Meet USCybercom: Why the US Is Fielding a Cyber Army

Published on
by
BBC News

Meet USCybercom: Why the US Is Fielding a Cyber Army

by
Patrick Jackson

The US is in the process of creating a unified cyber command, to fight the wars of the future. The Pentagon has no doubt that the next conventional war will include a cyber element.

Looking out of a window in London's Canary Wharf, Daniel Kuehl gestures randomly towards a high-rise.

"Let's just assume that somewhere in that building there are a bunch of cyber systems, networks, routers, that are militarily important to take out," he said.

"Which would you think would be the better way of doing it in terms of this neighbourhood? To make it stop working through a bunch of key strokes or to put a laser-guided, 1,000-lb weapon through the third floor and blow it to shreds?

"We're really good at that second operation - but there might be some advantages to doing it the first way."

The Pentagon is creating its first fully fledged cyber command - USCybercom - to improve its ability to wage war with key strokes.

'Precision disruption'

There will be "one guy in charge of cyber defence and offense", says Mr Kuehl, who helped plan the air campaign for the first Gulf War before becoming the professor of information operations at the National Defense University in Washington.

Amit Yoran, a former cyber security director at the Department of Homeland Security, and now head of Netwitness Corp, defines cyber war as "the use of information technologies for the purposes of conducting warfare".

"That could be using a computer network or a cyber attack to take systems out and make them inoperable and deny access to the legitimate users of those systems at a critical point in time," he says.

"It could also be cyber system exploitation which I would define as compromising systems, accessing data and using that information but in a more covert way, not necessarily tipping off what you have access to and how you are using it, perhaps for later attack purposes."

Dr Kuehl, in London recently for the Cyber Warfare 2010 conference, believes the day may come when Pentagon computer experts will enjoy the same kind of combat status as jet pilots or frigate commanders.

Their weapon of "precision disruption" has the potential to be more efficient, more effective, less damaging, less life-threatening than a kinetic weapon," he says.

But as with pilots and warship commanders, as US cyber warriors get stronger, so may their potential adversaries.

Hitting banks

Summer of 2008, Beijing Olympics. As the world settles down to watch the Games, war erupts deep in the Caucasus Mountains. Georgian rockets fly, Russian tanks roll, - and Russian hackers storm Georgian websites.

Some experts regard this as the first cyber war.

"We saw a military mobilisation by Moscow into South Ossetia accompanied by clearly orchestrated cyber attacks against the Georgian government's communication systems and the banking system," says Nigel Inkster, director of transnational threats and political risk at London think tank The International Institute for Strategic Studies (IISS).

The planners in Moscow were quite careful, he says, calibrating the "proportionality and focus" of the cyber attack to remain "broadly in line with the law of armed conflict (LOAC)".

The law does not permit attacks on civilians or civilian infrastructure that does not directly contribute to the state's ability to prosecute the conflict, and while the attacks on the banking system arguably target civilians unduly, Mr Inkster says, "in a country which still predominantly operates a cash economy that would be debatable".

While the exact level of Russia's cyber military organisation is not clear, and China does not have a formal cyber arm, the creation of USCybercom is clearly a response to the two countries' "greatly increased activity in this arena", says Mr Inkster, a former deputy head of the British foreign intelligence agency MI6.

So, are we witnessing the first steps in a new arms race?

"There is a lot of concern in both countries [China and Russia] that the US is seeking to achieve in cyberspace the same dominance it is perceived to have in the realms of conventional and nuclear weapons, and space," says Mr Inkster.

USCybercom will cover all four armed services, each of which recently gathered its cyber components into one unit: 24th Air Force, 10th Fleet, Army Forces Cyber Command and Marine Corps Cyber Command.

The oldest of these, 24th Air Force, describes itself as an "operational warfighting organization that establishes, operates, maintains and defends [US Air Force] networks and exploits and attacks threat networks".

Headquartered in Texas, it comprises 3,339 military, 2,975 civilian and 1,364 contractor personnel and one of its key units, 67th Network Warfare Group, prides itself on having a presence "on every continent except Antarctica", which is a demilitarised zone.

'Significant target'

Brig Gen Charles Shugg, vice-commander of the 24th, explains that the very nature of the air force requires strong cyber defences.

"We have become dependent on our information networks to accomplish our mission, and while those information systems have greatly improved our capabilities, they have become a significant target for our adversaries," he says.

Some sense of its area of operations was given in February, when it announced awards for five of its "cyber warriors".

One was honoured for leading and anti-virus script initiative "that reduced risk to personal computers by 85%" and "crafting 17 courses of action in response to adversary tactics, which countered a major threat".

Another "secured 425 gateways, 650,000 personal computers and 300,000 users and identified a flaw in the policy governing use of USB drives in the force, thus "protecting the network from a viable threat".

Not everyone is convinced of USCybercom's military value. One US official at the London conference said that if cyber warfare was a WMD it was only a weapon of "mass disruption, not destruction".

But the US Senate is expected to confirm Lt Gen Keith Alexander, who also heads the US National Security Agency (NSA), as head of USCybercom in the near future.

If this happens, he will rise to the rank of a four-star general, and his new command will get its badge and take its place in the military.

"Believe me, creating an organisation led by an officer of that rank is not easy," says Daniel Kuehl.

"It's not simple and it's not done unless there are perceived to be very, very pressing reasons for doing so. We are deadly serious about this."

Share This Article

More in: