The Army Is Shopping for Cyber Weapons

A Navy commander works with teammates at the U.S. Army's Cyber Center of Excellence at Fort Gordon, Georgia.

Georgia Army National Guard photo by Staff Sgt. Tracy J. Smith

AA Font size + Print

A Navy commander works with teammates at the U.S. Army's Cyber Center of Excellence at Fort Gordon, Georgia.

As part of the Pentagon's plan to beef up its capabilities, the service is reaching out to providers to see what kinds of tools are available.

The Army is seeking the assistance of cyberattack tool sellers, joining a growing number of Pentagon entities aiming to amass advanced cyber capabilities. 

A new market survey aimed at identifying suppliers is the third Defense Department document issued over the past month that points out a need to be able to execute “cyber effects.”

A cyber effect typically refers to a hack, disruption or other impact to an adversary’s network, according to security experts.

The Army’s request for information, which was released Thursday afternoon, expresses interest in “existing technical capabilities to deliver cyber effects with robust and mature capabilities” that can target “telecommunications, networking, components, and protocols.” 

Defense and intelligence community contractors have until June 15 to submit white papers containing suggestions. 

The four-page solicitation for “potential sources for the procurement of cyber capabilities” does not provide any other details about the capabilities sought. Most of the space is consumed by questions about the prospective contractor’s demographic information.

Army officials did not immediately clarify what the branch is looking for.  

A basic example of a “cyber effect” would be “malicious software gets on your computer and the effect is the screen goes black,” said James Lewis, a cybersecurity analyst at the Center for Strategic and International Studies.

Last week, the Navy also announced preparations to incorporate hacking tools into its munitions store.  

“The Navy as a whole must understand and embrace cyber and space effects as an integral component of our arsenal,” states a five-year Navy Fleet Cyber Command strategic plan issued May 6. One of five focus areas for the Navy will be to help “commanders put cyber effects on the table while they craft operational plans.” 

The Pentagon, writ large, wants to speed up the provision of cyberattack technologies to geographic combatant commands. In April, Defense Secretary Ash Carter unveiled a departmentwide cyber strategy that, among many other things, discusses accelerating plans for “cyberspace effects in support of operational plans and contingency operations,” as well as defining “specific cyberspace effects against targets.”

Previewing the Navy’s agenda April 7, a senior official said the service is building the capacity to unleash cyberattacks from points across the globe.

“Those kinds of capabilities are leveraged from all parts of the world, predominantly ashore installations, in some cases afloat,” said Kevin Cooley, executive director and command information officer of the Fleet Cyber Command.

In popular culture, cyber capabilities that produce effects on enemies are called “cyberweapons.”

But what effects do cyberweapons actually create? That’s a question bugging the military’s legal advisers.

The term “cyberweapon” has been interpreted to mean anything from spyware, to malicious code for destroying nuclear power plants. Former Pentagon attorneys say militaries worldwide need clarity on the word so they don’t break international laws.

Because both procurement and use of a ‘weapon’ are dependent on its first being subject to legal review, it is crucial that the proper definition for cyberweaponry be chosen,” retired Col. Gary Brown, former legal adviser at U.S. Cyber Command, and Lt. Col. Andrew O. Metcalf, former legal adviser to U.S. Marine Corps Forces Cyberspace Command, write in a 2014 Journal of National Security Law and Policy article

They note “the wrong definition could lead to a failure to comply with international legal standards, if it is too narrow,” while an “overly broad definition could encompass espionage tools.”

Often, the only difference between operations to collect intelligence and operations to deliver “cyber effects is the intent – intelligence activities are done with the intent of collecting intelligence, while other military activities are done in support of operational planning or execution,” Brown and Metcalf say.

It’s not even clear if Stuxnet, one of the most destructive known viruses, is a cyberweapon. Legal weapons don’t self-replicate, Brown and Metcalf say. Allegedly a U.S.-Israeli invention, Stuxnet sabotaged Iranian nuclear centrifuges but also accidentally spread to systems in the United States, according to Symantec. That’s an effect the Pentagon, one would hope, is not looking for.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download
  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Top 5 Findings: Security of Internet of Things To Be Mission-Critical

    As federal agencies increasingly leverage these capabilities, government security stakeholders now must manage and secure a growing number of devices, including those being used remotely at the “edge” of networks in a variety of locations. With such security concerns in mind, Government Business Council undertook an indepth research study of federal government leaders in January 2017. Here are five of the key takeaways below which, taken together, paint a portrait of a government that is increasingly cognizant and concerned for the future security of IoT.

    Download
  • Coordinating Incident Response on Posts, Camps and Stations

    Effective incident response on posts, camps, and stations is an increasingly complex challenge. An effective response calls for seamless conversations between multiple stakeholders on the base and beyond its borders with civilian law enforcement and emergency services personnel. This whitepaper discusses what a modern dispatch solution looks like -- one that brings together diverse channels and media, simplifies the dispatch environment and addresses technical integration challenges to ensure next generation safety and response on Department of Defense posts, camps and stations.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download

When you download a report, your information may be shared with the underwriters of that document.