sebastian.luetgert on Tue, 9 Nov 1999 03:48:28 +0100 (CET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> fwd: Washington Post: Military Grappling With Guidelines For Cyber Warfare


The Washington Post

        Military Grappling With Guidelines For Cyber Warfare

        Questions Prevented Use on Yugoslavia

        By Bradley Graham
        Washington Post Staff Writer
        Monday, November 8, 1999; Page A01

        During last spring's conflict with Yugoslavia, the Pentagon
        considered hacking into Serbian computer networks to disrupt
        military operations and basic civilian services. But it
        refrained from doing so, according to senior defense officials,
        because of continuing uncertainties and limitations surrounding
        the emerging field of cyber warfare.

        "We went through the drill of figuring out how we would do some
        of these cyber things if we were to do them," said a senior
        military officer. "But we never went ahead with any."

        As computers revolutionize many aspects of life, military
        officials have stepped up development of cyber weapons and
        spoken ominously of their potential to change the nature of war.
        Instead of risking planes to bomb power grids, telephone
        exchanges or rail lines, for example, Pentagon planners envision
        soldiers at computer terminals silently invading foreign
        networks to shut down electrical facilities, interrupt phone
        service, crash trains and disrupt financial systems. But such
        attacks, officials say, pose nettlesome legal, ethical and
        practical problems.

        Midway through the war with Yugoslavia, the Defense Department's
        top legal office issued guidelines warning that misuse of cyber
        attacks could subject U.S. authorities to war crimes charges. It
        advised commanders to apply the same "law of war" principles to
        computer attacks that they do to the use of bombs and missiles.
        These call for hitting targets that are of military necessity
        only, minimizing collateral damage and avoiding indiscriminate
        attacks.

        Defense officials said concern about legalities was only one of
        the reasons U.S. authorities resisted the temptation to, say,
        raid the bank accounts of Yugoslav President Slobodan Milosevic.
        Other reasons included the untested or embryonic state of the
        U.S. cyber arsenal and the rudimentary or decentralized nature
        of some Yugoslav systems, which officials said did not lend
        themselves to computer assault.

        U.S. forces did target some computers that controlled the
        Yugoslav air defense system, the officials said. But the attacks
        were launched from electronic jamming aircraft rather than over
        computer networks from ground-based U.S. keyboards.

        No plan for a cyber attack on Yugoslav computer networks ever
        reached the stage of a formal legal assessment, according to
        several defense officials familiar with the planning. And the 50
        pages of guidelines, prepared by the Pentagon general counsel's
        office, were not drafted with the Yugoslav operation
        specifically in mind.

        But officials said the document, which has received little
        publicity, reflected the collective thinking of Defense
        Department lawyers about cyber warfare and marked the U.S.
        government's first formal attempt to set legal boundaries for
        the military's involvement in computer attack operations.

        It told commanders to remain wary of targeting institutions that
        are essentially civilian, such as banking systems, stock
        exchanges and universities, even though cyber weapons now may
        provide the ability to do so bloodlessly.

        In wartime, the document advised, computer attacks and other
        forms of what the military calls "information operations" should
        be conducted only by members of the armed forces, not civilian
        agents. It also stated that before launching any cyber assaults,
        commanders must carefully gauge potential damage beyond the
        intended target, much as the Pentagon now estimates the number
        of likely casualties from bomb attacks.

        While computer attacks may appear on the surface as a cleaner
        means of destroying targets--with less prospect for physical
        destruction or loss of life than dropping bombs--Pentagon
        officials say such views are deceiving. By penetrating computer
        systems that control the communications, transportation, energy
        and other basic services in a foreign country, cyber weapons can
        have serious cascading effects, disrupting not only military
        operations but civilian life, officials say.

        Other U.S. government agencies have sided with the Pentagon view
        that existing law and international accords are sufficient to
        govern information warfare. But Russia is challenging this view.

        Over the past year, Moscow has tried to gather support for a
        United Nations resolution calling for new international
        guidelines and the banning of particularly dangerous information
        weapons. In comments to the U.N. secretary general published
        last month, Russia warned that information operations "might
        lead to an escalation of the arms race." It said "contemporary
        international law has virtually no means of regulating the
        development and application of such a weapon."

