A senior U.S. Air Force warfighting commander recently talked with Aviation Week about some of the weaponry that can used against cyber targets. At his disposal, as an airpower commander, is an arsenal that doesn’t intrude into the murky ethical and legal quicksand of cascading computer network attacks.
Some of it is familiar kinetic weaponry that you would not normally associate with cyber-warfare. Other capabilities fall in the specialties of jamming, denial of service, exploitation and false-target generation.
What he can’t use are digital weapons that can launch pre-emptive cyber attacks to ward off those seeking to damage or exploit the country's digitally dependent organizations. Ironically, there is pressure to create even better, "game-changing" technologies.
But those efforts could be fruitless because Washington appears to already have a vicious bureaucratic circle that stymies U.S. cyber warriors. There is yet no process to approve their use in wartime, peacetime or even in tactical situations that depend on a speedy response to be useful, according to remarks by Deputy Defense Secretary William Lynn early this week.
Admissions of this cyber combat conundrum have been voiced by senior Pentagon civilians, industry specialists and military users who are admitting publicly that U.S. cyberattack capabilities are thus far toothless reportedly because of bureaucratic roadblocks. Nonetheless, innovative warfighters are finding ways around at least some of the obstacles.
"I can do a lot with cyberspace, but about 99% of it is classified," the senior aviator says. "It's a domain – like air and sea – that we need to fight in. The answer is not to just pull the plug [on communications and digital activity] to avoid electronic attack. That’s running away and surrendering."
To survive, U.S. forces have to fight through a cyber attack just like any other threat, he says. But getting prepared for that kind of response takes time, money and manpower.
"I subscribe to the notion that the best defense is a good offense," he says. "There are many effects that I can do today kinetically and non-kinetically that affects cyber. Do I consider the ability to conduct command and control through the phone lines and satcom as cyber? I do. I can take a lot of that down kinetically [with air-launched weapons]. Do I consider satcom and microwaves and the 1s and 0s in my computer to be cyber? Yes. I can also deal with that non-kinetically [with electronic jamming and spoofing]. I have the full continuum at my fingertips to fight in the cyber domain that other [countries] do not."
Meanwhile, the government and Congress continue trying to find answers to cyber threats. A few of the efforts at least seem interesting.
The House Armed Services Committee approved legislation that supports Pentagon plans for a sub-unified Cyber Command under the aegis of Strategic Command and gives them the bureaucratic tools to respond to increasingly sophisticated cyberspace threats. However, terrorism subcommittee Chariman Adam Smith (D-Wash.) points out, without any specificity, that research has revealed even more vulnerabilities. "Innovations…have exposed seom security concerns to our information technology systems and the networks that support them."
The legislation requires the Defense Dept. to establish a joint program office for cyber operations that can aid development of future capabilities including manpower, tactics and technologies including those for combatant commands. It also gives authority for private sector civilians to receive instruction at the Defense Cyber Investigation Training Academy.
The House Committee on Science and Technology's subcommittees on technology and innovation and on research and science education held hearings that among other efforts called for "modernizing the research agenda…to focus on game-changing technologies" for cyber operations and streamlining coordination between the large number of federal departments and agencies with cyber security responsibilities andd overlapping authorities.