| sebastian.luetgert on Tue, 9 Nov 1999 03:48:28 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| <nettime> fwd: Washington Post: Military Grappling With Guidelines For Cyber Warfare |
The Washington Post
Military Grappling With Guidelines For Cyber Warfare
Questions Prevented Use on Yugoslavia
By Bradley Graham
Washington Post Staff Writer
Monday, November 8, 1999; Page A01
During last spring's conflict with Yugoslavia, the Pentagon
considered hacking into Serbian computer networks to disrupt
military operations and basic civilian services. But it
refrained from doing so, according to senior defense officials,
because of continuing uncertainties and limitations surrounding
the emerging field of cyber warfare.
"We went through the drill of figuring out how we would do some
of these cyber things if we were to do them," said a senior
military officer. "But we never went ahead with any."
As computers revolutionize many aspects of life, military
officials have stepped up development of cyber weapons and
spoken ominously of their potential to change the nature of war.
Instead of risking planes to bomb power grids, telephone
exchanges or rail lines, for example, Pentagon planners envision
soldiers at computer terminals silently invading foreign
networks to shut down electrical facilities, interrupt phone
service, crash trains and disrupt financial systems. But such
attacks, officials say, pose nettlesome legal, ethical and
practical problems.
Midway through the war with Yugoslavia, the Defense Department's
top legal office issued guidelines warning that misuse of cyber
attacks could subject U.S. authorities to war crimes charges. It
advised commanders to apply the same "law of war" principles to
computer attacks that they do to the use of bombs and missiles.
These call for hitting targets that are of military necessity
only, minimizing collateral damage and avoiding indiscriminate
attacks.
Defense officials said concern about legalities was only one of
the reasons U.S. authorities resisted the temptation to, say,
raid the bank accounts of Yugoslav President Slobodan Milosevic.
Other reasons included the untested or embryonic state of the
U.S. cyber arsenal and the rudimentary or decentralized nature
of some Yugoslav systems, which officials said did not lend
themselves to computer assault.
U.S. forces did target some computers that controlled the
Yugoslav air defense system, the officials said. But the attacks
were launched from electronic jamming aircraft rather than over
computer networks from ground-based U.S. keyboards.
No plan for a cyber attack on Yugoslav computer networks ever
reached the stage of a formal legal assessment, according to
several defense officials familiar with the planning. And the 50
pages of guidelines, prepared by the Pentagon general counsel's
office, were not drafted with the Yugoslav operation
specifically in mind.
But officials said the document, which has received little
publicity, reflected the collective thinking of Defense
Department lawyers about cyber warfare and marked the U.S.
government's first formal attempt to set legal boundaries for
the military's involvement in computer attack operations.
It told commanders to remain wary of targeting institutions that
are essentially civilian, such as banking systems, stock
exchanges and universities, even though cyber weapons now may
provide the ability to do so bloodlessly.
In wartime, the document advised, computer attacks and other
forms of what the military calls "information operations" should
be conducted only by members of the armed forces, not civilian
agents. It also stated that before launching any cyber assaults,
commanders must carefully gauge potential damage beyond the
intended target, much as the Pentagon now estimates the number
of likely casualties from bomb attacks.
While computer attacks may appear on the surface as a cleaner
means of destroying targets--with less prospect for physical
destruction or loss of life than dropping bombs--Pentagon
officials say such views are deceiving. By penetrating computer
systems that control the communications, transportation, energy
and other basic services in a foreign country, cyber weapons can
have serious cascading effects, disrupting not only military
operations but civilian life, officials say.
Other U.S. government agencies have sided with the Pentagon view
that existing law and international accords are sufficient to
govern information warfare. But Russia is challenging this view.
Over the past year, Moscow has tried to gather support for a
United Nations resolution calling for new international
guidelines and the banning of particularly dangerous information
weapons. In comments to the U.N. secretary general published
last month, Russia warned that information operations "might
lead to an escalation of the arms race." It said "contemporary
international law has virtually no means of regulating the
development and application of such a weapon."
