Military cyberwarriors are building up efforts to pinpoint the sources of foreign computer break-ins on U.S. networks and will need to demonstrate a major computer attack capability in the future to deter increasingly sophisticated threats, according to the outgoing commander of the U.S. Strategic Command.
Air Force Gen. Kevin P. Chilton, who retires this week as the commander in charge of cyberwarfare, nuclear forces, and missile and space defenses, also said in an interview that the infrastructure for building and handling U.S. strategic nuclear weapons is “decrepit.”
Funding approved last year for upgrading the nuclear arsenal is urgent and welcome, but modernizing existing weapons and resolving weapons maintenance problems could take 10 years, he said.
Gen. Chilton also said the U.S. military is moving ahead with building a ballistic missile submarine as a follow-on to Ohio-class ballistic missile submarines. The Pentagon also plans to field a new long-range bomber and intercontinental ballistic missile to replace the current force of Minuteman IIIs, he said during a wide-ranging interview at his Stratcom liaison office at the Pentagon days before he retires from the Offut Air Force Base (Neb.) headquarters of Stratcom.
On tracking the source of computer attacks, a process the military calls “attribution,” Gen. Chilton said the military is improving its capability to locate the sources of electronic attacks, a key first step in defending systems and conducting offensive cyber-attacks.
“Attribution is more difficult in this domain but it’s not impossible,” he told The Washington Times. “And you have to work that problem, but we are getting better.”
Knowing the source of a cyber-attack is critical for defenses “so you know where the attack is either mounting or coming from,” he said.
“But also, if we’re ever going to extend the notion of deterrence — deterring an attack in cyberspace — one of the fundamental elements in being able to deter somebody is to be able to convince them that you can attribute them as the source of the attack.”
Gen. Chilton said deterring cyber-attacks before they are carried out, either by nations or criminals, requires demonstrating a “credible threat” from the U.S. military that would force all attackers to think before acting.
“If we elect to use cybercapability to deter — and you don’t necessarily have to, you can use something else to deter bad cyberbehavior — [but] if we’re going to use cybercapabilities to deter, that’s going to beg for some demonstration of that capability,” he said.
Gen. Chilton did not answer when asked whether U.S. cyberforces, under the Stratcom subcommand called U.S. Cyber Command, could have attacked WikiLeaks to prevent the anti-secrecy website from disclosing thousands of stolen classified U.S. documents.
“There’s no plans for anything that would demonstrate a [cyber-attack] capability at this time,” he said. “But I think, if we’re going to think about deterrence, which we do at Stratcom, these are the kinds of challenges for the future for us.”
The four-star general said other countries were sent a clear signal that the U.S. military could shoot down enemy satellites in a conflict, based on the February 2008 Strategic Command-led operation known as Burnt Frost, which used a modified Navy SM-3 missile fired from an Aegis warship to shoot down a falling National Reconnaissance Office satellite.
Although the operation was never advertised or intended as an anti-satellite missile test, “I’m sure people looked at that and said, ‘These guys can do that,’” he said.
The U.S. satellite shootdown followed China’s January 2007 first successful test of an anti-satellite missile, an event that triggered alarm in U.S. military circles because of the vulnerabilities of U.S. satellites to China’s anti-satellite (ASAT) missile.
The cyberworld has emerged as a new war-fighting arena, and as in other theaters — space, air, land and sea — cyberwar fighters’ first questions are, “What’s on the other side of the hill? [and] Who’s blue, who’s red, who’s gray, who’s neutral?” Gen. Chilton said.
“And what’s my battlespace like? What’s the order of battle of the adversary? If I’m attacked, where did the attack come from, so I can retaliate, or how can I pre-empt? [It’s the] same in cyberspace. It’s the same fundamental principles, it’s just a different domain of operation,” he said.
Asked about threats to U.S. computer networks from foreign states and criminal hackers within the next five years, Gen. Chilton said: “I just see it increasing.
“I think you’ll see increased sophistication in the threat,” he said. “The threats are getting more sophisticated already.”
Cyberthreats have shifted from the late 1990s, when “we worried about little pimply faced teenager hackers,” he said.
“They’re in the noise now,” the general said. “This is a much more sophisticated environment, with criminal activity, large money invested in being able to do it and nation-state investment. Those are the type of threats you worry about in the future.”
Gen. Chilton declined to name the foreign states that pose the most significant threats, such as Chinese and Russian computer wafare specialists.
“I wouldn’t so much characterize them as threats, because that’s up to intent on how they use it,” he said. “But capabilitywise, it’s the more sophisticated nations that have great skills in mathematics and monies and educational capabilities to invest in that type of computer technology.”
Gen. Chilton said the foreign operation that penetrated U.S. classified computer networks in 2008 changed the culture, conduct and capabilities for cyberwarfare.
“The culture piece is the hardest thing to change, but we’ve started to turn the horse’s head,” he said. “We looking at our network capabilities not just as a convenience, but being absolutely essential to operations.”
The general, who is leaving after more than three years as commander of the U.S. Strategic Command, praised the troops under his command who handle global security missions, ranging from information operations to missile defenses to space defense.
“Our business at the command is about providing global security for America and the men and women at the command get it, and they’re so dedicated it’s just been great working and being part of that organization,” he said.