It was an Outer Limits moment.
Remember
that eerie sci-fi show from the early 1960s? The one that began in a
blur with the message, "There is nothing wrong with your television
set. Do not attempt to adjust the picture. We are controlling
transmission…." It felt a little like that.
And speaking of
Air Force ads, there's one currently running on TV and on the Internet
that starts with a bird's eye view of the Pentagon as a narrator
intones, "This building will be attacked three million times today.
Who's going to protect it?" Two Army colleagues of mine nearly died on
September 11, 2001, when the third hijacked plane crashed into the
Pentagon, so I can't say I appreciated the none-too-subtle reminder of
that day's carnage. Leaving that aside, it turns out that the ad is
referring to cyber-attacks and that the cyber protector it has in mind
is a new breed of "air" warrior, part of an entirely new Cyber Command
run by the Air Force. Using the latest technology, our cyber elite will
"shoot down" enemy hackers and saboteurs, both foreign and domestic,
thereby dominating the realm of cyberspace, just as the Air Force is
currently seeking to dominate the planet's air space -- and then space
itself "to the shining stars and beyond."
Part of the Air
Force's new "above all" vision of full-spectrum dominance, America's
emerging cyber force has control fantasies that would impress George
Orwell. Working with the Defense Advanced Research Projects Agency
(DARPA), the Department of Homeland Security, and other governmental
agencies, the Air Force's stated goal is to gain access to, and control
over, any and all networked computers, anywhere on Earth, at a proposed
cost to you, the American taxpayer, of $30 billion over the first five
years.
Here, the Air Force is advancing the now familiar
Bush-era idea that the only effective defense is a dominating offense.
According to Lani Kass, previously the head of the Air Force's
Cyberspace Task Force and now a special assistant to the Air Force
Chief of Staff, "If you're defending in cyber [space], you're already
too late. Cyber delivers on the original promise of air power. If you
don't dominate in cyber, you cannot dominate in other domains."
Such
logic is commonplace in today's Air Force (as it has been for Bush
administration foreign policy). A threat is identified, our
vulnerability to it is trumpeted, and then our response is to spend
tens of billions of dollars launching a quest for total domination.
Thus, on May 12th of this year, the Air Force Research Laboratory
posted an official "request for proposal" seeking contractor bids to
begin the push to achieve "dominant cyber offensive engagement." The
desired capabilities constitute a disturbing militarization of
cyberspace:
- "Of interest are any and all techniques to
enable user and/or root access to both fixed (PC) or mobile computing
platforms. Robust methodologies to enable access to any and all
operating systems, patch levels, applications and hardware….
[T]echnology… to maintain an active presence within the adversaries'
information infrastructure completely undetected… [A]ny and all
techniques to enable stealth and persistence capabilities… [C]apability
to stealthily exfiltrate information from any remotely-located open or
closed computer information systems…"
Stealthily infiltrating,
stealing, and exfiltrating: Sounds like cyber-cat burglars, or perhaps
invisible cyber-SEALS, as in that U.S. Navy "empty beach at night"
commercial. This is consistent with an Air Force-sponsored concept
paper on "network-centric warfare," which posits the deployment of
so-called "cyber-craft" in cyberspace to "disable terminals, nodes or
the entire network as well as send commands to ‘fry' their hard
drives." Somebody clever with acronyms came up with D5, an
all-encompassing term that embraces the ability to deceive, deny,
disrupt, degrade, and destroy an enemy's computer information systems.
No
one, it seems, is the least bit worried that a single-minded pursuit of
cyber-"destruction" -- analogous to that "crush… kill… destroy" android
on the 1960s TV series "Lost in Space" -- could create a new arena for
that old Cold War nuclear acronym MAD (mutually assured destruction),
as America's enemies and rivals seek to D5 our terminals, nodes, and
networks.
Here's another less-than-comforting thought:
America's new Cyber Force will most likely be widely distributed in
basing terms. In fact, the Air Force prefers a "headquarters" spread
across several bases here in the U.S., thereby cleverly tapping the
political support of more than a few members of Congress.
Finally,
if, after all this talk of the need for "information dominance" and the
five D's, you still remain skeptical, the Air Force has prepared an
online "What Do You Think?" survey and quiz (paid for, again, by you,
the taxpayer, of course) to silence naysayers and cyberspace appeasers.
It will disabuse you of the notion that the Internet is a somewhat
benign realm where cooperation of all sorts, including the
international sort, is possible. You'll learn, instead, that we face
nothing but ceaseless hostility from cyber-thugs seeking to terrorize
all of us everywhere all the time.
Of Ugly Babies, Icebergs, and Air Force Computer Systems
Computers
and their various networks are unquestionably vital to our national
defense -- indeed, to our very way of life -- and we do need to be able
to protect them from cyber attacks. In addition, striking at an enemy's
ability to command and control its forces has always been part of
warfare. But spending $6 billion a year for five years on a
mini-Manhattan Project to atomize our opponents' computer networks is
an escalatory boondoggle of the worst sort.
