recommended reading

Pentagon should establish fourth military service to wage cyberwars

The United States, engaged in a cyberspace Cold War in which government networks are under constant attack, must establish a fourth military service to conduct cyberwarfare, according to an article in the most recent issue of a Defense newsletter.

Defense Department computer networks are hit by cyberattacks hundreds of times a day, not only from adversaries, but also "from nations that are supposed to be our 'friends,' according to an article in the spring issue of IANewsletter, published by the Defense Information Assurance Technology Analysis Center.

The authors -- Col. John "Buck" Surdu, chief of staff at the Army Research Engineering and Development Command, and Lt. Col. Gregory Conti, assistant professor of Computer Science at the U.S. Military Academy -- did not identify the friendly nations that have attacked Defense networks.

But the authors argued that Defense must establish a separate service for cyberwarfare because it is waged differently than traditional, or kinetic, warfare. The core missions of the Army, Navy and Air Force -- to conduct war on land, sea and air -- do not take into account the unique demands of cyberwarfare, according to Surdu and Conti. "Cyberwarfare is fundamentally different from traditional kinetic warfare," the authors wrote.

"National boundaries in cyberspace are difficult, if not impossible, to define," they noted. "Asymmetries abound, and defenders must block all possible avenues of a cyberattack.

"A lone but carefully crafted phishing e-mail sent to a senior official could compromise an entire network," they stated. "Attackers can assault objectives from virtually any point on the planet, hopping through intermediate points to mask their trails."

All three services maintain cyberwarfare components, with the Air Force taking the lead in the past few years trying to establish its own cyber command. But Surdu and Conti wrote that "these [cyber] organizations exist as ill-fitting appendages that attempt to operate in inhospitable cultures where technical expertise is not recognized, cultivated or understood. . . . As a result, the Army, Navy and Air Force hemorrhage technical talent, leaving the nation's military forces and our country underprepared for both the ongoing cyber cold war and the likelihood of major cyberwarfare in the future."

The three services misuse their cyber talent, they added, with "the placement of a service's top wireless security expert in an unrelated assignment in the middle of nowhere . . . a Ph.D. whose mission was to prepare PowerPoint slides for a flag officer."

The skill sets required to wage cyberwar differ greatly from those that elite Army Rangers possess, for example, and integrating small cyberwarfare units into existing armed forces is insufficient, Surdu and Conti wrote. "A separate military service to conduct cyberwarfare must be established. Adding an efficient and effective cyber branch . . . would provide our nation with the capability to defend our technological infrastructure and conduct offensive operations."

Surdu and Conti made a compelling case to establish a separate cyber service, said Alan Paller, director of research at the SANS Institute, a nonprofit cybersecurity research group in Bethesda, Md. But the same result can be met, with greater benefits, by creating a Joint Cyber Command that is either on par with the U.S Strategic Command or as a subcommand. Paller said Defense is likely planning such a command.

But Steven Aftergood, director of the government secrecy project at the Washington-based Federation of American Scientists, said, "Though I understand the need for robust computer security and for defense against malicious interference with information systems, I'm not sold on cyberwar as a separate discipline."

Aftergood said Defense is losing skilled cyber warriors from all three services, creating a serious problem. "But I don't know how to fix it," he added.

Bernie Skoch, a retired Air Force general who spent his career in the command, control, communications and information systems fields, also warned against separating cyberwarfare from kinetic warfare, saying it could cripple effects-based campaigns, which combine traditional warfare with nonmilitary initiatives that include diplomacy, propaganda and cyberwarfare. Skoch, who is a consultant with Suss Consulting in Jenkinstown, Pa., said that to achieve a military goal it will likely require a combination of cyber- and kinetic attacks, and strategic and tactical commanders need both in their arsenal.

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.