Professional Documents
Culture Documents
710088893
710088893
Billy Mitchell
On September 12, 1918 at St. Mihiel in France, Col. Wil-
liam Mitchell became the first person ever to command
a major force of allied aircraft in a combined-arms opera-
tion. This battle was the debut of the US Army fighting
under a single American commander on European soil.
Under Mitchell’s control, more than 1,100 allied aircraft
worked in unison with ground forces in a broad offen-
sive—one encompassing not only the advance of ground
troops but also direct air attacks on enemy strategic tar-
gets, aircraft, communications, logistics, and forces beyond the front lines.
After World War I, General Mitchell served in Washington and then became
Commander, First Provisional Air Brigade, in 1921. That summer, he led joint
Army and Navy demonstration attacks as bombs delivered from aircraft sank
several captured German vessels, including the SS Ostfriesland.
His determination to speak the truth about airpower and its importance to
America led to a court-martial trial in 1925. Mitchell was convicted, and re-
signed from the service in February 1926.
Mitchell, through personal example and through his writing, inspired and en-
couraged a cadre of younger airmen. These included future General of the Air
Force Henry H. Arnold, who led the two million-man Army Air Forces in World
War II; Gen. Ira Eaker, who commanded the first bomber forces in Europe in
1942; and Gen. Carl Spaatz, who became the first Chief of Staff of the United
States Air Force upon its charter of independence in 1947.
Mitchell died in 1936. One of the pallbearers at his funeral in Wisconsin was
George Catlett Marshall, who was the chief ground-force planner for the St.
Mihiel offensive.
ABOUT THE MITCHELL INSTITUTE: The General Billy Mitchell Institute for Airpower
Studies, founded by the Air Force Association, seeks to honor the leadership
of Brig. Gen. William Mitchell through timely and high-quality research and
writing on airpower and its role in the security of this nation.
ABOUT THE AUTHOR: Dr. Rebecca Grant is an airpower analyst with nearly 20
years of experience in Washington, D.C. She is a Senior Fellow of the Lexing-
ton Institute and president of IRIS Independent Research. She has written
extensively on airpower and serves as director, Mitchell Institute, for the Air
Force Association.
November 2008
A Mitchell institute special report
TABLE OF CONTENTS
4
The Rise of Cyber War
Appendices
22
Remarks by Air Force Secretary Michael W. Wynne
C4ISR Integration Conference, Nov. 2, 2006
26
Remarks by Homeland Security Secretary Michael Chertoff
Chamber of Commerce on Cybersecurity, Oct. 14, 2008
31
Foundational Doctrine Statement and Selected Definitions
Overseas, an August 2008 conflict between Rus-
sia and the small neighboring state of Georgia saw a
wave of Russian cyber assaults directed against the
government of Georgia; civilian computer experts had
to step in to restore services.2 There has reportedly
been a series of foreign-origin attacks on networks at
the State, Commerce, Defense, and Homeland Secu-
rity departments over the past several years, known by
the code-name Titan Rain.3 According to the Washing-
ton Post, US government officials and cyber‑security
professionals believe some large attacks dating from
2005 that targeted US nuclear‑energy labs and large
defense contractors, had ties to Chinese Web sites.4
At home, Washington launched a multi‑step pro-
gram to put cyber security on a more urgent foot-
ing. President Bush in early 2008 signed a directive
expanding intelligence community powers to monitor
Internet traffic and repel mounting attacks on fed-
Air Force Gen. “Cyber warfare is already here,” Deputy Secretary eral government computer systems.5 The classified
Kevin P. Chilton,
commander of of Defense Gordon England remarked in early 2008. memorandum—National Security President Directive
US Strategic
Command: “I In October of that year, Homeland Defense Secretary 54/Homeland Defense Presidential Directive 23—ap-
firmly believe we’ll plies to both agencies. It authorized a new task force,
be attacked in Michael Chertoff warned that the threat is on the rise.
that domain. Our “The reality is that cyber attacks aren’t decreasing, headed by the Director of National Intelligence, which
challenge will be
to continue to said Chertoff. “They are increasing in frequency, so- now manages US efforts to identify the source of
operate in that
domain.” (US Air phistication, and scope, and this has major implications cyber‑attacks against government systems. DHS will
Force photo) work to protect the computer systems; the Pentagon
for our national and economic security.” Air Force Gen.
Kevin P. Chilton, speaking with Pentagon reporters in will prepare plans for counterattacks.
Washington, D.C., expressed growing concern from a The approval of the combined NSPD/HSPD
military standpoint. “I firmly believe we’ll be attacked in marked the most far‑reaching effort to date by the
that domain,” said Chilton. “Our challenge will be to con- United States government to neutralize threats in
tinue to operate in that domain.”1 cyberspace. Meanwhile, the Air Force and Navy both
Call 2008 the year that cyberspace—its vulnerabil- tightened their focus on cyberspace with key organiza-
ity, its defense, and its exploitation—passed the point of tional changes to cyberspace commands, while NATO
no return as a major issue for national security officials. stood up a cyber response organization.
International events and the confluence of several ma- “In the area of cyberspace, both nation states and
jor government moves drove the subject of cyberspace non‑state actors continued to seek ways and means to
higher up the list of priorities for Americans. counter the advantages we obtain from our use of in-
1. “Cyber Warfare a Major Challenge, Deputy Secretary Says,” John J. Kruzel, American Forces Press Service, March 3, 2008. “Remarks on Cyber
Security to the Chamber of Commerce” Michael Chertoff, Office of the Press Secretary, Department of Homeland Security, Oct. 14, 2008. Gen.
Kevin P. Chilton, transcript of remarks to the Defense Writers Group, March 4, 2008.
2. “Tulip Systems Tries to Keep Other Georgia’s Web Sites Safe,” Kristi E. Swartz, Atlanta Journal Constitution, Aug. 17, 2008.
3. “Hackers Attack Via Chinese Web Sites,” Bradley Graham, Washington Post, Aug. 25, 2005.
4. “Bush Order Expands Network Monitoring, Intelligence Agencies to Track Intrusions,” Ellen Nakashima, Washington Post, Jan. 26, 2008.
5. Nakashima, Washington Post, Jan. 26, 2008.
formation and to turn those same advantages against always been the case with sophisticated weapons of
us in both conventional and unconventional ways,” said war. Despite the secrecy, the broad outlines of key cy-
Assistant Secretary of Defense Michael Vickers in tes- ber uncertainties are plain enough to stir discussion.
timony before a House subcommittee.6 This paper addresses three of these areas. They
The shock of such attacks’ scope and magnitude are:
was a point of consensus among top government of- n Definition of cyberspace as a domain of military
ficials. operations.
“The kind of attack that you would worry about is n Organization of the services, departments, and
the kind of thing we saw in Estonia last year—a deni- agencies to meet cyber challenges.
al‑of‑service attack, where they flood the system with n Development and assessment of theories of cy-
so many e‑mail ‘botnets.’ You don’t shut the system berspace power.
down, but you slow it down to the point that it’s unus- Nothing written here is the final word on these sub-
able,” said Chilton.7 As England assessed the situation: jects. In fact, the opposite is far closer to the truth. De-
“I think cyber attacks are probably analogous to the bate is just now starting to pick up steam. That debate
first time, way back when people had bows and arrows is necessary to pull together strong, sound national
and spears, and somebody showed up with gunpowder security policy for this newest domain: cyberspace.
and everybody said, ‘Wow. What was that?’”8
Despite unprecedented high‑level government at- A DOMAIN OF ELECTRONS AND
tention, cyberspace remains an area of dispute and CONSCIOUSNESS
mystery. Some critics contend it is not a bona fide do- Over the last decade, cyberspace has become an
main of warfare.9 Others criticized what they claimed essential integrating medium for military operations,
were questionable Air Force motives for its effort to one in which US armed forces want and need superior-
organize and streamline its cyberspace capabilities.10 ity. Indeed, US Strategic Command already treats cy-
At the same time, allies and potential competitors are berspace as a vital war-fighting domain. “We’ve found
working to improve their own cyberspace capabilities. ourselves becoming dependent on it in the way we con-
The past few years have been consumed with ef- duct ... military operations and so you would expect an
forts to organize cyberspace and evaluate threats— adversary to try to counter those advantages that the Russia’s conventional-
some to military and government systems, and many United States has to bring to the fight,” said Chilton, force attack
on Georgia in
to the privately‑owned infrastructure that extends USSTRATCOM commander.11 Summer 2008 was
accompanied by
cyberspace throughout US commerce and daily life. The emergence of a new domain of combat is an cyber attacks on
that nation’s critical
What’s missing is serious progress in understanding exceedingly rare event. Warfare on land has always systems. (AP photo/
how to think about cyberspace as a new warfighting been with us. War at sea came along quite a bit later, Darko Bandic)
domain.
