Pentagon partners with NATO to create Global Cyber Warfare System

U.S. Cyber Command is scheduled to be activated this month, in the words of a Reuters dispatch "ready to go to war in cyberspace" with full operational capability.

The launching of the world’s first multi-service – with the involvement of all major branches of the U.S. armed forces: Air Force, Army, Marine Corps and Navy – military command is being coordinated with a complementary initiative by the North Atlantic Treaty Organization in Europe, the joint effort striving toward a worldwide cyber warfare system.

Last month the U.S. Defense Department’s Joint Task Force Global Network Operations command was deactivated and absorbed into U.S. Cyber Command (CYBERCOM) after a decade-long existence.

In describing the transition, the Pentagon’s press service recounted that the task force had worked on "the best ways to operate on the cyber battlefield" with "a dual mission to conduct offensive and defensive cyber operations." In 2003 it was assigned to U.S. Strategic Command (STRATCOM), under whose sponsorship CYBERCOM is also being inaugurated. The next year Joint Task Force Global Network Operations was reconfigured "to assume the offensive role" of the above-mentioned shield-and-sword function.

Air Force General Kevin Chilton, the commander of U.S. Strategic Command, presided over the September 7 turnover ceremony. Army Lieutenant General Carroll Pollett, head of the Task Force Global Network Operations since 2008, is now reduced to remaining director of the Defense Information Systems Agency, at whose Arlington, Virginia site the ceremony was held, though the Pentagon’s Defense Information Systems Agency is slated to follow CYBERCOM to Fort Meade, Maryland.

General Pollett’s comments at the event included: "(Information) has become an operational imperative in our ability to deliver decisive capabilities to warfighters and our national leaders.

"Cyberspace has evolved into a new warfighter domain.

"Cyberspace has proven equal and just as important as air, sea, land and space as a domain. It’s clear that it must be defended and operationalized." [1]

His characterization of cyber space as the fifth military domain is consistent with the standard use of that trope by Pentagon officials, a variant of which is fifth battlespace. [2] When the leaders of the mightiest military in the history of the world discuss adding a new dimension to the traditional ones of infantry, air force, navy, marine, and satellite and missile operations, they are planning not only for an extension of warfare preparations to a new realm but into one which is related to and in many ways dominates the others.

The first commander of CYBERCOM, General Keith Alexander, said two weeks after his appointment and CYBERCOM’s launching on May 21 that the Pentagon "depends on its networks for command and control, communications, intelligence, operations and logistics" and that the mission of his command is to "deter, detect and defend against emerging threats against our nation in cyberspace."

The general, who is simultaneously head of the Defense Department’s National Security Agency, also said that "clear rules of engagement" need to be defined for cyber warfare and that "We have to look at it in two different venues – what we’re doing in peacetime and in wartime." [3]

In his first public comments since assuming his new command, Alexander was already speaking of its role within a war context.

A few days before, Strategic Command chief Chilton and Deputy Secretary of Defense William Lynn also asserted that CYBERCOM’s next priority is "to develop the rules of engagement of cyber warfare." [4]

On the rare occasions when the Pentagon’s establishing an unprecedented military command for cyber operations is mentioned in the news media at all, the preferred word in defining its purpose is defense. When military and Defense Department personnel speak among themselves more direct terms are employed: Warfare, warfighting, wartime, rules of engagement, battlefield, battlespace.

Regarding Washington’s use of the word defense in general, when the U.S. changed the name of the Department of War to the Department of Defense in 1949 it achieved one thing: The name was changed. A year later the Defense Department was embroiled in the Korean War.

The American military has not been used to defend the U.S. mainland since 1812, when the United States instigated a war with Britain by invading Canada. It has not been used even to defend American territories since the less-than-effective defense of Pearl Harbor in 1941 (Hawaii did not become a state until 18 years later) and ensuing fighting in even more remote island possessions: The Philippines, Guam, Wake Island and the Midway Atoll.

During the U.S.’s first war in Europe, initially in France and later in Soviet Russia from 1917-1919, Washington called its armed forces what they were. Expeditionary.

In the war waged by the U.S. and NATO against Yugoslavia in 1999 and in the invasion of Iraq four years later the two countries’ power, broadcasting and telecommunications networks were targeted for disabling and destruction. In the case of Yugoslavia graphite bombs were used to shut down the nation’s electrical power grid.

Recent rumors that the Stuxnet computer virus was used to attack Iran’s civilian nuclear power plant at Bushehr provide an example of how the capabilities CYBERCOM is developing for its offensive, its wartime, contingencies could be employed. In a world increasingly dependent on information technology, cruise missiles and graphite bombs have been superseded by cyber attacks.

