The U.S. Defense Department has accelerated its efforts to develop offensive cyber weapons that could be used to dismantle hostile military networks in countries where U.S. forces are operating, The Washington Post reported today.
The report cites the Pentagon’s growing frustration with the military’s inability to disable enemy air defense systems and other military communications networks in places like Libya, where U.S. pilots flew combat missions to protect civilian populations from attacks by the Libyan army. That frustration has reportedly led to a five-year, $500 million budget infusion for the Defense Advanced Research Projects Agency (DARPA), the Pentagon’s main research and development organization, to fast track research into offensive cyber tools.
At least one such capability would involve the use of radio signals to wirelessly inject computer code into military networks and systems that U.S. forces cannot gain access to either physically or through the Internet.
The cyber R&D budget at DARPA has increased from $228 million in FY2012 to $246 million in FY2013. And over the next five years, the agency’s investment in cyber research will grow steadily from 8 percent to 12 percent, according to testimony provided to the House Armed Services Committee last month by Dr. Kaigham J. Gabriel, DARPA’s deputy director (pictured above.)
Gabriel’s testimony to Congress makes it clear that a large part of the agency’s effort currently revolves around defensive cybersecurity research, particularly the CRASH program. CRASH, which stands for Clean-Slate design of Resilient, Adaptive, Secure Hosts attempts to replicate the defensive mechanisms of biological systems and seeks to develop cybersecurity technologies by radically rethinking basic hardware and systems designs. Other programs focus on encryption and streamlining the Pentagon’s ability to contract with small businesses in the cybersecurity market.
And there is still much debate about the feasibility of offensive cyber attacks, as well as the ability of the Pentagon to provide policymakers with assurance that such attacks would not cause unintended damage to civilian infrastructures that could lead to loss of life. The intelligence requirements related to conducting a highly targeted, successful cyber attack against foreign military systems that are often proprietary and not connected via the Internet are daunting.
Despite such doubts, Gabriel said the agency is beginning to shift its resources. “We are also shifting our investments to activities that promise more convergence with the threat that recognize the unique needs of the Department of Defense,” he said. “To this end, in the coming years, DARPA will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs.”
Terry Roberts, executive director for Acquisition Support, Interagency and Cyber at the Software Engineering Institute, is also the former Deputy Director of Naval Intelligence. Roberts said given the emerging threats in cyberspace and the types of missions the Pentagon is being asked to conduct, there appears to be no other reasonable alternative to R&D in offensive cyberweapons.
“Offensive operations are always the last resort and only undertaken if you have the proper legal authorities, national command authority direction and detailed intelligence preparation of the battle space,” said Roberts. “With all of that, precise and effective Cyber attack is feasible.”
Mark Heilbrun, a lawyer at a Washington, D.C., law firm who served on the National Security Council, said the commentary in the Post story and Gabriel’s recent testimony on Capitol Hill all appear to be a Pentagon effort to protect its budget during the current fiscal crisis. “Cyber is their new golden egg, it appears,” said Heilbrun. “Defense knows they can get from Congress [more than] 80% of any emerging [threat] if they fight hard and are creative enough. That is what could be referred to as budget insurance. They then can figure out ways to spend it once it is in the door.”
The Pentagon’s interest in offensive cyberweapons is not new. In fact, it is largely believed that during the 1999 U.S.-led bombing campaign in Kosovo a special Information Operation (IO) Cell established to support Joint Task Force Anvil (the U.S. portion of the NATO bombing campaign) conducted sophisticated cyber operations against hard-wired Serbian air defense systems.
In a briefing titled “A View From The Top,” delivered to then JTF-Anvil Commander Admiral James Ellis, senior Pentagon officials concluded that offensive cyber operations could have reduced the time it took U.S. and NATO forces to defeat Serb defenses by half.
“Modern warfare demands the effective use of cyber, kinetic, and combined cyber and kinetic means,” stated Gabriel in his prepared remarks to Congress last month. “That will happen only if cyber capabilities are at scales and speeds matched to our kinetic options. This cannot be achieved by simply doing more of what we’ve been doing or by increasing our intelligence-oriented cyber capabilities.”
Download the Feb. 29, 2012 testimony of Dr. Kaigham J. Gabriel, DARPA’s deputy director, before the House Armed Services Committee.
Read the full report from The Washington Post.