“We just ran out of time,” a former military official said. “It was overcome by events.”
That the cyberattack option was raised at all underscores the U.S. military’s growing capabilities in cyberwarfare and the appeal of such weapons as alternatives to conventional military options. But the debate also showed some of the practical limits on using computer code as a weapon.
U.S. officials have never publicly disclosed the cyberweapons at their disposal, though the military last year established the U.S. Cyber Command, based at Fort Meade, to coordinate the military use of cyberspace, including potential offensive operations.
A cyberattack against Libya, said several current and former U.S. officials, could have disrupted Libya’s air defenses but not destroyed them. For that job, conventional weapons were faster, and more potent.
Had the debate gone forward, there also would have been the question of collateral damage. Damaging air defense systems might have, for example, required interrupting power sources, raising the prospect of the cyberweapon accidently infecting other systems reliant on electricity, such as those in hospitals.
There was also the possibility of any damage inflicted by a cyberweapon being temporary, allowing the Libyan government to potentially restore its air defenses quickly.
The debate over whether to mount a U.S. cyberattack on Libya was first reported by the New York Times on its Web site Monday.
“Cyber is just going to destroy or disable a component,” a former U.S. official said. “It’s not going to blow something up on the rails.”
A U.S.-led coalition, operating under United Nations authority, began strikes against Libyan air defenses and troop formations on March 19. The campaign, called Operation Odyssey Dawn, was carried out by the U.S. Africa Command and directed by a U.S. admiral aboard the USS Mount Whitney in the Mediterranean.
U.S. elements included sea-launched cruise missiles, B-2 stealth bombers, Harrier fighter planes and Growler jamming aircraft. France, Britain, Denmark and some other countries also participated. NATO took over command of the operation on March 31.
Had the debate proceeded and a cyberattack option been chosen, the task could have fallen to the U.S. Cyber Command or another military command.
The Obama administration avoided a confrontation with Congress over whether the airstrikes triggered the War Powers Act by ending its role in attacking Libyan ground forces in early April. The administration contended that ongoing U.S. strikes against Libyan air defenses did not constitute “hostilities” under the terms of the law.
The question of whether a cyberattack on Libya’s air defenses would trigger the War Powers Act was never discussed because the debate never advanced, the former official said.
In general, the U.S. government has been cautious in its deliberations over the use of cyberweapons, recognizing that using them can reveal capabilities and set precedents that might encourage other nations.
In this case, officials said, the main concern was time. In 2003, the George W. Bush administration considered dismantling Iraq’s financial system in a cyberattack before the U.S. invasion. The plan was blocked over concerns about collateral damage that might affect systems beyond the target, a former official said.
At the time, there was also an unwritten international taboo on targeting a banking system, which was seen as dangerous to global financial systems.
Staff writer Karen DeYoung contributed to this report.