Understanding and plans do not spring into be-
ing overnight. It took several decades to establish the
place of airpower in national defense strategies and in-
ternational rules for armed conflict. With cyberspace,
the challenges will be similarity large and onerous. They
range from mastering the forensic tasks of attack at-
tribution all the way to much broader questions about
proportionality of response and legitimacy of certain
targets.
Much remains to be done in terms of thinking
through the implications of cyberspace as a warfight-
ing domain. Doubtlessly, the most fascinating discus-
sions occur behind a veil of secrecy. However, this has
6. Testimony of Michael Vickers, Assistant Secretary of Defense, hearing of the House Armed Services Subcommittee on Strategic Forces, Feb.
27, 2008.
7. “General Lays Out Challenge of Defending Cyberspace,” Jim Garamone, American Forces Press Service, March 14, 2008.
8. “Cyber Warfare a Major Challenge, Deputy Secretary Says,” John J. Kruzel, American Forces Press Service, March 3, 2008.
9. See for example William Matthews, “US Cyber Command’s Mission Remains Unclear,” Defense News, April 8, 2008.
10. See for example Noah Shachtman, “Air Force Will Fight Online Without Cyber Command,” Wired, posted Oct. 9, 2008.
11. Gen. Kevin P. Chilton, transcript of remarks to the Defense Writers Group, March 4, 2008.
12. Gen. James A. Cartwright, Commander of US Strategic Command, interview with the author, Sept. 14, 2007.
13. “Joint Vision 2010,” Gen. John M. Shalikashvili, Office of the Chairman of the Joint Chiefs of Staff, July 1996.
14. See for example Vice Adm. Arthur K. Cebrowski and John J. Garstka, “Network-Centric Warfare: Its Origin and Future,” USNI Proceedings,
January 1998.
15. “A Brief History of the Internet,” Barry M. Leiner et al, Internet Society (http://www. isoc.org/internet/history/brief/shtml).
16. “About the NSA,” National Security Agency Central Security Service memorandum, (http://www.nsa.gov/publications/publi00015.cfm)
tities affects today’s view of cyberspace as a domain. not the case with cyberspace and the electromagnetic
Second, cyberspace actually incubated within the US spectrum.
Intelligence Community, not the nation’s military forces, The Joint Staff’s Joint Net-Centric Campaign Plan,
and was thus shaped by early Intelligence Community published in October 2006, promulgated a definition
doctrine created for information warfare. of cyberspace as “a domain characterized by the use
In a way, these primordial features of the cyber of electronics and the electromagnetic spectrum to
world have actually made it harder to grasp the reality store, modify, and exchange data via networked sys-
of cyberspace as a domain. On the one hand, it was in- tems and associated physical infrastructures.”17 In
vestment in communications, intelligence, and informa- other words, the spectrum was declared to be the
tion functions that laid the foundation of today’s military true physical location of cyberspace. This determina-
cyberspace. On the other hand, we have yet to disen- tion solved a conceptual problem that had bedeviled all
tangle our modern cyberspace concepts from old-style thinking on the subject. It established that cyberspace
“information operations.” These information opera- was not limited to “the Internet” or defined by the num-
tions and cyber operations are closely related, but they ber of routers or users or their protocols. It could be
aren’t the same thing. There are key distinctions. lots of other things, whose physical manifestation lay
Two stand out. First, information warfare hinges within the electromagnetic spectrum.
on use of refined content—deception, psychological However, some early attempts to help clarify cy-
manipulation, counter-propaganda, influence opera- berspace as a domain have almost done more harm
tions, shaping—to achieve desired results. All of these than good by leaning too much on the electromag-
actions may be carried out in and through cyberspace netic spectrum. The false definition of cyberspace as
and be greatly enhanced thereby. However, various in- being any type of moving energy led in some cases to
formation operations are really nothing more than a arcane and essentially pointless debates about the “cy-
set of tools—information packages that support various berness” of earlier electronic applications—from tele-
strategies and policies in the “real” world. Cyberspace,
on the other hand, is an actual domain, an arena for Command center at
USSTRATCOM, Offutt
many different types of actions. That is the essential AFB, Neb., which in
recent years has
difference. been given a charter
for global operations,
Second, there are differences in the value of the including the offensive
transmitting medium. Most information operations cyber mission. (DOD
photo)
are nothing more than age-old warfare techniques
pioneered long before the rise of cyberspace. Decep-
tion, creation of operational security, some forms
of electronic warfare, and similar techniques can be
used without a resort to tightly integrated computer-
to-computer networks. True, use of cyberspace may
greatly enhance the speed and power of these kinds of
information operations, but don’t let this confuse you.
Cyberspace is a domain, a place, a theater. So-called
information operations are just directed missions.
Similar conceptual confusion grows out of the in-
terrelationship of cyberspace and the electromagnetic
spectrum. The intellectual linking of these two concepts
is essential, of course. After all, being a warfare domain
requires some sort of physical existence. The problem
stems from trying to draw a distinction between the
two things. This is a new problem. The line between
land and sea is easy to determine. The line between air
and space is more difficult to draw, but at least air and
space have very obvious physical differences. That is
17. “Joint Net‑Centric Campaign Plan,” Joint Chiefs of Staff, Washington, D.C., October 2006 (http://www.jcs.mil/j6/ c4campaignplan/JNO_
Campaign_Plan.pdf )
18. Gen. Kevin P. Chilton, transcript of remarks to the Defense Writers Group, March 4, 2008.
19. “8th Air Force, AFCYBER Joint Forces to Provide the Right Tools for Cyber Success,” Maj. Gen. William T. Lord and Lt. Col. Stephen Matson,
Feb. 25, 2008.
20. “Cyberspace Command Logs In,” Henry Kenyon, SIGNAL Magazine, August 2007.
attempts to depict this domain visually. Typical images
include colored representations of the Internet con-
nections, images of people interacting with the Web
through computers, and mergers of global images
and Internet images. In each case, someone is trying
to depict cognition. The Internet grid maps attempt to
depict a domain. Images with people serve as symbols
of interaction in this domain. Taken together, the ubiq-
uitous themes mark a struggle to ascertain just what
the domain is and what it means. In fact, using images
in this way constitutes a classic Western philosophical
way of dealing with a new reality. It marks an important
step toward drawing cyberspace into the framework
of social and political agreements that shape nations
and the international system. Think of all the graphic
artists images of cyberspace. They are trying to do two
things: depict the domain’s phenomena and depict the
human connection to it. The most famous of these im-
ages, seen on this page, is the photo of World Wide World Wide Web
on cyberspace policy, privacy, rules of engagement, pioneer Tim Berners-
Web pioneer Tim Berners-Lee holding a glowing gold differentiation between foreign and domestic issues, Lee with his golden
orb. (Getty image/
orb. It’s an attempt to express our connection to the and develop military response options. If history is any Catrina Genovese)
cyber domain. guide, the only way to get there will be through intense
Another big thought entails viewing cyberspace discussion of theory as well as practice, for the theory
as a new world “commons.” Think of Bruegel’s famous of cyber security, ultimately, will express the will of the
painting (shown opposite) of medieval merchants and people.
peasants cavorting in the town square. Or, just think In a sense, the “domain debate” is a preoccupa-
of New York’s Times Square on any New Year’s Eve. tion of only one community—the US defense commu-
The idea of the commons—like that of a city or a na- nity. Outside of it, thinkers have long since moved on to
tion-state—occupies a highly important symbolic posi- other matters. Agonizing domain debates do not occur
tion in international politics. It emanates from the re- in China, for example. There, cyberspace operations
lationships among nations and business entities, the already have been incorporated into a sophisticated, Pieter Bruegel’s
concept of “the
people in them, and their commerce and security. All commons.”
of our carefully drawn international rules flow from this
concept of the global commons. Within nations, de-
mocracies look to the rules of the commons for their
authority.
