CyberwarfareU.S. military “unprepared” for cyberattacks by “top-tier,” cyber-capable adversary: Pentagon

Published 6 March 2013

A new Pentagon study concludes that the U.S. military is unprepared for a full-scale cyber-conflict with a top-tier, cyber-capable adversary. The report says the United States must increase its offensive cyberwarfare capabilities, and that the U.S. intelligence agencies must invest more resources in obtaining information about other countries’ cyberwar capabilities and plans. The report says that the United States must maintain the threat of a nuclear strike as a deterrent to a major cyberattack by other countries. The report warns that the Pentagon cannot be confident its military computer systems and communication networks are not compromised because many of the components of these systems and networks are made in countries which pose the main cyberthreat to U.S. national security.

Cyber-readiness is raised as a concern // Source: diendancntt.vn

A new report for the Pentagon concludes that the U.S. military is unprepared for a full-scale cyber-conflict with a top-tier adversary. The report says the United States must increase its offensive cyberwarfare capabilities. The report also call on the U.S. intelligence agencies to invest more resources in obtaining information about other countries’ cyberwar capabilities and plans.

The Washington Post reports that the report says that the United States must maintain the threat of a nuclear strike as a deterrent to a major cyberattack by other countries.

The 138-page report Defense Science Board – only part of which has been declassified – does not mince words in saying that despite a range of Pentagon actions to thwart sophisticated cyberattacks by other countries, these efforts are “fragmented” and the Defense Department “is not prepared to defend against this threat.”

The report describes how Pentagon “red” teams created to test the military’s cyberdefense abilities have “relative ease . . . in disrupting, or completely beating, our forces in exercises using exploits [software] available on the Internet.”

The experts on the 33-member task force says that the United States must bolster its cyber-readiness posture through a combination of deterrence, refocused intelligence priorities, and a stronger offense and defense.

“Defense can take you part of the way, but it needs to be balanced with cyber-offense and conventional capabilities,” said Lewis Von Thaer, task force co-chairman and president of General Dynamics Advanced Information Systems.

There is a straightforward reason why the Pentagon cannot be confident its military computer systems and communication networks are not compromised: many of the components of these computer systems and communication networks are made in countries which pose the main cyberthreat to U.S. national security.

The report notes that very few countries, for example, China and Russia, have the skills and capabilities to create vulnerabilities in protected systems by interfering with components.

The report emphasizes that defensive cyber capabilities are not enough, and that the United States must have offensive cyber capabilities which, when needed, could be used either preemptively or in retaliation for a cyber attack by an adversary.

The report notes that U.S. military planners must internalize the fact that that a full-scale military conflict in cyberspace could include hundreds of simultaneous, synchronized offensive cyber-operations.

Von Thaer said that while the Pentagon’s Cyber Command is in the process of expanding, “there’s still a lot of work to be done” to master the staging of military cyber-operations.

The experts on the panel described how a conflict with a cyber-capable adversary could mean the crashing of servers, corruption of data, tampering with the supply chain, and insertion of malicious software into critical infrastructure systems.

What is more, these cyber-attacks could accompany a conventional attack by an adversary on U.S. forces at sea or in space. “U.S. guns, missiles and bombs may not fire, or may be directed against our own troops,” the report warns, and military commanders “may rapidly lose trust” in their ability to control their forces or to conduct counterstrikes.

The Post notes that the task force concluded that it is not feasible to protecting every military system from cyberthreats. The report recommends an approach which relies on isolating critical systems and weapons, and equipping small numbers with advanced defensive measures to ensure they survive an attack.

Martin Libicki, a cyber expert at the RAND Corp., told the Post, however, that, “These things are really harder to do than they look…. If you don’t have real time control over a system, it’s very difficult to get something to malfunction at a time and a place of your own choosing.”

The report also suggests that the United States must examine whether the command-and-control systems for U.S. nuclear weapons are sufficiently protected to withstand cyberattacks.

— Rdad more in Task Force Report: Resilient Military Systems and the Advanced Cyber Threat (Department of Defense, Defense Science Board, 2013)