Computer viruses, worms, and electronic “pulses” could be doing as much damage in Iraq as allied missiles and bombs, according to some cybersecurity experts.
As US military forces move through sandstorms to Baghdad, battling Iraqi resistance and worrying about biological and chemical attacks, soldiers sitting in tents in Kuwait — or in offices in Washington — could be making equally critical moves on keyboards.
Cyberwarriors may be invading Iraqi computer networks, shutting down utility grids, stopping or intercepting communications, and jamming radar. Other weapons including e-pulse bombs and microwave lasers may be silently and bloodlessly knocking out computers all over the country.
Don’t Ask, Don’t Tell
All of this might be happening — but it might not. Security experts are speculating, but nobody can offer confirmation that such a virtual war is actually underway. When asked about cyberattacks in Iraq, military leaders are tight-lipped.
“The only thing I can say is, if that’s part of our ongoing operations, I couldn’t comment on it,” says Lieutenant Commander Charles Owens, a US Army spokesperson based at Central Command Headquarters in Qatar.
The United States’ guidelines and capabilities surrounding cyberwarfare are as secret as the atomic bomb operations of the early 1940s.
In July, President Bush signed a secret national security directive ordering the government to develop rules on when and how the US would engage in cyberattacks, news that wasn’t released until early February.
“We have the capabilities, we have organisations; we do not yet have an elaborated strategy, doctrine, procedures,” Bush’s chief cybersecurity advisor, Richard A. Clarke, said at the time.
Setting a precedent for cyberattack is one of the major sticking points for US commanders and politicians. In early February, Clarke warned that the United States might stand to lose more than other nations by “legitimising” cyberattacks.
The United States would be brought to its knees if its communications, power grids, 9-11 emergency systems, and air traffic control systems were locked up, says James Adams, founder of iDEFENSE, a company that helps governments and corporations assess and address cybersecurity.
Information attacks could be more crippling than any physical invasion, Adams says.
Dan Woolley, a former US Air Force computer specialist and the vice president of Internet security company SilentRunner, says that cyberdefense and infiltration is a constant cat and mouse game.
“The US likes to claim that it hasn’t been invaded since 1812, but the reality is we’re being attacked and invaded every day,” Woolley says. “If you’re thinking of all the possible scenarios of how someone is going to attack you, you think ‘Could I not use that technology to attack?’ And you have to assume that that thinking has gone through our war planner’s minds.”
One group that has used technology during the current war: Antiwar protestors. Activists closed down the UK government’s 10 Downing Street Web site for a short period over the weekend via a denial of service attack.