This is part of the enormous challenge posed by
cyberspace. As a physical, virtual, and cognitive do-
main, cyberspace creates a new commons, generat-
ing serious concerns about how to secure it and make
it usable for all parties in the face of the pressures and
dangers posed by nation-states. Surely, current inter-
national norms, practices, and law will help, but the
nation-state issues are tough. The old concepts and
standards of sovereignty do not function well in this cy-
ber world, where the limits of national ownership and
responsibilities are fuzzy and attack attribution can be
so difficult to establish.
We eventually will need a clearer understanding
of how the new commons should function. It is impera-
tive to develop it if we are to make further progress
21. “China and Taiwan Spar in Cyberspace,” Jabin T. Jacob, Institute of Peace and Conflict Studies, New Delhi, November 2003.
22. “Merkel: China Must Respect ‘Game Rules’,” Christopher Bodeen, Washington Post, Aug. 27, 2007.
23. “Chinese Official Accuses Nations of Hacking,” Edward Cody, Washington Post, Sept. 13, 2007.
24. “China’s National Defense in 2004,” a Whitepaper released by the State Council Information Office, Dec. 27, 2004.
25. “China’s Aspirations for Information Dominance,” Donald L. Fuell, National Air and Space Intelligence Center, unclassified briefing, 2006.
26. “Annual Report to Congress: Military Power of the People’s Republic of China,” Department of Defense, February 2008.
10
threat.”27 Deptula went on to call attention to China’s
proliferating abilities to deny, degrade, and disrupt
cyberspace operations, labeling it a “major threat” to
joint force operations.
In light of the actions of nations such as China,
it is important to keep a weather eye on how the do-
main may evolve. Cyberspace as a domain will always
comprise physical, virtual, and cognitive elements, but,
already, day-to-day operations within the domain have
been changed by the introduction of new technologies.
New and disruptive shifts within the domain are virtu-
ally certain to occur. Some, such as major changes in
where data resides, will have the potential to drasti-
cally alter the way militaries carry out operations in
cyberspace.
Now on the horizon is one such disruption called
“cloud computing.” It marks a potentially large shift in
the layout of the domain itself. To understand why, one
needs to have a grasp of the Pentagon’s concept of a
“Global Information Grid,” or GIG. The early definition of
Among the biggest
this GIG rested on assumptions about transport and noted Stephen Baker, writing in Business Week.28 In ev- recipients of Pentagon
cyber funding is
application layers, one of which was that most process- ery case, the cloud achieves the same purpose as the the supersecret
ing of data would take place at user sites—command 1960s-era supercomputer. It increases search com- National Security
Agency, the national
post screens, individual desktops, or airborne systems. plexity and speed. However, a supercomputer is to the cryptological and
signals intelligence
Analogies with a national power grid were apt—both cloud as candles are to a bonfire. As Baker wrote, “At establishment
headquartered at
input and output occurring at known locations. Data the most basic level, it’s the computing equivalent of Ft. Meade, Md. (DOD
might be exchanged over the GIG, but it would in the the evolution in electricity a century ago when farms photo)
end come to rest at a known site. In the worst case and businesses shut down their own generators and
attack scenario, a terminal could be disconnected, but bought power instead from efficient industrial utilities.”
users would hold on to data at their work stations and The ramifications for national security are poten-
F-15s go into action
continue to work until a connection was restored. The tially enormous. The cloud computing concept trans- in the 1991 Gulf War.
Trace elements of
application resided in a specific computer, not in the fers more “value” to the network itself. In a larger cyber war could be
GIG itself. sense, it confirms that the domain is not necessarily found even in that
conflict. (USAF photo)
However, cloud computing has begun to change
that model. Cloud computing is a general term for what
airmen might call “offboard data.” In this case, it’s best
defined as activity using any collection of servers stor-
ing vast amounts of data and linking them together
for applications. There’s no single cloud, since various
companies and organizations assemble their own. The
Internet is essential to the cloud and functions as its
transport layer.
For illustration, take the case of Google, the search
engine megalopoly. Its cloud is a network consisting of
possibly as many as a million cheap servers, each about
as powerful as a home personal computer. Combined,
they store staggering amounts of data, including nu-
merous copies of the World Wide Web, and produce
answers to billions of queries in a fraction of a second,
27. Lt Gen David A. Deptula, DCS/ISR, “Global Threat Awareness Brief,” Jan. 18, 2008.
28. “Google and the Wisdom of the Clouds,” Stephen Baker, Business Week, Dec. 13, 2007.
12
domain, but they fall more or less neatly into five major
categories. They are:
n The US military services.
n The 16-agency Intelligence Community (includes
defense and service intelligence entities).
n US Strategic Command at Offutt AFB, Neb.
n Agencies of the Department of Defense.
n Agencies of the Department of Homeland Secu-
rity.
Seen from a purely budgetary perspective, the
Defense Department clearly dominates. Most of the
funding that flows through the cyber world comes from
the Pentagon and goes out to its military, civilian, or
intelligence entities. Big recipients are the National Se-
curity Agency, headquartered at Ft. Meade, Md., and
USSTRATCOM, which in recent years has been given
a charter for global operations. The Department of
Homeland Security also spends lots of money on cy- tion Systems Agency has been the Commander of the Air Force Lt. Gen.
Robert Elder (r),
berspace. JTF-GNO, with responsibility for operation and defense commander of 8th Air
Force, was the first
Even a quick read of the map of US federal cyber of the Global Information Grid. Information assurance, leader of USAF cyber
entities shows glaring requirements for better orga- protection, and delivery are the main goals of the JTF- efforts. “Cyberspace
superiority,” he
nizational structures. Each service command has a GNO. At the theater level, JTF-GNO staffs and man- said, is “a predicate
to achieving land,
different philosophy. USSTRATCOM has a clear mis- ages Theater NetOps Centers. These were created by air, sea, and space
dominance.” He is
sion, but liaison with the regional commands is still in mergers of the Defense Information Security Agency’s pictured here with
the formative stages. Just to execute efficient cyber Regional Network Operations and Security Centers, Marine Corps Gen.
James Cartwright.
operations a refined organizational structure will be Regional Computer Emergency Response Teams, and (USAF photo/SrA.
Sonya Padilla)
necessary. The biggest “seams” are those between Regional Satellite Communication Support Centers.
the defense and intelligence worlds and between the The resulting centers establish, maintain, and provide
government and private civilian worlds. Responding to theater-level situation awareness on the global grid.
crises and preparing sound long range fiscal and stra- The centers offer several types of support to a com-
tegic policy will require a bridging of these gaps. It won’t batant commander. They offer technical expertise as
be easy. needed. They provide tactical control for theater net
Of all these actors, USSTRATCOM is the newest operations.
and also one of the more active and powerful. Cyber- While defense of the Global Information Grid falls
space is today a fighting domain, in the view of Strate- under USSTRATCOM’s authority, the individual services
gic Command. “You need to be able to operate, defend, manage and defend their own enterprise-level cyber
and attack in the domain, and then cross-domain,” networks. Each maintains network operations centers
said Chilton, “and I think there are opportunities to do and units able to assure critical network communica-
that.”29 tions in deployed settings, whether this means at a
USSTRATCOM has taken an unusual role as a uni- major overseas base, with expeditionary forces at an
fied command. It leads the development of cyberspace relatively austere forward operating location, or (in the
warfighting capabilities, rather than merely organizing case of the Navy) aboard ships at sea.
them, and is tied to various defense agencies in a way With thousands of airmen and billions of dollars
unlike other joint commands. The command became long since committed to the mission, the Air Force has
the agent for cyberspace when it took over responsibil- gone further than it ever before has gone, putting in
ity for Joint Task Force-Global Network Operations. This place a numbered air force dedicated to cyberspace
JTF-GNO has front-line responsibility for cyber support activities. Twenty-Fourth Air Force will become the Air
operations. Force’s warfighting cyber element. It will handle net-
Since 2004, the Director of the Defense Informa- work operations and develop offensive and defensive
29. “Military Needs Hackers, Stratcom Chief Says,” William H. McMichael, Army Times, Oct. 2, 2008.
