Nor does “stealth” just mean the radar-resistant coatings and cross sections of the X-47B anymore. Military researchers are in the prototype phase of building a collection of drones that look and move like critters — hummingbird drones, dragonfly drones, even a silicon jellyfish drone that flaps its way through the briny deep.
In 2011, elements from all four service branches under the U.S. Pacific Command gathered for Operation Terminal Fury, a massive war game conducted each year to test military teamwork in the theater. In addition to the usual assortment of contingencies and simulated threats — downed aircraft, disease outbreaks, humanitarian crises — the brass threw a curveball: a “playbook” of 161 separate computer attacks on PACOM command-and-control cooked up by Red Team cyber warriors that compromised the Blue Team’s ability to coordinate, maneuver, or even see its physical forces. At the same time, it tested Blue Team digital forces’ ability to contain and counter the attacks. It was the first time Terminal Fury featured a cyber component, and it was a sign of things to come.
In March of this year, Director of National Intelligence James R. Clapper told a Senate committee that cyber attacks are at the top of the “transnational threat list,” suggesting that digital warfare against the United States’ physical infrastructure and financial interests could replace the improvised explosive device as the paradigmatic weapon of asymmetrical warfare in the 21st century. But it won’t just be terrorists and other non-state actors doing the damage. In real life, the “Red Team” is the People’s Republic of China, our greatest competitor for regional (and perhaps global) hegemony, and a state that backs up its formidable conventional and nuclear forces with hacker hordes.
Should it ever decide to get frisky, the PRC has the resources to launch what Leon Panetta called a “Cyber Pearl Harbor” — by crashing governmental and military communications networks, scrambling international financial servers, and turning our transportation infrastructure and power grids against themselves. These last, in particular, are examples of how cyber causes can yield “kinetic” effects. A few well-placed lines of code can make things go boom, derailing trains or overloading substations.
Fortunately, the brass has a plan. In March, Army general Keith B. Alexander, head of U.S. Cyber Command, announced the creation of a “highly trained cadre” comprising 13 “offensive teams” tasked with bringing the fight to our would-be cyber enemies. The new teams are part of a broader expansion of Cyber Command from fewer than a thousand full-time staff to 5,000. A number of “defensive” teams, tasked specifically with protecting Pentagon computer systems and the national power grid, were also created.
Nor is American cyber capability merely theoretical. If China can launch a Cyber Pearl Harbor, then the U.S. (along with Israel) has already launched a Cyber Operation Overlord, a massive, complex, and coordinated attack that set back the Iranian nuclear program by months or years via the now infamous Stuxnet virus.
It is now thought that early versions of Stuxnet were under development as far back as 2005, insinuating themselves into the industrial computers at Iran’s Natanz enrichment facility even before it went online in 2007. In a lengthy dossier prepared after Stuxnet had already wreaked its havoc, the computer-security giant Symantec called it “one of the most complex threats ever discovered.”
Stuxnet used a “vast array of components,” including the first “rootkit” (a package that both gives the hacker privileged access to a target system and masks his presence from hackees) that could hijack the specialized “programmable logic controllers” (PLCs) that run most automated industrial processes. PLCs are almost never hooked up to the Internet, which means Stuxnet had to infect as many of the ordinary Windows computers in use at Natanz as possible — spreading itself like the Black Death through thumb drives, local networks, even printers — to increase the chance that one would eventually interface with the PLCs. Even so, it is believed that the attack must have required old-fashioned espionage — including spies at Natanz and the physical theft of highly protected code from corporate facilities — to go off. It took years for that to happen; but once it did, Stuxnet executed its core mission, reprogramming Natanz’s machinery to operate outside of its safe boundaries and ultimately destroy itself.
Natanz could go down as the first great battle, and Stuxnet as the first great weapon, of global cyber warfare. Oddly, the best sign of the military’s increased investment in cyberspace might be a simple accounting move: According to Reuters, just this month the Air Force officially redesignated six cyber technologies as weapons, better positioning them to win increasingly scarce defense dollars. More significant still, the six weapons in question are classified.