recommended reading

Pentagon should establish fourth military service to wage cyberwars

The United States, engaged in a cyberspace Cold War in which government networks are under constant attack, must establish a fourth military service to conduct cyberwarfare, according to an article in the most recent issue of a Defense newsletter.

Defense Department computer networks are hit by cyberattacks hundreds of times a day, not only from adversaries, but also "from nations that are supposed to be our 'friends,' according to an article in the spring issue of IANewsletter, published by the Defense Information Assurance Technology Analysis Center.

The authors -- Col. John "Buck" Surdu, chief of staff at the Army Research Engineering and Development Command, and Lt. Col. Gregory Conti, assistant professor of Computer Science at the U.S. Military Academy -- did not identify the friendly nations that have attacked Defense networks.

But the authors argued that Defense must establish a separate service for cyberwarfare because it is waged differently than traditional, or kinetic, warfare. The core missions of the Army, Navy and Air Force -- to conduct war on land, sea and air -- do not take into account the unique demands of cyberwarfare, according to Surdu and Conti. "Cyberwarfare is fundamentally different from traditional kinetic warfare," the authors wrote.

"National boundaries in cyberspace are difficult, if not impossible, to define," they noted. "Asymmetries abound, and defenders must block all possible avenues of a cyberattack.

"A lone but carefully crafted phishing e-mail sent to a senior official could compromise an entire network," they stated. "Attackers can assault objectives from virtually any point on the planet, hopping through intermediate points to mask their trails."

All three services maintain cyberwarfare components, with the Air Force taking the lead in the past few years trying to establish its own cyber command. But Surdu and Conti wrote that "these [cyber] organizations exist as ill-fitting appendages that attempt to operate in inhospitable cultures where technical expertise is not recognized, cultivated or understood. . . . As a result, the Army, Navy and Air Force hemorrhage technical talent, leaving the nation's military forces and our country underprepared for both the ongoing cyber cold war and the likelihood of major cyberwarfare in the future."

The three services misuse their cyber talent, they added, with "the placement of a service's top wireless security expert in an unrelated assignment in the middle of nowhere . . . a Ph.D. whose mission was to prepare PowerPoint slides for a flag officer."

The skill sets required to wage cyberwar differ greatly from those that elite Army Rangers possess, for example, and integrating small cyberwarfare units into existing armed forces is insufficient, Surdu and Conti wrote. "A separate military service to conduct cyberwarfare must be established. Adding an efficient and effective cyber branch . . . would provide our nation with the capability to defend our technological infrastructure and conduct offensive operations."

Surdu and Conti made a compelling case to establish a separate cyber service, said Alan Paller, director of research at the SANS Institute, a nonprofit cybersecurity research group in Bethesda, Md. But the same result can be met, with greater benefits, by creating a Joint Cyber Command that is either on par with the U.S Strategic Command or as a subcommand. Paller said Defense is likely planning such a command.

But Steven Aftergood, director of the government secrecy project at the Washington-based Federation of American Scientists, said, "Though I understand the need for robust computer security and for defense against malicious interference with information systems, I'm not sold on cyberwar as a separate discipline."

Aftergood said Defense is losing skilled cyber warriors from all three services, creating a serious problem. "But I don't know how to fix it," he added.

Bernie Skoch, a retired Air Force general who spent his career in the command, control, communications and information systems fields, also warned against separating cyberwarfare from kinetic warfare, saying it could cripple effects-based campaigns, which combine traditional warfare with nonmilitary initiatives that include diplomacy, propaganda and cyberwarfare. Skoch, who is a consultant with Suss Consulting in Jenkinstown, Pa., said that to achieve a military goal it will likely require a combination of cyber- and kinetic attacks, and strategic and tactical commanders need both in their arsenal.

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.