From Scott Shane, New York Times: The chorus of official voices speaking publicly about American cyberattack strategy and capabilities is steadily growing, and some experts say greater openness will allow the United States to stake out legal and ethical rules in the uncharted territory of computer combat. Others fear that talking too boldly about American plans could fuel a global computer arms race.
Next month the Pentagon’s research arm will host contractors who want to propose “revolutionary technologies for understanding, planning and managing cyberwarfare.” It is an ambitious program that the Defense Advanced Research Projects Agency, or Darpa, calls Plan X, and the public description talks about “understanding the cyber battlespace,” quantifying “battle damage” and working in Darpa’s “cyberwar laboratory.”
James A. Lewis, who studies cybersecurity at the Center for Strategic and International Studies in Washington, says he sees the Plan X public announcement as “a turning point” in a long debate over secrecy about cyberwarfare. He said it was timely, given that public documents suggest that at least 12 of the world’s 15 largest militaries are building cyberwarfare programs.
“I see Plan X as operationalizing and routinizing cyberattack capabilities,” Mr. Lewis said. “If we talk openly about offensive nuclear capabilities and every other kind, why not cyber?”
Yet like drone aircraft, which similarly can be used for both spying and combat, American cyberattack tools now are passing through a zone of semisecrecy, no longer denied but not fully discussed. President Obama has spoken publicly twice about drones; he has yet to speak publicly on American cyberattacks.
Last week, at a public Cyber Command legal conference, the State Department’s top lawyer, Harold H. Koh — who gave the Obama administration’s first public speech on targeted killing of terrorists in 2010 — stated the administration’s position that the law of war, including such principles as minimizing harm to civilians, applies to cyberattacks.
In August, the Air Force raised eyebrows with a bluntly worded solicitation for papers advising it on “cyberspace warfare attack capabilities,” including weapons “to destroy, deny, degrade, disrupt, deceive, corrupt or usurp” an enemy’s computer networks and other high-tech targets.
And a few weeks earlier, a top Marine commander recounted at a public conference how he had used “cyber operations against my adversary” in Afghanistan in 2010. “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire,” said Lt. Gen. Richard P. Mills, now deputy commandant of the Marine Corps.
Cyberwarfare was discussed quite openly in the 1990s, though technological capabilities and targets were far more limited than they are today, said Jason Healey, who heads the Cyber Statecraft Initiative at the Atlantic Council in Washington.