The military is finally responding to the increasing threats posed to American security by cyber attacks by creating a Cyber Command. The nomination proceedings of Lt. Gen. Keith Alexander have already been delayed six months, and in that time the number of intrusions on government websites has only increased. If confirmed, Alexander will be promoted to a four-star general, and will be “dual-hatted,” leading the NSA and the new Cyber Command. With this position, he will be the US military’s first global Combatant Commander.
This is a necessary step, but treads new ground that has not been addressed by earlier pieces of legislation that deal with civil-military relations, such as Goldwater-Nichols. Determining the capabilities and appropriations of this new Command will prove an interesting political struggle, both on the civilian side—in the halls of Congress and within the White House—and within the military.
There is some concern amongst politicians that the head of the NSA is being granted additional powers. Further, this new Cyber Command is only concerned with preventing cyber attacks against military assets. The task of protecting other federal government assets will be left to the Department of Homeland Security, which up until now has proven woefully inept and underfunded for the task. The gap in spending between Cyber Command and the DHS cyber security efforts is likely to be wide, with the seemingly naïve hopes that cooperation between the two will strengthen both missions. Given the inability of other government agencies to cooperate—looking at you, CIA and FBI—I have little hope for greater success in this cyber hydra of the NSA, Cyber Command, and the DHS.
Nevertheless, something must be done. Alexander warns that the laws have not kept up with the scope and complexity of the threat. Symantec, the company that makes the best-selling Norton antivirus software, warns that Washington is the third worst locality in the country for cyber attacks, behind only Seattle (home to many tech firms, most notably Microsoft in Redmond) and Boston (a place which God forsook).
Defensive measures will not be enough: at some sort of attack capability will be necessary. Alexander will likely lead a small army of engineers and technicians that will constantly seek to bolster the security of our defensive and offensive cyber capabilities—a virtual arms race. Targets will be military communications, command and control, and weapons infrastructures. But vital civilian assets—such as power stations, stock exchanges, or telecommunications assets—could be targets if need be. Alexander has agreed with sentiments from Congress that there must be great restraint—an Internet just war doctrine—when considering civilian and economic targets. However, without new legislation to outline the appropriations, command structures, and powers of the new Cyber Command, all of these issues will remain uncomfortably vague.
As the power of UAVs demonstrates, warfare may become less and less human, and now, even less kinetic. The creation of a global Combatant Command capable of disarming enemies or even shutting down economies without firing a shot is an uneasy prospect for those suspicious of the military-industrial complex already. But it is absolutely necessary. China appears to have a strong grasp of the importance of and skills for cyber warfare. We cannot allow rivals to surpass US capabilities in this new theater. Yet, there must be clear legislation—a la Goldwater-Nichols—to ensure the moral use of this new military asset, and its responsibility to civilian leadership.