— A recent report by a task force of the Defense Science Board on cyber-conflict makes clear that all is not well in preparing for this new domain of warfare.
The U.S. military often uses "red" teams to challenge established "blue" teams in exercises. According to the report, small red teams, with only a short amount of time and using tools downloaded from the Internet, have been able to "significantly" disrupt blue team military operations.
The task force said, "If this level of damage can be done by a few smart people, in a few days, using tools available to everyone, imagine what a determined, sophisticated adversary with large amounts of people, time, and money could do."
In another part of the report, the task force hints that U.S. nuclear weapons, hardened to survive an atomic blast in the Cold War, may not be ready to survive a cyber-onslaught. While the task force didn't say what the vulnerability might be, they called for "immediate action" to make sure the nuclear weapons would survive.
What would cyberwar be like? Potentially, "hundreds" of simultaneous, synchronized offensive and defensive cyber operations would be needed, and yet the task force found the U.S. military is not ready. The task force said it "could find no evidence of modeling or experimentation being undertaken to better understand the large-scale cyber war." In a recommendation that underscores the larger direction of U.S. policy, the task force declared, "time is of the essence in developing a broader offensive cyber capability."
A major offensive cyber capability now seems essential in a world awash in cyber-espionage, theft and disruption. Cyberwar may be over the next horizon. But the task force offered an important caution: In the past, on nuclear weapons, counterterrorism, counterinsurgency and all manner of conventional military missions, we've had decades of policy debate. "In contrast," they said, "relatively little has been documented or extensively debated concerning offensive cyber operations."