Topic: Cyber Warfare
Research by: Steven Elliott
Date: 7/12/2010; Final Draft: 8/14/10
TEASER/TITLE: Cyber Warfare and its Impact on the Conflict in Iraq
SUMMARY PARAGRAPH:
When most Americans think about the conflict in Iraq, cyber warfare does not immediately come to mind. However, this high-tech advancement is starting to become more popular with United States military officials and is being utilized in the current conflict in Iraq. Therefore, the U.S. must develop legislation regulating cyber warfare or the slow process of receiving top-level approval could harm future efforts. This paper recognizes some denied and approved cyber attacks that have been used in Iraq, identifies the major causes of the United States’ apprehension about using cyber warfare, and analyzes how the United States can streamline future use of cyber warfare.
KEY FINDINGS
· Former President George W. Bush’s administration cancelled several planned cyber attacks during the Iraq invasion of 2003 because they were concerned about the potential collateral damage of the attack.
· Since as early as 2005, the United States has used cyber attacks to jam Taliban and Iraqi insurgent’s communications devices (Harris 2009).
· Cyber attacks have proved beneficial to the war effort.
· Fear of retaliatory attacks and collateral damage is the main reason the U.S. government is wary of using cyber warfare.
RECOMMENDATIONS
· Learn from past mistakes to hone cyber attack skills.
· Form effective policies that will guide future cyber war.
· Harden U.S. networks against potential pre-emptive and retaliatory threats.
BACKGROUND
Before the conflict in Iraq, there was almost no precedence for U.S. employment of cyber attacks. Although there had been a couple of assaults on Iraqi communications systems, using bombs and attacks to disrupt the power flow using carbon-carbon fiber during the Persian Gulf War, neither of which involved true “cyber warfare” (PBS 2003). In Kosovo, the United States hacked into the Serbian air defense system and distorted images to deceive the Serbian air traffic controllers (PBS 2003). This cyber attack was “essential to the high performance of the air campaign” said John Arquilla, a professor of defense analysis at the U.S. Naval Postgraduate School, in a 2003 PBS interview (PBS 2003).
In 2003, during the months leading up to the invasion of Iraq, the United States planned a cyber attack that would have affected Iraq’s financial system and frozen billions of dollars during the opening stages of the war (Markoff and Shanker 2009). This attack would have effectively shut off Saddam Hussein’s cash flow and, according to one senior Pentagon official, it was planned and could have worked (Markoff and Shanker 2009). However, the plan was never approved by former President George W. Bush’s administration for fear of the potential collateral damage. The Iraqi banking system is connected to networks in France and an attack could have shut down banks and ATM’s all across Europe and even in the United States (Smith 2003). Since this first aborted attack, there have been several successful attacks during the Iraq war on both infrastructural and military targets. Also, President Obama’s administration appears to be increasing its cyber warfare capabilities.
STRATEGIC PLANNING ASSUMPTIONS:
· There will be new international laws pertaining to cyber war. In 2005, the United Nations Institute for Training and Research posted ideas for a law regarding cyber space (Kamal 2005). A formal law has not been written but with the increasing rate of cyber attacks, that may change soon.
· There will be an increase in the use of cyber warfare by the United States especially give the new Cyber Command Center (Daniel 2010).
· The Cyber Command Center and Congress will work collaboratively to create policies regarding cyber warfare (Daniel 2010).
ANALYSIS:
There have been some successful cyber attacks during the Iraq conflict. In 2007, former President George W. Bush’s administration ordered a cyber attack on cell phones, computers, and other communication devices that terrorists were using to plan and carry out roadside bombs (Harris 2009). This attack was coordinated with the surge of military troops. The operation allowed National Security Agency (NSA) hackers to provide false information to the insurgents to lead them into a trap (Harris 2009). These cyber attacks are credited with allowing the military to kill some of the most influential insurgents, according to former U.S. officials (Harris 2009). One other assault occurred at the beginning of the war and involved electronic jamming and destroying communication grids (Markoff and Shanker 2009). Former President G. W. Bush’s administration approved the attack because the collateral damage, inconveniencing telephone services in countries that share cell phone and satellite systems with Iraq, was an acceptable tradeoff (Markoff and Shanker 2009).
The halted 2003 attack, illustrated a large gap in our understanding of cyber weapons and the policies that govern the use of them. Because the world is so interconnected, “it’s virtually certain that there will be unintended consequences,” said Herbert Lin, a senior scientist at the National Research Council in a 2009 interview (Markoff and Shanker 2009). Cyber space is an entity with no bounds and, as such, it is difficult to only hit the intended target. Understanding the consequences of cyber attacks has a tremendous effect on whether attacks will be authorized and how public policy should outline cyber warfare techniques. “Policy makers are tremendously sensitive to collateral damage by virtual weapons, but not nearly sensitive enough to damage by kinetic weapons,” said John Arquilla, an expert in military strategy at the U.S. Naval Postgraduate School (Markoff and Shanker 2009). The worst-case scenario in a cyber attack would involve shutting down the power to a hospital that had been linked to a targeted network. Keeping these scenarios in mind, Congress will need to work with top cyber warfare experts to devise a set of policies because “cyber [war] was moving so fast that we were always in danger of building up precedent before we built up policy," said former CIA director Michael V. Hayden in relation to the former President G. W. Bush administration’s attempts to cultivate policy as operations took place (Nakashima 2010).
