For years, the Pentagon has been open and adamant about the nation’s need to defend itself against cyberattack, but its ability and desire to attack enemies with cyberweapons has been cloaked in mystery. Plan X — an effort to improve the offensive cyberwarfare capabilities “needed to dominate the cyber battlespace,” according to an announcement for the workshop.
No longer is it unclear whether the US is in the business of planning Stuxnet-style cyberattacks. Plan X indicates that such capabilities — which experts say could range from taking out electrical grids to scrambling computer networks in top-secret facilities to causing the pacemaker implanted in an enemy official to go haywire — will be an explicit part of the military playbook.
“If we can have a robust public discussion of nuclear weapons why not a robust discussion of cyberstrategy?” says Jim Lewis, director of the Technology and Public Policy program at the Center for Strategic and International Studies in Washington. “Up until now, cyber has been kind of ad hoc. What they’re doing now is saying that this is going to be a normal part of US military operations.”
“If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president,” Mr. Panetta said. “For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”
But the lack of discussion surrounding offensive cyber capabilities — and a clear US military plan for pursuing them — has been a significant roadblock for US military forces interested in honing those skills, says retired Col. Joe Adams, a former West Point professor who coached the military academy’s cyber team.
In the past there has been a “skittishness about teaching cadets offensive skills like how to hack” into systems, says Dr. Adams, now executive director of research and cybersecurity for Merritt Network, Inc. “We’ve really ramped up the defensive part, but there hasn’t been any work done to identify people who have the intuitive ability to conduct operations on the offensive side.”
Plan X is designed to help the Pentagon “understand the cyber battlespace” and to develop skills in “visualizing and interacting with large-scale cyber battlespaces,” according to the DARPA proposal.
These, too, are unique skills that must be cultivated within the military, says Adams. “Another art piece is mapping a network [that could be a potential target]. How do you do it — and how do you do it subtly — without knocking things over and turning things off? And if it’s hostile, how do we do it without getting caught?”
“Plan X is an attempt by the national security bureaucracy to come to grips with the multitude of issues around use of cyberweapon in an offensive form — the legal, diplomatic, ethical issues,” says Matthew Aid, a historian and author of “Intel Wars: The Secret History of the Fight Against Terror.”