U.S. Military Overestimates Value of Offensive Cyberweapons, Expert Says

By Yasmin Tadjdeh
Efforts by the U.S. military to develop offensive cyberweapons will be futile unless better technologies are developed to identify the perpetrators of a computer network attack, experts said Sept. 13.
“In general, the notion that you can preempt a cyber-attack by using offensive methods is greatly exaggerated,” said Martin Libicki, senior management scientist at RAND Corp.
One of the biggest obstacles to fighting back after a cyber-attack is attribution, Libicki said during a cybersecurity conference at the National Press Club, in Washington, D.C.
Another concern is that there can be misinterpretation following an attack, Vincent Manzo, analyst at the National Defense University’s Center for Strategic Research said.
In order to stop cyber-attacks, better deterrents are needed, he said.
The predominantly used deterrent currently available is the judicial system, and not traditional military force, Libicki said.
“We think of deterrents as traditionally being reserved for … things that look like acts of war,” Libicki said. “Generally speaking, it would be historically unprecedented to respond to espionage with violence or the use of force.”
Military leaders have spoken about their attempts to develop offensive cyber weapons as means to deter or respond to attacks. “I tend to be skeptical about cyber deterrents,” Libicki said. “I’m not saying we should never hit back, but I would need a lot more indication that a threat to hit back would be all that useful,” Libicki said. “It does no good to threaten that if Al-Qaida takes down the American power supply that we’ll take down Al-Qaida’s power supply, because they don’t have a power supply to take down.”
With nuclear weapons, deterrence worked because countries were so horrified at the consequences, Libicki said.
“One of the reasons that nuclear deterrents worked was because we never had to make good on that threat. The consequence of being hit with a nuclear weapon were so awful to contemplate that nobody not only wanted to get hit by a nuclear weapon, but they didn’t even want to get 10 steps within getting hit with a nuclear weapon,” said Libicki.
With the technology that is currently available, the U.S. government’s ability to offensively thwart an attack needs work, he said.
Lt. Gen. Michael Basla, vice commander of Air Force Space Command,said at the Cyber 1.2 conference in April that offensive cyber operations are far down a list of nine missions that the command must carry out. While he did not divulge too many details, he listed “deployable cyber-attack system” and “network attack system” as two programs the command was working on.
Libisky also cautioned that hacker attacks on U.S. critical infrastructure may not be as big a risk as government and industry prognosticators have predicted, Libiski noted.
“Something that can take down a poorly defended system in one place may have absolutely no effect on a well defended system somewhere else. It is for this reason that we can only speculate about what a cyber-attack will be,” said Libiski. “[But] it’s a real stretch to say any terrorist could take down a power plant in this country.”
Photo Credit: iStockphoto

Topics: Cyber, Cybersecurity, Homeland Security, Science and Technology