Just when you thought the National Defense Authorization Act (NDAA) couldn’t possibly be more dangerous than has already been exposed with its declaration of global war, Martial Law, legalized bestiality, indefinite detention of Americans, and the $662 billion more spent; it has now been revealed that it also serves as a declaration of offensive cyber war.
Buried in the recently passed NDAA is a provision, perhaps just as dangerous as its other transgressions, that permits the Pentagon to wage an offensive cyberwar “to defend our Nation, Allies and interests.”
Section 954 of the NDAA titled Military Activities in Cyberspace received no debate in Congress as well as in the media. The section states clearly:
Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests.
Even though there was virtually no debate about this provision by Congress or the press, the intention of action was expected. In July of this year, the Pentagon announced their strategy to treat cyberspace as an “operational domain” in their Department of Defense Strategy for Operating in Cyberspace.
“The United States reserves the right, under the laws of armed conflict, to respond to serious cyber attacks with a proportional and justified military response at the time and place of our choosing,” said Deputy Defense Secretary William Lynn at a speech announcing the new strategy.
The Department of Defense Strategy for Operating in Cyberspace (PDF) claims that “Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control critical civilian infrastructure.”
Yet, Wired correctly points out that “Despite mainstream news accounts, there’s been no documented hacking attacks on U.S. infrastructure designed to cripple it. A recent report from a post-9/11 intelligence fusion center that a water pump in Illinois had been destroyed by Russian hackers turned out to be baseless.”
Indeed, we first reported that the alleged hack attack on the Illinois water plant was propaganda from the beginning to end. Four days later the Federal government admitted it was not a cyber attack after the cyber scare was sold to the public.
If we’ve learned one thing from the recent past, the U.S. government doesn’t need real evidence or a real enemy to wage war. So what can we expect from this new authorization for the Pentagon to wage offensive war on the Internet?
Department of Defense outlines five strategic initiatives which are just organizational in nature:
|Get Off Grid NOW (Ad)|
1. DoD will treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential: Not only are they planning to create an army of cyber warriors, they also clam to have the authority to combat Internet threats with a traditional military response; “the United States reserves the right, under the laws of armed conflict, to respond to serious cyber attacks with a proportional and justified military response,” said Deputy Secretary Lynn.
2. DoD will employ new defense operating concepts to protect DoD networks and systems: “DoD will continue to operate and improve upon its advanced sensors to detect, discover, map, and mitigate malicious activity on DoD networks.” This is already being accomplished to monitor government employees through DARPA’s PRODIGAL project.
3. DoD will partner with other U.S. government departments and agencies and the private sector to enable the whole-of-government cybersecurity strategy. The Director of the National Security Agency is dual-hatted as the Commander of USCYBERCOM. The NSA connection means that Google and Facebook are already working for CYBERCOM. This coincides with Lieberman’s recent urging of Google to censor anti-West content. DoD is also announces collaboration with DHS for domestic surveillance.
4. DoD will build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity: The goal is to “development of international shared situational awareness and warning capabilities will enable collective self-defense and collective deterrence.” This is also well underway with the recent London cyberspace summit which was admittedly used to work on a global Internet treaty.
5. DoD will leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation: The intention is to fund and reward cyber warfare innovators. In other words, they’ll fund a new aspect of the military-industrial complex that pertains to cyber security.
Although neither the NDAA, nor the DoD road map gives many details for how exactly this offensive cyber warfare will be conducted, Wired reports that:
It’s likely to include things like unleashing a worm like the Stuxnet worm that damaged Iran’s nuclear centrifuges, hacking into another country’s power grid to bring it down, disabling websites via denial-of-service attacks, or as the CIA has already done with some collateral damage, hacking into a forum where would-be terrorists meet in order to permanently disable it.
Perhaps it is intended to just be a broad authorization to use force against anyone considered to be a threat on the Internet, much like the authorization to use force against Iraq in the war on terror. As the Deputy Secretary of Defense noted, the military is authorized to combat threats with a “justified military response.” Surely that sweeping authority won’t be abused, right?