Time for public debate on cyber warfare policies

There is little doubt that the military and intelligence communities in the U.S. are in full preparation mode for cyber warfare, and seeking to enhance this country's defensive and offensive capabilities. For starters, a new military cyber command has been established, the National Security Agency has been aggressively recruiting talent and ratcheting up its efforts, and funding levels have been increased across the board.

Secretary of Defense Robert Gates testified before Congress in April that that the military spent $100 million on cybersecurity in the previous six months alone, responding to attacks. There have been reports that the Pentagon's most technologically advanced fighter aircraft had been infiltrated by hackers, as had the electrical grid.

Also earlier this year, Director of National Intelligence Dennis Blair warned Congress that the government computer systems are being targeted for espionage by foreign nations such as China and Russia.

Amid all this activity, though, has been a lack of clear government strategy and policy to deal with these threats. How aggressive should this country be in attacking, probing and infiltrating other nation's computer systems? How should the United States respond to attacks, and what would be the consequence of various actions?

This week, we report on a study by the RAND Corp., a well-known think tank that seeks to put some perspective on the issue. The study said that warfare in cyberspace must not be viewed in the traditional sense, but instead "must be understood in its own terms."  Attempts to transfer policy constructs from other forms of warfare will not only fail according to the study, but will also hinder policy and planning.

In offering advice to the Air Force, the report makes a number of salient points. It says, for starters, that the U.S. may be better off playing defense and pursuing diplomatic, economic, and prosecutorial efforts against cyber attackers, rather than making strategic cyber warfare an investment priority. The report recommends that the government focus on shoring up cyber defenses of critical infrastructure like the nation's telecommunications networks, banking systems, and power grid that may be vulnerable to attack.

"Operational cyber war has an important niche role, but only that," the report said.  It added that cyber warfare operations "can confuse and frustrate operators of military systems, and then only temporarily."

The report also called for cyber attacks to be used sparingly and precisely, noting that cyber attacks often have ambiguous sources that make them difficult to retaliate against. Such attacks also could create new enemies if a source is misidentified, and the situation can be further complicated by involvement of non-state actors.

The study provides many useful insights that deserve the attention of policymakers. As we rush ahead to prepare our defenses, protect our essential computer networks and plot military cyber strategy, there should be a broader public debate in Congress, and a much clearer understanding of options, the risks and the challenges. - Judi