Wednesday, December 03, 2008

USAF Scales Back CyberWar Plans

By SHAUN WATERMAN,
UPI Homeland and National Security Editor
Published: Nov. 4, 2008 at 7:01 PM
Courtesy Of
United Press International

WASHINGTON, Nov. 4 (UPI) -- The general in charge of the U.S. Air Force's cyber-warfare effort says plans for his unit have been scaled back, because staff who would have been used to set up a cyber command will be allocated to the service's new nuclear command instead.

Air Force Cyber Command was to be stood up as a major command -- alongside the service's space, air combat and other commands -- in October. But those plans were suspended over the summer after Defense Secretary Robert Gates booted the Air Force's civilian and military leaders following their failure to enforce accountability for the accidental flight across the United States of part of the nation's nuclear arsenal.

Last month plans for a fully fledged major command for cyber-warfare were scrapped
altogether.

The Pentagon's Armed Forces News Service reported Oct. 8 that a gathering of the service's leadership in Colorado was told cyber-operations would be stood up as a numbered air force component -- one step down, in organizational terms, from a major command.

"We helped solve the organizational (challenge of standing up a new nuclear command), with the manpower that was going to be allocated to make cyber-command a major air command allocated instead to fix the more pressing problem … (of) making sure that people are comfortable that we in fact have our eye on the ball of our nuclear enterprise," Gen. William Lord told United Press International.

Lord said the headquarters billets that were going to be allocated to cyber-command were "more importantly and higher priority-wise used … to stand up" the Air Force's Global Strike Command.

The new command brings together all the Air Force's nuclear weaponry under one leadership, and it is one of a series of measures taken to restore confidence in the service's stewardship of the nation's atomic arsenal.

As a numbered air force, the cyber-command will be a force provider to the U.S. military, organized within Air Force Space Command -- much as a bomber wing forms part of Air Combat Command, which provides air power to the joint combatant commands.

"It's the administrative headquarters pieces … that have changed," said Lord. "We've figured out another way to suck the egg," he added.

The new arrangement was "a good marriage between the expertise capabilities inside Air Force Space Command and the capabilities we're tying to bring on in the cyber-business."

Space Command was already the repository of the technical and engineering expertise required, Lord said, dismissing suggestions that the Air Force had been rebuffed after an over-reaching power grab -- which is how some critics of the service saw its plans for a major cyber-command.

Whatever the reason behind the decision, said Amit Yoran, it showed Air Force leaders were "still being open-minded to evolve their strategy based on feedback and input they got" from the civilian leadership and cybersecurity experts.

Dave Aland, a senior analyst for El Segundo, Calif.-based Wyle Laboratories Inc. who supports the Department of Defense and other clients, declined to comment directly about the Air Force decision, but said in general the military needed to address the cyber-issue "considerably more collaboratively" -- adding that this applied to interservice cooperation, as well as the relations between the military as a whole and other federal entities; and even work with allies.

"The spillover is very broad-based," he said of potential collateral damage from cyber-attacks.

Aland argued that the nature of cyber-conflict made it practically impossible to distinguish warfare from crime or terrorism. "The only real difference is in the target set -- which bleeds over dramatically from one (category) to the next -- and the intent of the actors," which is all but impossible to determine.

"It becomes impractical to work out who the actors are … and apply the relevant legal framework," concluded Aland, saying there needed to be "a wholly new approach."

"When does a cyber-attack on a bank change from being just a cyber-criminal to being someone attacking the nation's banking system?" mused Lord. "Some would argue it doesn't matter," he added, "and it may not matter if you are inside the bank, but it matters if you are following U.S. law in determining what action, what activity, you can take against, if you can figure out who the attacker is."

He reaffirmed the principle that "the same laws of armed conflict that you would use for kinetic weapons apply to the non-kinetic capability for defense as well as offense," and therefore governed any U.S. cyber-warfare efforts.

He likened the process to the way targeting decisions for U.S. air power are informed by the restrictions of the Geneva Conventions. "You still have to look at reciprocity, at collateral damage."

"We do consider cyber as a war-fighting domain, but one in which places like the Internet exist and you have to de-conflict all that," he said.

The center of gravity of those decisions would lie with the combatant commanders -- they "have the bevy of expertise that is sorting all that out now" -- and specifically with the commander of U.S. Strategic Command, which is also setting the requirements for the Air Force's cyber-forces.

Lord said the top priority requirement right now was training, "all the way down from the Air Institute of Technology to basic military training."

He likened the basic training to "equipping airmen with cyber-sidearms … officers, enlisted and maybe even contractors, so that they know their responsibilities for behavior on the network today."

Lord said the numbered air force cyber-component also would be offering capabilities to U.S. Northern Command, which controls all U.S. military forces within the continental United States.

"We will also present forces to U.S. NORTHCOM for consequence management," he said, whether from a cyber-attack, or as a result of a more conventional disaster like a hurricane.

"It's not just the attack and defense piece, there's consequence management too," he said, "where military personnel and equipment could get broken networks up and running for the civilian population."
© 2008 United Press International, Inc. All Rights Reserved.

No comments: