August 21, 1995 Volume 146, No. 8
BY DOUGLAS WALLER WASHINGTON
In a secure vault in the u.s. army's super-secret Intelligence and Security Command in northern Virginia, Colonel Mike Tanksley sketches the barest outlines of the new Armageddons. These are only "What ifs?" he insists, so there cannot really be details. Yet his war scenario resounds with almost biblical force. The next time a tyrant out of some modern Babylon (Baghdad, Tehran or Tripoli, for example) threatens an American ally (Riyadh, Cairo, Jerusalem) the U.S. doesn't immediately send legions of soldiers or fleets of warships. Instead Washington visits upon the offending tyranny a series of thoroughly modern plagues, born of mice, video screens and keyboards.
First, a computer virus is inserted into the aggressor's telephone-switching stations, causing widespread failure of the phone system. Next, computer logic bombs, set to activate at predetermined times, destroy the electronic routers that control rail lines and military convoys, thus misrouting boxcars and causing traffic jams. Meanwhile, enemy field officers obey the orders they receive over their radios, unaware the commands are phony. Their troops are rendered ineffective as they scatter through the desert. U.S. planes, specially outfitted for psychological operations, then jam the enemy's TV broadcasts with propaganda messages that turn the populace against its ruler. When the despot boots up his PC, he finds that the millions of dollars he has hoarded in his Swiss bank account have been zeroed out. Zapped. All without firing a shot. A glow comes over Colonel Tanksley as he talks about this bloodless retribution. "We may be able to stop a war before it starts," he says. Or, more likely, wage war in a whole new way.
The vision from the vault in Virginia is of "information warfare"--now the hottest concept in the halls of the Pentagon. Info warriors hope to transform the way soldiers fight. Their goal: to exploit the technological wonders of the late 20th century to launch rapid, stealthy, widespread and devastating attacks on the military and civilian infrastructure of an enemy. In interviews with scores of military, intelligence and Administration officials, Time discovered that the Pentagon has wide-ranging plans to revolutionize the battlefield with information technology much as tanks did in World War I and the atom bomb in World War II. Says Admiral William Owens, vice chairman of the Joint Chiefs of Staff: "This is America's gift to warfare."
The cyberwar revolution, however, poses serious problems for the U.S. Some are ethical: Is it a war crime to crash another country's stock market? More perilous are the security concerns for the U.S., where a tyrant with inexpensive technology could unplug nasdaq or terrorist hackers could disrupt an airport tower. Giddy excitement over infowar may be shaken by an electronic Pearl Harbor. Last year the government's Joint Security Commission called U.S. vulnerability to infowar "the major security challenge of this decade and possibly the next century."
Infowar evolved with every recent U.S. military foray. In the first day of the Persian Gulf War, Air Force stealth planes armed with precision-guided munitions blinded Saddam by knocking out his communications network and electrical power in Baghdad. The Pentagon launched a sophisticated psy-ops campaign against Haiti's military regime to restore deposed President Jean-Bertrand Aristide. Using market-research surveys, the Army's 4th Psychological Operations Group divided Haiti's population into 20 target groups and bombarded them with hundreds of thousands of pro-Aristide leaflets appealing to their particular affinities. Before U.S. intervention, the cia made anonymous phone calls to Haitian soldiers, urging them to surrender, and sent ominous E-mail messages to some members of Haiti's oligarchy who had personal computers.
This was just the beginning. The promise of infowar has grown exponentially with the increasing power and pervasiveness of computer microprocessors, high-speed communications and sophisticated sensors--all with tremendous battle potential for those who know how to manipulate them.
Infowar offices are being set up in the Army, Navy and Air Force. In June the National Defense University in Washington quietly graduated its first class of 16 infowar officers, specially trained in everything from defending against computer attacks to using virtual reality in planning battle maneuvers. Last month the Naval War College at Newport, Rhode Island, finished a global war game that had information-warfare specialists plotting ways to cripple enemy computers. Later this summer senior Pentagon officials will analyze the results of more than a dozen secret infowar games conducted during the past two years to determine how future military tactics should be changed.
