Military planners mull possibility of cyber war

By DAVE MONTGOMERY

WASHINGTON | While U.S. forces in Iraq and Afghanistan engage enemies with guns, tanks, airplanes and missiles, the Pentagon is quietly fighting a different war on a new front — cyberspace.

Military officials say that a cyber attack by foreign enemies or terrorist groups would result in “an electronic Pearl Harbor” that would shut down electricity, banking systems, cell phones and other tools of day-to-day life.

Hundreds, and possibly thousands, of more-limited cyber assaults are bombarding the firewalls of government computer systems daily, prompting U.S. officials and military leaders to declare that the United States is already at war on the cyber front.

“America is under widespread attack in cyberspace,” Gen. James E. Cartwright, then-commander of the U.S. Strategic Command, which oversees the military’s computer grid, told Congress in March. “Our freedom to use cyberspace is threatened by the actions of criminals, terrorists and nations alike.”

As a result, the U.S. military is aggressively incorporating cyber technology into its war-fighting arsenal in the same sort of evolutionary pattern that saw air power emerge from the early biplanes of the past century. All branches of the military have cyber operations, and the Air Force is moving to set up a full-fledged cyber command that will have the same stature as its other commands.

U.S. officials acknowledge that the computer-dependent military and federal government are threatened by virtually every malevolent concept of the cyber age, from worms and viruses that aim to cripple or shut down networks to intrusions that attempt to steal classified information.

“We’re vulnerable every day,” said Greg Garcia, the assistant secretary for cyber security and communications at the Department of Homeland Security. “Everybody is seeing some form of intrusion or attack.”

The DHS received 37,000 reports of attempted breaches on government and private systems in fiscal 2007, which ended Sept. 30, compared with 24,000 the previous year. Assaults on federal agencies increased 152 percent during that period, from 5,143 to 12,986.

A worst-case attack could shut down computer command-and-control systems that run banking, water and sewerage systems, traffic lights, oil and gas networks and nearly every other element of the public infrastructure. Those control systems, the Government Accountability Office said in September, “are more vulnerable to cyber-attacks than in the past.”

The roster of cyber adversaries includes foreign militaries and intelligence services, hackers who could be working in league with foreign governments, and “hacktivists” — hackers with political agendas. Terrorists thus far are considered only a limited threat, said the GAO report, citing the CIA.

“Five or 10 years from now, senior defense officials believe, an enemy may not need soldiers, ships or aircraft to strike hard at the United States,” says a report prepared for the U.S. Air Force Association. “The preferred tool may be information-based attacks carried out in cyberspace.”

The United States, with its multilayered systems and advanced firewalls, has avoided the type of extensive attack that caused widespread disruptions throughout government agencies and institutions in Estonia this spring. But numerous assaults, most of them harmless, pound U.S. military and government computers every several seconds, say experts.

“The Pentagon is probably one of the most attacked networks in the world,” said Matt Richard, director of the rapid response team for VeriSign iDefense, a California-based firm that specializes in cyber security.

The blueprint for the military is the “2006 National Military Strategy for Cyberspace Operations,” a classified document that includes both defensive and offensive measures, according to officials and analysts. Likely offensive tactics include disabling an enemy’s command-and-control networks, destroying data or dispatching false information to weapons networks, often as part of a larger attack with air power and other weaponry.

As an outgrowth of the strategy, Air Force leaders established a provisional cyber command at Barksdale Air Force Base in Louisiana and plan to develop a permanent command.

As many as 40,000 Air Force personnel are assigned to cyber tasks, and Air Force officials envision a breed of warrior who fights with a computer and keyboard. But he’s expected to be as formidable as the soldier with a gun. Lani Kass, special assistant to Gen. T. Michael Moseley, Air Force chief of staff, told a recent seminar that Air Force cyber warriors would be “trained killers” and “not a bunch of geeks.”