The New York Times last night reported that the U.S. Defense
Department is proposing significant cuts across the services. Funding for
special operations and cyber warfare will be preserved as it is deemed the way
of the future. Warfare in the digital space would be significantly different
that the kinetic use of force we are familiar with. Also, raising and maintaining these offensive
cyber forces will be different. This
post focuses on the issues appropriations and oversight of offensive cyber
capability, and makes the point that this seriously challenges the
constitutional prerogatives of the Congress.
The ability to measure the strength of land and naval forces
has for centuries been an inexact art and science, but one that could be
roughly measured. Technological advancements
like transitioning from arrows to single-bullet guns, and single-bullet guns to
machine guns initially challenge war planners. But empirical evidence over time
allows for mathematical planning. During
World War I, Frederick Lanchester came up with equations to dynamically measure
infantry units, in traditional formation, and game out their relative strength
over the course of a battle.[i] More
advanced models were used to predict outcomes for air forces, and weapons with
uncontrollable effects like nuclear weapons (and their radiation).[ii]
In the Defense Department, units are formed, trained, and
equipped based on systemic programming, which in turn is based on needed
capabilities. Knowing the strength of an
armored division, or a carrier battle group, or a nuclear missile is needed to
allocate money to meet the goals of policymakers.[iii] The
U.S. Congress ultimately passes legislation annually authorizing these
programs, and separately, appropriates the money for them. Furthermore, Congress oversees the spending
and operations of the Department.
What the U.S. Government might have done offensively is
classified, but it is believed by this writer that there have not been
hostilities with another country in the cyber realm. This does not include intelligence and
counterintelligence. Cyber warfare is profoundly
different than warfare in the physical space.
Software is exponentially scalable, and even regenerates for free.[iv] Damage can be done to an adversary’s physical
infrastructure or IT systems. As for IT
systems, the damage can also be undone, if the software self-destructs.
As math and physics equations can guide military war gamers,
and the politicians who provide long term resources, we really have no
algorithm to plan, program, and budget for offensive cyber attacking. How many personnel are needed? What types of equipment are needed? That confounds budgeting at a very elemental
level. A more legalistic concern is the
“color” of the money. Appropriations
legislation mandates certain amounts of money to be titled for things like
Operations & Maintenance, Research, Development, Testing & Evaluation,
Personnel, and so forth. Malicious
software might be created by a defense contractor during a Development phase
with those funds, or even an Operations and Maintenance phase with O&M
funds. Or a botnet’s code might be
copied and pasted for free off the internet.
A free fighter plane has never been found.
The business community has a saying, “what cannot be
measured, cannot be managed.” The same
is true in Washington, DC where overseeing the development of programs will be
as challenging as determining the existence of, and progress of a cyber
conflict. We have fairly detailed
knowledge of enemy airfields, ports, and factories. We do not have a clear picture of the designs
of other IT systems, ongoing defensive software improvements, or the discipline
of their personnel, the latter being the crucial variable to cyber defense.[v] As difficult as it will be for the Pentagon’s
intelligence to guess, it will be nearly impossible with Congress’ meager
resources.
Needless to say, raising this force in the executive branch
will require Congressional committee/agency staff who can tackle legal issues
like proportionality in an information war, the use of private contractors in
offensive, military cyber attacks, technological breakthroughs, and putting an
economic measurement on the capability of Cyber Command.
Ultimately, this will be another example of technology
forcing the government to adapt to fulfill Constitutional duties.
[i]
O’Hanlon, Michael. The Science of War. 2009 Princeton University Press.
[ii]
Ibid
[iii]
Feltes, Lorentz, A. Planning,
Programming, and Budgeting, a search for a management philosopher’s stone.
2003. http://www.airpower.maxwell.af.mil/airchronicles/aureview/1976/jan-feb/feltes.html
[iv]
Singer, P.W. and Friedman, Allan. Cybersecurity and Cyberwars, what everyone
needs t know. Oxford University Press.
2014.
[v]
Ibid
