Weekly Schedule
  Message Boards
  Transcripts
  Video Archive
Get New Responses

Automatically Update Page

Submit Question

Discussion Areas
  Politics
  Nation
  World
  Metro
  Business
  TechNews
  Sports
  Style
  Entertainment
  Travel
  Health
  Home & Garden
  Post Magazine
  Food & Wine
  Books & Reading
  Viewpoint
  Jobs

  About Live Online
  About The Site
  Contact Us
  For Advertisers

Bradley Graham
Bradley Graham
(The Post)
Special Report: Confronting Iraq
Cybersecurity Section
Bush Orders Guidelines for Cyber-Warfare (Post, Feb. 7)
Cyber-Attacks by Al Qaeda Feared (Post, Jun. 27)
White House Officials Debating Rules for Cyberwarfare (Post, Aug. 22)
TechNews.com

Bush Administration Debates Use of Cyber-warfare
Guest: Washington Post reporter Bradley Graham

Friday, Feb. 7, 2003, 11 a.m. ET

The Bush administration has been quietly debating whether and how it should authorize the use of "cyber-warfare" against international threats, a debate sparked by growing evidence that hostile countries and terrorist organizations are planning to attack The U.S.'s own vital communications systems.

How can the U.S. use cyber-war against its enemies? What are the technologies involved? How would the Pentagon be involved?

Washington Post reporter Bradley Graham was online to discuss his article on the topic, "Bush Orders Guidelines for Cyber-Warfare," which ran in today's Washington Post.

An Edited Transcript Follows:

Editor's Note: Washingtonpost.com moderators retain editorial control over Live Online discussions and choose the most relevant questions for guests and hosts; guests and hosts can decline to answer questions.

dingbat


Annandale, Va.: How can the U.S. realistically expect to be able to attack other nations' information infrastructure without causing collateral damage? Most info. systems are so interconnected that any such attack would almost definitely have cascading effects on non-targeted systems, very possibly in other - friendly - nations. Thanks.

Bradley Graham: Certainly collateral damage is a key concern in government considerations about what kinds of cyber weapons to develop and whether to ever use them. Under guidelines drawn up by the Pentagon, military commanders would be required to do the same kind of estimating about potential damage before launching a cyber attack that they are now required to do before dropping bombs. But cyber warfare planners acknowledge they difficulty they are having trying to model just how a computer attack would play out. As you say, many information systems are so interconnected that it would appear very hard to strike one network and avoid a spillover effect into others. Nonetheless, specialists in this area say that progress is being made in developing increasingly precise cyber weapons.

New York: If cyberwar has the potential to do serious physical harm, particularly to infrastructure that civilian populations rely on, do we face a war crimes issue? Do you anticipate global conventions on cyberwar akin to conventions against biological and chemical weapons?

Bradley Graham: So far the issue has not received the kind of international attention that I would expect it to get once more becomes known about the kinds of capabilities that the United States and others are developing and considering using. At one point several years ago, Russia tried to gather support for a U.N. resolution that would call for new international guidelines and the banning of particularly dangerous information weapons. It warned that computer attacks and other information operations could lead to an escalation of the arms race. But my understanding is that the Russian initiative did not produce anything. There may have been other similar calls for an international convention since; I just haven't followed that part of the story. But my understanding is that U.S. officials have tended to resist the idea of drafting overarching international principles on information warfare, until they at least finish drafting a set of national guidelines. In the meantime, what the Pentagon's lawyers have determined is that the same "laws of war" that apply to attacks with bombs must apply to attacks with electrons--which is to say the attacks must not be indiscriminate and must make every effort to minimize collateral damage.

Washington, D.C.: Does the U.S. place sanctions or have policies against other countries that try to wage cyber attacks against us?

Bradley Graham: Not that I'm aware of. In fact, U.S. officials appear reluctant even to publicize cyber attacks that they have sourced to other countries. That may be because, up to now, none is known to have done serious damage to U.S. national security. Or U.S. authorities may want to reserve the right to strike back--or simply gather intelligence on the capabilities of other nations without disclosing what that intelligence is.