Leaving aside the
striking potential for the abuse of privacy, or the potentially
destabilizing responses of rivals to such aggressive online plans, the
Air Force's militarization of cyberspace is likely to yield uncertain
technical benefits at inflated prices, if my experience working on two
big Air Force computer projects counts for anything. Admittedly, that
experience is a bit dated, but keep in mind that the wheels of
procurement reform at the Department of Defense (DoD) do turn slowly,
when they turn at all.
Two decades ago, while I was at the
Space Surveillance Center in Cheyenne Mountain, the Air Force awarded a
contract to update our computer system. The new system, known as SPADOC
4, was, as one Air Force tester put it, the "ugly baby." Years later,
and no prettier, the baby finally came on-line, part of a Cheyenne
Mountain upgrade that was hundreds of millions of dollars over budget.
One Air Force captain described it in the following way:
- "The
SPADOC system was… designed very poorly in terms of its human machine
interface… [leading to] a lot of work arounds that make learning the
system difficult… [Fortunately,] people are adaptable and they can
learn to operate a poorly designed machine, like SPADOC, [but the
result is] increased training time, increased stress for the operators,
increased human errors under stress and unused machine capabilities."
My
second experience came a decade ago, when I worked on the Air Force
Mission Support System or AFMSS. The idea was to enable pilots to plan
their missions using the latest tools of technology, rather than paper
charts, rulers, and calculators. A sound idea, but again botched in
execution.
The Air Force tried to design a mission planner for
every platform and mission, from tankers to bombers. To meet such
disparate needs took time, money, and massive computing power, so the
Air Force went with Unix-based SPARC platforms, which occupied a small
room. The software itself was difficult to learn, even
counter-intuitive. While the Air Force struggled, year after year, to
get AFMSS to work, competitors came along with PC-based flight
planners, which provided 80% of AFMSS's functionality at a fraction of
the cost. Naturally, pilots began clamoring for the portable,
easy-to-learn PC system.
Fundamentally, the whole DoD
procurement cycle had gone wrong -- and there lies a lesson for the
present cyber-moment. The Pentagon is fairly good at producing decent
ships, tanks, and planes (never mind the typical cost overruns, the
gold-plating, and so on). After all, an advanced ship or tank, even
deployed a few years late, is normally still an effective weapon. But a
computer system a few years late? That's a paperweight or a doorstop.
That's your basic disaster. Hence the push for the DoD to rely,
whenever possible, on COTS, or commercial-off-the-shelf, software and
hardware.
Don't get me wrong: I'm not saying it's only the
Pentagon that has trouble designing, acquiring, and fielding new
computer systems. Think of it as a problem of large, by-the-book
bureaucracies. Just look at the FBI's computer debacle attempting (for
years) to install new systems that failed disastrously, or for that
matter the ever more imperial Microsoft's struggles with Vista.
Judging
by my past experience with large-scale Air Force computer projects,
that $30 billion will turn out to be just the tip of the cyber-war
procurement iceberg and, while you're at it, call those "five years" of
development 10. Shackled to a multi-year procurement cycle of great
regulatory rigidity and complexity, the Air Force is likely to struggle
but fail to keep up with the far more flexible and creative cyber
world, which almost daily sees the fielding of new machines and
applications.
Loving Big "Cyber" Brother
Our military
is the ultimate centralized, bureaucratic, hierarchical organization.
Its tolerance for errors and risky or "deviant" behavior is low. Its
culture is designed to foster obedience, loyalty, regularity, and
predictability, all usually necessary in handling frantic life-or-death
combat situations. It is difficult to imagine a culture more
antithetical to the world of computer developers, programmers, and
hackers.
So expect a culture clash in militarized cyberspace
-- and more taxpayers' money wasted -- as the Internet and the civilian
computing world continue to outpace anything the DoD can muster. If,
however, the Air Force should somehow manage to defy the odds and
succeed, the future might be even scarier.
After all, do we
really want the military to dominate cyberspace? Let's say we answer
"yes" because we love our big "Above All" cyber brother. Now, imagine
you're Chinese or Indian or Russian. Would you really cede total cyber
dominance to the United States without a fight? Not likely. You would
simply launch -- or intensify -- your own cyber war efforts.
Interestingly,
a few people have surmised that the Air Force's cyber war plans are so
outlandish they must be bluster -- a sort of warning shot to
competitors not to dare risk a cyber attack on the U.S., because they'd
then face cyber obliteration.
Yet it's more likely that the
Air Force is quite sincere in promoting its $30 billion
"mini-Manhattan" cyber-war project. It has its own private reasons for
attempting to expand into a new realm (and so create new budget
authority as well). After all, as a service, it's been somewhat
marginalized in the War on Terror. Today's Air Force is in a flat spin,
its new planes so expensive that relatively few can be purchased, its
pilots increasingly diverted to "fly" Predators and Reapers -- unmanned
aerial vehicles -- its top command eager to ward off the threat of
future irrelevancy.
But even in cyberspace, irrelevancy may
prove the name of the game. Judging by the results of previous U.S.
military-run computer projects, future Air Force "cyber-craft" may
prove more than a day late and billions of dollars short.
Recently, while I was on a visit to Salon.com, my computer screen momentarily went black. A glitch? A power surge? No, it was a pop-up ad for the U.S. Air Force, warning me that an enemy cyber-attack could come at any moment -- with dire consequences for my ability to connect to the Internet.
