General Kieth Alexander testified yesterday before the House Armed Services Subcommittee on Emerging Threats and Capabilities discussing Fiscal Year 2013 Budget Request for Information Technology and Cyber Operations Programs.
Defense News covered the hearing and has a very interesting article on the hearing and discussions.
Once entirely controlled by the U.S. National Security Agency (NSA), offensive cyber weapons are making their way into the hands of the U.S. military’s geographic combatant commanders.The Defense News article goes on to cover and important point related to DoD Cyber Operations, that the DoD is now fielding offensive capabilities into the hands of the Combatant Commanders. Historically offensive Cyber operations were exclusive to the National Security Agency, but the shift towards giving the DoD those offensive tools appears to be underway. The Defense News article has more details, and is worth reading in full.
The effort was alluded to by the NSA and the U.S. Cyber Command (CYBERCOM) chief, Army Gen. Keith Alexander, as part of congressional testimony March 20, and confirmed by sources. It means that combatant commanders will be able to employ the weapons as part of overall mission planning, pairing traditional kinetic attacks with newly developed cyber capabilities.
The oral testimony of the hearing did not cover this topic, and General Alexander avoided using terms such as offensive and defensive in his oral testimony, but this section in his written testimony covers the topic.
Concept for Operating in Cyberspace: Every domain, by definition, has unique features that compel military operations in it to conform to its physical or relational demands. Doctrine, tactics, techniques, and procedures have been under development for millennia in the land and maritime domains, for a century in the air domain, and for decades in space. In the cyber domain, however, we are just beginning to craft new doctrine and tactics, techniques, and procedures. At the strategic level, we are building our organizational structures to ensure we can deliver integrated cyber effects to support national and Combatant Commander requirements; we are developing doctrine for a pro-active, agile cyber force that can “maneuver” in cyberspace at the speed of the internet; and we are looking at the ways in which adversaries might seek to exploit our weaknesses. At the operational level, our objectives are to establish a single, integrated process to align Combatant Commanders’ requirements with cyber capabilities; to develop functional emphases in the Service cyber components; and to draft a field manual or joint publication on cyber operations and demonstrate proof of concept for it. Finally, rapid deconfliction of operations is required, and that is garnering leadership attention as well. We are currently working closely with two of the geographic combatant commanders. Our goal is to ensure that a commander with a mission to execute has a full suite of cyber-assisted options from which to choose, and that he can understand what effects they will produce for him. Though we can only work such an intensive process with two of the combatant commanders at this time, we will be able to reach out eventually to all of the combatant commands.I do agree that the transition of offensive Cyber capabilities from the NSA to the DoD is a logical and appropriate evolution of national Cyber capabilities, but I have to also say that with 19 years of experience dealing with very difficult security challenges in multiple Enterprise environments, I think it is important experts in the field make it clear to political and military leaders as often and as loud as possible that in offensive Cyber - the potential for collateral damage and unintended consequences is at least as high in Cyber operations as it is in kinetic operations.
Many basic services taken for granted in the daily lives of civilian populations rely heavily on code and data, and the manipulation of code and/or data can disrupt these services for large groups of people, and create legitimate health concerns well beyond the scope of any specific, intended target. If you remember, the smartest smart Cyber bomb in history - stuxnet - reportedly had several unintended consequences taking down other services across Asia inadvertently - including potentially satellite services in India.
I am not suggesting the DoD should not have nor use these capabilities, but it would be wise to remember that Cyber is still in its infancy relative to other types of mdern warfare. One analogy would be to think of Cyber as an air campaign more similar to carpet bombing with unguided bombs from a B-52 rather than conducting a precision JDAM strike with a B-2.