Crossroads Blog | CYBER SECURITY LAW AND POLICY

Active Cyber Defense, Cyber Command, Cyberwar

U.S. Cyber Command Moves Towards Lethal Cyber Weapons

U.S. Cyber Command $460 million Cyber Project
In a follow-up to a recent round-up; according to NextGov, an upcoming $460 million project at U.S. Cyber Command will outsource a number of offensive cyber capabilities to the private sector.  NextGov reports that these new weapons that will be developed will give the U.S. military the ability to launch logic bombs which would be capable of causing critical infrastructure to essentially self-destruct.  The article quotes the head of Raytheon’s Government Cyber Solutions Division, Ret. Adm. Bill Leigher “When I use ‘cyberwar’, I’m thinking of it, in a sense of war …  [s]o yes, war is violence.”

DoD Law of War Manual

law-of-war-manual-june-2015
In June, the DoD released the “Law of War Manual”. NextGov reports that the chapter entitled “Cyber Operations” provides three potential actions that the Pentagon deems to be legal in cyberspace:

  1. Triggering a nuclear plant meltdown,
  2. Opening a dam upstream from a population center,
  3. Disabling air traffic control services

Furthermore, NextGov indicates that the stated role of the Pentagon in the context of Cyberspace is: (1) Prevent or block foreign hackers from targeting domestic systems, (2) providing assistance to U.S. combat operations overseas, and (3) the defense of military networks.  Accomplishing those mission objectives is no different from standard military operations in a conventional warfare setting, according to Ret. Maj. Gen. Charles J. Dunlap, the executive director of Duke University’s Center o Law, Ethics, and National Security.  In the article, Dunlap goes on to say that this essentially comes down to a balancing test with reasonable collateral damage on one side and the military objectives on the other; so long as the collateral damage isn’t disproportionately greater than the probability of military success, lethal impacts to civilians are acceptable in a cyber strike situation.

Analyzing the Uncertainty of the Scope and Duration of Cyber Weapons
CYBERCOM spokeswoman Kara Soules indicated to NextGov that it is vitally important to understand the success rate of any cyber-weapon.  The concept of cyber joint munitions effectiveness indicates that a cyber weapon has been carefully evaluated such that there is an understanding of the rate of effectiveness against a given target, according to the article.  NextGov reports that Tim Maurer, a cyber policy researcher at the Carnegie Endowment for International Peace, stated that outside the U.S., governments are also hiring private organizations to develop cyber munitions which include zero-day exploits.  One issue which then arises is the fact that malware is not designed to self-neutralize and consequently the impacts can be far-reaching and of an unknown duration, reports NextGov.  For instance, in the case of the Stuxnet virus, which was first revealed back in 2010,  Microsoft was still dealing with the after-effects of this virus and issued yet another patch, (latest patch released March 2015), according to NextGov.  Consequently, statements that NextGov attributes to Cedric Leighton, a retired Air Force Intelligence and National Security Agency Director, are particularly vexing when Leighton states that the use of cyber munitions is like the strategic bombing campaigns of World War II, where we really didn’t fully understand the consequences of using nuclear weapons.


My Opinion:
As our ability to wage war has continued to expand and our use of technology becomes pervasive we seem to be removing some of the human elements from the battlefield.  With weapons such as smart bombs and drones, we have enabled military actors to engage targets from locations far removed from the actual theater of operations.  While this likely has resulted in saving countless U.S. lives, the psychological impacts are vastly different from those engaged in direct line-of-sight hostilities with enemy combatants.  When we add layers of abstraction we create a different understanding of the impact that is felt when we launch offensive operations.  Going back to the Battle of Bunker Hill, when the command ordered the men to refrain from engaging their targets “until you see the whites of their eyes” that was an active participation in the waging of war.  Looking down the end of a barrel at a target is vastly different than writing and then executing code that releases a dam’s floodgates or causes a nuclear reactor to meltdown.  There comes a point where the ability to inflict human damage and lethal action remotely may help to save lives on one side, but at what cost?  Clicking a mouse or pressing the enter key, inserting a thumb drive, these are all simple, innocuous actions, their meaning depends entirely on the context.  When you pull a trigger you understand what the result will be and it may be a decision of conscious thought.  When you remove that element from the equation you may end up making death and destruction too inexpensive for the initiator and that cost then gets shifted to humanity as a whole.  The question then becomes, is this a cost that humanity can afford to bear?

Additionally, while the U.S. and other first-world nations continue to invest significant time and resources in the development of advanced cyber weapons, the irony is that it is these very nations that are at greatest risk of an infrastructure failure caused by cyber munitions.  With the ubiquity of technology and our reliance upon it, the first world nations have an enormous exposure vs. that of the remainder of the developing world.

 

Leave a Reply