A U.S. cyberwarfare command: Better late than never

More

Obama and tech

• Obama budget halts IT growth, cuts data centers
• White House cyber czar and other security non-events of 2009
• Obama backs U.S. return to math, science, tech
• Obama said to be close again to naming cybersecurity chief
• Put cybersecurity chief in DHS not the White House, Senator says
• Report: Obama close to appointing White House cybersecurity chief
• Developers build useful, fun apps with fed data
• White House tells agencies, think 'open innovation'
• The cybersecurity job no one really wants
• Pressure on Obama to move fast on cybersecurity appointment

More: Obama tech watch

Computerworld - In a class at the National Security Agency, I learned that prior to one World War II battle in the Pacific, key U.S. commanders knew an attack was coming but didn't warn anyone. The result was a major loss of life and equipment. But the decision not to warn anyone was a strategic consideration. Preparing people for an imminent attack would have given the Japanese an indication that their command communications had been compromised and that U.S. commanders were aware of all Japanese troop movements throughout the Pacific. Strategically, this single loss was preferable to losing the war.

This type of quandary becomes extremely more problematic when we are talking about cyberwarfare, where multiple units are doing the same type of work. For example, the Air Force Information Warfare Command (AFIWC) might want to break into foreign air defense facilities and blind them immediately before an air attack. That would provide a tactical advantage, at the price of showing that the AFIWC had compromised the facility. That much is comparable to the World War II scenario. But then add in the fact that the NSA might have separately compromised the same air defense facility and was using it to monitor deployments or to dig into the adversary's entire military network.

In a different scenario, the NSA could be working on a long-term project to enter false information into an adversary's database, unaware that the Army had hacked into the same database to try to track military movements. In that case, the Army intelligence efforts would be misled by the NSA's independent efforts to confound the adversary.

Between the CIA, NSA, Army, Air Force, Navy and other U.S. agencies, there are probably more than a dozen independent units that have information warfare or cyberwarfare responsibilities; both offensive and defensive. All of them have independent missions and goals. Some are responsible for collecting intelligence, which means maintaining long-term access to adversary networks, while others care about taking down the networks.

Similarly, if multiple organizations are compromising the same targets, there is a greater chance that at least one of the attacks will be detected, potentially compromising all efforts.

In the recent Iraq wars, the U.S. military and intelligence agencies had to coordinate their efforts. For example, you don't want the Navy shooting missiles at Baghdad while the Air Force is sending in low-level attacks. You don't want to have Army units overrunning an Iraqi base, while the base is being bombed by Air Force or Navy airplanes.

Such coordination, while tricky to effect, is relatively easy when you're dealing with a very clearly defined geographic region. Just imagine the coordination required for cyberspace, with millions of potential targets that are very difficult to define.