Thinking the Unthinkable, 2.0 Hudson Institute American Outlook Quarterly

[Dave Farber <dave () farber net>]

http://www.americanoutlook.org/index.cfm?fuseaction=ao_issue_toc&id=Fall2003

Thinking the Unthinkable, 2.0

"Governments and terrorists are racing to prepare for war in cyberspace."

Fall 2003

by Alan W. Dowd

“How do we come to grips with the problems that modern technology and 
current international relations present us?” So began Herman Kahn’s 
landmark work on preventing­and if necessary, waging and winning­a nuclear 
war with the Soviet Union. “Thermonuclear war may seem unthinkable, 
immoral, insane, hideous, or highly unlikely,” he observed in Thinking 
about the Unthinkable (1962), “but it is not impossible.” And because the 
unthinkable was quite possible, Kahn concluded that it was his duty as a 
thinker and scientist to wrestle with what so many of his peers ignored or 
hoped would just go away. In Kahn’s view, to prevent the unthinkable, it 
was essential to think “about how to fight, survive, and terminate a war, 
should it occur.”

Kahn published these ideas during Moscow’s reckless gambit in Cuba, which 
brought the world to the brink of the unthinkable. Thanks in no small part 
to Kahn’s willingness to contemplate the very worst, U.S. military and 
political leaders steadily shifted away from the defeatism of Mutually 
Assured Destruction, reoriented the country’s military strategy, and 
ultimately won the Cold War in a relatively peaceful fashion.

What was true in the Atomic Age, when Moscow’s transcontinental empire 
threatened civilization with nuclear annihilation, remains true in the 
Information Age, as stateless bands of terrorists and a handful of 
dictators threaten civilization with a range of weapons. Some of these 
weapons aren’t really even weapons, as we learned when commercial airliners 
were used as missiles on September 11, 2001. Some are simple and readily 
available, as the people of Israel, Iraq, Indonesia, and India are reminded 
every time a homemade bomb tears through a place of worship or commerce. 
Some are the offspring of the Information Age itself; they are easy to 
acquire, simple to use, and inexpensive. In the hands of a committed 
adversary, they are capable of wreaking death and destruction with the push 
of a button. Even now, they are being used to probe America for weaknesses 
and wage a new kind of war­cyberwar. After years of averting its gaze, 
Washington is finally taking notice.

Destroying War

One of the major ingredients for America’s disproportionate power in the 
twenty-first century is its mastery of new technologies and capacity­even 
eagerness­to incorporate them into its economy, culture, and military. Yet 
it is an irony befitting a Greek tragedy that the very thing that makes the 
United States so powerful also makes it more susceptible and vulnerable 
than any other nation to a crippling attack in cyberspace.

As President George W. Bush explained in a recent strategy document, “In 
the past few years, threats in cyberspace have risen dramatically.” It’s 
easy to see why. Given the amorphous, open, and ever-expanding nature of 
cyberspace, it is extremely difficult territory to secure and defend; and 
given America’s primacy in traditional fields of conflict (on the ground, 
at sea, in the air, and in space), cyberspace is increasingly where 
America’s enemies pick their fights. “Ironically, we have destroyed the war 
we do best,” Michael Vlahos of the Joint Warfare Analysis Department at 
Johns Hopkins University concludes. “No one can hope to win fighting our 
kind of war, so they will make war they can win.” Cyberwar may be such a war.

According to the Congressional Research Service, the Pentagon’s computer 
systems are attacked thousands of times each year. Some of the attacks are 
akin to a gnat biting an elephant, but some are more serious. In 1994, for 
example, the Rome Laboratory, a key node of U.S. Air Force researchers and 
computer specialists, was victimized by one hundred fifty separate 
cyber-attacks. After tearing through the Air Force system, the 
cyberterrorist (a sixteen-year-old Briton) also targeted NATO headquarters 
and Wright-Patterson Air Force Base. In 1998, a group of computer hackers 
in California and Israel attacked a number of computer networks at U.S. Air 
Force bases, universities, and businesses. A 1998 report found that hackers 
had made two hundred separate attempts to break into the computer systems 
at key U.S. nuclear labs. As late as April 1999, the cybersecurity 
situation was so grave that then-Secretary of Energy Bill Richardson 
ordered a systemwide shutdown for two weeks.

During the U.S.-led NATO operation against Bosnian-Serb forces in 1995, the 
Serbs used computer systems to research the backgrounds of U.S. pilots and 
then threaten their families. Four years later, during the air war over 
Kosovo and Serbia proper, teams of Chinese and Serbian hackers attacked 
cybertargets of opportunity in the West. The Chinese hacked into websites 
run by the Departments of Energy and Interior. They defaced and effectively 
hijacked the sites, forcing the White House and other government sites to 
shut down out of self-protection. Other attacks came in the form of 
countless emails sent to slow down and overload government servers.

The cyberbattle was not one-sided, of course. Independent Dutch and 
American hackers fired back early and often, and the U.S. military employed 
information warfare tactics against Belgrade throughout the war. For 
example, as MSNBC reported in 2001, a special U.S.-U.K. unit used email and 
computer systems to conduct psychological operations against Slobodan 
Milosevic’s generals and friends, who had been enriched­and would 
eventually be impoverished or killed­as a result of their close association 
with the Serbian dictator. (Similar efforts were made during the Iraq war.) 
However, no network-killing viruses were let loose against Milosevic, 
prompting former NATO Commander Wes Clark to dismiss the allied 
cyber-salvos as little more than “harassment.”

