U.S. officials say that existing cyberweaponry has the potential to disable components of a weapon system, although it is not likely to destroy the system.
Cyber tools might be used in conjunction with other tactics and weapons. Cybertechnology might, for example, enable an attack by delaying enemy recognition of it until it is underway.
“It will probably never be just a standalone cyberattack on a network,” said Lt. Gen. Charles R. Davis, commander of the Electronic Systems Center at Hanscom Air Force Base, who buys the tools and software that support the Air Force’s offensive and defensive cyber activities.
Cybertechnology was not a significant factor in military operations 10 years ago, Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said during an Atlantic Council discussion in December. “Cyber is a significant factor today.”
In Iraq, during the 2007 surge of U.S. combat forces, the National Security Agency used cyber tools to muddle the signals of the cellphones and laptop computers that insurgents used to coordinate their strikes, according to previously published reports confirmed by former U.S. officials. U.S. cyber operators used those techniques to deceive the enemy with false information, in some cases leading fighters into an ambush by U.S. troops.
But countering Libya’s air defenses was a different story. The operation arose quickly. Officials had not foreseen the Arab Spring uprising against Libyan strongman Moammar Gaddafi, and no intelligence and engineering work had been done to exploit the vulnerabilities of the Libyan air defense system.
Some experts believe that Israel may have used a cyberweapon to blind Syrian radar before bombing a suspected nuclear facility in September 2007, but several former U.S. officials say that the technique more likely used was conventional electronic warfare or radar jamming using signals emitted from an airplane.
The Stuxnet computer virus that reportedly disabled some 900 centrifuges in an Iranian uranium-enrichment plant in 2009 and 2010 — while it has been dubbed by control-system expert Ralph Langner as the world’s “first digital warhead” — lacked the precision, predictability and control that a military commander would need during combat, experts said.
“If I’m trying to knock down an air defense system, I have to know precisely what’s going to happen and when it will happen,” said a former military official. “It’s a fundamentally different approach than Stuxnet.”
DARPA plans to focus an increasing portion of its cyber research on “offensive capabilities to address military-specific needs,” Gabriel said recently in testimony
before the House Armed Services subcommittee on emerging threats and capabilities.
Over the past decade, instances have been reported in which cyber tools were contemplated but not used because of concern they would result in collateral damage. For instance, defense and intelligence agencies discussed using cybertechnology to freeze money in Iraqi dictator Saddam Hussein’s bank accounts just before the U.S.-led invasion in March 2003 to blunt his efforts to mount a defense. The plan was aborted because of concern that the cyberattack could disrupt financial systems in Europe and beyond.
Within a war zone, the use of a cyberweapon may be limited by other considerations. There is the danger of collateral damage to civilian systems, such as disrupting a power supply to a hospital. A destructive computer code, once released, could be reverse-engineered and sent back at vulnerable U.S. targets or adapted for use by foreign spy agencies. Cybertechnology also is not always the most efficient way to attack a target — sometimes bombs or electronic warfare are easier or more reliable.
Within the Pentagon, more money is being spent on defending against cyberattacks than on preparing to deploy offensive cyber operations, officials say. That is appropriate, they say, when adversaries are trying to develop similar cyberweapons to use against U.S. military targets that may not be secure against attack and when Pentagon networks are probed thousands of times daily.
But more money needs to be spent on developing cyperweapons, say some former officials. “You’ve got to start moving investment to the offensive side,” Cartwright said.
Pentagon spending on cybertechnology is growing even as other areas of its budget are shrinking, officials say.
“I am still not remotely satisfied with where we are in cyber,” Deputy Secretary of Defense Ashton B. Carter said at the Credit Suisse and McAleese and Associates defense conference in Arlington this month.
“I dare say,” he said, “we’d spend a lot more if we could figure out where to spend it.”