14
there in cyberspace,” said Vice Adm. H. Denby Starling
II, its commander.30 Navy personnel, he added, “are en-
gaged in the fight against the enemy 24 hours a day,
seven days a week, 365 days a year.”
In 2002, the Navy had quietly acknowledged the
central role of cyberspace in its operations. The Chief of
Naval Operations, Adm. Vern Clark, declared informa-
tion operations to be a primary Naval Warfare Area,
equivalent to the service’s air, land, maritime, space,
and special operations mission areas.
For the Navy, information operations cover five
core capabilities: computer network operations, elec-
tronic warfare, psychological operations, military de-
ception, and operations security. Vice Adm. James D.
MacArthur Jr., who was NETWARCOM’S second com-
mander, described information operations as “a major
part of naval forces’ overall strategic planning and op-
erations to shape and influence potential adversaries’
understanding and intent” and a way to “enhance de- German Chancellor
terrence and accelerate the pace of operations.”31 race to organize, train, and equip for the cyber mission. Angela Merkel
confronted Chinese
NETWARCOM has evolved as what the Navy calls However, the service has recognized the importance of Premier Wen Jibao
about cyber issues
a “type” command, roughly equivalent to well-known attending to this matter. According to the 2008 Army during her first
three-star commands that control naval air forces or official visit to China.
Posture Statement, “Cyberspace is a new battlefield, Berlin had been a
submarines and apportion them to numbered fleets. and new thinking on how to operate within this environ- target of Chinese
attacks. (Getty
Like other type commands, the cyber command re- ment is required.”33 Images/Guang Niu)
ports to the four-star Fleet Forces Command in its The Army’s Network Enterprise Technology Com- On Nov. 2, 2006,
type role. NETWARCOM personnel monitor Navy net- mand (NETCOM) notes that it has the duty to “provide, Secretary of the Air
Force Michael W.
work operations. The command is also the enterprise sustain, and defend the Network Enterprise” in order Wynne formally defined
cyberspace as a USAF
provider for current and future networks. However, to “enable information superiority, and ensure operat- warfighting domain.
NETWARCOM is about operationalizing cyberspace, (USAF photo/Josh
Plueger)
too. The Navy has taken steps to incorporate cyber-
space into its operations directorates. Information
operations personnel are now organized under the op-
erations or N3 divisions of major commands. The com-
mand added functions when it incorporated the fleet
information warfare centers and naval security groups
into Navy information operations centers in 2005.
Going forward, NETWARCOM will be managing
retirement of legacy systems and new bids for major
network contracts for service-wide and afloat systems.
Starling also hopes to increase the command’s impact
as a warfighting type commander “to get a better view
of what’s going on in our ships, squadrons, and aircraft
every day in the fleet in C4I [command, control, com-
munications, computers and intelligence], potential
conflict, and networks.”32
The Army clearly lags the other services in the
30. Vice Adm. H. Denby Starling II, remarks during assumption of command of Naval Network Warfare Command, US Navy release, June 15,
2007.
31. Vice Adm. James D. MacArthur Jr., interview with CHIPS Magazine, US Navy, Fall 2004.
32. “Command Swells with New Responsibilities,” Maryann Lawlor, SIGNAL Magazine, December 2007.
33. 2008 Army Posture Statement, Information Paper: Cyber Operations.
16
NEW THREATS, NEW THEORIES
With the maturing of the cyberspace domain, new
visions of threats and theories of conflict have begun to
emerge at a rapid pace. This is unsurprising. National
competition and war in cyberspace are sure to bring
new vexations, as well as some of the more-classical
misfortunes of war as it has long been waged within
the international system.
The world got a glimpse of this in summer 2008,
with Russia’s armed attack on Georgia. Russia’s con-
ventional-force attack was accompanied by cyber at-
tacks on that small nation’s critical systems. Russia at-
tacked on the ground and in the air Aug. 9 and agreed
to a ceasefire on Aug. 13. In mid‑August, however,
American officials were still attempting to assess and
magnitude of the cyber attacks. On Aug. 14, Marine
Corps Gen. James Cartwright, Vice Chairman of the
Joint Chiefs of Staff, told Pentagon reporters: “Most of
what we have seen and been able to monitor and verify
is the defacing of Websites, not really as robust as de-
nial of service. And so, what we’re trying to understand Lt. Gen. David A.
warfare are very possible,” Sachs wrote on Aug. 16, Deptula (l), USAF’s
is, working our way back, what are the implications? deputy chief of staff
Can we really tie this to the military activities, or was 2008, but, “is a botnet or a Website defacement an for intelligence-
surveillance-
this more of a separate group that had a more political act of war?”40 reconnaissance,
warned that China’s
agenda? Those are unknowns at this point.”38 Compared to Sachs, however, other observers growing cyber
were far more concerned. “Cyberweapons are becom- capabilities pose “a
Some time later, Chertoff observed: “The Geor- major threat” to joint
gia‑Russia conflict ... [was] perhaps the first instance ing a staple of war,” noted Siobhan Gorman in the Wall force operations.
(USAF photo)
of a military action with a cyber component. Denial of Street Journal.41 “The Georgian conflict is perhaps the
service attacks launched from Russian IP addresses first time they have been used alongside conventional
against Georgia occurred when we saw military action military action.” At least, it might be the first time for a
taken by Russians against the Georgian government. nation other than the United States.
Large swaths of Georgians could not access any in- The Georgia conflict gave rise to chilling questions.
formation about what was happening in their country. There is overwhelming physical evidence that Tbilisi
Government websites were defaced and the delivery suffered some serious denial-of-service cyber attacks.
of government information and services were cur- However, as we have seen, the attribution of such at-
tailed.”39 tacks to a culprit was uncertain at best. Most of the
Not everyone was impressed with the Russian at- response was focused on restoring service to Geor-
tacks. One who found it lacking was Maurice H. Sachs gian agencies and companies. The cyber attacks point-
of the SANS (SysAdmin, Audit, Networking, and Secu- ed out that the policy and procedure for legitimate,
rity) Institute, a provider of computer security training sanctioned response remains embryonic at best. As
and professional certification. Sachs dismissed the cy- a Pentagon spokesman told WSJ’s Gorman, “It’s ulti-
ber component of the war as coincidence, saying that mately the perception of the country under attack as
low-level intrusion activity was akin to cockroaches in a to whether an act of war was committed.”42
kitchen—you don’t see them until you turn the light on. Indeed, cyberspace raises a number of difficult and
“I realize that I’m being very cynical here, and that the complex issues, starting with the unusually large array
future prospects of real, no‑kidding, nation‑state cyber of threat actors that are now in play. Already, the types
38. Gen. James Cartwright, Vice Chairman of the Joint Chiefs of Staff, DOD press briefing, Aug. 14, 2008, Washington, D.C.
39. “Remarks on Cybersecurity to the Chamber of Commerce,” Michael Chertoff, Office of the Press Secretary, Department of Homeland
Security, Oct. 14, 2008;
40. “Thoughts on the Russia vs Georgia Cyber War,” Maurice H. Sachs, Diary, Aug. 16, 2008 (http://isc.sans.org/diary.html?storyid=4903&rss).
41. “Cyber Attacks on Georgians are Reigniting a Washington Debate,” Siobhan Gorman, Wall Street Journal, Aug. 14, 2008.
42. Gorman, Wall Street Journal, Aug. 14, 2008.
43. “Command Swells with New Responsibilities,” Maryann Lawlor, SIGNAL Magazine, December 2007.
44. Testimony by J. Michael McConnell before Senate Select Committee on Intelligence, Feb. 5, 2008.
45. McConnell, testimony, Feb. 5, 2008.
18
a vast system. In the military and intelligence worlds no tion about rapidly metastasizing threats in cyberspace.
less than the commercial sphere, the dangers posed by Starling, of NETWARCOM, said the top service lead-
disgruntled, vindictive, criminally motivated, or foreign- ers are now aware of the importance of security, but
directed insiders is always a problem. Such attacks are getting the word out to uniformed service men and
much easier to carry out in the new wired world. women sometimes is a slow and difficult process.
In the past, the threat of the insider tended to fo- NETWARCOM’s commander, like others, has taken re-
cus on intelligence, and this has been a launching point sponsibility for closing that gap. Informing the fleet “is a
for the cyber insider, too. Notorious turncoat spies job that falls directly to me,” said Starling. “I think that
have caused substantial damage to national security education is something that we here at NETWARCOM
through the loss or compromise of sensitive informa- have to do.”48
tion. For disgruntled or compromised employees or The intellectual decision to treat cyberspace as a
contractors, the technology of insider cyber espionage domain has created an obligation on the part of de-
is close to hand. Chertoff said he was concerned about fense officials to explore its relation to, and impact
“the lowest-tech threat,” which he described as “some- upon, theories of conflict and power. Ultimately, the role
body coming with a thumb drive and downloading sen- of cyberspace in national security depends on how the
sitive information, including passwords, or planting domain and tools within it come to be regarded across
something [in a computer system] that enables some- the international community.
one to capture information and send it back over the
Internet.”46 According to the Homeland Security chief,
“That can cause as much damage as a classic hacking
attack.”
Individuals with network access can be duped into
providing personal data that compromises encryp-
tion. They might by accident insert into a computer a
compromised thumb drive or other device and upload
malicious code that damages the network. Intelligence
workers and officials know better than to open suspi-
cious, unfamiliar e-mails—assuming that any of these
are even permitted to reach an individual’s computer—
but they may visit World Wide Web sites which return
malicious code to their systems.
Awareness of the dangers is the vital ingredient for
cyber security against this form of intrusion. To 8th Air
Force’s Elder, cyber safety begins with understanding Two airmen update
network actions.47 Just as with flight safety or ground Statesmen, officers, academics, and thinkers antivirus software
at Air Force Cyber
safety, cyber safety depends on operational risk man- have had many centuries to develop norms of behav- Command (P),
Barksdale AFB, La.
agement enforced by supervisors. Some believe the ior and rules of the road for the two oldest fighting (USAF photo/TSgt.
Cecilio Ricardo Jr.)
government should set approval levels in accordance domains—land and sea. The air (and space) domain is
with degrees of risk. One technique is “whitelisting.” In much younger; still, it has been around for 10 decades,
this, agencies do not ban visits to certain sites (“black- and much thought has gone into devising international
listing”), but specify those specific sites which a worker concepts to govern behavior there. In all three cases,
may access, excluding all others. This technique, used nations have engaged in protracted periods of debate
in tandem with encryption, has come into increased before they come to an ultimate settling of major con-
use. cepts and laws. Next will come cyber space. To date,
All US armed services, agencies, commands, and most of the effort has gone into attempts to describe
operators agree they need more and better informa- and organize the domain. However, it should come as
46. “Remarks on Cybersecurity to the Chamber of Commerce,” Michael Chertoff, Office of the Press Secretary, Department of Homeland
Security, Oct. 14, 2008.
47. Interview with Lt Gen Robert J. Elder, July 2007.
48. “Command Swells with New Responsibilities,” Maryann Lawlor, SIGNAL Magazine, December 2007.
20
about tripwires and miscalculations in this new do-
main. Decades of superpower nuclear confrontation el-
evated the concept of miscalculation to the position of
“most-feared” source of conflict. In the post-Cold-War
world, it now seems that that title belongs to optimis-
tic expectations that a particular war will prove to be
easy, short, and not too destructive. Historian Geoffrey
Blainey believes it is a factor in the outbreak of war.
“When the first nations formally declared war on one
another, they were not consciously declaring the begin-
ning of what came to be called the war of 1914‑1918,”
wrote Blainey.53 “They were rather declaring the begin-
ning of what they hopefully believed would be the war of
1914, or at worst, the war of 1914‑1915.” What Blainey
termed “the complicated trellis of hope” blunted fear of
the destruction of war with the confidence of speedy
victory.
Unfortunately, there is no obvious reason to be-
In 1990, Harvard
lieve that war within cyberspace will be exempt from cyberspace even now is up for grabs. Professor Joseph
such bone-headed tendencies of human behavior. Com- Once begun, conflict in cyberspace could carry Nye (center, in 2004
photo) coined the
petition in cyberspace may be even more subject to the some traditional and very nasty baggage, just in new term “soft power”—
non-military and
sense that attacks can be swift, successful, and leave forms. One of these is the dreaded stalemate, as non-economic means
for “altering the
opponents reeling with confusion. Added to the incen- seen most bloodily in World War I. Stalemate among behavior of others to
tive is the greater chance of escaping attribution. Even too‑evenly matched powers is not a far-fetched or im- get what you want.”
Is cyber power an
if the source of an attack can be determined, it is still probable prospect for cyberspace. Multiple top‑tier element of soft
power? (Harvard
possible that the presence of innocent bystanders or competitors already exist. News Office photo/
Rose Lincoln)
even friendly forces along the cyber pathways will deter The hope that cyberspace may spread the ratio-
armed reaction. The danger of damage from “friendly nality of commerce and therefore impede war-making
fire” would be too great. should also be taken cautiously. Thinkers from Machia-
Competition in the cyberspace domain may be velli to Norman Angell have observed periods of flour-
more likely than in other domains simply because the ishing commerce and communication and promulgated
threshold is low. Many have noted this, but usually theories of peace with enlightened self‑interest at their
without fully exploring the consequences. One of the center, the idea being that nations with so much wealth
most common observations is that barriers to entry at stake would never risk it for something primitive like
are extremely low. There is no need to build expensive power or ambition. In fact, there are those today who
expeditionary joint forces. With the Internet in place see the rise of cyberspace as brokering a new medium
as the transport layer of worldwide communications, free of kings and conquests. However, history suggests
the attack arena is already in place near to hand. War the most likely path is that cyberspace becomes one
is easier to characterize in hindsight than to predict, more arena of war, unfortunately.
but the ongoing level of intrusion attacks signals that
53. “The Causes of War,” Geoffrey Blainey, (The Free Press,1988) p. 35‑36.
(http://www.airforce-magazine.com/DocumentFile/speeches/Pages/wynne_spch110206.aspx)
I want to discuss with you today a subject I regard I would salt and pepper persistence in there as well.
as extremely critical: the freedom of cyberspace. That is why, after 53 years, we are again seeking 21st
Just last week, Deputy Secretary of Defense Gor- century parallel strategic assets in the form of new
don England, speaking before a major network warfare tankers and global strike to meet our responsibilities
audience, listed the attempts of hackers, “cyber-vigilan- in the air domain, emphasizing expeditionary, as well as
tes,” terrorists, and even hostile nation-states to de- persistent strategic options, to ensure the robustness
grade our fighting networks as the single issue that he of the nation’s global power; and recognizing that the
spends “more time thinking about in the middle of the replacement of our satellite constellation is at hand, to
night, than any other.” fulfill our global vigilance task.
Before addressing cyberspace directly, I want to Now, consider how cyberspace stands in relation
set some context, first as to the mission of the Air to the topic of this conference. The topic is “C4ISR.” For
Force, then as to the topics of this conference, and many in the military and certainly for others in the daily
also as to what we are learning from current combat. walk of life, it helps to take a moment and parse the
The mission of the Air Force is to deliver sovereign elements of the acronym.
options for the defense of the United States of Ameri- There are four Cs—command, control, computers
ca and its global interests—to fly and fight in air, space, and communication, then, intelligence, surveillance,
and cyberspace. This was defined a year ago, and then and reconnaissance.
codified a month later, on December 5, 2005. It started with “command and control,” an old mili-
“Delivering sovereign options” means operating tary studies term. Nowadays the two words are sepa-
across the joint spectrum so that we provide to the rated as being two individual items, subject to debate.
President scalable choices that are unlimited by dis- There was even sometimes confusion as to whether
tance and time, and span the entire range from hu- the “I” is “intelligence” or “information.”
manitarian assistance to nuclear strike, kinetic, and Here are some things to notice. First, the whole
non-kinetic. term C4ISR has the mantle of familiarity—we don’t
In short: global reach, global vigilance, global power. step back and pick it apart.
This includes the powerful option to use timely in- Second, each component is a function—not a battle
formation to deter and to avoid use of kinetic weap- domain, but a function—a form of activity or service.
onry. General Curtis LeMay emphasized this when he Third, the six functions are a grab-bag, bundled
said, “Peace is our profession,” making it the slogan of over the years. While connected in a sense as func-
the Strategic Air Command. tions that move data, they are disparate as to physics.
All these options have one common foundation— But by common assent, we group them for conversa-
persistent, lethal, overwhelming air, space, and cyber- tion. This facilitates research in the varied areas of
space power massed and brought to bear anywhere, sensors, electronic attack, and access and compiling
anytime. of commander-level information extracted from gath-
Thus, the Air Force serves by being prepared to ered data.
set strategic, and then, if needed, also tactical condi- Finally, the functions all are vital flows within each
tions for deterrence, dissuasion, or defeat, and in this of the battle domains of land, sea, air, space, and, as we
way offer to our commanders options throughout the shall see, in cyberspace.
spectrum of conflict. I have brought a video that illustrates the flows of
Air Force Chief of Staff General Moseley likes to C4ISR functions—that means, the flow of data—in bat-
say, “The soul of an Air Force is range and payload.” tle, today. As you watch the video I ask you to consider
22
two questions: So, now let us turn to the imperatives our country
First, now that we have enhanced the application confronts in the cyber domain and the actions which
space for networked operations and really moved com- the Air Force is taking. Here are some scenarios that
munications trust and reliability to a prominent posi- emphasize the imperatives:
tion in our concept of operations, how do we defend the Right now, a terrorist lies on his belly in a dusty
net on which all our capabilities depend? ditch. He holds a radio transmitter to detonate an im-
Second, what new habits of thought do we need to provised explosive device, to kill Americans as they con-
adopt in order to create the capacity to deter, guard, voy across a stretch of broken asphalt. His use of cy-
rescue, strike, and assess in what will probably be the berspace is currently being contested, but not always.
cyberfight of the 21st century? Right now a drug trafficker sits under a tarp in
[video segment] a boat, bobbing off a Caribbean beach, setting up,
The video illustrates the components of what I call potentially, a cocaine drop for nightfall. He gets GPS
the “information mosaic.” The whole data net—analog coordinates on a SATCOM phone from a controller a
and digital, pixels and composites, images—from all continent away. His use of cyberspace is practically un-
sensors that can be collected and downloaded and contested.
crossloaded for use by all in the fight. Right now a finance technician is moving US dol-
By filtering critical data from the “information lars via laptop to support terrorist ops, while sipping
mosaic” to the strategic planner and right out to the coffee in an internet cafe. His use of cyberspace is
weapon system itself, we increase flexibility and lethal- practically uncontested.
ity. This requires common gateways such as cursor-on- Right now a foreign government engineer is in the
target to maximize data usage. As assistant Secretary net using stolen American technology to build radar
of Defense John Grimes recently put it—it is about the and navigational jammers to counter American air su-
data, and maximizing access. periority. His use of cyberspace is uncontested.
All the information flow moves in the cyber domain, Right now a foreign hacker is crashing an Ameri-
meaning the entire flow can be vulnerable to a cyber- can server that holds a web site with data he does not
space attack. like. His use of cyberspace is uncontested, though sub-
Let’s look at the two questions I asked before the ject to pursuit.
video: Right now rogue securities traders, sex traffick-
First, how shall we defend the communication net ers, and data thieves are poised at computers world-
on which all our capabilities depend? This question is wide, reaching into the American net. In a speech just
critical. Our ability to fight in ground, sea, air, and space last week, Attorney General Alberto Gonzales voiced
depends on communications that could be attacked his concern about the predators who range through
through cyberspace. The capital cost of entry into the cyberspace, accosting our children. Their access to cy-
cyberspace domain is low. The threat is that a foe can berspace is uncontested, though, again, they are sub-
mass forces to weaken the network that supports our ject to some pursuit.
operations in any battle domain. The other side of the Each of these examples is real. I could name many
coin of netcentric operations is cyber vulnerability. De- more.
fending and fighting in the cyber domain is absolutely What we are seeing is that the cyberspace domain
critical to maintain operations in ground, sea, air and contains the same seeds for criminal, pirate, transna-
space. tional, and government-sponsored mischief as we have
The second question is, what new habits of thought contended with in the domains of land, sea, air, and now
do we need in order to create and develop technology, contemplate as space continues to mature.
and to fight in the 21st century? This reminds us of the history that it is military
The answer is to go back to my comment at the capabilities that long ago helped make it possible to
start, and think in terms of trust. Our operations in free the Barbary Coast of pirates, so that our world
each of our services all rely on trust. That is, the pilot of commerce and ideas could enjoy freedom of the
can trust information that a target is the foe, not inno- seas, and that freedom of the seas continues to be
cent inhabitants of a school building or hospital or em- sustained thanks to the US Navy and Coast Guard
bassy. The ground fighter with a communication device partnership with the appropriate authorities in coastal
can trust that the device is not being tracked by a foe, jurisdictions.
potentially exposing the ground force unnecessarily. This refers also to the idea that America’s opera-
This new way of war is data-dependent. So we need tions in air and space set the strategic conditions for
to think in terms of trust and securing trust. world commerce to enjoy freedom of the skies.
24
long been engaged in fighting in cyberspace. force, bringing a new strategic dimension to the fight. It
Good stewardship means attending to the system- was the vision of such leaders as Hap Arnold, Ira Eaker,
atic training, organizing, and equipping that is our job. and Curtis LeMay. In this century, the Eighth Air Force
This includes especially attending to the career pro- will be the home of new breakthroughs. This is a noble
gression of the airmen involved in cyberspace, includ- home for the mission of ensuring freedom in a whole
ing our guard, reserve, and civilian professionals. new domain.
The step included consultation with General As I close, here are key points to bear in mind:
James Cartwright, the commanding general of US The focus is to make the Air Force mission com-
Strategic Command, for he is a principal commander plete on an organize, train, and equip basis. Properly
to whom I have the duty to present organized, trained presenting trained and ready forces offers the right
and equipped cyberspace forces. sovereign options in this domain.
We stood up a cyberspace task force in January, This is a battle domain in which the Air Force oper-
led by military strategist Dr. Lani Kass.... The task force, ates with, and supports our sister services, first re-
composed of officers from across the Air Force, has sponders, and many times non-government organiza-
spent the past ten months gathering data, research- tions and the many non-military authorities who also
ing options. work to keep cyberspace secure. There are many part-
We addressed cyberspace extensively at the four- ners across this domain.
star level during a major warfighting meeting in July. There will be careers and a strong future for the
General Moseley and I have subsequently tasked the airmen whose work is in the cyberspace domain. Air
commanders of Air Combat Command and Air Force Force personnel experts are at work now forming the
Space Command to submit a proposal for establishing career and schooling paths that ensure a full career
an operational command for cyberspace. with full opportunities for advancement to the highest
We tasked the commander of Air Education and ranks of the Air Force, for our military and civilian pro-
Training Command to develop a training plan and the fessionals.
commander of Materiel Command to analyze the re- When planning and fighting in cyberspace as
sourcing plans with Air Staff assistance to support an a battle domain, the task is one for the professional
operational cyberspace command. warfighter, that is, the trained military professional who
The new cyber command is designated as the 8th lives, and breathes, and thinks the principles of war. The
Air Force, with a long and strategic deep strike heri- Air Force has long had these professionals in uniform,
tage, under the leadership of Lieutenant General Rob- and I honor them for their service to our country.
ert Elder. He will develop the force by reaching across As I look across this room, I marvel at the harness-
all Air Force commands to draw appropriate leaders ing of technology, the invention of applications, and the
and personnel. representation of the strength that each of you em-
The 67th Wing and other elements under 8th Air body.
Force provide the center of mass for this startup activ- It gives me confidence that freedom of cyber-
ity. General Elder remains as a force provider to com- space will be secured. The technological innovations
batant commanders. that many of you are directly responsible for, plus the
Simultaneously, General Elder has been asked by courage and bravery of our networked force, from mis-
General Moseley and me to develop a roadmap that sile defense to tactical commanders and the men and
could be used to grow the cyberspace command “up- women they command, defend every day the freedoms
wards” and have the framework of a full major com- we enjoy in all five domains.
mand, a peer with Air Combat Command and Air Force And now, I turn to you and conclude with this ques-
Space Command. We expect that this work will stretch tion. I hope that each of you can ponder it and help our
out for the bulk of this next year. services and our country find the best answers: In this
The mission of bombers now within the 8th Air 21st century, how shall we best carry out the C4ISR
Force will remain. functions in the cyberspace domain?
It is fitting that this historic step, the elevation of Thank you for your service, for your continued sup-
cyber to major command status, will take place from port; and may God continue to bless the United States
the heart of the 8th Air Force. The 8th Air Force is a of America. Thanks for allowing me the honor to pro-
home of heroes. In World War II, it was a breakthrough vide the keynote address for this important forum.
(http://www.dhs.gov/xnews/releases/pr_1224091491881.shtm)
I would like to thank the Chamber for inviting me to ever, cybersecurity is not exclusively, or even largely, a
discuss one of the most important initiatives we have federal responsibility, or something the federal govern-
ever undertaken at the department, and in the country, ment can impose on the rest of the nation.
in the domain of homeland security. This, of course, has The federal government does not own the nation’s
to do with the issue of cybersecurity: the protection of IT networks or communications infrastructure, nor
our information technology and its networks.... would we want to force a burdensome and intrusive
This is a major priority for this administration and security regime on what is, clearly, one of the most
I am convinced will be a major priority for the next ad- fluid, dynamic, and reliable engines of our economy. On
ministration. In fact, this month is National Cyber Secu- the other hand, that doesn’t mean that cybersecurity
rity Awareness month. In recognition of this particular is solely a private sector responsibility either. While
moment in time, the President has actually asked me the vast majority of the nation’s cyber infrastructure
to share a message from him to you. is in private hands, the reality is that its benefits are
As follows, “I send greetings to those observing so widely distributed across the public domain, and so
Cyber Security Awareness Month. Americans and integrated and interdependent in the various different
American business rely on the Internet and protect- sectors of our economy, that we face clear national
ing its infrastructure is essential to our economy, se- security risks and consequences with respect to its
curity, and way of life. This month is an opportunity for protection.
citizens to learn how to guard themselves and their No single person or entity controls the Internet or
families, businesses, and information against online IT infrastructure. There is no centralized node, or data-
threats. My administration has taken important steps base, or entry point. No single person, or company, or
to strengthen our defenses against cyber attacks. In government can fully protect it. On the other hand, the
2002 the Department of Homeland Security was cre- failure in even one company, or one link of the chain,
ated to help protect America, including online. In 2003 can have a cascading effect of everybody else. That is
the National Strategy to Secure Cyberspace created why protecting our IT systems and networks has to be
a framework to help prevent cyber attacks against a partnership in which all of us have to bear our share
America’s infrastructure, reduce vulnerability to cyber of responsibility.
attacks, and minimize damage and recovery time from If you wanted an illustration on how important pro-
cyber attacks that do occur. In January this year, my ad- tecting interdependent systems are, and how impor-
ministration implemented the National Cyber Security tant a partnership is with respect to trust, just look
Initiative to protect federal networks, and explore ways at what is going on in the financial area. This has not
to assist industry in securing their infrastructure. I ap- been an IT problem, but it has been an all too dramatic
preciate all those dedicated to securing the Internet. illustration of what happens when there is a failure of
Your efforts play a key role on an important front of our trust across a large domain of institutions. Much of the
nation’s security....” solution to this crisis is one that requires a partnership
Unquestionably, cybersecurity is the issue that between the private sector and public sector. I would
touches all of us both in our business capacities and as argue that as we, hopefully, preempt any crisis in the
individuals in terms of the way our families deal with our area of our IT networks and the Internet, the only way
own home computers. It is an issue that will continue to do that is a joint effort in partnership between the pri-
be on the front burner through the next administration. vate sector and all elements of government.
Unlike some other areas of homeland security, how- Let me say there is also a very strong business
26
case to be made for cybersecurity apart from the na- technical capability and targeting, and today operate
tional security case. Most companies understand their a pervasive, mature economy in illicit cyber capabilities
own interest in investing in security measures that will and services that are made available to anybody who
help shield them from attacks or disruption or will give is willing to pay.
them resilience to recover quickly if an attack occurs. As we have seen recently, cyber threats can im-
I would also venture to say customers’ trust can easily pact both individuals and nations alike. Let me give you
be lost in this day in age if the systems through which two examples. First, the Georgia-Russia conflict of ear-
people do business with companies become degraded, lier this year, perhaps the first instance of a military ac-
or inoperable, or corrupted. This element of trust and tion with a cyber component. Denial of service attacks
confidence, which is the very DNA of the Internet, is re- launched from Russian IP addresses against Georgia
ally the highest value of what allows us to function and occurred when we saw military action taken by Rus-
take advantage of the very fluid and beneficial qualities sians against the Georgian government. Large swaths
of having a network 21st century world. of Georgians could not access any information about
Today I would like to talk about the specific ac- what was happening in their country. Government web-
tions the federal government is proposing to take to sites were defaced and the delivery of government in-
protect cyber infrastructure. The private sector’s role formation and services were curtailed.
in this effort and what you can do to help us protect A similar denial of service attacked was perpetrat-
cyber systems and cyber infrastructure. First, let’s talk ed in 2007. On the criminal side of the house, earlier
about threat. You know, the Internet has been around this summer in August I announced the largest ID cyber
for about two decades. For about the same amount of theft in history. This was a Secret Service case involv-
time we have been dealing with cyber attacks. Some ing 40 million credit card numbers that had been sto-
people might be tempted to suggest that cyber at- len from nine major retailers through a sophisticated,
tacks are merely a cost of doing business, a nuisance international scheme perpetrated through what they
we have dealt with in the past and can deal with in the call “war driving.” This involved capturing the wireless
future, and there is no real reason to treat this as a transmission of this information from point to point so
concerted national priority. I think that would be a very it could then later be converted into data that could be
misguided approach and I am sure everyone here un- used for criminal purposes. This scheme led to millions
derstands why. of dollars being withdrawn from the bank accounts of
The fact is, because in the 21st century and our innocent consumers all around the world. As I said, it is
reliance on the Internet for everything we do, whether the worst case of identity theft in US history.
is the homework our kids do at school, or the business The reality is that cyber attacks aren’t decreas-
transactions we engage in multi-billion dollar financial ing. They are increasing in frequency, sophistication,
institutions, we have invented an era of new threats and scope and this has major implications for our na-
and greater vulnerabilities in the cyber domain. I am tional and economic security. So, how do we protect
sure everyone here understands the consequences of ourselves from malicious activity whether it is criminal
failure have become correspondingly greater and that in nature, whether it is an extension of state power,
is why we are at a moment now where we have to act whether it is government or commercial espionage,
with greater urgency and purpose than ever before. or whether it is routine hacking by people who are in-
The intelligence community has publicly stated its terested in showing their cyber hacking skills to their
assessment that nations, including Russia and China, friends. The answer is a comprehensive cybersecurity
have the technical capabilities to target and disrupt initiative.
elements of the US information infrastructure, or to From the government’s perspective, the first
use that infrastructure to collect intelligence and other thing we need to do is to ensure that our own house
kinds of information. Nation states and criminal groups is in order, that our federal civilian networks are ad-
target our government and private sector information equately protected. That means we have to be able to
networks in order to gain competitive advantage in the look across the government and civilian domains, just
commercial sector, as well as in the area of security. as the Defense Department looks across the military
Terrorist groups, including Al Qaeda, Hamas, and Hez- domains, and assess what the vulnerabilities are, re-
bollah have expressed the desire to use cyber means duce the points of vulnerability, put into effect the kinds
to target the United States. Criminal elements contin- of tools and regimes that will reduce or eliminate the
ue to show a growing and alarming sophistication in possibility of attack, and then, using a 24/7 monitor-
28
we were able to get from across the federal govern- of the Internet and all the commerce and activity that
ment, it enables us to detect, in real time, if an attack occurs on the Internet, will only succeed in multiplying if
is underway. It is a little bit like moving from policemen people are confident that they will not lose their crown
who investigate the crime after the fact to the police- jewels when they play in cyberspace. It is easy to man-
men who is actually standing, watching people go by age the systems for purchasing goods or getting on
on the road and the highway, and when the policemen eBay, or exchanging information would become much
sees a suspicious character he or she calls into the less appealing if there were more and more stories
potential target and warns them there is a suspicious about people losing their most secure information,
character on the way. You’re asking me here: “You have their most secure financial data every time they get
a cop who sees a suspicious character? Why doesn’t onto the Internet. So, my belief is that, more and more,
he just stop him and arrest him on the spot?” That is the issue of cybersecurity is going to be a cutting-edge
Einstein 3.0. That is where we move from intrusion de- area in which smart kids are going to realize there is a
tection, to intrusion prevention. That is a system that great future, because there is going to be an incredible
we are currently working to develop which would allow demand to keep security up with the increasing expo-
us when we see and detect malicious code, or other nential growth of the Internet as a tool of commerce,
indications of an attack, to actually stop it cold before it as well as a tool of social networking. Here is where
permeates and infects our systems. That is the first el- private sector cooperation is particularly critical. A lot
ement of creating lines of defense. Reducing the entry of this work is going to be done with you and we want
points and building better capabilities to protect, and to make sure you are focused on this....
