US Military Seeks to Cyber Bomb Digital Combatants

The US Military is looking to cyber bomb digital enemy combatants (here) back to using an abacus, a stone tablet and some empty cans with string for calculations and communication.

The world has abandoned a fortress mentality in the real world, and we need to move beyond it in cyberspace. America needs a network that can project power by building an robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack.

The DoD’s mission statement is essentially to enable and support the warfighter – they exist for no other purpose. The mission of the warfighter is to deliver sovereign options for the defense of the United States of America and its global interests. It is quite natural for this enablement and support to extend beyond physical domains in a world with an increasing reliance on digital, satellite, and radio communications.

This recent RFP for a “Dominant Cyber Offensive Engagement and Supporting Technology” from the US AirFforce (here) details the requirements for a highly-sophisticated, stealthy, botnet with rootkit functionality. I have no doubt that the US military will implement and develop such a system. The question is can the US military effectively fight a cyberwar against a highly-distributed, disorganized, and undefined advesary?

One of the major challenges of the US Military in implementing effective offensive computing technologies is the same challenge we face in fighting terrorism today in the physical world. It is extremely difficult to attack a highly distributed enemy with loose or no central command and control structures. An army of independent combatants, connected only through a common ideology, taxes a military that has been optimized to defeat traditionally organized and centrally managed armies.

The challenge extends to cyber warfare as well in a even more exaggerated way. Cyber attacks against our national infrastructure are difficult to prove as state-sponsored, additionally the attackers can use spoofed IP addresses or route through compromised machines located in the US . Chinese backed hackers, for example, can work independent of the military and political establishments and in doing so present a radically different set of problems to the US Military which tends to suffer in effectiveness when the enemy is not clearly defined.

Additionally this method of decentralized warfare allows our enemies a many to one relationship in attacking the US. The US, on the other hand, is challenged by a one to many relationship with our attackers. Put another way, it is quite simple to develop weapons that can kill an elephant moving slowly through a savanna, but much more difficult to eliminate mosquitoes throughout the jungles of Southeast Asia, while limiting collateral damage to the butterfly population. This forces the US into a continual defensive or reactive posture that keeps us struggling to keep up with our current enemies tactics.

You should also read this post from Dancho Danchev (here)

The bottom line – why put efforts into building something that would generate a lot of negative publicity and might never materialize, when you can basically outsource the process and have the capability provided on demand? Just like the bad guys who do not have access to botnets do by using botnets as a service?

3 thoughts on “US Military Seeks to Cyber Bomb Digital Combatants

  1. Hi Amrit

    When I was taking a “vacation” to “someplace sunny”, we used to joke that bombing them into the stone age would be an improvement. =) A cyber bomb would also be an improvement–when people don’t have electricity in their mud home, why are we worried about Internet attacks?

    However, it does make sense for smaller invasions ala Panama, Granada, and the Faulklands Islands–you shut down their critical services (Internet) and combine it with an invasion. the lessons of the Estonia attacks have not gone unnoticed.

    Guess what? It’s not any different from what we do already: radio spectrum jamming and drop bombs on communications infrastructure first to keep the bad guys from responding to your attack. Come to think of it, Sherman’s March to the Sea did some of that, too–ripping up telegraph and railroad infrastructure to deny its use to the CSA.

    The reason you don’t rent botnet time is that the botnet operators have their own political agendas which might not coincide with your agenda when you need them. The only way to be sure is to build your own and keep it in reserve.

    As much as I cherish the thought of turning a botnet on every spammer, IRC skr1pt k1dd13, and 419 scammer, this is an offensive weapon that needs to be combined with a physical attack. If you use it all the time, it tips your hand before you need it.

  2. If we were going to invade someone, do we really think the Internet is a critical infrastructure that we need to packet flood?

    I don’t see how the fortress mentality isn’t still in place to some degree. As the author explains, the fortress mentality was rooted in layered defenses which he says are outdated. But then describes defense in depth for air bases. Which is it?

    The article goes into many other topics and leaps of logic and idea. It’s a good attempt to get us thinking, but it’s a lot of thinking about something ridiculous.

  3. Pingback: Cybergeddon: A Cyberwarfare Fable « Amrit Williams Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s