Posts by MatthewSchleupner:

    The 400-pound hacker: Why we need to update our notions of strategic bombing

    October 9th, 2016

     

    By Matthew Schleupner.

     

    What really is a bombing really?  I would argue that bombing has less to do with cause and more to do with the effect.  On today’s modern battlefield (if we can call it that), antiquated notions of what it means to conduct strategic bombings holds our thinking and capabilities back in the realm of cyberwarfare – the next frontier of strategic bombing.  Definitions of what it means to strategically bomb and defeat an enemy need to be updated, quickly, as U.S. capabilities and battle plans are following behind within the realm of cyberspace while enemies, both nations and organizations, have opened their eyes and exploited our vulnerabilities in the cyber world.

    When we think of strategic bombing, we usually think of the Second World War.  We think of theories developed by the Trenchard school in Great Britain or the B-29 bomber or Operation Meetinghouse.  These bombings were used as part of a strategy in a total war environment.  Phrases like “take their will to fight” were commonplace in rationalizing the total war approach of strategic bombing.  Goals were to destroy the enemy by bombing not only military targets, but specifically going after economic and social targets to demoralize the populace and force capitulation of the enemy.  It is a systematically organized and executed attack from the air which can utilize strategic bombers, long- or medium-range missiles, or nuclear-armed fighter-bomber aircraft to attack targets deemed vital to the enemy’s war-making capability.  For all intents and purposes, this definition is still the definition we operate under when conducting our warfare planning.

    We know from Clausewitz though that absolute war theory (a theory that would encompass a total war approach, meaning all types of warfare are on the table) is a logical fantasy or, as I would argue, has increasingly become impossible to envision.  In a world of international orders and organizations, legal treaties and increased economic and cultural globalization being able to simple conduct total war on an enemy, to include nuclear warfare or chemical warfare, seems far-fetched.  This is not to say rouge actors don’t, won’t, or can’t use these types of tactics but it is to say the world is moving away from it.  Clausewitz argued for a real war approach, which is warfare encumbered by political motives and constrained by practical problem sets of time and space.  This world described by Clausewitz sounds much more like the modern world then the world of total war.

    Additionally, we know from traditional strategic bombing theory that targets are physical infrastructure; dams, roads, bridges, factories.  Sometimes, as in the case of London bombings or Tokyo bombings it might just be people.  These are the targets because their destruction demoralizes enemies and forces capitulation.  But why couldn’t the target of strategic bombings be financial systems or electrical grids – the digital backbones behind the structures.  Instead of bombing an electrical grid, digitally destroy the technologies behind it that make it run.  A lot less mess, literally, with the same amount of punch.

    If this is true that modern warfare is more real war and the definition of targets in strategic bombing could be expanded, then moving away from the modern definitions of strategic bombing (with actual bombs) to one where cyber-attacks freeze or cripple modern infrastructure seems like a much more doable act in order to accomplish the goals of demoralizing an enemy populace and forcing capitulation.  Bombs leave a lot of death and bring a lot of physical destruction.  A 400-pound private hacker can sit in Romania and with “impetus” from a hostile actor, hack sensitive information or shut down vital systems to cripple us.  It can and has happened and will happen again.

    The U.S. military is trying to catch up.  With the creation of U.S. Cyber Command under a joint command headquarters and the offering of high-level direct commissions to top-talent in the cyber realm, the military is trying.  However, we see over and over again the penetrating attacks of hostile nations and hostile organizations are landing.  Recently, Sen. Angus King, member of the Senate Select Committee on Intelligence, stated that his main concern was another Pearl Harbor to be executed in the cyber realm.  This is damning considering that Pearl Harbor was such a devastating example of a strategic bombing mission.

    What can be done?  First, we must recognize that what we see is what is happening and define it.  What this means is no one pretending that the last few years of cyber-attacks are simply aimed at stealing information or that these are just the random 400-pound hackers.  These attacks are probing and many nations who we deem hostile or even friendly are switching expenditures to standup cyber warfare battalions.  Additionally, we have to fight and see cyber warfare not just on the conventional realm but also on the unconventional realm.  This is because many of our adversaries are fighting cyber warfare not with standing armies, but privately contracted individuals – making tracking much harder.  Within the bounds of our own legal authorities, we need to see things this way as well.  Last, we need to change the culture within the government that foster creative, innovative solutions to a problem set that rapidly changes in an ambiguous environment.  

    With a change in direction and thinking, because of our seemingly endless resources, the nut on this can be cracked quickly and our Nation can be on the leading edge of cyber warfare.  

    Comments Off on The 400-pound hacker: Why we need to update our notions of strategic bombing