Apr 30, 2009
Mexican Cyber Flu
Three years to say what anyone working in this biz for three days could have told them.
From today's NYT:
The United States has no clear military policy about how the nation might respond to a cyberattack on its communications, financial or power networks, a panel of scientists and policy advisers warned Wednesday, and the country needs to clarify both its offensive capabilities and how it would respond to such attacks.
The report, based on a three-year study by a panel assembled by the National Academy of Sciences, is the first major effort to look at the military use of computer technologies as weapons. The potential use of such technologies offensively has been widely discussed in recent years, and disruptions of communications systems and Web sites have become a standard occurrence in both political and military conflicts since 2000.
The report, titled “Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities,” concludes that the veil of secrecy that has surrounded cyberwar planning is detrimental to the country’s military policy.
The report’s authors include Adm. William A. Owens, a former vice chairman of the joint chiefs of staff; William O. Studeman, former deputy director of the Central Intelligence Agency; and Walter B. Slocombe, former under secretary of defense for policy. Scientists and cyberspecialists on the panel included Richard L. Garwin, an I.B.M. physicist.
Admiral Owens said at a news conference Wednesday in Washington that the notion of “enduring unilateral dominance in cyberspace” by the United States was not realistic in part because of the low cost of the technologies required to mount attacks. He also said the idea that offensive attacks were “nonrisky” military options was not correct.
In the United States, the offensive use of cyberweapons is a highly classified military secret. There have been reports going back to the 1990s that American intelligence agencies have mounted operations in which electronic gear was systematically modified to disrupt the activities of an opponent or for surveillance purposes. But these activities have not been publicly acknowledged by the government.
The authors point to a 2004 Pentagon statement on military doctrine, indicating that the United States might respond to a cyberattack with the military use of nuclear weapons in certain cases. “For example,” the Pentagon National Military Strategy statement says, “cyberattacks on U.S. commercial information systems or attacks against transportation networks may have a greater economic or psychological effect than a relatively small release of a lethal agent.”