But the Russian initiative has drawn little backing. U.S.
officials regard it as an attempt to forestall development of an
area of weaponry in which Russia lags behind the United States.
In a formal response rejecting the Russian proposal, the Clinton
administration said any attempt now to draft overarching
principles on information warfare would be premature.
"First, you have extraordinary differences in the sophistication
of various countries about this type of technology," said a
State Department official involved in the issue. "Also, the
technology changes so rapidly, which complicates efforts to try
to define these things."
Instead of turning cyber assaults into another arms control
issue, the administration prefers to treat them internationally
as essentially a law enforcement concern. U.S. officials have
supported several efforts through the United Nations and other
groups to facilitate international cooperation in tracking
computer criminals and terrorists.
For all the heightened attention to cyber warfare, defense
specialists contend that there are large gaps between what the
technology promises and what practitioners can deliver. "We
certainly have some capabilities, but they aren't what I would
call mature ones yet," a high-ranking U.S. military officer
said.
The full extent of the U.S. cyber arsenal is among the most
tightly held national security secrets. But reports point to a
broad range of weapons under development, including use of
computer viruses or "logic bombs" to disrupt enemy networks, the
feeding of false information to sow confusion and the morphing
of video images onto foreign television stations to deceive.
Last month, the Pentagon announced it was consolidating plans
for offensive as well as defensive cyber operations under the
four-star general who heads the U.S. Space Command in Colorado
Springs.
But complicating large-scale computer attacks is the need for an
extraordinary amount of detailed intelligence about a target's
hardware and software systems. Commanders must know not just
where to strike but be able to anticipate all the repercussions
of an attack, officials said.
"A recurring theme in our discussions with military operators
is, well, if we can drop a bomb on it, why can't we take it out
by a computer network attack," said a senior Pentagon lawyer
specializing in intelligence. "Well, you may be able to.
However, you've got to go through a few hoops and make sure that
when you're choosing an alternative method, you're still
complying with the law of armed conflict and making sure
collateral damage is limited."
In their guidelines document, titled "An Assessment of
International Legal Issues in Information Operations," the
Pentagon's lawyers warned of such unintended effects of computer
attacks as opening the floodgates of a dam, causing an oil
refinery in a populated area to explode in flames or triggering
the release of radioactivity. They also mentioned the
possibility of computer attacks spilling over into neutral or
friendly nations and noted the legal limits on deceptive
actions.
"It may seem attractive for a combatant vessel or aircraft to
avoid being attacked by broadcasting the agreed identification
signals for a medical vessel or aircraft, but such actions would
be a war crime," said the document, which was first reported
last week by defense analyst William M. Arkin in a column on The
Washington Post's online service. "Similarly, it might be
possible to use computer morphing techniques to create an image
of the enemy's chief of state informing his troops that an
armistice or cease-fire agreement had been signed. If false,
this also would be a war crime."
The document also addressed questions about whether the United
States would be any more justified in using cyber weapons if a
foreign adversary first hacked into U.S. computer networks. The
answer: It depends on the extent of damage. One complicating
factor, the defense lawyers wrote, is the difficulty of being
certain about the real source and intent of some cyber attacks,
whose origin can easily be disguised.
In the case of Yugoslavia, U.S. military authorities were slow
to put together a plan for conducting information operations.
But one was eventually assembled and approved by the middle of
the 78-day war, the high-ranking officer said.
The plan involved many traditional information warfare
elements--psychological operations, deception actions,
electronic jamming of radar and radio signals--targeting not
just Yugoslav military and police forces but Milosevic and his
associates, the officer said. One tactic was to bombard the
Yugoslav leadership with faxes and other forms of harassment.
© Copyright 1999 The Washington Post Company
http://search.washingtonpost.com/wp-srv/WPlate/1999-11/08/143l-110899-idx.html
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
# archive: http://www.nettime.org contact: nettime@bbs.thing.net