The gray zone separating "cyber attacks" by hackers on computer and communications networks from war waged with bayonet, bomb or missile attacks is narrowing, and narrowing dramatically.
Last week, the head of U.S. Strategic Command (STRATCOM), U.S. Air Force Gen. Kevin Chilton, noted that American leaders cannot rule out using "real world" military force (e.g., air strikes and ground attacks) against an enemy who attacks and disrupts critical cyber networks.
On May 8, The Stars and Stripes quoted Chilton as saying, "I don't think you take anything off the table when you provide options" to senior civilian leaders following an attack on the United States -- including cyber attacks on America.
Chilton is addressing, quite publicly and emphatically, an increasingly difficult security threat. Cyberspace is, to paraphrase a recent statement by another senior U.S. military officer, "a contested environment." "Contested environment" is Pentagonese for "there's a fight going on there, and we're in it."
A column I wrote in January 2008 sketches the thorny issue: "Attack a nation's highways and railroads, and you've attacked transportation infrastructure. You've also committed an obvious, recognized act of war. An electronic attack doesn't leave craters or bleeding human casualties -- at least, not in the same overt sense of an assault with artillery and bombs. However, the economic costs can be much larger than a classic barrage or bombing campaign."
Historians can make the argument that "hacking" as warfare isn't new. When World War I erupted, British sailors "hacked" German undersea cables in order to intercept or cut German international cable communications traffic. This gave the British an intelligence edge and the ability to deny Germany a communications asset. Likewise, eavesdropping on military radio communications and jamming radio was standard operating procedure in World War II.In the digital age, more than military and diplomatic communications are at risk. Today, nations depend on networked computers for civilian as well as military communications, for personal and governmental economic transactions, for information storage and retrieval, and command and control of transportation and energy infrastructure. This exponentially increased reliance means that in the 21st century a nation's "cyber" infrastructure is a very attractive target. Intelligence agencies know this. So do banks, brokerage houses, freight shippers and power companies.
Electric utilities are concerned about "hacker attacks" on their computer systems. Computers guide America's electrical grids -- they monitor and control circuits.
Inducing an electrical blackout on a national scale is an offensive "three-fer": 1) an attack on key infrastructure; 2) an economic assault (damaging commerce); and 3) a psychological attack seeding hysteria and perhaps producing political panic.
Other scenarios worry defense planners. Commercial air service can be hampered or halted by attacking air traffic control system computers. Trucking can be crippled by attacking the computers controlling fuel supplies (refineries, pipelines, storage sites and distribution systems).
Space satellites and their computer-controlled ground stations offer another target. An attacker who interferes with ground-to-satellite communications could conceivably disrupt Global Positioning System (GPS) navigation, deny satellite weather data, "blind" spy satellites, and cut some phone and television networks.
But U.S. defense officials are becoming increasingly vocal about "probes" and "intrusions" traceable to nation-states. Last month, The Wall Street Journal quoted a "senior intelligence official" as saying: "The Chinese have attempted to map our infrastructure, such as the electrical grid. So have the Russians." The article noted that cyber "intruders" had not (as yet) attempted to damage the grid but "could try during a crisis or war."
Cyberspace is complex. While specific computers and control systems are vulnerable to attack, several cyber warriors make the case that knocking out the entire Internet and simultaneously disrupting "hardened" U.S. military communications is a difficult if not impossible task. "Anti-intrusion" and "anti-virus" defenses for computers are also improving.
Chilton's statement, however, serves as diplomatic notice that "classical deterrence" -- assured counter-attack with the full range of U.S. military and police power -- is now an element of American "cyber defense."