Spy agencies are also dabbling in hacker warfare. The National Security Agency, along with top-secret intelligence units in the Army, Navy and Air Force, has been researching ways to infect enemy computer systems with particularly virulent strains of software viruses that already plague home and office computers. Another type of virus, the logic bomb, would remain dormant in an enemy system until a predetermined time, when it would come to life and begin eating data. Such bombs could attack, for example, computers that run a nation's air-defense system or central bank. The cia has a clandestine program that would insert booby-trapped computer chips into weapons systems that a foreign arms manufacturer might ship to a potentially hostile country--a technique called "chipping." In another program, the agency is looking at how independent contractors hired by armsmakers to write software for weapons systems could be bribed to slip in viruses. "You get into the arms manufacturer's supply network, take the stuff off-line briefly, insert the bug, then let it go to the country," explained a cia source who specializes in information technology. "When the weapons system goes into a hostile situation, everything about it seems to work, but the warhead doesn't explode."
Infowar weapons may be even more exotic than computer viruses. Los Alamos National Laboratory in New Mexico has developed a suitcase-size device that generates a high-powered electromagnetic pulse. Commandos could sneak into a foreign capital, place the emp suitcase next to a bank and set it off. The resulting pulse would burn out all electronic components in the building. Other proposals combine biology with electronics. For instance, Pentagon officials believe microbes can be bred to eat the electronics and insulating material inside computers just as microorganisms consume trash and oil slicks.
Infowar will aggressively foster new intelligence-gathering techniques. The Pentagon already has satellites, spy planes and unmanned aircraft with cameras aboard to watch the enemy on the ground. In the future, thousands of tiny sensors may be sent airborne or covertly planted on land. M.I.T.'s Lincoln Laboratory is trying to build an unmanned aerial vehicle about the size of a cigarette pack that can take pictures. Miniature aerial sensors might even smell out the enemy. For example, aerosols would be sprayed over enemy troops, or chemicals would be clandestinely introduced into their food supply. Then biosensors flying overhead, says Thomas Baines at Argonne National Laboratory in Illinois, would "track their movement from their breath or sweat," so they could be targeted for attack.
While infowar may precede fighting or prevent it, the techniques and the technology can also enhance the management of an actual hot war, and make up for shortfalls in the conventional armed forces. With the Pentagon budget shrinking and the total U.S. ground Army of 1.1 million soldiers now only the eighth largest in the world, senior military officers believe they will have to harness America's technological lead in information processing and communications in order to fight future battles. During a simulated war game last May at Fort Leavenworth, Kansas, a 20,000-man infantry division, outfitted with sophisticated information-processing equipment and smart weapons the Army hopes to have fully deployed by the year 2010, was pitted against a North Korean army corps three times its size. With computers that pass combat orders quickly and sensors that see the enemy better on the battlefield, the high-tech division "just clobbered them," says Brigadier General Keith Kellogg of the Army's Training and Doctrine Command.
Scientists at Johns Hopkins University's Applied Physics Laboratory are testing a virtually omniscient computer system called Force Threat Evaluation and Weapon Assignment. It takes a Navy battle group's radar signals and converts them into a three-dimensional picture that the admiral watches on a monitor. Instead of confusing symbols, he sees graphics of enemy and friendly planes. Using a mouse, he can manipulate the video to look at the threat from any angle. The computer recommends the targets he should attack and even keeps watch on the skies when he's away from the screen. If the computer detects a threat, an "alert banner" that looks like a stock ticker above the screen flashes and tells the aide on duty, call the admiral now!!
The consequences of infowar will reach down into the ranks. By 2010, the Army hopes to "digitize the battlefield" by linking every soldier and weapons system electronically. A research team led by Motorola and the Army R.-and-D. lab in Natick, Massachusetts, plans to unveil next year a prototype of the equipment that the "21st century land warrior" will have. His helmet will be fitted with microphones and earphones for communications, night-vision goggles and thermal-imaging sensors to see in the dark, along with a heads-up display in front of his eyes to show him where he is on the ground and give him constant intelligence updates.
Future warfare, in fact, may look like today's science-fiction thrillers. "One day national leaders will fight out virtual wars before they decide to go to war at all," predicts Lieut. General Jay Garner, head of the Army's Space and Strategic Defense Command. Some futurists take it a step further. Countries will have their computers fight simulated wars instead of actual battles to decide who wins. Garner is not willing to go that far. "I have a hard time visualizing that warfare will be a video game devoid of pain."
