How I Learned to Stop Worrying and Love Cyber Weapons

As part of the government’s No-Contractor-Left-Unfunded Initiative the Air Force is now soliciting sales pitches for cyber weapons.

So far no one mentioned who exactly these weapons would be used against. That’s par for the course, but knowing who the enemy is likely to be essential in developing weapons. Otherwise the United Statues might end up fighting asymmetric conflicts with forces equipped to face the Soviet Union.

The incredibly unhelpfully named Air Force Life Cycle Management Center (sounds like they handle retirement issues) recently announced that it wants concept papers about technological demonstrations of “cyberspace warfare operations” (CWO) capabilities. The folks at Wild Blue Yonder Inc. are looking for CWO capabilities in a number of categories including:

Technologies/concepts for developing capabilities associated with Cyberspace Warfare Attacks (i.e., to disrupt, deny, degrade, destroy, or deceive an adversary’s ability to use the cyberspace domain to his advantage.) This should address, but not be limited to, the following:

1. Mapping of networks (both data and voice)
2. Access to cyberspace domain, information, networks, systems or devices
3. Denial of service on cyberspace resources, current/future operating systems and network devices
4. Data manipulation
5. Ability to control cyberspace effects at specified times and places

Now let’s look at a potential list of plausible opponents–North Korea, Iran, Terrorists–and estimate just how effective these cyber attacks could be:

• North Korea is so far the only nation on earth with an effective cyber defense. It can probably count the number of external Internet access points on one person’s fingers and toes with a few digits left. Its critical-resources-infrastructure representatives probably communicates via phone and/or by carrying physical messages. So if it came to a direct conflict we would have to rely on our Overwhelming Military Superiority (OMS).
• Iran: If we are to believe all the reports about malware such as Stuxnet and Flame, the crazies in Tehran already have more bugs then they can deal with in their systems. And it is highly likely they have other things in their networks that we don’t know about. Aside from lunacy (no small factor in this instance) here are Iran’s possible casus belli. The United States: 1) Is the Great Satan; 2) Gives a lot of money to Israel; 3) Keeps crippling the Iranian nuclear program; 4) Has troops stationed in two neighboring nations; and 5) Cut them off from World of Warcraft.  Is that enough reason to attack our financial and utility infrastructure? Sure, but Tehran talks a lot crazier than it acts. (For example, it made lots of threats to blockade the Straits of Hormuz but took no actual action.) The problem in cyber terms is the United States can’t protect its infrastructure. Developing cyber weapons isn’t going to make America any safer unless they’re use as an add-on deterrent to its OMS.
• Terrorists: Any ability to mess up the enemy’s communications is good, and cyber weapons could prove to be effective in this way. So far, all of the “non-state actors” we have had to deal with have wisely (for them) been paranoid about using the Web for much more than spreading propaganda. Again, the problem can’t be solved with offensive cyber abilities. So should we continue to develop our ability to mess with these people? Definitely. Just don’t think it’s going to provide much protection.

Please note that China is not on this list. While the Chinese are dedicated to stealing U.S. intellectual property they have nothing to gain from a war with the United States, be it cyber or otherwise. China is on the verge of an economic meltdown that could make the recent ecomonic turmoil in the United States look minor. The last thing the Chinese want to do is harm the economy of a nation that owes them so much money. Chinese critical-infrastructure networks were developed after similar U.S. systems, so they are probably better protected than the U.S. networks. The Chinese networks probably get a “bad” rating as opposed to the United States’ “non-existent.” The Chinese are at just as much risk as Americans, and they know it.

The United States is going to develop cyber weapons anyway. I just hope no one thinks they will actually make us safer.