In addition to the Pentagon’s Prompt Global Strike project [5] for launching intercontinental ballistic and hypersonic cruise missile strikes anywhere in the world within 60 minutes, with the interval to shrink to a fraction of that time in the future, and with the development of super stealthy strategic bombers able to evade radar and air defenses and penetrate deep into the interior of targeted countries, a global cyber warfare capability would render the world defenseless in the face of American blackmail. And attacks. The foreign equivalents of the Pentagon’s Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) system could be neutralized.

Not only would Iran be vulnerable, but Russia and China as well.

The September-October edition of Foreign Affairs, the journal of the Council on Foreign Relations, contains an article by Deputy Secretary of Defense William Lynn called "Defending a New Domain: The Pentagon’s Cyberstrategy" in which he announced that "the Pentagon has built layered and robust defenses around military networks and inaugurated the new U.S. Cyber Command to integrate cyberdefense operations across the military," [6] and where he spelled out the five components of the Pentagon’s cyber warfare strategy:

  • Cyber must be recognized as a warfare domain equal to land, sea, and air;
  • Any defensive posture must go beyond “good hygiene” to include sophisticated and accurate operations that allow rapid response;
  • Cyber defenses must reach beyond the department’s dot-mil world into commercial networks, as governed by Homeland Security;
  • Cyber defenses must be pursued with international allies for an effective “shared warning” of threats; and
  • The Defense Department must help to maintain and leverage U.S. technological dominance and improve the acquisitions process to keep up with the speed and agility of the information technology industry. [7]

The Defense Department is due to release a cyber strategy document this autumn, synchronized with the full operationalization of CYBERCOM and ahead of the NATO summit in Portugal on November 19-20.

On August 28 the Washington Post ran a feature entitled "Pentagon considers preemptive strikes as part of cyber-defense strategy" which detailed the following:

The Defense Department is working on "an aggressive approach" to cyber operations which "includes preemptive actions such as knocking out parts of an adversary’s computer network overseas."

According to Pentagon budget documents, it is developing a full range of weapons capabilities to permit "attack and exploitation of adversary information systems" that will "deceive, deny, disrupt, degrade and destroy" information and information systems.

The deployment of software and hardware tools for the above purposes is "the next logical step in a cyber strategy outlined last week by Deputy Secretary of Defense William J. Lynn III," one of so-called "active defense." [8]

In August CYBERCOM chief General Keith Alexander spoke at the LandWarNet 2010 conference in Tampa, Florida whose theme was Providing Global Cyber Dominance to Joint/Combined Commanders. He reiterated the contention that "cyberspace is now a domain alongside air, land, sea, and space." [9] More ominously, he added: "We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us." [10]

For "active defense" read the capacity to launch preemptive attacks not only on individual hackers but on entire national computer networks.

The Washington Post cited an unnamed senior Pentagon official arguing the same point: "I think we understand that in order for us to ensure integrity within the military networks, we’ve got to be able to reach out as far as we can – once we know where the threat is coming from – and try to eliminate that threat where we can." Even though "taking action against an attacker’s computer in another country may well violate a country’s sovereignty." [11]

A reporter from the newspaper warned that "The Pentagon has standing rules of engagement for network defense, such as the right of self-defense. But the line between self-defense and offensive action can be difficult to discern." [12]

Reactions to the above statements and others like them have emanated from Russia and China, if not from official sources. A Russian website posted an analysis last month under the title "US gets ready to knock the world offline" which stated that "After October 1 [the original date for activating CYBERCOM as an independent command] thousands of US military hackers and spies will get down to their cyber war activities." [13]

The author reminded his readers that in April of this year Central Intelligence Agency Director Leon Panetta unveiled the CIA 2015 blueprint for the next five years, the "second pillar" of which includes "investing in technology to extend the CIA’s operational and analytic reach and becom[ing] more efficient. Agency personnel must be able to operate effectively and securely in a rapidly changing global information environment. The plan boosts the CIA’s potential for human-enabled technical collection and provides advanced software tools…." [14]

In May, the same month CYBERCOM was activated, the White House approved this year’s Cyberspace Policy Review.

The Russian source also said that "Numerous publications in the US mass media show that the reform of the national cyber defense forces as well as the introduction of the doctrine and strategy of cyber war are soon to be completed. As for the US cyber strategy, we can assume that it is in line with the general concept of US global leadership." [15]

A few weeks ago an article appeared in the Global Times by a researcher at the Development Research Center of the State Council of China who wrote, "To control the world by controlling the Internet has been a dominant strategy of the US" and "the national information security strategy of the US has evolved from a preventative strategy to a preemptive one."