All this may presage a vast reorganization of the military. With microprocessors making smaller weapons systems and electronically controlled drones able to track and attack targets, aircraft carriers and manned bombers may become obsolete in future conflicts. Just as computers have flattened the organizational charts of corporations, the military may have to restructure its ranks with fewer layers of staff officers needed to process orders between a general and his shooters on the ground. The distinction between civilian and soldier may blur with more private contractors needed to operate complex equipment on the battlefield. There will, no doubt, be bureaucratic and even cultural opposition within the military to this new form of fighting. "It's a lot easier to pick up girls in the bar if you're a fighter-wing commander than if you command a drone wing," says Andrew Krepinevich, a retired Army officer who directs the Defense Budget Project, a think tank on the military.
There are skeptics, inside and outside of the Pentagon, who fear that infowar is being oversold. "If you think this is going to replace four divisions or a carrier battle group, it can't," insists a senior Army operations officer. "The adversary who's confronted with an information-warfare attack and doesn't see anything behind it is likely to see a paper tiger." Psy-ops succeeded in Haiti because 20,000 U.S. soldiers were on the way to back up the message. Even if infowar becomes the American way of fighting, it's not clear how effective it will be among other nations. "People in Bosnia will kill each other with butter knives," says defense consultant Bill Arkin. "Computer viruses aren't going to stop that conflict."
Martin libicki, an information-warfare expert at the National Defense University, also doubts that the U.S. will ever be able to crush an enemy's information system completely. "The bits will get through," he contends. Enemy armies will always find ways to get messages past electronic jamming. With networked microcomputers, cellular phones and video conferencing available, an enemy leader can disperse his command centers to many locations, making it difficult for an attacker to destroy them all. And psy-warriors must compete with a blizzard of electronic media outlets such as commercial television networks, cnn and the Internet for the attention. Cutting off Saddam's telephones and electrical power didn't topple him during Desert Storm.
While there is general agreement that the Defense Department should move aggressively to develop such techniques, many senior Pentagon officers fear that an enemy could just as easily develop the same weapons and use them against the U.S. "When people talk about the tremendous potential of this warfare, they need to take a bite out of the reality sandwich," says Colonel Richard Szafranski, an instructor at the Air Force's Air War College. An infowar arms race could be one the U.S. would lose because it is already so vulnerable to such attacks. Indeed, the cyber enhancements that the military is banking on for its conventional forces may be chinks in America's armor.
The military's microsensors and omniscient rows of video monitors may be expensive, but much of the technology needed to attack information systems is low-cost (a computer, a modem), widely available (a willing hacker) and just as efficient (one phone call). "It's the great equalizer," says futurist Alvin Toffler. "You don't have to be big and rich to apply the kind of judo you need in information warfare. That's why poor countries are going to go for this faster than technologically advanced countries." An infowarrior could be anyone in the checkout line at the local computer store. "It doesn't require huge masses of money," says Donald Latham, a former Pentagon communications czar. "A few very smart guys with computer workstations and modems could endanger lives and cause great economic disruption."
The mischief has already begun. On the fourth floor of a renovated Navy warehouse, just across Arlington National Cemetery from the Pentagon, is the military's Automated Systems Security Incident Support Team. It's the Pentagon's technological 911 force, dedicated to responding to attacks on the military's computational ganglia. In the 18 months ending July 1, the support team received 28,000 calls for help from operators of the U.S. military's worldwide computer network. The team isolates thousands of hacker programs, known as "critters," and then securely cages them for research. Such programs are increasingly powerful and easy to use. No longer do intruders need to know complicated codes and have an intimate knowledge of computer science. "All they need to do," says Pentagon computer-security expert Kenneth Van Wyk, "is point, click and attack."
Last October a Pentagon's Defense Science Board panel warned of an info-attack threat well beyond that posed by the hackers who have been irritating the Pentagon for years. "This threat arises from terrorist groups or nation-states, and is far more subtle and difficult to counter than the more unstructured but growing problem caused by hackers," the high-level board said. "A large, structured attack with strategic intent against the U.S. could be prepared and exercised under the guise of unstructured 'hacker' activities." The U.S., it added, might not even know it is under attack. "There is no nationally coordinated capability to counter or even detect a structured threat." Such a strike could "cripple U.S. operational readiness and military effectiveness" by delaying troop deployments and misrouting cargo planes, trains and ships.
