With the confirmation of Army Gen. Keith Alexander as commander of U.S. Cyber Command, America now faces the daunting task of coordinating its military efforts to protect against and respond to cyber attacks. In February, former Director of National Intelligence Mike McConnell warned that "the United States is fighting a cyberwar, and we are losing."
To face this challenge, we must identify the attackers and develop responses in terms of policy, legislation and military preparedness.
During the first half of 2009, at least 43,785 reported incidents of malicious cyber activity were directed against the Defense Department. These incursions came from a variety of sources, ranging from criminal hackers to foreign governments, and remediation alone cost DoD more than $100 million. That figure does not account for the cost of data lost to cyber espionage.
The most egregious actions — and potentially the most dangerous to U.S. security — have come out of China. Chinese military thinkers believe the U.S. is far more vulnerable to cyberwar than Beijing, arguing that because U.S. forces rely heavily on computers, satellites and space sensors; operate over vast distances; and depend on supply networks and force projection designed to get supplies and parts where they are needed "just on time," they can be seriously weakened by computer network attacks.
Efforts by the Chinese People's Liberation Army (PLA) to develop its cyberwarfare capabilities began by examining and replicating U.S. computer network operations in the two wars in Iraq and operations in the Balkans. Today, however, China's military is actively developing an indigenous doctrine adapted to the needs of its forces.
We know from the cyber attacks on Google that some exploitations by the Chinese government are attempts to strengthen domestic control over the population and suppress human rights activists. In other cases, it uses cyber spying to complement traditional espionage, as has been the case with gathering information related to B-1 and B-2 bombers, naval propulsion and electronics systems, and perhaps the F-35 Lightning II fighter.
The most serious threat the U.S. faces from China's cyber war efforts is the attempt to impede the flow of forces and supplies to a crisis area. According to Marine Corps Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, some of the penetrations of DoD were an effort to map out U.S. government networks in order to cripple America's command-and-control systems in the event of a future attack.
Some of the more sophisticated analyses from China's armed forces propose to boost the ability to attack an adversary's satellite communications and sensor systems, critical transportation and energy infrastructure, ports of embarkation, and command systems.
China is not the only cyber threat faced by U.S. forces, but it has the fastest-growing and most active approach to cyberwarfare. And while the political climate across the Taiwan Strait has improved, Beijing continues to threaten the use of force and has developed military strategies to counter any U.S. effort to employ forces to maintain peace in the case of China-Taiwan conflict.
There are other potential flashpoints that drive Beijing to develop offensive cyber capabilities, as well, such as the disagreement over freedom of navigation in the Pacific outside China's territorial waters.
From a policy standpoint, the U.S. must clarify how it views a cyber attack and explain that it reserves the right to respond by force.
Furthermore, we must ensure that U.S. Cyber Command's service components have the manpower and equipment to wage effective defenses and, if necessary, undertake offensive operations. We also should work with Australia, Japan, NATO and South Korea to address network penetrations.
We also must know the origin of the software and hardware we use. It doesn't make much sense to have a system built with chips and run on software created in the country that is the most active cyber adversary we face.
Supply chains for computer systems and components must come from trusted foundries and use trusted software. Our satellites should be remotely reprogrammable in the event of a cyber attack.
With a concerted effort by the executive branch, Congress, DoD, industry and allies, we can ensure that our adversaries know they cannot act with impunity.
Larry Wortzel is a commissioner and former chairman of the U.S.-China Economic and Security Review Commission. Rep. Randy Forbes, R-Va., is member of the House Armed Services Committee and founder and co-chairman of the Congressional China Caucus.