by Constantine von Hoffman

U.S. Endangers Troops by Ruling out First Strike Use of Cyber Weapons

Oct 18, 20113 mins
CybercrimeFirewallsIntrusion Detection Software

Refusal to use them against Libya sets a dangerous policy and one that even our allies have rejected.

The Obama administration has ruled out first strike cyber attacks – something neither our opponents nor allies have chosen to do. This delicacy around virtual war could be a real threat to the nation’s security.

The policy was determined when the administration ruled out an internet attack on Libya in March, just before U.S.-led air strikes against the nation. According to The New York Times, “the goal would have been to break through the firewalls of the Libyan government’s computer networks to sever military communications links and prevent the early-warning radars from gathering information and relaying it to missile batteries aiming at NATO warplanes.”

While there were plausible reasons for this – the military wasn’t sure it could be ready fast enough – the policy that came out of it made far less sense. Political and military officials were both concerned this might set a precedent for other nations – most importantly Russia and China – to initiate such offensives on their own.

With the huge number of ways there are to hide the identity of a cyber attacker, why would Russia or China or any other nation be concerned about precedent? Not the U.K., that’s for sure. Last week Foreign Minister William Hague made it clear the nation would strike first with cyber attacks: “We will defend ourselves in every way we can, not only to deflect but to prevent attacks that we know are taking place.”

Besides precedent may already have been set on this. That depends what exactly is the difference between cyber espionage and cyber war? For the sake of diplomacy all those online efforts by someone in China to get into U.S. government computer systems have been judged non-government sponsored. If you say espionage is stealing information and war is causing direct physical harm then we’ve already done it (unofficially). What else do you call Stuxnet, the U.S.-Israeli virus that crippled Iran’s nuclear capacity?

The most absurd point of debate by the administration was whether or not the president has the authority to proceed with such an attack without informing Congress. If the president can launch drone and cruise missile attacks without telling Congress you’d think crippling radar systems would be a no-brainer.

As described by the Times, the administration passed on using non-lethal tools to protect U.S. service men and women going into combat. Given politicians’ willingness to send our troops into battle it is absurd that we won’t use the cyber capability to protect them.