Grappling with matters of law and policy governing the United States military’s cyber-warfare capabilities, Pentagon planners are eying ways of making preemptive strikes across the Internet part of America’s toolbox.
In a piece for Foreign Affairs, the publication of globalist policy group The Council on Foreign Relations, Deputy Secretary of Defense William J. Lynn III paints a picture of dire threat to American infrastructure, disclosing for the first time details of a devastating cyber-attack on U.S. infrastructure.
While not giving many specifics, Lynn described how malicious code on a USB thumb drive managed to spread across the Department of Defense network, establishing a “digital beachhead” that could siphon key data.
“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” he wrote. “This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call. The Pentagon’s operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy.”
However, “Operation Buchshot Yankee,” commenced in 2008 and lasting some 14 months, saw the Department of Defense scramble over what was essentially a very minor security threat that caught their network experts completely by surprise.
The Defense Department quickly issues an outright ban on the use of flash drives. The file which infected Pentagon computers was actually quite common — a derivative of the “SillyFDC” worm, according to Wired, which is listed by anti-virus software developer Symantec as a lowest tier threat. Users who wanted to remove the threat could have simply scanned their drives for the file “Agent.btz,” which was at the source of the Pentagon’s dilemma.
Naturally, the operation to eradicate the worm was kept secret, requiring a much larger effort on part of a smaller group.
The havoc caused by agent.btz has little to do with the wormÃ¢â‚¬â„¢s complexity or maliciousness Ã¢â‚¬â€ and everything to do with the militaryÃ¢â‚¬â„¢s inability to cope with even a minor threat. Ã¢â‚¬Å“Exactly how much information was grabbed, whether it got out, and who got it Ã¢â‚¬â€ that was all unclear,Ã¢â‚¬Â says an officer who participated in the operation. Ã¢â‚¬Å“The scary part was how fast it spread, and how hard it was to respond.Ã¢â‚¬Â
U.S. Strategic Command, which is supposed to play a key role in military network defense, couldnÃ¢â‚¬â„¢t get simple answers about the number of infected computers Ã¢â‚¬â€ or the number of computers, period.
Ã¢â‚¬Å“We got into Buckshot Yankee and I asked simple questions like how many computers do we have on the network in various flavors, whatÃ¢â‚¬â„¢s their configuration, and I couldnÃ¢â‚¬â„¢t get an answer in over a month,Ã¢â‚¬Â U.S. Strategic Command chief Gen. Kevin Chilton told a conference last May.
All of which, Lynn wrote in Foreign Affairs, led to the creation of the U.S. Cyber Command and the beginning of rules governing the military’s conduct of online warfare.
The Washington Post, in a Saturday report on the development of rules to govern cyber-warfare, added:
“We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us,” Gen. Keith Alexander, the head of the Pentagon’s new Cyber Command, told an audience in Tampa this month.
Military officials have declared that cyberspace is the fifth domain – along with land, air, sea and space – and is crucial to battlefield success.
“We need to be able to protect our networks,” Lynn said in a May interview. “And we need to be able to retain our freedom of movement on the worldwide networks.”
That line of thinking has led Pentagon planners to weigh weather or not the United States can legally reach across the Internet to attack “adversary information systems,” according to Defense Dept. documents examined by the Post. The capabilities being sought would allow U.S. cyber-warriors to “deceive, deny, disrupt, degrade and destroy” information and computers around the globe.
While it is legal for the Pentagon to block malicious software on the edges of its networks, preemptive strikes on systems thought to be in the employ of those who would harm America or its interests are still a gray area and could be subject to international escalation, should the U.S. take an overtly offensive stance.
“We are having a big debate about what constitutes the use of force or an armed attack in cyberspace,” said Herbert S. Lin, a cyber expert who spoke to the Post. “We need to know where those lines are so that we don’t cross them ourselves when we conduct offensive actions in cyberspace against other nations.”
The U.S. Cyber Command, comprised of 1,000 hackers and spies, will assume command on Oct. 1, led by NSA director General Keith Alexander. The group’s creation was announced in 2009, with the full support of President Obama.
Civil libertiesÃ¢â‚¬â„¢ activists have warned against allowing the secretive NSA to take the lead in overseeing cyber security, saying it would place too much power in one agency with the NSA policing the same networks that it exploits to carry out eavesdropping.
In unveiling his plans to create a new White House post to oversee cyber security, Obama promised privacy rights would be carefully safeguarded even as the government moves to step up efforts to protect sensitive civilian and military networks.
There have been reported breaches of the US electricity grid and the F-35 fighter jet program, and Obama mentioned a cyber attack Ã¢â‚¬â€ blamed by some accounts on foreign spy services Ã¢â‚¬â€ on the computer hub for his own 2008 presidential campaign.
Audio of a round-table interview with Deputy Defense Secretary Lynn on U.S. cyber-security is available online [mp3 link].