"The ultimate goal is for the US to [have] the ability to open and shut parts of the Internet at will."

The article claims that in 2004 the U.S. shut down the "ly" domain name and cut off all Internet services in Libya and "In May 2009, Microsoft announced on its website that they would turn off the Windows Live Messenger service for Cuba, Syria, Iran, Sudan and North Korea, in accordance with US legislation." [16]

The Washington Post story quoted from earlier added that the Pentagon’s disabling of a Saudi website in 2008 "also inadvertently disrupted more than 300 servers in Saudi Arabia, Germany and Texas." [17]

The Chinese author further asserted that "the five core areas of Internet infrastructure are monopolized by US":

  • IT giants, including high-performance computers, operating systems, database technologies, network switching technologies and information resource libraries.
  • Across the world, around 92.3 percent of personal computers and 80.4 percent of super computers use Intel chips, while 91.8 percent of personal computers use Microsoft operating systems, and 98 percent of core server technology lies in the hands of IBM and Hewlett-Packard.
  • Meanwhile, 89.7 percent of database software is controlled by Oracle and Microsoft, and 93.5 percent of core patented network switching technology is held by US companies.
  • After the control of Internet infrastructure and hardware and software systems, the US is now turning to Internet content.
  • The US government has adopted macro-control and focus-funding to actively use IT giants to create a global Internet infrastructure which could be manipulated by the US. [18]

He also mentioned that Senator Joseph Lieberman, chairman of the Senate Committee on Homeland Security and Governmental Affairs, recently presented to his colleagues in the Senate a bill called Protecting Cyberspace as a National Asset which provides for the president to "order Google, Yahoo and other search engine operators to suspend Internet services.

"And other US-based Internet service providers could also be under the control of the president when ‘Internet security emergencies’ occur.

"If so, the US president would officially have the power to open or close the Internet." [19]

The Chinese expert’s apprehensions were confirmed by retired Air Force general Michael Hayden – director of the National Security Agency from 1999-2005, principal deputy director of National Intelligence from 2005–”2006 and director of the CIA from 2006-2009 – who last month stated, as paraphrased by Reuters, that "Cyberterrorism is such a threat that the U.S. president should have the authority to shut down the Internet in the event of an attack." In his own words: “My personal view is that it is probably wise to legislate some authority to the President, to take emergency measures…when he feels as if he has to take these measures” [20]

The Pentagon and the White do not intend to act alone in developing an international cyber warfare structure.

U.S. cyber warfare security experts met in Omaha, Nebraska shortly after CYBERCOM was inaugurated in May for a two-day Strategic Command Cyberspace Symposium which included "cyber commanders from several U.S. combatant commands, NATO, Japan and the U.K." [21]

In the same month, May, the NATO Group of Experts headed by former U.S. Secretary of State Madeleine Albright released its report, NATO 2010, which stated "NATO should plan to mount a fully adequate array of cyber defence capabilities, including passive and active elements." [22]

A feature three weeks later in the Sunday Times of London disclosed that "A report by Albright’s group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation.

"’A large-scale attack on Nato’s command and control systems or energy grids could possibly lead to collective defence measures under article 5,’ the experts said."

The article also cited a legal expert at NATO’s Cooperative Cyber Defence Centre of Excellence established in Estonia in 2008 affirming that "because the effect of a cyber attack can be similar to an armed assault, there is no need to redraft existing treaties." That is, the Alliance’s Article 4 – used to move Patriot anti-ballistic missiles into Turkey on the eve of the war against Iraq in 2003 – and its Article 5 – used for NATO’s participation in the war in Afghanistan – can be evoked and activated in the event of a cyber attack.

The Sunday Times piece added:

"[NATO] concerns follow warnings from intelligence services across Europe that computer-launched attacks from Russia and China are a mounting threat.

"NATO is considering the use of military force against enemies who launch cyber attacks on its member states.

"The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China." [23]

The preceding month the 13th NATO Cyber Defence Workshop was held in the Estonian capital of Tallinn. Speaking to the attendees, Defence Minister Jaak Aaviksoo said, "The robust national cyber security systems of Allies will be building blocks of a convincing NATO cyber defence capability." [24]

In June a four-day international conference "tackling the issue of cyber conflicts" was held at the NATO center in Estonia, which borders Russia. A keynote address was delivered by Melissa Hathaway, Cybersecurity Chief at the U.S. National Security Council.