Manassas, Va.: How can cyberwar be limited to just one place? Couldn't a cyberattack spillover to the broader Internet?

Bradley Graham: It certainly could. That's one of the main reasons that U.S. officials say they are proceeding very cautiously in deciding when and how to launch such attacks. It's also a reason that Pentagon officials say they have ruled out the use of indiscriminate computer viruses against an enemy network.

Arlington, Va.: Does this fit in with Bush's national blueprint for cybersecurity, or is this a secret plan, akin to the Pentagon's Total Information Awareness campaign?

Bradley Graham: Virtually everything about the U.S. arsenal of offensive cyber weapons is highly classified. A number of officials I spoke with didn't even acknowledge the existence of the presidential directive ordering the new guidance. But there are clearly links between offense and defense. Much of the work that government agencies are doing to improve the security of U.S. information networks has reverse application in the development of plans and capabilities for attacking enemy networks.

Arlington Va.: This seems like the slipperiest of slopes. Do we really want to turn spooks loose on the global Internet? What's to stop them from using their newfound capabilities and powers to hack domestic undesirables?

Bradley Graham: No doubt U.S. spooks already are loose on the global Internet employing extensive computer snooping capabilities--and will continue to do so. The extent to which these capabilities are aimed at domestic targets is indeed an important legal and political matter. But my story was focused more on the idea of U.S. agencies going from passive surveillance to active attack against enemy networks. This would have all sorts of other legal, ethical and international ramifications that administration officials are now trying to sort through.

Alexandria, Va.: Your article today says that while the tools for conducting cyber-war are available, the government lacks a "doctrine" for determining when and how they would be used. Why is this so important for national security policymakers to develop the doctrine?

Bradley Graham: Because of the power inherent in these new weapons to wreak havoc on computer networks around the world. If U.S. authorities are going to launch such attacks, they need to have thought through all the procedures and likely effects ahead of time.

Washington, D.C.: How could the U.S. actually gain access to these networks in order to attack them? Is Iraq really going to have a system that controls major electrical power backbones on the same network as some agency's webpage? Isn't any cyber attack actually going have to be launched from some compromised terminal inside Iraq?

Bradley Graham: Couldn't tell you exactly how it might be done. But of course gaining access wouldn't be a matter simply of entering some agency's webpage. And depending on the nature of the attack, it wouldn't have to originate from inside Iraq.

Washington, D.C.: Is the cyber-warfare mission tasked to the Defense Dept. or to the various intelligence agencies? Are soldiers doing this, or civilian gov't officials or contractors?

Bradley Graham: These are among the questions to be resolved in the review that Bush has ordered. Just who has been doing what in this field of cyber operations has been difficult even for some government officials with high security clearances to sort out because of the extent of compartmentalization that has existed. No doubt there will need to be close cooperation between the Pentagon and the intelligence agencies in conducting some cyber attacks, just as there has been recently in the war in Afghanistan and the pursuit of al Qaeda.

San Antonio, Texas: Is the secret directive outlining cyberwarfare issued by the Bush administration the reason, or one of them, that Richard Clarke resigned?

Bradley Graham: I have no reason to think there was any such connection.

Hernando, Fla.: Which agency or service would be most likely to launch a cyber attack?

Bradley Graham: That really would depend on the target and the nature of the attack. As we saw in the war in Afghanistan, military soldiers and CIA operatives all were involved in executing attacks. The same would likely be the case in cyber space.

Falls Church, Va.: What can be achieved with a cyber weapon that can't be done with a conventional weapon?

Bradley Graham: Take the case of knocking out a country's air defense system. The idea is that instead of using bombs to destroy radars and command facilities, computer attacks would accomplish the same thing, only more speedily and without killing anyone.

washingtonpost.com: That's all the time we have today. Thanks to everyone for sending in questions, and thanks to Mr. Graham for joining us today.

© Copyright 2003 The Washington Post Company