Pentagon Contractors Developing Lethal Cyber Weapons

Frontpage/Shutterstock.com

U.S. troops would have the power to launch logic bombs, instead of traditional explosive projectiles, which essentially would direct an enemy's critical infrastructure to self-destruct.

Under a forthcoming nearly half-billion-dollar military contract, computer code capable of killing adversaries is expected to be developed and deployed if necessary, according to contractors vying for the work and former Pentagon officials.

U.S. troops would have the power to launch logic bombs, instead of traditional explosive projectiles, which essentially would direct an enemy's critical infrastructure to self-destruct. 

Lethal cyber weapons have arrived.

As previously reported, an upcoming $460 million U.S. Cyber Command project will outsource to industry all command mission support activities, including “cyber fires" planning, as well as "cyberspace joint munitions" assessments. 

Unlike traditional espionage malware or even the Stuxnet virus that sabotaged Iranian nuclear centrifuges, cyber fires would impact human life, according to former Defense officials and a recently released Defense Department "Law of War Manual." 

The visceral response to the word "war" for anyone in uniform is that it's ugly and people get killed, said Bill Leigher, a recently retired Navy admiral with decades of warfighting experience who now runs Raytheon's government cyber solutions division.

"When I use 'cyberwar,' I'm thinking of it, in a sense of war," he said. "So, yes, war is violence."

Raytheon, Northrop Grumman and Lockheed Martin are among the major defense firms expected to compete for the CYBERCOM contract.

Pentagon Doctrine OKs Digital Arms

Going on the offensive in cyberspace, essentially means "defeating the interaction between a processor and its software" to serve a mission, Leigher said. 

"Combatant commanders choose weapons that they know will further their course of action," he said.

If the commander needs to fly an aircraft over an occupied area, and wants to use malware or another cyber capability to help accomplish that goal, the officer must have confidence the cyberattack will work as expected.

"I trust it. I know how it's going to be used, and I believe that it is the best option to execute and it doesn't create more risk for the 27-year-old Air Force pilot who is flying over a defended target," Leigher described the decision-making process. 

In this case, maybe the bull’s-eye would be a maintenance facility on an airfield. By launching a cyberattack, a commander could, for example, shut down the power grid of the facility, and then "you've degraded the enemy's ability to repair aircraft," Leigher said.

Digital arms designed to kill are sanctioned under Pentagon doctrine.

There is a chapter titled "Cyber Operations" in DOD's first-ever "Law of War Manual," published in June. The section reflects the department's' growing transparency surrounding cyberwarfare, national security legal experts say. Less than three years ago, most activities beyond defensive maneuvers were classified

The manual lays out three sample actions the Pentagon deems uses of force in cyberspace: "trigger a nuclear plant meltdown; open a dam above a populated area, causing destruction; or disable air traffic control services, resulting in airplane crashes."

Same Rules for Traditional Bombs or Bullets

The Pentagon’s stated role in cyberspace is to block foreign hackers targeting domestic systems, assist U.S. combat troops overseas and defend military networks.  

The U.S. armed forces “are developing tools and capabilities” necessary to carry out all three of those missions, Pentagon spokeswoman Laura Rojas told Nextgov in an email. “We do this consistent with U.S. and international law."

The law is clear that cyber operations might also kill civilians, the experts say.

Cyber strikes are allowed even if “it is certain that civilians would be killed or injured -- so long as the reasonably anticipated collateral damage isn’t excessive in relation to what you expect to gain militarily," said retired Maj. Gen. Charles J. Dunlap, executive director of Duke University's Center on Law, Ethics and National Security. "These are essentially the same rules as for attacks employing traditional bombs or bullets.”

Because nearly all military forces depend on the same networks as civilians, it is not hard to imagine a situation where a cyberattack takes innocent lives, Dunlap said.

"A piece of malware, for example, might destroy a military industrial-control system of some sort, but if not designed to self-neutralize, it might go on to do the same to a civilian system of similar design, possibly with fatal consequences to civilians," Dunlap said. 

Destructive cyberattacks also risk the possibility of nonviolent collateral damage. Microsoft, as of March, was still dealing with the fallout from the spread of the Stuxnet virus. Microsoft had to issue a patch for a software flaw the U.S. and Israel allegedly used to take over the specific system running Iran's nuclear equipment. To date, there have been no reports of other infected machines reacting the same way.

Will Adversaries Follow Same Rules?

The use of lethal software aligns with 2010 comments by then-Deputy Defense Secretary William Lynn published in Foreign Affairs, stating, "As a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain of warfare.”

“What we see right now is essentially the implementation of the decision," said Tim Maurer, a cyber policy researcher at the Carnegie Endowment for International Peace. 

In elaborating on the term “cyber joint munitions,” CYBERCOM spokeswoman Kara Soules told Nextgov in an email that understanding the success rate of the weapon is critical.

“‘Cyber joint munitions effectiveness’ describes that a particular cyber capability has been evaluated and its effectiveness is known against a particular target,” she said. The target is a person, place or object a commander is eyeing to neutralize, according to the associated Joint Chiefs of Staff policy.

“Cyber fires” has a broader meaning and “can be used for offensive or defensive objectives, and can be designed to create effects in and through cyberspace,” she said.

Outside the United states, other governments are hiring nongovernment organizations to build cyber munitions, too, Maurer noted. Some of them operate underground. For instance, there are hackers who sell "zero day" exploits capable of attacking systems containing undetected security vulnerabilities known only to the seller.

Black hat hackers who can sell cyber munitions to governments as well as extremist groups like ISIS thrust the world into unknown territory.

"I’m fairly confident that U.S. cyber capabilities can be very precise and targeted and tailored," Maurer said. The question, though, is whether it is possible for "less-sophisticated actors to be similarly targeted and tailored in the tools that they use.”

The discussion surrounding the firing of cyber arms hearkens back to before the days of Manhattan Project, some former military leaders say.

“It reminds me of the run-up to the strategic bombing campaigns of World War II,” said Cedric Leighton, a retired National Security Agency and Air Force intelligence director. “Just like then, the consequences of an attack using cyber munitions will not be completely foreseeable.”

CYBERCOM should be examining code warfare today, if only to be prepared: “Our military could be confronted by a tough cyber adversary at any moment," he added. 

(Image via Frontpage/Shutterstock.com)

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.