Gloria Craig, Director for International Security Policy at Britain’s Ministry of Defence, insisted on the urgency of expanded cyber warfare capacities, stating "As of now NATO is not prepared for a global cyberattack." [25]

Also in June, over "100 participants from leading global IT companies, the banking sector, the intelligence community, NATO, the EU and other institutions" attended the Cyber Defence in the Context of the New NATO Strategic Concept conference in Romania, which issued a report advocating that "NATO must accelerate efforts to respond to the danger of cyber attacks by protecting its own communications and command systems, helping Allies to improve their ability to prevent and recover from attacks, and developing an array of cyber defence capabilities…." [26]

In August NATO revealed that it has created a new Emerging Security Challenges Division "in order to deal with a growing range of non-traditional risks and challenges," including cyber operations. "The Emerging Security Challenges Division brings together various strands of expertise already existent in different parts of NATO Headquarters. Merging this work into one Division will give it greater focus and visibility." [27]

This month NATO’s Consultation, Command and Control Agency (NC3A) organized a conference in the Czech Republic, and the Alliance’s advanced technologies procurement agency announced that "NATO is looking at beginning to invest up to 930 million euros ($1.3 billion) in 2011 and 2012 in multi-year projects to address key security challenges, such as cyber defence, support to NATO’s Afghanistan effort and maritime security." [28]

A recent report divulged that in an interview with the Suddeutsche Zeitung NATO Secretary General Anders Fogh Rasmussen said he wants the Alliance to "extend the definition of attacks which trigger activation of the alliance to include cyber attacks" [30] as part of the new Strategic Concept to be endorsed at its summit next month.

In mid-September the Pentagon’s second-in-command, William Lynn, was in Brussels to address the North Atlantic Council, NATO’s highest governing body, as well as a defense-related think tank. [29]

Rallying Washington’s military allies ahead of the summit in November, he said: "NATO has a nuclear shield, it is building a stronger and stronger [missile] defence shield, it needs a cyber shield as well….The Cold War concepts of shared warning apply in the 21st century to cyber security. Just as our air defences, our missile defences have been linked so too do our cyber defences need to be linked as well." [31]

As Lynn arrived in Brussels U.S. European Command was finishing the 15-day Combined Endeavor 2010 exercise, "the world’s largest military communications and information systems exercise," at the Joint Multinational Simulations Center at the Grafenwoehr Training Area in Germany, Altogether there were 1,400 participants from 40 countries:

The U.S., Germany, Austria, Afghanistan, Armenia, Albania, Azerbaijan, Bulgaria, Bosnia, Britain, Canada, Croatia, the Czech Republic, Denmark, Estonia, France, Finland, Germany, Georgia, Hungary, Italy, Iraq, Ireland, Kazakhstan, Lithuania, Macedonia, Moldova, Montenegro, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Switzerland, Spain, Serbia, Turkey and Ukraine.

A U.S. European Command spokesman said of the event: "There’s an ‘endeavor’ now in the Pacific, Pacific Endeavor. There is one in North America that uses South America and Canada to interconnect their network communication systems. This exercise that we do here in Grafenwoehr has branched-out world-wide, and every major command is launching their version of it." [32]

Since 2006 the U.S. has also led Africa Endeavor military exercises on the continent, "Africa’s largest communications interoperability exercise," [33] first under U.S. European Command and recently under the new U.S. Africa Command. Africa Endeavor 2010 was held in Ghana in August with the participation of 36 African nations.

Worldwide is the correct word for the military network the Pentagon has built in recent years, as is evidenced by the nations participating under U.S. command in Combined Endeavor 2010 and Africa Endeavor 2010: 75 countries with Afghanistan and Iraq among them.

American-led multinational training exercises and war games on the same scale are routinely held throughout Europe, at the moment this year’s second Joint Warrior exercise – Europe’s largest war games – in, off the coast and over the skies of Scotland with 30 countries, 10,000 troops, 30 warships, three submarines and 21 air and helicopter units. Military maneuvers of comparable size occurred during the summer in the Asia-Pacific region when the U.S. led this year’s 14-nation Rim of the Pacific war games, the world’s largest multinational maritime exercise, with an estimated 22,000 troops, 34 ships, five submarines and over 100 aircraft involved. [34]

Last month’s Combined Endeavor exercise in Germany included a cyber defense component for the first time. Participants from 26 countries and two organizations, NATO and the Cooperative Cyber Defence Centre of Excellence based in Estonia, engaged in planning for cyber operations at the Joint Multinational Simulations Center in Grafenwoehr from September 3-15.

