Questions Abound in Cyber Theater of Operations, Vice Chairman Says
By Jim Garamone
American Forces Press Service
WASHINGTON, June 9, 2009 Cyber operations are another theater of operations for the U.S. military, and the Defense Department must apply the same analytical rigor and resources to it as it would to any other theater, the vice chairman of the Joint Chiefs of Staff said recently.
“There will be a cyber capability at the tactical level, and … we do deploy it forward,” Marine Corps Gen. James E. Cartwright said June 4 at the Center for International and Strategic Studies. “There is an operational level, which tends to be based regionally, and there is a strategic capability. And we will, over the next few days, start to roll out the organizational constructs associated with that.”
The Defense Department is considering a sub-unified command for cyberspace, Pentagon officials said. While no decision has been made on what shape the command might take, officials are looking at a number of options. The department has demonstrated over the last five years, both at the tactical operational and strategic levels, the viability and the utility of cyber capabilities, Cartwright said.
The War Department and Navy Department began the research that resulted in information technology during World War II. Since then, protecting U.S. technology and staying ahead of enemy technology has been important to the department. Today, Defense Department systems are scanned millions of times daily, ranging from simple probes to far more complex and sophisticated assaults.
Computer network defense is the most important job of any cyber operations activity. The Defense Department must defend against the millions of scans daily and the department aggressively monitors its networks for intrusions and has appropriate procedures to address these threats.
The scans are not just the work of some bored teen sitting in his Dad’s basement. “We have seen attempts by a variety of state and nonstate-sponsored organizations to gain unauthorized access to, or otherwise degrade, DoD information systems,” Pentagon spokesman Air Force Lt. Col. Eric Butterbaugh said.
Attacks can be tough to trace, since in many cases they involve compromising and using intermediate hosts, the colonel said. “For obvious reasons, we will not comment specifically on ongoing investigations or incidents, nor will we address specifics about potential impacts to DoD networks, our operations, or our protection and mitigation efforts and strategies,” Butterbaugh said.
Network defense has been an important aspect within the department, but cyber warfare is more than just defensive measures. The Maginot Line of 1930s France -- massive fortification of its border with Germany that proved futile when Germany launched its blitzkrieg in World War II -- shows what happens when a country relies solely on defense, Cartwright said. There is an offensive portion to cyber operations, and defense planners are wrestling with what that means, the general said.
“What’s proportionality look like in cyber? What does attribution look like in cyber? How do you understand sovereignty in the cyber domain?” he asked.
Cyber operations are not limited by geographic boundaries, the general noted, raising the question of whether the law of war insists that cyber operations be contained to the conflict area.
“If you go outside that geographic area of hostility, … are you still applying the same rules, or do you switch over to what we would call Article III, the standard rules and laws that we would be availed to in the United States?” Cartwright asked. “How do you start to understand that? Those are challenges that we are pushing on.”
Another question is attribution, not only for the adversary but for the United States. “When you enter into cyber, do we put the tailflash on every one of the dots and digits that says ‘United States Air Force has passed through here?’ Probably not,” the vice chairman said. “So what does the definitions between covert and clandestine look like in law? They’re very difficult. It’s very difficult to understand this.”
Cyber operations are a new world of warfare. Any use – offensive or defensive – must be considered before employing cyber operations, Cartwright said.
“What we’re trying to understand is how can you take the art of war in combination with other domains, other weapons, other platforms, [and] apply those together in way that is coherent and actually makes sense, and appears and can be judged by anybody as being appropriately proportional in the activity and response,” Cartwright said.