Bush Wants Cyber Warfare Rules

President Bush has secretly ordered the Pentagon to devise rules for how and when to use cyber warfare, a newspaper reports.

The addition of a set of rules on cyber-warfare to American doctrine — similar to those governing the use of nuclear weapons — would signal the arrival of a new era of high-tech combat, one that the war in Iraq could usher in.

According to the Washington Post, Mr. Bush's order — known as National Security Preparedness Directive 16 — was issued in July. It represents the latest effort to develop a strategic foundation for the use of technology to impair enemy systems.

Those efforts have been impaired by the secrecy of U.S. cyber warfare capabilities, worries about the risks the United States faces by legitimizing computer war and old-fashioned qualms about any form of combat.

The Post reports that the nation's cyber warfare tools are among its closest-kept secrets. That has made it hard for the Pentagon to develop general rules for its use, and especially to solicit help from civilian experts in technology and war theory. The Pentagon tried to overcome this problem with a conference at MIT last month.

At the meeting, some worried that with its large computer networks the United States would be unusually vulnerable to a cyber attack. That would make it risky for the U.S. to add cyber warfare to its arsenal, because its enemies would follow suit, and in a head-to-head cyber skirmish, the United States might have more to lose.

That worry reflects the fact that the high-tech nature of cyber warfare doesn't necessarily allow it to escape long-standing risks that accompany all types of combat.

The picture of the warriors of the future seated at computer terminals typing in code to destroy enemy defenses looks safer and cleaner than conventional battle. However, ethical and strategic quandaries aren't absent.

For example, attacking computer systems — like bombing a city — can result in "collateral damage"; in other words, harm to civilians. If a cyber attack shuts down the water system near a key enemy base, it might also cut off the flow to crowded cities. A virus that knocks out power to anti-aircraft batteries could also darken hospitals.

In order to address that concern, a Pentagon lawyer proposed four years ago that cyber-warfare be governed by the same principles as other fighting, proportionality and discrimination. That would prohibit indiscriminate attacks, like releasing a virus that could affect millions of computers across a whole region.

The U.S. cyber warfare system has been up and operating for more than four years, since at least December 1998.

Called Joint Task Force-Computer Network Defense, it operated out of Arlington, Va., combining the Army's 1st Information Operations Command, Marine Forces-Integrated Network Operations, Navy Component Task Force-Computer Network Defense, Air Force Forces-Computer Network Operations and the Department Of Defense Computer Emergency Response Team.

According to a Pentagon fact sheet, the 24-hour-a-day operation consists of sections that "defend (Pentagon) computer networks and systems from any unauthorized event whether it be a probe, scan, virus incident, or intrusion" as well as "coordinate, support and conduct, at the direction of the president, computer network attack operations in support of regional and national objectives."

Computer Network Defense falls under the authority of U.S. Strategic Command, the same command that would respond to any nuclear attack. CND has a budget of $26 million and 122 people on staff.

Last month, the top White House adviser on cyber-security stepped down, issuing a stark warning of the high-tech threats America faces.

Richard A. Clarke, in an e-mail to colleagues, cited damage from last month's infection that struck hundreds of thousands of computers worldwide, slowing e-mail and Web surfing and even shutting down some banking systems. He called the attacking software "a dumb worm that was easily and cheaply made."

"More sophisticated attacks against known vulnerabilities in cyberspace could be devastating," Clarke wrote. "As long as we have vulnerabilities in cyberspace and as long as America has enemies, we are at risk of the two coming together to severely damage our great country."