The United States, engaged in a cyberspace Cold War in which government networks are under constant attack, must establish a fourth military service to conduct cyberwarfare, according to an article in the most recent issue of a Defense newsletter.
Defense Department computer networks are hit by cyberattacks hundreds of times a day, not only from adversaries, but also "from nations that are supposed to be our 'friends,' according to an article in the spring issue of IANewsletter, published by the Defense Information Assurance Technology Analysis Center.
The authors -- Col. John "Buck" Surdu, chief of staff at the Army Research Engineering and Development Command, and Lt. Col. Gregory Conti, assistant professor of Computer Science at the U.S. Military Academy -- did not identify the friendly nations that have attacked Defense networks.
But the authors argued that Defense must establish a separate service for cyberwarfare because it is waged differently than traditional, or kinetic, warfare. The core missions of the Army, Navy and Air Force -- to conduct war on land, sea and air -- do not take into account the unique demands of cyberwarfare, according to Surdu and Conti. "Cyberwarfare is fundamentally different from traditional kinetic warfare," the authors wrote.
"National boundaries in cyberspace are difficult, if not impossible, to define," they noted. "Asymmetries abound, and defenders must block all possible avenues of a cyberattack.
"A lone but carefully crafted phishing e-mail sent to a senior official could compromise an entire network," they stated. "Attackers can assault objectives from virtually any point on the planet, hopping through intermediate points to mask their trails."
All three services maintain cyberwarfare components, with the Air Force taking the lead in the past few years trying to establish its own cyber command. But Surdu and Conti wrote that "these [cyber] organizations exist as ill-fitting appendages that attempt to operate in inhospitable cultures where technical expertise is not recognized, cultivated or understood. . . . As a result, the Army, Navy and Air Force hemorrhage technical talent, leaving the nation's military forces and our country underprepared for both the ongoing cyber cold war and the likelihood of major cyberwarfare in the future."
The three services misuse their cyber talent, they added, with "the placement of a service's top wireless security expert in an unrelated assignment in the middle of nowhere . . . a Ph.D. whose mission was to prepare PowerPoint slides for a flag officer."
The skill sets required to wage cyberwar differ greatly from those that elite Army Rangers possess, for example, and integrating small cyberwarfare units into existing armed forces is insufficient, Surdu and Conti wrote. "A separate military service to conduct cyberwarfare must be established. Adding an efficient and effective cyber branch . . . would provide our nation with the capability to defend our technological infrastructure and conduct offensive operations."
Surdu and Conti made a compelling case to establish a separate cyber service, said Alan Paller, director of research at the SANS Institute, a nonprofit cybersecurity research group in Bethesda, Md. But the same result can be met, with greater benefits, by creating a Joint Cyber Command that is either on par with the U.S Strategic Command or as a subcommand. Paller said Defense is likely planning such a command.
But Steven Aftergood, director of the government secrecy project at the Washington-based Federation of American Scientists, said, "Though I understand the need for robust computer security and for defense against malicious interference with information systems, I'm not sold on cyberwar as a separate discipline."
Aftergood said Defense is losing skilled cyber warriors from all three services, creating a serious problem. "But I don't know how to fix it," he added.
Bernie Skoch, a retired Air Force general who spent his career in the command, control, communications and information systems fields, also warned against separating cyberwarfare from kinetic warfare, saying it could cripple effects-based campaigns, which combine traditional warfare with nonmilitary initiatives that include diplomacy, propaganda and cyberwarfare. Skoch, who is a consultant with Suss Consulting in Jenkinstown, Pa., said that to achieve a military goal it will likely require a combination of cyber- and kinetic attacks, and strategic and tactical commanders need both in their arsenal.