        But the Russian initiative has drawn little backing. U.S.
        officials regard it as an attempt to forestall development of an
        area of weaponry in which Russia lags behind the United States.

        In a formal response rejecting the Russian proposal, the Clinton
        administration said any attempt now to draft overarching
        principles on information warfare would be premature.

        "First, you have extraordinary differences in the sophistication
        of various countries about this type of technology," said a
        State Department official involved in the issue. "Also, the
        technology changes so rapidly, which complicates efforts to try
        to define these things."

        Instead of turning cyber assaults into another arms control
        issue, the administration prefers to treat them internationally
        as essentially a law enforcement concern. U.S. officials have
        supported several efforts through the United Nations and other
        groups to facilitate international cooperation in tracking
        computer criminals and terrorists.

        For all the heightened attention to cyber warfare, defense
        specialists contend that there are large gaps between what the
        technology promises and what practitioners can deliver. "We
        certainly have some capabilities, but they aren't what I would
        call mature ones yet," a high-ranking U.S. military officer
        said.

        The full extent of the U.S. cyber arsenal is among the most
        tightly held national security secrets. But reports point to a
        broad range of weapons under development, including use of
        computer viruses or "logic bombs" to disrupt enemy networks, the
        feeding of false information to sow confusion and the morphing
        of video images onto foreign television stations to deceive.
        Last month, the Pentagon announced it was consolidating plans
        for offensive as well as defensive cyber operations under the
        four-star general who heads the U.S. Space Command in Colorado
        Springs.

        But complicating large-scale computer attacks is the need for an
        extraordinary amount of detailed intelligence about a target's
        hardware and software systems. Commanders must know not just
        where to strike but be able to anticipate all the repercussions
        of an attack, officials said.

        "A recurring theme in our discussions with military operators
        is, well, if we can drop a bomb on it, why can't we take it out
        by a computer network attack," said a senior Pentagon lawyer
        specializing in intelligence. "Well, you may be able to.
        However, you've got to go through a few hoops and make sure that
        when you're choosing an alternative method, you're still
        complying with the law of armed conflict and making sure
        collateral damage is limited."

        In their guidelines document, titled "An Assessment of
        International Legal Issues in Information Operations," the
        Pentagon's lawyers warned of such unintended effects of computer
        attacks as opening the floodgates of a dam, causing an oil
        refinery in a populated area to explode in flames or triggering
        the release of radioactivity. They also mentioned the
        possibility of computer attacks spilling over into neutral or
        friendly nations and noted the legal limits on deceptive
        actions.

        "It may seem attractive for a combatant vessel or aircraft to
        avoid being attacked by broadcasting the agreed identification
        signals for a medical vessel or aircraft, but such actions would
        be a war crime," said the document, which was first reported
        last week by defense analyst William M. Arkin in a column on The
        Washington Post's online service. "Similarly, it might be
        possible to use computer morphing techniques to create an image
        of the enemy's chief of state informing his troops that an
        armistice or cease-fire agreement had been signed. If false,
        this also would be a war crime."

        The document also addressed questions about whether the United
        States would be any more justified in using cyber weapons if a
        foreign adversary first hacked into U.S. computer networks. The
        answer: It depends on the extent of damage. One complicating
        factor, the defense lawyers wrote, is the difficulty of being
        certain about the real source and intent of some cyber attacks,
        whose origin can easily be disguised.

        In the case of Yugoslavia, U.S. military authorities were slow
        to put together a plan for conducting information operations.
        But one was eventually assembled and approved by the middle of
        the 78-day war, the high-ranking officer said.

        The plan involved many traditional information warfare
        elements--psychological operations, deception actions,
        electronic jamming of radar and radio signals--targeting not
        just Yugoslav military and police forces but Milosevic and his
        associates, the officer said. One tactic was to bombard the
        Yugoslav leadership with faxes and other forms of harassment.

        © Copyright 1999 The Washington Post Company

http://search.washingtonpost.com/wp-srv/WPlate/1999-11/08/143l-110899-idx.html


#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net