Pentagon expands cyber-attack capabilities

Jim Michaels | USA TODAY

WASHINGTON – The U.S. military is increasing its budget for cyber-warfare and expanding its offensive capabilities, including the ability to blind an enemy's radar or shut down its command systems in the event of war, according to two defense officials.

In the 2014 defense budget released last week, the money allocated for cyber-operations rose to $4.7 billion, up from $3.9 billion. Much of that additional money is going into the development of offensive capabilities, usually referred to as computer network attacks, according to budget documents.

Officials say these are capabilities — including targeting military computer networks — that a commander might need in a conflict and would be used only in accordance with the law of armed conflict.

The expansion is a recognition that cyber-war will probably at least be part of any future conflict. In recent years, the Pentagon has spent hundreds of millions of dollars on building cyber-capabilities, an effort that has gained urgency as China, Russia, North Korea and other nations have been using cyberspace to attack adversaries or steal secrets.

"When you look at the strategic landscape from our perspective, it's getting worse," Army Gen. Keith Alexander, the head of Cyber Command, testified recently to Congress.

U.S. officials say they have a range of sophisticated cyber-attack capabilities should they be needed by commanders in a conflict. The skills are perishable and require constant honing, the defense officials said.

"From everything I'm told, we're as good as anybody and probably better," said Martin Libicki, a cyber-warfare analyst at Rand.

The Air Force, for example, has been developing systems designed for the "exfiltration of information while operating within adversary information systems," according to budget documents. The Air Force declined to release details on the program, saying it was classified.

Next year, the Air Force plans to spend $14 million to research and develop offensive cyber-capabilities, budget documents show, while it plans to devote about $5.8 million to research for cyber-defense.

Cyber-attacks are often difficult to trace. A cyber-attack on Iranian nuclear facilities in 2010 damaged centrifuges at the Natanz uranium enrichment facility. No one has claimed responsibility for the attack, but the United States and Israel are suspected.

Defense officials are careful to say they are not "militarizing" cyberspace and are only developing options available to commanders in the event of war.

When privacy concerns are raised, they are usually centered around the government's defensive mission because it can involve extracting information sent over the Internet, Libicki said.

The Pentagon's role in cyber-security is limited to defending the nation, the Pentagon said. Intelligence agencies and Homeland Security play a role in cyber-security operations, including efforts to counter the theft of trade secrets.

Alexander has said routine theft of intellectual property would generally not be considered an act of war. A major attack on infrastructure, however, could be considered such an act.

The Pentagon is nearing completion of a revised set of "rules of engagement" that will help field commanders determine how and when to use the new cyber-capabilities, the Pentagon said. The rules will be secret.

The strategy is backed by the development of a new cyber-force. By 2016, the Pentagon plans to be able to field more than 100 teams. The teams will be divided into three categories: defending military networks, damaging the capabilities of enemy networks and helping to defend the nation's infrastructure.

The Pentagon said it will comply with internationally accepted rules of warfare when using cyber-tactics. Such rules include a concept that responses should be proportional.