Nonetheless, this blending of cyberwar tactics into traditional war 
fighting will continue, and, like other military innovations, it promises 
to become more effective as technology and tactics improve. China, for 
example, is fielding a force of “shock computer troops” to wage war in 
cyberspace. Known as the “Net Force,” the unit of computer programmers has 
conducted annual training exercises since 1997. Some computer and defense 
experts have warned that China is training the force to serve as the 
vanguard of a conventional attack on Taiwan.

China is not alone in this. More than twenty nations have 
information-warfare capabilities, among them some of America’s most bitter 
enemies­Cuba, North Korea, Libya, Iran, and Syria. The Indian government, 
for example, blames Pakistani intelligence agents for hacking into the 
Indian army’s main website and effectively holding it hostage ahead of 
talks in 1998. According to Lt. Col. Timothy Thomas of the Army’s Foreign 
Military Studies Office, the Palestinian terrorist group Hezbollah has 
plans in place to cripple Israeli government, military, and financial 
networks with cyberattacks. The strategy includes attacks on e-commerce, 
Internet Service Providers, and the Israeli stock exchange with the intent 
of paralyzing Israel’s technology-dependent society.

Nation-states, however, are neither the sole targets nor the sole 
practitioners of cyberwarfare. The “White Hat” computer virus, for example, 
devastated the Air Canada computer system in the summer of 2003. In another 
incident, a manmade computer “worm” chewed through Lockheed Martin’s 
system, forcing the defense giant to shut down parts of its network in 
August 2003. Exactly a week after the September 11 terrorist attacks on 
Manhattan and Washington, the Nimda virus used the Internet to skip across 
the world’s interconnected web of computer networks, leaving in its wake 
billions of dollars in damaged systems and corrupted computers. Although 
the Nimda attack was overshadowed by the attacks on the Pentagon and World 
Trade towers, Thomas notes that cybersecurity experts call it September 
11’s cyberspace equivalent. “Nimda’s creator,” Thomas adds ominously, “has 
never been identified.”

Virtual Enemies

Together, the disparate groups, governments, and individuals that create 
and launch these invisible weapons are taking the postmodern warfare we 
witnessed firsthand on September 11 to a new level: The enemy is no longer 
just stateless­he is nameless, faceless, and place-less. The enemy is not 
just transnational­he is non-national, living and hiding and attacking in a 
world where there are no borders. The enemy is no longer virtually 
invisible­he is, well, virtual.

That is one reason why critics of cyber-preparedness argue that a war waged 
in cyberspace, with bytes and streams of code rather than bullets and 
bombs, can’t really hurt us, since we live in a world of tangible 
elements­land and sea, flesh and blood.

They’re wrong.

One doesn’t have to be a Matrix fanatic to recognize that vast stretches of 
“the real world” are controlled by the invisible world of cyberspace. 
Water-pumping and purification stations, electrical utilities, hospitals, 
banks, and airports simply cannot function today without computer networks. 
Winn Schwartau, an expert on information security and infrastructure 
protection, has noted that cyberterrorists have successfully attacked and 
disabled all of these types of network-dependent targets in recent years.

Americans are steadily coming to grips with this reality. Since 1999, for 
example, the Pentagon has assigned cyberwar preparedness to a four-star 
general. In 2003, President Bush ordered U.S. military planners to develop 
guidelines for the use of cyberweapons by U.S. forces; the Department of 
Defense invested 28 percent more than in 2002 on programs aimed at 
attacking enemies’ information-warfare capabilities and defending our own; 
and Pentagon spending on programs to manipulate and master information 
technology of all kinds jumped by 125 percent.

On the offensive front, the Pentagon’s new Joint Task Force on Computer 
Network Operations has begun helping U.S. military forces incorporate 
cyberweapons into traditional war fighting. On the defensive side, the 
Department of Defense is updating all of its new Internet-related equipment 
and software to meet the latest Internet security protocols. The Pentagon’s 
entire fleet of computers and networks will be switched over to the new 
protocols within four years.

Also in 2003, Bush approved the aforementioned strategy to secure the 
civilian stretches of cyberspace. “The cornerstone of America’s cyberspace 
security strategy,” according to Bush, “is and will remain a public-private 
partnership. . . . Only by acting together can we build a more secure 
future in cyberspace.” I observed one such effort firsthand while writing 
this article. After clicking onto the White House website to download and 
read the president’s National Strategy to Secure Cyberspace, the Microsoft 
software grafted onto my PC’s hard drive stopped me dead in my cyber-tracks 
and warned me to think twice before going any further: Some files can 
contain viruses or otherwise be harmful to your computer, the message 
reminded me. It is important to be certain this file is from a trustworthy 
source. (Whether or not the White House is a trustworthy source is a 
subject for another essay, but since I am of the opinion that it is, I took 
the risk and downloaded the document.)

Wish List

This is just one small example of cross-sector cooperation in preventing, 
slowing, and if necessary, tracking and monitoring the spread of 
cyber-viruses and cyberattacks. There are many others we never see.

For instance, the White House is calling on industry leaders to improve 
computer training, enhance technology safeguards, identify and remove 
vulnerabilities (hence, the endless flow of “patches” and automatic 
updates), and cooperate with one another on cybersecurity. At the same 
time, government agencies such as the Department of Homeland Security are 
developing redundancies, conducting cyber-drills, building cyberwarning 
systems, hardening government computer networks, and developing recovery 
plans in the event of the unthinkable­ a virtual attack that would have 
crippling real-world consequences.

As Mr. Kahn put it in an earlier age of terror, “We must appreciate these 
possibilities. We cannot wish them away.”

Alan W. Dowd is a research fellow at Hudson Institute and director of 
Hudson’s Indianapolis offices. He is a frequent contributor to The World & 
I, American Outlook, The American Enterprise, National Review Online, and 
The American Legion Magazine, where he publishes policy commentaries and a 
monthly column covering national security and military issues.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/