U.S. accelerating cyberweapon research (WASHINGTON POST) By Ellen Nakashima 03/19/12)
WASHINGTON POST Articles-Index-Top
The Pentagon is accelerating efforts to develop a new generation of
cyberweapons capable of disrupting enemy military networks even when
those networks are not connected to the Internet, according to
current and former U.S. officials.
The possibility of a confrontation with Iran or Syria has highlighted
for American military planners the value of cyberweapons that can be
used against an enemy whose most important targets, such as air
defense systems, do not rely on Internet-based networks. But adapting
such cyberweapons can take months or even years of arduous technical
When U.S. military planners were looking for ways to disable Libya’s
air defense system before NATO’s aerial attacks last year, they
discussed using cybertechnology. But the idea was quickly dismissed
because no effective option was available, said current and former
They estimated that crafting a cyberweapon would have taken about a
year, including the time needed to assess the target system for
“We weren’t ready to do that in Libya,” said a former U.S. official,
who spoke on the condition of anonymity because of the sensitivity of
the discussions. “We’re not ready to do that now, either.”
Last year, to speed up the development of cyberweapons, as well as
defensive technology, then-Deputy Defense Secretary William J. Lynn
III and Marine Corps Gen. James Cartwright, then vice chairman of the
Joint Chiefs of Staff, placed $500 million over five years into the
budget of the Defense Advanced Research Projects Agency, one of the
Defense Department’s premier research organizations.
The agency also has launched new cyber-development initiatives,
including a “fast-track” program.
“We need cyber options that can be executed at the speed, scale and
pace” of other military weapons, Kaigham J. Gabriel, DARPA deputy
director, said in testimony last month to Congress.
Pentagon officials, meanwhile, are developing a congressionally
mandated strategy for the rapid acquisition of cyberweapons that can
keep pace with threats and technology.
Officials are researching cyberweapons that can target “offline”
military systems in part by harnessing emerging technology that uses
radio signals to insert computer coding into networks remotely.
“To affect a system, you have to have access to it, and we have not
perfected the capability of reaching out and accessing a system at
will that is not connected to the Internet,” said Joel Harding, an
independent consultant who is a former military officer and former
director of the Information Operations Institute.
Even if an operator gains access, he said, “unless you already have
custom-written code for a system, chances are we don’t have a weapon
for that because each system has different software and updates.”
In some cases, as with command-and-control systems, military assets
rely on Internet connections, making them theoretically easier to
Without that connectivity, an attacker would have to rely on other
means — for instance, physically inserting into those systems
portable devices such as thumb drives or computer components that
have been altered.
But such approaches lack the control and predictability that military
commanders desire, experts say.
The amount of disclosed spending by the Pentagon on cybersecurity and
cybertechnology — offensive and defensive — is $3.4 billion this
year. The U.S. Cyber Command, based at Fort Meade, was created in
2010 and has a budget of $154 million this year.
U.S. officials say that existing cyberweaponry has the potential to
disable components of a weapon system, although it is not likely to
destroy the system.
Cyber tools might be used in conjunction with other tactics and
weapons. Cybertechnology might, for example, enable an attack by
delaying enemy recognition of it until it is underway.
“It will probably never be just a standalone cyberattack on a
network,” said Lt. Gen. Charles R. Davis, commander of the Electronic
Systems Center at Hanscom Air Force Base, who buys the tools and
software that support the Air Force’s offensive and defensive cyber
Cybertechnology was not a significant factor in military operations
10 years ago, Gen. Martin Dempsey, chairman of the Joint Chiefs of
Staff, said during an Atlantic Council discussion in December. “Cyber
is a significant factor today.”
In Iraq, during the 2007 surge of U.S. combat forces, the National
Security Agency used cyber tools to muddle the signals of the
cellphones and laptop computers that insurgents used to coordinate
their strikes, according to previously published reports confirmed by
former U.S. officials. U.S. cyber operators used those techniques to
deceive the enemy with false information, in some cases leading
fighters into an ambush by U.S. troops.
But countering Libya’s air defenses was a different story. The
operation arose quickly. Officials had not foreseen the Arab Spring
uprising against Libyan strongman Moammar Gaddafi, and no
intelligence and engineering work had been done to exploit the
vulnerabilities of the Libyan air defense system.
Some experts believe that Israel may have used a cyberweapon to blind
Syrian radar before bombing a suspected nuclear facility in September
2007, but several former U.S. officials say that the technique more
likely used was conventional electronic warfare or radar jamming
using signals emitted from an airplane.
The Stuxnet computer virus that reportedly disabled some 900
centrifuges in an Iranian uranium-enrichment plant in 2009 and 2010 —
while it has been dubbed by control-system expert Ralph Langner as
the world’s “first digital warhead” — lacked the precision,
predictability and control that a military commander would need
during combat, experts said.
“If I’m trying to knock down an air defense system, I have to know
precisely what’s going to happen and when it will happen,” said a
former military official. “It’s a fundamentally different approach
DARPA plans to focus an increasing portion of its cyber research
on “offensive capabilities to address military-specific needs,”
Gabriel said recently in testimony before the House Armed Services
subcommittee on emerging threats and capabilities.
Over the past decade, instances have been reported in which cyber
tools were contemplated but not used because of concern they would
result in collateral damage. For instance, defense and intelligence
agencies discussed using cybertechnology to freeze money in Iraqi
dictator Saddam Hussein’s bank accounts just before the U.S.-led
invasion in March 2003 to blunt his efforts to mount a defense. The
plan was aborted because of concern that the cyberattack could
disrupt financial systems in Europe and beyond.
Within a war zone, the use of a cyberweapon may be limited by other
considerations. There is the danger of collateral damage to civilian
systems, such as disrupting a power supply to a hospital. A
destructive computer code, once released, could be reverse-engineered
and sent back at vulnerable U.S. targets or adapted for use by
foreign spy agencies. Cybertechnology also is not always the most
efficient way to attack a target — sometimes bombs or electronic
warfare are easier or more reliable.
Within the Pentagon, more money is being spent on defending against
cyberattacks than on preparing to deploy offensive cyber operations,
officials say. That is appropriate, they say, when adversaries are
trying to develop similar cyberweapons to use against U.S. military
targets that may not be secure against attack and when Pentagon
networks are probed thousands of times daily.
But more money needs to be spent on developing cyperweapons, say some
former officials. “You’ve got to start moving investment to the
offensive side,” Cartwright said.
Pentagon spending on cybertechnology is growing even as other areas
of its budget are shrinking, officials say.
“I am still not remotely satisfied with where we are in cyber,”
Deputy Secretary of Defense Ashton B. Carter said at the Credit
Suisse and McAleese and Associates defense conference in Arlington
“I dare say,” he said, “we’d spend a lot more if we could figure out
where to spend it.” (© 2010 The Washington Post Company 03/19/12)
Return to Top
MATERIAL REPRODUCED FOR EDUCATIONAL PURPOSES ONLY