30 January 2010

In defense of Effects-Based Operations

Despite what many critics say, Effects-Based Operations (EBO) appear to actually work quite well...

(H/T Robert Haddick at Small Wars Journal and Foreign Policy Online)

On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.

The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.

What some participants in the simulation knew — and others did not — was that a version of their nightmare had just played out in real life, not at the Pentagon where they were meeting, but in the far less formal war rooms atGoogle Inc. Computers at Google and more than 30 other companies had been penetrated, and Google’s software engineers quickly tracked the source of the attack to seven servers in Taiwan, with footprints back to the Chinese mainland.

Others (e.g., Reach 364) have covered this topic more fully, so I'll just point you in that direction. Interestingly enough, I recall a decent amount of "cyber-vandalism" in the wake of the the infamous "Hainan Island Incident" in 2001, with some Chinese hackers taking down the Red Hat website and replacing it with anti-American propaganda.

Mr. Haddick also draws attention to one of the latest papers to come out of CNAS, entitled "Protecting the Global Commons", which addresses the issue of cybersecurity.

No comments: