes attacks on e-commerce,
Internet Service Providers, and the Israeli stock exchange with the intent
of paralyzing Israel?s technology-dependent society.
Nation-states, however, are neither the sole targets nor the sole
practitioners of cyberwarfare. The ?White Hat? computer virus, for example,
devastated the Air Canada computer system in the summer of 2003. In another
incident, a manmade computer ?worm? chewed through Lockheed Martin?s
system, forcing the defense giant to shut down parts of its network in
August 2003. Exactly a week after the September 11 terrorist attacks on
Manhattan and Washington, the Nimda virus used the Internet to skip across
the world?s interconnected web of computer networks, leaving in its wake
billions of dollars in damaged systems and corrupted computers. Although
the Nimda attack was overshadowed by the attacks on the Pentagon and World
Trade towers, Thomas notes that cybersecurity experts call it September
11?s cyberspace equivalent. ?Nimda?s creator,? Thomas adds ominously, ?has
never been identified.?
Virtual Enemies
Together, the disparate groups, governments, and individuals that create
and launch these invisible weapons are taking the postmodern warfare we
witnessed firsthand on September 11 to a new level: The enemy is no longer
just statelesshe is nameless, faceless, and place-less. The enemy is not
just transnationalhe is non-national, living and hiding and attacking in a
world where there are no borders. The enemy is no longer virtually
invisiblehe is, well, virtual.
That is one reason why critics of cyber-preparedness argue that a war waged
in cyberspace, with bytes and streams of code rather than bullets and
bombs, can?t really hurt us, since we live in a world of tangible
elementsland and sea, flesh and blood.
They?re wrong.
One doesn?t have to be a Matrix fanatic to recognize that vast stretches of
?the real world? are controlled by the invisible world of cyberspace.
Water-pumping and purification stations, electrical utilities, hospitals,
banks, and airports simply cannot function today without computer networks.
Winn Schwartau, an expert on information security and infrastructure
protection, has noted that cyberterrorists have successfully attacked and
disabled all of these types of network-dependent targets in recent years.
Americans are steadily coming to grips with this reality. Since 1999, for
example, the Pentagon has assigned cyberwar preparedness to a four-star
general. In 2003, President Bush ordered U.S. military planners to develop
guidelines for the use of cyberweapons by U.S. forces; the Department of
Defense invested 28 percent more than in 2002 on programs aimed at
attacking enemies? information-warfare capabilities and defending our own;
and Pentagon spending on programs to manipulate and master information
technology of all kinds jumped by 125 percent.
On the offensive front, the Pentagon?s new Joint Task Force on Computer
Network Operations has begun helping U.S. military forces incorporate
cyberweapons into traditional war fighting. On the defensive side, the
Department of Defense is updating all of its new Internet-related equipment
and software to meet the latest Internet security protocols. The Pentagon?s
entire fleet of computers and networks will be switched over to the new
protocols within four years.
Also in 2003, Bush approved the aforementioned strategy to secure the
civilian stretches of cyberspace. ?The cornerstone of America?s cyberspace
security strategy,? according to Bush, ?is and will remain a public-private
partnership. . . . Only by acting together can we build a more secure
future in cyberspace.? I observed one such effort firsthand while writing
this article. After clicking onto the White House website to download and
read the president?s National Strategy to Secure Cyberspace, the Microsoft
software grafted onto my PC?s hard drive stopped me dead in my cyber-tracks
and warned me to think twice before going any further: Some files can
contain viruses or otherwise be harmful to your computer, the message
reminded me. It is important to be certain this file is from a trustworthy
source. (Whether or not the White House is a trustworthy source is a
subject for another essay, but since I am of the opinion that it is, I took
the risk and downloaded the document.)
Wish List
This is just one small example of cross-sector cooperation in preventing,
slowing, and if necessary, tracking and monitoring the spread of
cyber-viruses and cyberattacks. There are many others we never see.
For instance, the White House is calling on industry leaders to improve
computer training, enhance technology safeguards, identify and remove
vulnerabilities (hence, the endless flow of ?patches? and automatic
updates), and cooperate with one another on cybersecurity. At the same
time, government agencies such as the Department of Homeland Security are
developing redundancies, conducting cyber-drills, building cyberwarning
systems, hardening government computer networks, and developing recovery
plans in the event of the unthinkable a virtual attack that would have
crippling real-world consequences.
As Mr. Kahn put it in an earlier age of terror, ?We must appreciate these
possibilities. We cannot wish them away.?
Alan W. Dowd is a research fellow at Hudson Institute and director of
Hudson?s Indianapolis offices. He is a frequent contributor to The World &
I, American Outlook, The American Enterprise, National Review Online, and
The American Legion Magazine, where he publishes policy commentaries and a
monthly column covering national security and military issues.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/