U.S. “cyber army” stands ready for war

President Bush has ordered the government to create formal guidelines for fighting a cyber war, The Washington Post reported Friday. In cyber combat, the military would attack its opponents with bytes instead of bombs, using electronic weapons to disrupt or destroy an enemy's communications, power supplies and other critical infrastructures.

If the president decides to wage this breed of war in Iraq, or any other nation, the mission will fall to the United States' cyber army, a staff of about 150 computer scientists and cyber analysts assigned to the Defense Department's Joint Task Force-Computer Network Operations.

The JTF-CNO is encamped at a Defense complex outside Washington, the same facility that houses the National Communications System, the government's emergency communications apparatus.

The cyber army has two missions. The first is guarding Defense's computer networks from attack, whether by domestic or foreign adversaries. Established only five years ago, the small force has earned its stripes repelling computer nemeses like the recent Slammer worm and hacks by Web site-defacing cyber vandals, many of them teenagers who are most active when they're home on winter and summer vacations.

Two administrations have shrouded the task force's second mission-cyber offense-in secrecy. The White House wouldn't confirm the report of the new guidelines, but a spokesman acknowledged what is widely known among cyber experts: For years, the military has developed and maintained the ability to electronically battle its opponents.

Has the cyber army ever gone to battle? "I cannot say," Walter "Dusty" Rhoads, the deputy commander and chief of staff of JTF-CNO, said in a recent interview.

Rhoads, an ex-fighter pilot who in 1995 became the founding commander of the Air Force's first information warfare squadron, a predecessor of the current task force, also won't reveal the weapons or the methods the cyber army could use. But officials and cyber war experts have said that the same arsenal of worms, viruses and hacking techniques employed by those who attack the government are almost certainly the same ones the government would use to attack its enemies. And Rhoads acknowledged that only people with a formal understanding of how computer attacks can occur, and how computer networks are vulnerable, have the skills to be members of the cyber army.

To conduct its defensive operations, the cyber army relies on intelligence analysis, some produced in-house and some from government and private sector sources, to assess countries' capabilities to attack U.S. systems. That information would also be a key to understanding how to defeat an enemy. That, Rhoades said, is the cyber army's sole offensive mission.

The art of cyber war breaks into three categories: denial, disruption and exploitation, said Tom McDermott, the former head of information security for the National Security Agency. Any nation employing cyber offense would likely target an adversary's critical communications or energy systems, shutting them down or cutting off access to them. Also, valuable information contained in enemy systems, such as military intelligence, could be captured, and false information could be spread through information networks to confuse the adversary.

To wage a cyber war effectively, a country needs a computer infrastructure and a computer-educated population from which to draw its soldiers, McDermott said. Iraq has those components, and some cyber analysts believe the Iraqi government maintains a computer attack squad.

As in traditional war, a cyber army might have to use both defensive and attack strategies. Rhoads said there are some classified policies and procedures in place now for conducting offensive operations, but he wouldn't describe them. The White House reportedly ordered the drafting of cyber war guidelines last summer.

Cyber army soldiers possess many of the same skills as their adversaries. They hold advanced degrees in computer science, often have been trained as intelligence analysts and are fluent in network engineering, science and exploitation. They may have gleaned these skills in the classroom or on the job, in the private or public sector. The cyber army consists of about one-third each military, civilian and contractor personnel.

Rhoads said he and his colleagues attend hacker conferences to make the military's presence known among the attendees, but also to drum up support for the government. The largest annual hacker gathering, Def Con, holds an annual "Meet the Feds" panel. Defense officials have spoken at the convention to encourage the most talented attendees to help educate government personnel about cyber attack and defense. They've been both welcomed and greeted with contempt by those present.

Rhoads emphasized the government's policy is not to hire so-called "black hat" hackers, or those who use their skills illegally. Nevertheless, the soldiers in the cyber army, like hackers, have the skills and capabilities to wound their adversaries, and Rhoads said the Defense Department employs many individuals with the talents needed to be a cyber warrior.

Reflecting the subtle and perhaps arbitrary difference between black hat hackers and their "white hat" counterparts, McDermott said, there is an "extensive body of experts who have not crossed that line [of illegal hacking] who serve their government."

Numerous cyber analysts and hackers-regardless of their affiliation-say the likelihood is slim that any government could cause massive damage through electronic means on the scale associated with traditional combat. Cyber offense may, at best, be an accompaniment to common military operations that helps weaken an enemy's resolve or defenses.

But McDermott cautioned the government not to assume the most powerful weapons in the cyber arsenal have already been exposed. A war might be the most opportune time to reveal new methods and weapons.

"Why would you expect an adversary to lay their cards on the table until it counts?" McDermott said.