Pentagon gets permission to wage cyberwar; still lacks the capability

Amendment to military funding amounts to an order to (finally) build competent cybersecurity

The National Defense Authorization Act that funded the 2012 U.S. military budget, included language to make it possible for the military to arrest and hold even U.S. citizens indefinitely without charge, also included permission for the Pentagon to wage cyberwar as it sees fit.

A report from international-relations newsletter DiploNews points out that an amendment to NDAA includes permission from Congress to do whatever it likes in the virtual trenches, though it can do so only on orders from the president, within legal limitations it has to follow under other circumstances and in accordance with the War Powers Resolution, which outlines the power of Congress and the Presdent to declare war.

Briefly, the Dept. of Defense can wage cyberwar to protect the U.S., its allies or its interests.

Congress gave the DoD more leeway on cyberwar than the regular kind because the nature of both the technology and the combat conducted with it change so quickly.

There are dangers in that of both diplomatic and military varieties, however.

Even if the U.S. is able to identify the true source of an attack, knowing how to respond in a measured and legal way will be a challenge. For instance, under whose jurisdiction does an attack fall under and which laws apply to an offender if an attack is waged from a different country or multiple countries, with data traveling through even more countries to reach its destination? Internationally, codified law regarding cyberwar and the rules of engagement is in a state of underdevelopment. There is no one body with the responsibility to coordinate global cyber security policy – DiploNews report NDAA cyberwar provisions, Feb. 6, 2012.

Among other powers, however, is the real-world destructive capabiilty of the U.S. military to respond to cyberattacks, though the problem of adequately establishing who actually launched the attack and what kind of counterattack might work best leaves a dangerous gap in the policy.

If anything, the Pentagon is too meek about using new cyberwar techniques, the DiploNews report found.

During the 2003 invasion of Iraq the Pentagon planned attacks that would have blocked access by Saddam Hussein from bank accounts overseas, the DiploNews report said. They were never used.

During the rebellion in Libya earlier this year, press reports warned that the U.S. was planning to attack Libyan electronic warning systems, an idea that was shot down because it would set a precedent that would encourage other countries to do the same to the U.S.

The main problem still seems to be defining what would or wouldn't be considered an act of cyberwar and what response would be considered justified by U.S. politicians and courts, the report said.

More likely "the U.S. is not yet ready politically, intellectually, legally and structurally for an onslaught of retaliation from its global enemies," DiploNews report read.

DiploNews reached that conclusion using its sources in the State Dept. and focus on the interaction of agency bigwigs, state-department career diplomats and the power-play maneuvering of government agencies trying to increase their own stature.

Oddly, that's exactly the conclusion I came to from watching the Pentagon's dithering about how to stop rampant Chinese cyberespionage attacks, DoD's inability to formulate or launch counterattacks, reading its responses to the GAO reports that damned its poor preparation for cyberwar, defensive capability and ability to deter attack by being obviously stronger than any potential enemy.

My question at the time – which DiploNews does not answer with any firm evaluation of whether the U.S. military is up to the job of protecting this country from online threats was whether it is time for the Pentagon to turn responsibility for cyberwar over to someone else.

There has been some progress since that time, but not enough to make any answer clear.

It's possible getting permission to wage cyberwar in the NDAA will push the Pentagon over the resistance it faces internally from uniformed bureaucrats brainwashed to think they're warriors, and warriors squeezed into the role of bureaucrats, neither of which consider plinking away on a computer as being the kind of war they really want to sink their teeth into. (Here's a hint that cyberwar is significant enough for Rambo: When a potential enemy can own your spacecraft in orbit, it's time to learn how to operate in that theater.)

Maybe it is time to give the job to someone else.

Maybe the NSA, which seems pretty effective but won't say so specifically.

Maybe Anonymous. I doubt Anonymi are good at saluting or following orders, but they could teach the Joint Chiefs a thing or two about how power is exercised in the digital age.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon