The US Army’s Cyberspace and Information Operations Division has just emphasized that we face an increasing threat from cyber-attacks, with both nations and non-state actors capable of launching increasingly sophisticated assaults on key information systems. In an interview earlier this month, Col. Carmine Cicalese outlined the risks of military and commercial espionage, as well as the more dramatic option of attacks that disable communications or even weapon systems.
Modern warfare increasingly depends on networks; we now use computer-based systems to handle most message traffic, maintain situational awareness, and target precision weapons. If an adversary can interfere with those networks, we’ll very quickly start to lose capabilities, and in an extreme case, we could find our entire chain of command paralyzed as systems shut down. In the early days of headquarters digitization, staff paid attention to “reversionary mode” – keeping field phones and map boards around in case the new systems went down – but these efforts soon turned to lip service. It’s doubtful that most HQs could manage a smooth translation back to offline work if they started to lose network capabilities.
In fact, the spectrum of possible threats to networks is enormous, ranging from a virus or DDoS attack to much more kinetic options. Russia has invested a lot of time and money into conventional EMP devices; delivered by a battlefield missile – and that’s possible; the USAF is working on its own CHAMP missile – a non-nuclear EMP warhead could instantly wipe out most of the electronics in a major headquarters. Some specially hardened mil-spec computers might survive, but with every display fried, that probably wouldn’t be enough to keep us working. Reversionary mode is something we seriously need to revisit.
Let’s not forget the potential of cyber-war at the personal level either. Most of us have some sort of presence on social media these days. Unit security officers regularly brief troops about being careful what you say online, but how many soldiers are really careful enough? The answer is not many. A few simple web searches can pull together an amazing amount of information. Even if no single source gives away very much, they soon aggregate into a personality profile that can be remarkably detailed. Add two or three social media profiles together, pull in a few reviews you left for field gear you bought, some comments from a gun forum and whatever else you’ve done online, and an adversary can tell a lot about you. Sociology experiments have shown it’s possible to convince someone you’re an old friend from college days based on nothing more than a Facebook profile; a terrorist or hostile agent can try exactly the same techniques against you.
Networked computers have opened up all sorts of possibilities, from online shopping to instantly distributing operational orders to every commander in a theater. Unfortunately those possibilities come with a range of new threats, and while it’s great news that the Army is on course to field its own cyberwar units, we can’t rely on them covering every possibility. Everyone needs to do their part, whether that’s staff officers testing reversionary mode on exercises or the rest of us being more careful what we tweet.