Creative Commons License

Battlefield Focus Ignores Strategic Cyber Attacks

Wednesday, July 15, 2009 at 08:35 AM EDT

The focus of most reporting on cyber attacks and cyber security in military circles continues to distract the debate away from campaign level cyber attacks. Rather than discussing what a skilled nation-state adversary would do with currently available, known cyber attack strategies, coverage tends to focus on battlefield applications of information technology.

Take, for example, this story (excellent reporting, by the way). The headline calls attention to espionage, but the focus of the article is clearly on narrow tactical applications of information technology in urban warfare.

The impetus to establish rebuild the Army’s electronic warfare capability came as a result of Radio Controlled Improvised Explosive Devices (RCIED), said Lt. Col. Fred Harper, a key analyst for the TRADOC Capabilities Manager Computer Network Operations Electronic Warfare (TCM-CEW) Division under CDID.

“At the initial stages of our involvement in Iraq, the Army found itself fighting against insurgents who were using relatively simple electromagnetic devices with great effect to attack our Coalition forces,” said Harper.

Almost immediately after the Sept. 11, 2001 attacks against the U.S. mainland, President George W. Bush, ordered troops into Afghanistan and shortly thereafter into Iraq. Subsequent events on the battlefields began to highlight the vital importance of controlling the EMS. Determined insurgents in Iraq began building large numbers of roadside bombs from salvaged ordnance left behind by the Iraqi military which were then detonated in highly effective attacks against U.S. convoys and personnel using off-the-shelf commercial electromagnetic-based devices such as cell phones or garage door openers. This was followed by similar attacks in Afghanistan.

“In attempting to respond, the Army discovered that it had little internal technical ability on its own to counter such attacks,” said Harper. As a consequence, the Army found itself fighting on complex urban terrain against insurgents who were using the EMS effectively to attack Coalition forces which had limited ability to respond effectively.

This is part of a much larger trend. Take the coverage of Peter Singer’s excellent book and his TED talk. Editors, publishers and producers consider his work especially relevant is because the next generation of battlefield robots are here. They are easy to film. They make clear at a glance that they constitute a leap forward in military technology similar to the invention of the tank. Unmanned aerial vehicles, unmanned tanks, and reconnaissance vehicles of all shapes and sizes have the capacity to fundamentally reshape combat tactics.

My beef is that future cyber attacks won’t be focused on the battlefield. Enterprises need to prepare themselves for future wars among great powers. The conduct of those wars will require that nation states incapacitate one another’s economies (meaning both heavy manufacturing and a host of other critical infrastructure sectors, some of which are in services). The government cannot possibly protect all the businesses at risk from future cyber attacks. Controlling the territory of the United States, as a strategy, will be fundamentally insufficient to protect the nation’s economic infrastructure, in an age of cyber attacks.

I applaud the coverage of cyber attacks in general, and all of the specific works and authors mentioned here. What I am advocating is a public discussion of how cyber attacks, similar to the one that occurred in Estonia, Georgia, and Krygyzstan, could be intensified to produce much more dangerous and lasting effects. The nation’s future defense requires that businesses anticipate and mitigate the potential consequences of such attacks in the coming decades.

As we have recently learned from the financial crisis, the profit motive requires that businesses compete in a myopic environment. Managers and directors are paid to ensure that businesses don’t leave profits on the table, even if that entails bearing significant risks, in order to outperform the competition. Enterprise risk in the face of careful, coordinated cyber attacks is enormous.

I would like to see the media elevate cyber conflict from a narrow tactical issue on the battlefield to a pivotal strategic problem in civil defense and national security.