Honolulu Star-Advertiser

Saturday, December 14, 2024 76° Today's Paper


News

U.S. considered cyberwarfare in Libya

WASHINGTON >> Just before the U.S.-led strikes against Libya in March, the Obama administration intensely debated whether to open the mission with a new kind of warfare: a cyberoffensive to disrupt and even disable the Gadhafi government’s air-defense system, which threatened allied warplanes.

While the exact techniques under consideration remain classified, the goal would have been to break through the firewalls of the Libyan government’s computer networks to sever military communications links and prevent the early-warning radars from gathering information and relaying it to missile batteries aiming at NATO warplanes.

But administration officials and even some military officers balked, citing the precedent it might set for other nations, in particular Russia or China, to carry out cyber-raids of their own, and questioning whether the attack could be mounted on such short notice. They were also unable to resolve whether the president had the power to proceed with such an attack without informing Congress.

In the end, U.S. officials rejected the cyberattacks and used conventional aircraft, cruise missiles and drones to strike the Libyan air-defense missiles and radars used in Moammar Gadhafi’s government.

This previously undisclosed debate among a small circle of advisers demonstrates that cyberweapons are a growing form of warfare. The question facing the United States is whether and when to cross the threshold into overt cyberattacks.

A Stuxnet computer worm appears to have wiped out a part of Iran’s nuclear centrifuges last year and delayed its ability to produce nuclear fuel. Although no entity has acknowledged being the source of the poisonous code, some evidence suggests that the virus was a U.S.-Israeli project. And the Pentagon and military contractors regularly repel attacks on their computer networks — many coming from China and Russia.

The Obama administration is revving up the nation’s digital capabilities, while publicly emphasizing only its efforts to defend vital government, military and public infrastructure networks.

“We don’t want to be the ones who break the glass on this new kind of warfare,” said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies, where he specializes in cyberissues.

That reluctance peaked during planning for the opening salvos of the Libya mission, and it was repeated on a smaller scale several weeks later, when military planners suggested a far narrower computer-network attack to prevent Pakistani radars from spotting helicopters carrying Navy Seal commandos on the raid that killed Osama bin Laden on May 2.

Again, the decision was no. Instead, specially modified, radar-evading Black Hawk helicopters ferried the strike team, and a still-secret stealthy surveillance drone was deployed.

“These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there,” said one Obama administration official briefed on the cyberdiscussions, who, like the more than half-dozen officials interviewed for this article, spoke on the condition of anonymity or was not authorized to speak publicly about the classified cyberplanning.

In the days ahead of the U.S.-led airstrikes to take down Libya’s integrated air-defense system, a more serious debate was convened to consider the military effectiveness — and potential legal complications — of using cybertools to blind Libyan radars and missiles.

“They were seriously considered because they could cripple Libya’s air defense and lower the risk to pilots, but it just didn’t pan out,” said a senior Defense Department official.

After a discussion described as thorough and never vituperative, the proposals were rejected before they reached the senior political levels of the White House.

Gen. Carter F. Ham, the head of the military’s Africa Command, which led the two-week U.S. air campaign against Libya until NATO assumed full control of the operation March 31, would not comment on any proposed cyberattacks. In an interview, he said only that “no capability that I ever asked for was denied.”

Senior officials said a central reason a cyberoffensive was rejected for Libya was that it might not have been ready for use in time given that the rebel city of Benghazi was on the verge of being overrun by government forces.

While popular fiction and films depict cyberattacks as easy to mount — only a few computer keystrokes needed — in reality it takes significant digital snooping to identify potential entry points and susceptible nodes in a linked network of communications systems, radars and missiles like that operated by the Libyan government, and then to write and insert the proper poisonous codes.

“It’s the cyberequivalent of fumbling around in the dark until you find the doorknob,” Lewis said. “It takes time to find the vulnerabilities. Where is the thing that I can exploit to disrupt the network?”

Administration officials said they were confident that had the computer-network attack gone ahead, it could have been contained within Libyan networks and would have offered high promise of disrupting the regime’s integrated air-defense system.

One unresolved concern was whether ordering a cyberattack on Libya might create domestic legal restrictions on war-making by the executive branch without congressional permission. One question was whether the War Powers Resolution — which requires the executive to formally report to lawmakers when it has introduced forces into “hostilities” and sets a 60-day limit on such deployments if Congress does not authorize them to continue — would be required for a purely cyber-based attack.

The War Powers Resolution, a Vietnam-era law enacted over President Richard M. Nixon’s veto, does not define “hostilities.” In describing its actions to Congress and the U.S. people, the White House argued that its use of conventional forces in the Libyan intervention fell short of the level of hostilities requiring congressional permission under either the Constitution or the resolution, citing the lack of ground forces and the supporting role the United States was playing in a multilateral effort to fulfill a U.N. resolution. Some officials also expressed concern about revealing U.S. technological capabilities to potential enemies for what seemed like a relatively minor security threat to the United States.

In the end, Libya’s air-defense network was dangerous but not exceptionally robust. U.S. surveillance identified its locations, and it was degraded through conventional attacks.

© 2011 The New York Times Company

Comments are closed.