December 13, 2012
Policies on cyber-warfare remain confused and secretive

From Economist:  Political and military leaders miss no chance to declare that cyberwar is already upon us. America’s defence secretary, Leon Panetta, talks of a “cyber-Pearl Harbour”. A senior official says privately that a cyber-attack on America that “would make 9/11 look like a tea party” is only a matter of time. . . .

For all the hype, policies on cyber-warfare remain confused and secretive. The American government is bringing in new rules and a clearer strategy for dealing with cyber-threats. Barack Obama is said to have signed in October a still-secret directive containing new guidelines for federal agencies carrying out cyber-operations. It sets out how they should help private firms, particularly those responsible for critical national infrastructure, to defend themselves against cyber-threats by sharing information and setting standards.

The directive is partly a response to the stalling of cyber-legislation in the Senate. Republican senators argue that it imposes too great a regulatory burden on industry, which is already obliged to disclose when it is subject to a cyber-attack. It is also meant to govern how far such bodies as the Department of Homeland Security can go in their defence of domestic networks against malware attacks.

The Pentagon is also working on more permissive rules of engagement for offensive cyber-warfare, for example to close down a foreign server from which an attack was thought to be emanating. General Keith Alexander heads both Cyber Command (which has a budget of $3.4 billion for next year) and the National Security Agency. He has often called for greater flexibility in taking the attack to the “enemy.” The emergence of new cyber-warfare doctrines in America is being watched closely by allies who may follow where America leads—as well as by potential adversaries. . . .

China has long regarded the network-centric warfare that was developed by America in the late-1980s and copied by its allies as a weakness it might target, particularly as military networks share many of the same underpinnings as their civilian equivalents. The People’s Liberation Army (PLA) talks about “informationisation” in war, “weakening the information superiority of the enemy and operational effectiveness of the enemy’s computer equipment”. China’s planning assumes an opening salvo of attacks on the enemy’s information centres by cyber, electronic and kinetic means to create blind spots that its armed forces would then be able to exploit. Yet as the PLA comes to rely more on its own information networks it will no longer enjoy an asymmetric advantage. Few doubt the importance of being able to defend your own military networks from cyber-attacks (and to operate effectively when under attack), while threatening those of your adversaries. . . .

Besides the cyber element of physical warfare, four other worries are: strategic cyberwar (direct attacks on an enemy’s civilian infrastructure); cyber-espionage; cyber-disruption, such as the distributed denial-of-service attacks that briefly overwhelmed Estonian state, banking and media websites in 2007; and cyber-terrorism.  (graphic: Matt Herring/Economist)

RELATED CONTENT