Pentagon Announces New Strategy: Rapidly Develop Cyberweapons to Attack Specific Targets

081203-N-2147L-390 NORFOLK, Va. (Dec. 3, 2008) Sailors on the watch-floor of the Navy Cyber Defense Operations Command monitor, analyze, detect and defensively respond to unauthorized activity within U.S. Navy information systems and computer networks. (U.S. Navy photo by Mass Communications Specialist 1st Class Corey Lewis/Released) MC1 Corey Lewis

The Pentagon wants cyberweapons, and it wants them fast. Deftly recognizing that cyberweapons are nothing like the materiel of physical warfare, the DoD is devising a means to fast-track and field certain cyberweapons, some of which will take only days to go from development to deployment.

The Washington Post has obtained a Pentagon-prepared report for Congress outlining and acquisition process that will respond to “mission-critical” needs when cyber weapons are absolutely necessary and time isn’t on the side of U.S. personnel. It’s a strategy that addresses the fact that cyberwarfare isn’t like anything that’s come before it.

In conventional warfare, you build your weapons, you warehouse them, and if the time comes, you pull them out of storage and you deploy them wherever in the world they are needed. Procurement times are long, but so is the shelf life of something like an F-16–an all-purpose platform that can flies and fights the same way regardless of hemisphere. Cyberwarfare is nothing like this. Generally, a specific threat requires a specific response, and specific cyber targets require specific cyberweapons that may be used once and never used again. As such, cyberweapons can’t effectively come off the shelf. They have to be tailor made for the situation, and fast.

To that end, the two-year-old Cyber Command is in the process of inventorying the Pentagon’s current cyber capabilities and basic off-the-shelf cyberweapons platforms that could be quickly tailored for specific tasks. It will then set up two different silos of cyberweapons development. In the rapid silo, cyberweapons will be developed in months or even just days from existing or nearly complete hardware and software assets to deal with immediate threats. The deliberate silo will house cyberweapons that are designed over longer timelines for specific purposes but whose deployments are far riskier (“cough STUXNET cough”).

It’s important to note that these cyberweapons won’t just be defensive, but offensive as well. Which is troubling in its own way, since the building of new and powerful offensive weapons tends to lead to escalation. But at least it shows that the Pentagon fully (and finally) grasps that this kind of warfare requires a high degree of nimbleness. In the same way that you don’t want to show up to an IED fight with an unarmored humvee, you can’t expect to compete in the cyber conflicts of the future with yesterday’s cyber tools.