Pentagon's Plan X: how it could change cyberwarfare
| Washington
The same Pentagon futurologists who helped create the Internet are about to begin a new era of cyberwarfare.
For years, the Pentagon has been open and adamant about the nation's need to defend itself against cyberattack, but its ability and desire to attack enemies with cyberweapons has been cloaked in mystery.
Next week, however, the Pentagon's Defense Advance Research Products Agency (DARPA) will launch Plan X 鈥 an effort to improve the offensive cyberwarfare capabilities 鈥渘eeded to dominate the cyber battlespace,鈥 according to an announcement for the workshop.
Though the program will be closed to the press, the relatively public message is a first for the Pentagon. For one, it shows that the Pentagon is now essentially treating its preparations for cyberwar the same way it treats its preparations for any potential conventional war. Just as it takes bids from aerospace companies to develop new jet fighters or helicopters, Plan X will look at bids from groups that can help it plan for cyberwarfare and expand technologies.
Moreover, it opens a window into the highly secretive world of offensive cyberwarfare. No longer is it unclear whether the US is in the business of planning Stuxnet-style cyberattacks. Plan X indicates that such capabilities 鈥 which experts say could range from taking out electrical grids to scrambling computer networks in top-secret facilities to causing the pacemaker implanted in an enemy official to go haywire 鈥 will be an explicit part of the military playbook.
鈥淚f we can have a robust public discussion of nuclear weapons why not a robust discussion of cyberstrategy?鈥 says Jim Lewis, director of the Technology and Public Policy program at the Center for Strategic and International Studies in Washington. 鈥淯p until now, cyber has been kind of ad hoc. What they鈥檙e doing now is saying that this is going to be a normal part of US military 辞辫别谤补迟颈辞苍蝉.鈥
The US is already engaged in offensive cyberwar. Media reports claim that the US helped develop and deploy the Stuxnet digital worm, which inflicted serious harm on Iran鈥檚 uranium enrichment program.
In his most wide-ranging speech to date on cyber warfare Thursday, Defense Secretary Leon Panetta hinted at the need for increased offensive capabilities, warning that America 鈥渨on鈥檛 succeed in preventing a cyber attack through improved defenses alone.鈥澛
鈥淚f we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president,鈥 Mr. Panetta said. 鈥淔or these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.鈥
But the lack of discussion surrounding offensive cyber capabilities 鈥 and a clear US military plan for pursuing them 鈥 has been a significant roadblock for US military forces interested in honing those skills, says retired Col. Joe Adams, a former West Point professor who coached the military academy鈥檚 cyber team.
In the past there has been a 鈥渟kittishness about teaching cadets offensive skills like how to hack鈥 into systems, says Dr. Adams, now executive director of research and cybersecurity for Merit Network, Inc. 鈥淲e鈥檝e really ramped up the defensive part, but there hasn鈥檛 been any work done to identify people who have the intuitive ability to conduct operations on the offensive side.鈥
[Editor's note:听The original version of this story misspelled the name of Merit Network, Inc.]
Many of the threats the US faces 鈥 and may in turn inflict on other countries and non-state actors 鈥 will be nuanced.
The notion of a 鈥渃yber Pearl Harbor,鈥 as Panetta has characterized it, is a misnomer, Adams adds.
鈥淓verybody鈥檚 looking for a cyber Pearl Harbor 鈥 we don鈥檛 need a Pearl Harbor to really mess things up. That鈥檚 the very nature of this advanced, persistent threat: We鈥檙e not kicking people鈥檚 doors in anymore.鈥
Instead, cyber incursions will be more subtle. Just imagine what could happen in a hospital, Adams says. 鈥淚 don鈥檛 even have to turn off the refrigerators. I just have to change the thermostat so they鈥檙e too warm, or too cold, or make some blood supplies go bad, or spoil a little medicine, or just reroute where they send ambulance alerts.鈥
In particular, offensive cyberskills 鈥渁re more art than science,鈥 says Adams. 鈥淭hese kids need to be screened right, and they need to be utilized. A career path in the military is built on building their skills, but also retaining them. We鈥檝e done really poorly with that.鈥
Part of the problem is that American military training has long emphasized traditional skills, which are often are at odds with developing cyber warriors. You could have an outstanding cyberthinker in a class, but tradition dictates that 鈥渉e鈥檚 going to be a tank platoon leader, or a rifle platoon 鈥 he鈥檚 going to have to prove himself as an Army officer before they鈥檙e going to make use of his talent,鈥 says Adams.
In the meantime, his cyberskills atrophy. 鈥淭he cadets I was teaching, there just wasn鈥檛 another outlet for them in the military yet.鈥
Plan X is designed to help the Pentagon 鈥渦nderstand the cyber battlespace鈥 and to develop skills in 鈥渧isualizing and interacting with large-scale cyber battlespaces,鈥 according to the DARPA proposal.
These, too, are unique skills that must be cultivated within the military, says Adams. 鈥淎nother art piece is mapping a network [that could be a potential target]. How do you do it 鈥 and how do you do it subtly 鈥 without knocking things over and turning things off? And if it鈥檚 hostile, how do we do it without getting caught?鈥
Plan X hints at some of these needs 鈥 and makes it clear that the Pentagon is grappling with how to establish a framework for fighting cyberwar, too.
鈥淧lan X is an attempt by the national security bureaucracy to come to grips with the multitude of issues around use of cyberweapon in an offensive form 鈥 the legal, diplomatic, ethical issues,鈥 says Matthew Aid, a historian and author of "Intel Wars: The Secret History of the Fight Against Terror."
鈥淲e can鈥檛 have a public discussion about Stuxnet, about these brand new weapons 鈥 or their ethical implications 鈥 until the White House pulls back just a little the veil of secrecy that surrounds the entire program,鈥 Mr. Aid adds.
For example, Stuxnet revealed how unwieldy such weapons can be when it inadvertently 鈥渏umped鈥 into friendly computer systems that were never meant to be targeted.
Indeed, 鈥淥ne of the biggest problems in cyberwarfare is the potential for collateral damage,鈥 says Mr. Lewis of the Center for Strategic and International Studies.
鈥淵ou just can鈥檛 attack stuff and not worry that innocent civilians will be harmed 鈥 you have to take steps to mitigate the risk.鈥
Aid says now is the time to have these conversations. 鈥淲e can only see one tenth of one percent lurking beneath the surface 鈥 what鈥檚 beneath the surface scares ... me," he says. "This is combat 鈥 this is war by a different name.鈥