Hackers may be the new mercenaries, available to the highest bidder. During the Gulf War, according to Pentagon officials, a group of Dutch hackers offered to disrupt the U.S. military's deployment to the Middle East for $1 million. Saddam Hussein spurned the offer. The potential for disruption was great, says Steve Kent, a private computer--security expert in Cambridge, Massachusetts, and a member of a Pentagon advisory panel on defensive information warfare. "In the Gulf War the military made extensive use of the Internet for its communications, and it would have suffered had the Iraqis decided to take it out."
A secret national-intelligence report being prepared by the cia concludes that while there have been no clear attacks yet on the military's computer facilities, foreign intelligence services already are probing U.S. computers. A top Justice Department computer-security expert says five of the last seven identified intruders into the Pentagon's mainframes were foreigners. Retired Air Force Colonel Alan D. Campen, author of The First Information War, a 1992 book that described information technologies used during Desert Storm, says he got "requests for copies of the book from embassies all over the world." The Chinese army uses it in a course it teaches on infowarfare.
While the military's actual war-fighting computers are generally deemed secure, those supporting other vital areas--such as payroll, personnel, transportation and spare parts--are handled by poorly guarded Pentagon computers linked by scantily protected public-communications channels. The military's computers are probed by outsiders close to 500 times a day, Pentagon experts believe. But only about 25 of those are detected, and only two or three of those detected are reported to security officials. This penetrability is a legacy of computers designed for ease of use and accessibility to the Internet (itself a Pentagon creation). The toughest Pentagon computer to crack is the first one; once inside, nearly 90% of the other computers linked to the first computer will recognize the intruder as a legitimate user. "Hackers say our computers are crunchy on the outside," says Van Wyk, "but soft and chewy on the inside."
Outside the military, the nsa is deeply worried that computers controlling banking, stock exchanges, air-traffic control, phones and electric power could easily be crippled by determined hackers. "We're more vulnerable than any nation on earth," says nsa director Vice Admiral John McConnell. A wired adversary could take down these computers "without ever entering the country," an outside panel studying future Pentagon missions warned in a report last May. The results of such attacks could cause "widespread fear throughout the civilian population," according to another Pentagon report released last December.
Senior Pentagon and intelligence officials have told Time that senior White House aides have been considering a top-secret presidential directive spelling out what agencies of the government would defend against infowar or retaliate with a strategic attack by the U.S. (A Clinton adviser even fears an information-warfare strike before next year's presidential election; one of his jobs, he says half-jokingly, is to find a "Cabinet member to blame if something really bad happens.") Senior officers say that in the future, the President's black bag containing the instructions for launching a nuclear strike may also have inside it the codes for U.S. infobombs.
The potential for low-cost and bloodless resolution of conflicts brings with it other problems. Army chaplains recently met to consider the moral implications of cyberwar--fearing, for example, that in lightning-quick electronic attacks, an enemy that wanted to surrender would never have the chance. Treaties may have to be rewritten before chemicals are used to tag enemy soldiers for aerial sensors or biological agents are deployed to eat electronics. Knocking out a stock exchange may seem attractive at first glance, but Washington is reluctant to engage in financial fiddling for the same reason it avoids assassination of foreign leaders: the U.S. is uniquely vulnerable on both counts. The Bush Administration at one point considered disrupting Iraqi computers that controlled government financial transactions, but the cia opposed the action. "Every time screwing around with financial systems has been discussed as a covert action, people have walked away from it," says a former senior cia official. "Messing with a country's money represents a fundamental attack. No cia director has ever recommended it."
Indeed, in some respects, infowar may only refine the way modern warfare has shifted toward civilian targets, from the firebombings of Dresden and Tokyo during World War II to the "ethnic cleansing" in Bosnia. Taking down a country's air-traffic control or phone systems might be done cleanly with computers--but it still represents an attack on civilians. Economic warfare can be as dire as other forms of war, as embargoes have shown. With its fancy technology, infowar may be able to avoid some of the battlefield's lethal, bloody and dirty traditions. But the words of William Tecumseh Sherman will still apply: "War is cruelty, and you cannot refine it."
With reporting by Mark Thompson/Washington Copyright 1995 Time Inc. All rights reserved.