Since the end of the Cold War, and especially in the past decade, the Pentagon has expanded its activities – bombing campaigns, wars, invasions, multinational maneuvers and war games, base building and takeovers, troop and missile shield deployments, training programs, establishing military transport networks – throughout the world.

Through the eastward expansion of NATO, the world’s only military bloc, and the launching of U.S. Africa Command two years ago, the U.S. has gained military dominance over two entire continents.

It has military partnerships with almost every nation in Europe, Africa, the Middle East and Asia, and has acquired new bases and other military facilities in Eastern Europe, Africa, the Middle East, Asia, the South Pacific and South America: Kosovo, Bulgaria, Romania, Hungary, Poland, Djibouti, Seychelles, Iraq, Israel, Kuwait, Afghanistan, Kyrgyzstan, Australia and Colombia.

Washington has increased its military presence in several continents to achieve its 21st century geopolitical objectives. To control access to and the transport of hydrocarbon resources, the Pentagon has expanded its role in the Persian Gulf, Africa’s Gulf of Guinea, the Black Sea and in nations near the Caspian Sea Basin. With the reactivation of the U.S. Fourth Fleet in 2008, the U.S. is positioned to dominate the Caribbean Basin, including Colombia, Venezuela and Panama on its southern shores.

The U.S. is putting the pieces in place for a global interceptor missile system with the deployment, directly and with partners, of Patriot Advanced Capability-3, Standard Missile-3, Terminal High Altitude Area Defense, X-Band Radar and other missile shield components to Poland, Israel, Bahrain, Kuwait, Qatar, the United Arab Emirates, Japan, South Korea and Australia, with the Black Sea, the Mediterranean Sea, Baltic Sea and South Caucasus as planned future sites.

The Pentagon will be satisfied with nothing less than full spectrum dominance throughout the world – and above the world. It is now adding to its military superiority in the realms of land, air, sea and space control of the fifth battleground: Cyberspace.

Notes:

[1]. American Forces Press Service, September 8, 2010

[2]. U.S. Cyber Command: Waging War In World’s Fifth Battlespace, Stop NATO, May 26, 2010
http://tinyurl.com/23fefqj

[3]. Agence France-Presse, June 4, 2010

[4]. Stars and Stripes, June 2, 2010

[5]. Prompt Global Strike: World Military Superiority Without Nuclear Weapons, Stop NATO, April 10, 2010
http://tinyurl.com/y3eapdt

[6]. William J. Lynn III, Defending a New Domain:The Pentagon’s Cyberstrategy, Foreign Affairs, September/October 2010
http://tinyurl.com/34wktth

[7]. U.S. Department of Defense, August 25, 2010
http://www.defense.gov/news/newsarticle.aspx?id=60600

[8]. Ellen Nakashima, Pentagon considers preemptive strikes as part of cyber-defense strategy, Washington Post, August 28, 2010
http://tinyurl.com/2a2a59g

[9]. United States Army, August 4, 2010

[10]. Army News Service, August 3, 2010

[11]. Washington Post, August 28, 2010

[12]. Ibid

[13]. Leonid Savin, US gets ready to knock the world offline, Strategic Culture Foundation, September 6, 2010
http://tinyurl.com/3y6vtud

[14]. Central Intelligence Agency, April 26, 2010

[15]. Strategic Culture Foundation, September 6, 2010

[16]. Chen Baoguo, US controls threaten Internet freedom, Global Times, August 24, 2010
http://tinyurl.com/2uvldd3

[17]. Washington Post, August 28, 2010

[18]. Global Times, August 24, 2010

[19]. Ibid

[20]. Reuters, September 26, 2010

[21]. Stars and Stripes, June 2, 2010

[22]. North Atlantic Treaty Organization
http://tinyurl.com/2wqg45j

[23]. Sunday Times, June 6, 2010

[24]. North Atlantic Treaty Organization, June 3, 2010

[25]. Agence France-Presse, June 9, 2010

[26]. North Atlantic Treaty Organization, June 7, 2010

[27]. Defence Professionals (Germany), August 4, 2010

[28]. Reuters, October 7, 2010

[29]. NATO Provides Pentagon Nuclear, Missile And Cyber Shields Over Europe, Stop NATO, September 22, 2010
http://tinyurl.com/37umgle

[30]. The H Security, October 1, 2010

[31]. Agence France-Presse, September 15, 2010

[32]. United States European Command, September 8, 2010

[33]. U.S. Africa Command, January 12, 2010

[34]. Asia: Pentagon Revives And Expands Cold War Military Blocs, Stop NATO, September 14, 2010
http://tinyurl.com/2uefe24