Seven years after the denied 2003 attack, there was still no official policy on how the U.S. can and should attack using cyber war techniques. Without definitive policy “cyber warriors are held back by extremely restrictive rules of engagement,” noted Arquilla (Markoff and Shanker 2009). General Keith Alexander, the director of the NSA and commander of the U.S. Cyber Command, believes that the United States needs “the cyber-equivalent of the Monroe Doctrine, a set of clearly defined interests and the steps the government would take to protect them” (Harris 2009).
The use of cyber warfare techniques is also hindered by the fear of a retaliatory attack. In 2003 a meeting involving prominent figures in academia, industry, and government was held at the Massachusetts Institute of Technology (MIT) to discuss whether or not cyber warfare should be used by the United States (Graham 2003). One major concern voiced at this meeting was U.S. vulnerability to attacks. "A lot of institutions and people are worried about becoming subject to the same kinds of attack in reverse," said Harvey M. Sapolsky, an MIT professor (Graham 2003). Unfortunately, in the world of cyber warfare, "our defense is informed by our offense" noted Bob Gourley, the former chief technology officer for the Defense Intelligence Agency (Harris 2009). In order to develop a strong defense the U.S. must have strong offensive capabilities. Furthermore, the United States should ensure that cyber security is a top priority for the military as well as hospitals, power plants, and other infrastructural necessities. The military understands that cyber warfare is a valuable asset that can and should be utilized in Iraq and other future conflicts, but the lack of policy governing this evolving technology and weak infrastructural cyber security is hindering what could be an indispensable tool.
IMPLICATIONS:
· Given the success of cyber warfare techniques in Iraq, it seems logical to assume the U.S. will increase the frequency of attacks.
· The military is expanding their mission to focus on cyber war. In May 2010 the U.S. Air Force announced that 30,000 troops would be re-assigned to “the frontlines of cyber warfare” (Beaumont 2010).
· With the formation of Cyber Command and the growing importance of cyber warfare the defense budget will shift from physical weapons to electronic ones.
· The government and military will be forced to create policies regarding cyber war in order to utilize its capabilities.
· The new policies created will most likely limit the capabilities of cyber weapons to lessen the impact of cyber war on civilian networks.
· The United States will accept cyber security as a necessity and focus on hardening its networks.
RECOMMENDATIONS:
· Limit the disruptive capabilities of cyber weapons through scenario planning and ensuring that the rules of engagement minimize effects on civilians.
· Adopt policies that define cyber warfare and official acts of cyber war.
· Adopt policies and legislation that regulate the use of cyber weapons, but also minimize civilian impacts.
· Adopt policies to ensure that the United States is adequately protected against cyber attacks.
· Continue to use cyber warfare to benefit the current conflicts and any future conflicts.
· Train more men and women in the science of cyber warfare to ensure that the cyber war effort has well-trained U.S. Armed Forces.
SOURCES:
Beaumont, Peter. "US Appoints First Cyber Warfare General." Latest News, Comment and Reviews from the Guardian | Guardian.co.uk. 23 May 2010. Web. 15 July 2010. .
Daniel, Lisa. "Cyber Command Synchronizes Services’ Efforts." United States Department of Defense (defense.gov). American Forces Press Service, 09 July 2010. Web. 15 July 2010. .
"Frontline: Cyber War!" PBS. 24 Apr. 2003. Web. 15 July 2010. .
Graham, Bradley. "Washingtonpost.com: Bush Orders Guidelines for Cyber-Warfare." Stanford University. Washington Post, 7 Feb. 2003. Web. 15 July 2010. .
Harris, Shane. "The Cyberwar Plan." National Journal Online. 14 Nov. 2009. Web. 15 July 2010. .
Kamal, Ahmad. The Law of Cyber-space: an Invitation to the Table of Negotiations. Geneva: UNITAR, 2005. Print.
Markoff, John, and Thom Shanker. "Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk." The New York Times. 1 Aug. 2009. Web. 15 July 2010. .
Nakashima, Ellen. "Dismantling of Saudi-CIA Web Site Illustrates Need for Clearer Cyberwar Policies." Washingtonpost.com. Washington Post, 19 Mar. 2010. Web. 15 July 2010. .
Smith, Charles R. "Cyber War Against Iraq." NewsMax.com: America's News Page. 13 Mar. 2003. Web. 15 July 2010. .