ultimately prevent, penetration. How do we work with the private sector to secure
The next focus area, which is defending against not only our own networks but also to help you to se-
full spectrum threats, includes protecting the global cure your networks? We have a structure in place that
supply chain, working with the private sector to have allows us to do this at DHS and as you all know it is the
better validation about the source of critical elements National Infrastructure Protection Plan. It is a model
of software and hardware, particularly for those sys- in which we have 18 sectors of the national economy
tems where we have high value information that we we have identified, we work with sector coordinating
want to protect and secure. At the same time, [we councils, representatives of industry, and government
need] old-fashioned counter intelligence, working with coordinating councils to set goals and priorities and ex-
our government systems to make sure we are prevent- change information about security as it relates to the
ing people from committing old-fashioned espionage particular sector we are talking about. Recognizing, for
against us—stealing our data, stealing our passwords, example, the needs of the financial community are very
stealing our capabilities, or implanting in our systems different from that of the commercial real estate sec-
trap doors that can be used against us. tor or the communication sector.
Finally, the third focus element [is] shaping the What we have done is go back to these sectors
future environment. We are working across the gov- and we have asked under each of these plans that in-
ernment domain to help recruit and build the next gen- dustry and government look at cyber risks and mitiga-
eration of cybersecurity professionals. That is going tions. We are going to bring all this together through
to mean, in particular, working with the private sector our cross-sector Cyber Security Working Group, look-
to boost cyber education, training, and recruitment, ing in particular at interdependencies, information
as well as working to fund leap-ahead technology and sharing, and cyber issues that affect multiple sectors
game changing capabilities that will enable us to in- or cut across all the sectors. We are going to explore
crease our cybersecurity. Some months back I was out options to share Einstein, or similar capabilities includ-
in Silicon Valley. Someone was saying to me that part ing capabilities drawn from across the entire govern-
of the problem is, when people graduate from college ment, with interested industry partners.
or graduate school, their focus tends not to be on tech- I want to be clear; this is an invitation, not a man-
nology, but developing new systems that are faster, date. We are not in the business of telling the private
move more readily vertically and horizontally, and are sector you must do this, you must let us in, we are go-
quicker at processing data. It seems that cybersecu- ing to sit on top of you. That would be the easiest way to
rity has become a little bit of a stepchild. I am going to alienate most of the people who use the Internet. What
suggest that that is going to change in the very near we are going to do is offer a service, offer an invitation.
future, if it hasn’t changed already. Ultimately, the value For those in the private sector who want to take us up
30
Cyberspace Operations
Air Force Doctrine Document 2-11 [extract]
Draft 2008
FOUNDATIONAL DOCTRINE STATEMENTS appropriate air and space operations center (AOC).
Foundational doctrine statements are the basic Gaining and maintaining access is a critical first
principles and beliefs upon which AFDDs are built. Oth- step to achieving effects in other domains and coun-
er information in the AFDDs expands on or supports tering adversary use of cyberspace.
these statements. US forces should be capable of operating
Cyberspace is a global domain within the infor- through a cyberspace attack. They should recognize
mation environment consisting of the interdependent and isolate an attack while continuing to perform criti-
network of information technology (IT) infrastructures, cal actions. Following an attack, they should be able to
including the internet, telecommunications networks, reconstitute and regenerate capability rapidly.
computer systems, and embedded processors and Operations in cyberspace can have significant
controllers. effects in other domains.
Friendly use of cyberspace needs to be protect- To be successful in this new era of cyberspace
ed and an adversary’s use countered in support of US operations, life-long learning is paramount.
objectives. Cyberspace professionals are individuals trained
The vastness, complexity, volatility, and rapid to establish, control, and project combat power in and
evolution of cyberspace place a premium on continu- through cyberspace.
ous intelligence preparation of the operational environ-
ment (IPOE). SELECTED DEFINITIONS
Ensuring freedom of action in cyberspace is a computer network exploitation. Enabling opera-
complex undertaking that requires comprehensive situ- tions and intelligence collection capabilities conducted
ational awareness, understanding of relevant network through the use of computer networks to gather data
segments, and an exceptionally fast decision cycle to from target or adversary automated information sys-
dominate command and control within the domain. tems or networks. Also called CNE. (JP 1-02)
Cyberspace superiority is the degree of domi-
nance in cyberspace of one force over another that cyberspace. A domain characterized by the use of elec-
permits the conduct of operations by the former and tronics and the electromagnetic spectrum to store,
its related land, air, sea, space, and special operation modify, and exchange data via networked systems and
forces at a given time and place without prohibitive in- associated physical infrastructures. (AFDD 2-11).
terference by the opposing force.
Defensive operations seek to deter adversaries cyberspace superiority. The degree of dominance in
from intruding on friendly networks, detect and deny cyberspace of one force over another that permits the
access when attacks are attempted, minimize the ef- conduct of operations by the former and its related
fectiveness of attacks, and determine their source(s). land, air, sea, space, and special operation forces at a
Offensive operations deny, degrade, disrupt, given time and place without prohibitive interference by
destroy, alter, or otherwise adversely affect an adver- the opposing force. (AFDD 2-11).
sary’s ability to use cyberspace in support of US objec-
tives. defensive cyberspace operations. Actions taken to
Once cyberspace superiority is achieved, offensive create, sustain, and defend friendly use of cyberspace.
operations take advantage of cyberspace freedom of ac- (AFDD 2-11).
tion by creating effects in other domains.
Operations to achieve cyberspace superiority electronic attack. Division of electronic warfare involv-
can be integrated with the operational rhythm of the ing the use of electromagnetic energy, directed energy,
electronic warfare. Military action involving the use network attack. The employment of network-based
of electromagnetic and directed energy to control the capabilities to destroy, disrupt, corrupt, or usurp infor-
electromagnetic spectrum or to attack the enemy. mation resident in or transiting through networks. Also
Electronic warfare consists of three divisions: electron- called NetA. (AFDD 2-5).
ic attack, electronic protection, and electronic warfare
support. Also called EW. (JP 1-02) network defense. The employment of network-based
capabilities to defend friendly information resident in or
electronic warfare support. Division of electronic transiting through networks against adversary efforts
warfare involving actions tasked by, or under direct to destroy, disrupt, corrupt, or usurp it. Also called
control of, an operational commander to search for, NetD. (AFDD 2-5).
intercept, identify, and locate or localize sources of in-
tentional and unintentional radiated electromagnetic network operations. Activities to operate and defend
energy for the purpose of immediate threat recogni- the Global Information Grid. Also called NetOps. (JP 1-
tion, targeting, planning and conduct of future opera- 02).
tions. Also called ES. (JP 1-02)
nonkinetic. Actions or effects that do not physically al-
electromagnetic spectrum. The range of frequencies ter the material characteristics of a target. Non-kinetic
of electromagnetic radiation from zero to infinity. It is actions may have lethal or nonlethal results. Examples
divided into 26 alphabetically designated bands. Also include use of cyberspace weapons, information opera-
called EMS. (JP 1-02). tions, or electronic warfare. (AFDD 2-11)
information operations. The integrated employment offensive cyberspace operations. Actions taken to
of the core capabilities of electronic warfare, comput- deny, degrade, disrupt, destroy, alter, or otherwise ad-
er network operations, psychological operations, mili- versely affect an adversary’s ability to use cyberspace
tary deception, and operations security, in concert with in support of US objectives. (AFDD 2-11).
specified supporting and related capabilities, to influ-
32
About the Air Force Association