(Translated from the original Italian)
The U.S. is one of the most advanced countries from a cyber warfare perspective, we have read a lot on its capabilities and its offensive power, as exemplified by the plan-X project and the development of the cyber weapon Stuxnet.
We all imagine that the U.S. is really active in cyberspace, working on the cyber espionage front and also conducting powerful offensives.
We know that the country, like many others, is faced with a global economic crisis that has also impacted the military sector as budgets have been reduced, but the high alert level on the possibility of a cyber attack makes investments in cyber warfare necessary.
News recently is that the U.S. military has been launching cyber attacks against its opponents in Afghanistan, according the declaration of the senior officer Marine Lt. Gen. Richard P. Mills.
The official has explained during a conference in Baltimore that the U.S. conducts highly strategic oversight of cyberspace, giving great importance to the study and implementation of new cyber weapons. That is the new way to fight and it is fundamental to be prepared for a cyber warfare scenario.
“I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact... I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.”
The statements are as exhaustive as the US forces are carrying out cyber attacks on their opponents in Afghanistan, and cyber weapons are critical elements of the U.S. arsenal.
It's the first time that a high official admitted these types of offensive operations take place in Afghanistan despite that it is reasonable to imagine the involvement of cyber units.
Pentagon spokesman Lt. Col. Damien Pickart refused to give more information on on Mills's statements for reasons of security:
"We do not provide specific information regarding our intentions, plans, capabilities or operations."
The response is legit and acceptable, but then why did the officer made these revelations publicly?
Many experts are convinced that the U.S. is opening up about the fact that its military operations are active also in cyberspace and have the same efficiency as conventional attacks, and the main advantage is that these kind of attacks are really difficult to detect and could be conducted silently for years.
Different than a conventional attack, a cyber attack has no boundaries, it could be aimed in cyberspace to attack any kind of target, and the statements confirm that this what ordinarily happens.
The cyber expert Herbert Lin declared :
“The U.S. military is starting to talk more and more in terms of what it’s doing and how it’s doing it... A couple of years ago it was hard to get them to acknowledge that they were doing offense at all — even as a matter of policy, let alone in specific theaters or specific operations.”
The reply from the Pentagon is that US cyber operations were properly authorized and that they took place within the bounds of international law and the “confines of existing policy.”
We must consider that today there is an ongoing debate on the use of cyber weapons and the recourses to cyber attacks as a military option, so let's consider also that international regulations are still inadequate in this matter, that's why cyber operations represents an optimum choice.
Today there isn't a legal and official definition for cyber weapons under the law perspective, and every government is working hard to develop its own arsenal eluding any kind of penalties for cyber operations.
The U.S. has demonstrated they have a sophisticated program to increase cyber capabilities and to design and spread cyber weapons. Consider also that recent months have been characterized by the discoveries of several agents more or less as aggressive as Stuxnet and Flame, utilized to cyber attacks or cyber espionage, anyway for a military operation.
Mills' words are just the last act of an openness on U.S. cyber operations, military actions that had been started long ago, there is evidence of the famous project "Olympic Games" started under Bush's Government and continued under Obama administration.
The Pentagon is sustaining a project of development of new cyber technology to employ during the cyber attacks, the funding experiment called “Plan X,” demonstrates it:
“The objective of the Plan X program is to create revolutionary technologies for understanding, planning, and managing cyber warfare in real-time, large-scale, and dynamic network environments...”
The hard work is assigned to its agency Defense Advanced Research Projects Agency (DARPA) that design new tools for launching attacks against enemies in cyberspace, these tool include malware and other instruments for cyber espionage.
Officially the DARPA mission is to develop technology to support the infrastructure for offensive strategies, and one of the main objectives is to design tools to analyze data flow in every network to provide essential information to military strategists.
Another ambitious project is the development of an architecture to monitor damage in “dynamic, contested, and hostile network environments” that are equipped with adaptive capacities to mitigate the incoming attacks. These type of systems represents the future, the are essential components to deploy in cyberspace in case of a conflict.
I desire to conclude with a thought… every government is working to develop new tools for defensive and offensive purposes, many of these agents are able to work without human control...
Are we confident that these tools are able to complete their job safely? What would happen if we lost control of these systems? Could "the machine" that defends us become our enemy?
Cross-posted from Security Affairs