CyberwarfareDARPA solicits proposals for offensive cyberwar technologies

Published 27 September 2012

DARPA, the Pentagon’s research outfit, announced that next month it will host a meeting for defense contractors in which the agency will outline the Pentagon’s need for “revolutionary technologies for understanding, planning and managing cyberwarfare”; the announcement is the latest indication of the greater willingness of military planners and policy makers to discuss U.S. offensive cyberwar capabilities and plans openly

DARPA, the Pentagon’s research outfit, announced that next month it will host a meeting for defense contractors in which the agency will outline the Pentagon’s need for “revolutionary technologies for understanding, planning and managing cyberwarfare.” DARPA calls it Plan X, and, in public releases, says the purpose of the project is “understanding the cyber battlespace,” quantifying “battle damage,” and working in DARPA’s “cyberwar laboratory.”

The United States has already taken steps to bolster its cyberwarfare capabilities, such as creating a Cyber Command, but as the New York Times notes, until now there has been a reluctance to discuss offensive cyber capabilities and strategies openly. Indeed, the Times reports that since June, FBI has been investigating leaks to the New York Times about cyber attacks, attributed to Israel and the United States, against Iran’s nuclear facilities.

Those government agencies involved with offensive cyber warfare now appear more ready openly to discuss the topic. CSIS’s cyber expert James Lewis told the Times that he sees DARPA’s Plan X public announcement as “a turning point” in a long debate over secrecy about cyberwarfare. He said it was timely, given that public documents suggest that at least twelve of the world’s fifteen largest militaries are building cyberwarfare programs.

“I see Plan X as operationalizing and routinizing cyberattack capabilities,” Lewis said. “If we talk openly about offensive nuclear capabilities and every other kind, why not cyber?”

When Lewis was asked, in a recent interview with the Homeland Security News Wire, whether a cyberwar “arms control” treaty is worth pursuing, Lewis said: “Treaties are unverifiable, so there is no sense in agreeing to one. When people invent a weapon they tend to use it unless it is truly horrific, an cyber attack is not in that category.”

The Hill reports that last week, at a public Cyber Command legal conference, the State Department’s top lawyer, Harold H. Koh — who, in 2010, was the first Obama administration’s official to offer a public explanation of the policy of targeted killing of terrorists — said the administration’s position that the law of war, including such principles as minimizing harm to civilians, applies to cyberattacks.

Koh elaborated on the ten principles guiding U.S. efforts on cyber engagement in the international space, and noted that  most of them are in agreement with key provisions of the Tallin Manual on the International Law Applicable to Cyber Warfare. The manual, released in early September by NATO’s Cooperative Cyber Defense Center of Excellence (CCD COE), is, at this stage, no more than an unofficial document draft, containing a compilation of the opinions of legal and technical experts. The manual discusses how existing international law, jus ad bellum and jus in bello, applies to the cyber environment.

The Times notes that in August, the U.S. Air Force caused a stir with a solicitation for papers advising it on “cyberspace warfare attack capabilities,” including weapons “to destroy, deny, degrade, disrupt, deceive, corrupt or usurp” an enemy’s computer networks and other high-tech targets.

Earlier in the summer, Lt. Gen. Richard Mills, now deputy commandant of the Marine Corps, told a public conference how he had used “cyber operations against my adversary” in Afghanistan in 2010. “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire,”.

Jason Healey, who heads the Cyber Statecraft Initiative at the Atlantic Council, told the Times that cyberwarfare was discussed in the 1990s, even though technological capabilities and targets were far more limited than they are today. “Our current silence dates back 8 or 10 years, and NSA is a big reason,” said Healey.

Healey notes that the National Security Agency is among the most secretive agencies in government, and that its reflexive secrecy is carried over cyberwarfare.

The greater openness in discussing offensive cyberwarfare may indicate that military planners and policy makers have accepted the inevitability of the need to develop capabilities to wage such a war, but critics argue that this openness has a price.   

Daryl Kimball, executive director of the Arms Control Association said that more talk about the U.S. cyberwarfare capabilities might prompt other countries to develop their own programs.

Kimball told the Times that DARPA’s public statement about the goals of its Plan X for cyberwarfare might be a case in point. “It makes it sound like the U.S. is preparing to be able to wage a full-out cyberwar,” Kimball said. “Those kinds of statements could come back to haunt the U.S. down the road.”