When any security discussion turns to cyberwarfare, the first thing that comes to some people's minds is China. Despite the pro forma denials by the Chinese government, China is the most active and the most aggressive cyberwarfare operation anywhere.
But what gets everyone’s attention is the Chinese approach to cyberwarfare -- its government-operated cyberwarfare teams will go after anything, anywhere. This isn’t just about protecting China should another country attack; it’s about stealing anything of value, whether it’s military intelligence, commercial intellectual property or your mother’s Christmas card list.
But China isn’t the only country carrying out cyberwarfare activities. The U.S. government and the governments of other nations that have the capability to conduct cyberwarfare are also doing it at one level or another. Recently, the head of the U.S. Cyber Command, General Keith Alexander (who also heads the super-secret National Security Agency) told the U.S. Strategic Command’s Space and Cyber Conference that the United States needs to be able to bump up its cyberwarfare capabilities. He pointed out the U.S. military has a duty to defend the nation against cyber attacks, and said his agency needs the authority to do so.
Meanwhile, at the same conference, Lt. General Michael Basla, vice commander of the Air Force Space Command, said the United States was going to build an offensive cyberwarfare capability. What he didn’t say, of course, is that much of that offensive cyberwarfare capability he was referring to already exists. The United States is, in fact, a major player in global cyberwarfare.
This should be no surprise. In fact, if the United States weren’t actively building and using an advanced cyberwarfare capability, it would be irresponsible. The United States, like the other nations that are preparing themselves for the next all-out cyberwar, needs to have the capability in place when it happens, and it needs to know how to use it. Just as the traditional armed forces have their capabilities in place and then conduct exercises, so do the cyberwarfare operations in the United States.
The difference between the United States and other countries such as China is that the U.S. military isn’t trying to steal commercial secrets and give them to U.S. companies. Instead, the United States is quietly working to find the weaknesses in the data systems of likely foes, and is putting the means in place for those weaknesses to be exploited. The U.S. Cyber Command is also developing defenses against the coming attacks by the Chinese and others. Those defenses are intended to protect military interests, but also to protect what the U.S. government calls “critical infrastructure,” which includes power systems, telecommunications, utilities and, of course, the Internet.
As we've already seen in 2011, the definition of what a "combantant" in cyberware is expanding to include all kinds of businesses large and small, not to mention the U.S. Chamber of Commerce. While the U.S. government is marshalling the resources needed to defend the country, it's also counting on businesses to be a lot more vigilant about IT security as part of a larger cyberwarfare strategy.
Some may decry the fact that the United States is spending millions on cyber warfare or question the ethics of doing so. But that’s a lot like the people who opposed the installation of radar on the island of Oahu prior to the start of World War II. Sometimes opposition may be well-intentioned, but that doesn’t make it less wrong.