When war theaters shift to cyberspace….

The war theaters are shifting, literally at digital speed. This sudden shift is entrapping nations more like quicksand than anything else. The definition of national assets, particularly the strategic assets is being extended to include the digital infrastructures of the countries. Of particular importance is the cyberspace in which the defense establishments are operating. All the nations need to have a security policy for the changing scenarios and the most dynamic policies are needed for fighting wars in cyberspace. And the policies are to be updated at the speed of thought. These are extraordinary times and need extraordinary measures. We have extensively discussed 4GW which is being fought almost everywhere with non-state actors engaging national armies. The strategies to fight this kind of a war are covered under war-on-terror.  The terrorists, which are non-state actors, fight this war in order to inflict damages on the security apparatus of nation-states and kill innocent civilians. Various tactics are employed to effectively fight this kind of war and the ultimate objective of terrorists, not achieved to this day, is to occupy a piece of land to start their own state. We are also living in an age of another kind of warfare called cyber warfare. This is defined as actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.

There are instances of cyber attacks on the sensitive websites of not only the USA but other countries. The common phrase so far used for this kind of attacks was “hacking” but when such attacks take place on the information assets of defense establishments, it is a serious business. The USA has anticipated such threats from China. According to The Economist, China has plans of “winning informationised wars by the mid-21st century”. They note that other countries are likewise organizing for cyber war, among them Russia, Israel and North Korea. Iran boasts of having the world’s second-largest cyber-army. James Gosler, a government cyber security specialist, worries that the U.S. has a severe shortage of computer security specialists, estimating that there are only about 1,000 qualified people in the country today, but needs a force of 20,000 to 30,000 skilled experts.

US consider its digital infrastructure as “strategic national asset” and have set up its new U.S. Cyber Command (USCYBERCOM). Though it is not a territorial command like CENTCOM and AFRICOM, the significance of its mission can be understood from the fact the that head of NSA will head this new command. The threat has been taken so seriously that in future computer sabotage by another country against the United States might be considered an act of war and grounds for responding with military force.

The scope of cyber attack includes espionage and national security breaches, sabotage through communication, equipment and national power grid disruption. General Keith B. Alexander, first head of USCYBERCOM, told the Senate Armed Services Committee that computer network warfare is evolving so rapidly that there is a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.” Cyber Command is the newest global combatant and its sole mission is cyberspace, outside the traditional battlefields of land, sea, air and space.” Alexander sketched out the broad battlefield envisioned for the computer warfare command, listing the kind of targets that his new headquarters could be ordered to attack, including “traditional battlefield prizes – command-and-control systems at military headquarters, air defense networks and weapons systems that require computers to operate.”

According to a report recently published by The National Interest, the Pentagon has just released its security policy toward cyberspace. The strategy it sketches out is replete with “initiatives,” all of which are long on setting goals but curiously bereft of the means by which they might be attained. Even where there are some signs of the methods to be used, they seem for the most part quaint, rekindling as they do the concepts I remember being bruited about in the early 1990s.

The report has presented a critique of the security policy. The first initiative, according to the report, reiterates a two-decades-old point about recognizing cyberspace as an “operational domain.” It then embraces the equally hoary organizational mantra aimed at “synchronizing and coordinating” all activities—albeit under the rubric of yet another new military hierarchy, the Cyber Command. Given the balkiness and mixed operating records of other bigline organizations created since 9/11—the Department of Homeland Security and the Directorate of National Intelligence—it is sad to see the Pentagon’s failure to seize the opportunity to approach cyber issues in a more networked way. That is, with no central command, but lots of crosstalk and sharing of best practices between the services.

Once the big new organization is up and running, it will have to be defended, which is the subject of the second strategic initiative. This one calls for new concepts but then falls back on traditional notions of “cyber hygiene” (a term used repeatedly) and “hardening” of systems—both of which have been emphasized for at least fifteen years, neither of which has made the defense cybersphere safe from intrusion. Nowhere is this adequately acknowledged, nor is there any mention of how much more secure systems would be if, instead of relying on Maginot Line-like firewalls, widespread employment of very strong encryption—both for data in transit and data “at rest”—were the norm.

Given that much of the military’s information systems are highly reliant on commercial products, often from abroad, it is necessary to think in terms of working in conjunction with the private sector and other departments of government to try to ensure “supply-chain security.” This is the subject of the third strategic initiative, which gets pretty philosophical about the need to develop “whole-of-government approaches for managing risks associated with the globalization of the information and communications technology sector.” Again, this is a chestnut from the 1990s, when every commission looking at cyber security called for such cooperation. The problem is that this call is not a strategy. Rather, it is a symptom of the danger posed by market forces that drive us to seek the lowest cost, with less attention given to the security of the products in question. It is time to remember that even the great prophet of laissez-faire, Adam Smith, called for “free trade in all things save gunpowder and sailcloth,” the key military products of the eighteenth century. If he were alive in the twenty-first, he’d no doubt call for great circumspection regarding “microchips and software.”

Another aspect of international affairs, working with allies, emerges as the focus of the fourth initiative. Here the Pentagon’s proffered solution goes well back before the 1990s, all the way to the beginnings of NATO over sixty years ago, with a call for “collective security.” This is the notion that an attack upon one is an attack upon all. It was a powerful idea, one that animated many to join NATO and comforted them in the face of a looming Soviet threat. But it was based on the notion that an attack on one crippled only the one, leaving the strength of others intact to mount the liberating campaign. The problem with collective security in a cyber age is that a serious intrusion into—or attack upon—one ally’s information systems could lead to the crippling of the whole alliance. With this in mind, the Pentagon’s strategic analysis should contemplate the point that, whatever benefits allies bring—in political and/or military terms—when it comes to cyberspace they now carry very large risks as well.

Whatever might be needed to pursue the first four strategic initiatives, or to mitigate the risks that accompany them, the Pentagon’s fifth goal is to solve all difficulties with “rapid technological innovation.” The problem here is that such advances may do little to grapple with fundamental organizational challenges. Networks are needed now, not hierarchies. Another gap in Pentagon thinking is that technology itself, no matter how sophisticated—as some cyber weapons are—when not employed in conjunction with a clear-eyed concept of operations, can lead to disaster in the field. The Maginot Line was a marvel of advanced technology—but it couldn’t move, a fatal flaw in the age of mechanization. The Line was outflanked in just days by German panzers during the spring of 1940. Pentagon strategy should therefore be focused on seeing how advanced information technology can foster overall doctrinal innovation.

In sum, the Department of Defense Strategy for Operating in Cyberspace has little new to say, despite the long wait for it and the two decades that have passed since the early-1990s “quickening” of the information revolution. Indeed, the document seems far too steeped in older concepts to be able to meet the challenges of our time and those to come. The only hope now is that the commander-in-chief, our first cyber president, will become his own chief strategist and begin to move matters in more productive directions. His hero, President Lincoln, did this during the Civil War, overcoming his generals’ objections as he parsed the most effective ways to use rail and telegraph—the cutting-edge technologies of his time—to empower and guide Union forces to victory. Barack Obama will have to do something similar now. Otherwise, the information age is going to turn into one long slog.