In a story that came out yesterday that made my inner nerd very gleeful, but my outer IR type extremely wary, the New York Times broke that the US was considering using cyberwarfare against Libya during the outset of NATO’s intervention campaign. To get a sense for just what that would entail:
Just before the American-led strikes against Libya in March, the Obama administration intensely debated whether to open the mission with a new kind of warfare: a cyberoffensive to disrupt and even disable the Qaddafi government’s air-defense system, which threatened allied warplanes.
While the exact techniques under consideration remain classified, the goal would have been to break through the firewalls of the Libyan government’s computer networks to sever military communications links and prevent the early-warning radars from gathering information and relaying it to missile batteries aiming at NATO warplanes.
I dare you to try to reread that and not have your mind go to a dark room filled with faces inaccurately-lit in green and blue, pounding away at their keyboards, attempting to exploit the weaknesses of the Qadaffi regime’s command and control systems. I’ll wait. I can already see the Hollywood pitch for the revised version of history where our brave cyberwarriors actually were the ones to take down the dreaded dictator. Daft Punk would provide the soundtrack. While the thought of using this advanced technological capability in an actual military operation is intriguing and would make for a wicked movie, there are a number of reasons why going through with such an action would have been a Very Bad Idea.
First and foremost, giving the United States’ cyber-capabilities a test spin against the Libyan Armed Forces would have been a breathtaking waste of a U.S. trump card for future conflicts. While the Libyan air defenses had the potential to be a thorn in the side of the NATO warplanes, there was precisely zero need to use capabilities that are officially still under-wraps against the Jamahiriya. Our bombers easily sought out and destroyed ground-to-air missile sites within the first few weeks of NATO sorties, rendering the overkill that a cyberattack would have been in bright flashing explosions. If and when digital attacks become fully necessary for the achievement of a critical mission, the United States will deploy such methods, and in doing so command not only the tactical advantage that launching such an attack would bring, but would benefit from the psychological factor inherit in utilizing new technologies in unexpected ways. The raid that took out Osama bin Laden was notable not just for the actually death of the terrorist mastermind, but the unveiling of the previously secret stealth helicopter that the United States now possesses, which in turn led to a race by other capable nations to begin researching similar technology. It was a mission packed with significance, where the operational capability provided by the technology matched the goal at hand.
Which brings us to the second reason that launching such as strike as US officials also rightfully concluded, having the United States launch the first public salvo in the war for the digital domain would set an irreversible precedent. Much like the United States’ officially non-existent drones campaign against Pakistan, the fact that states are currently utilizing various hacking methods against one another is an unspoken but quietly acknowledged axiom in this day and age. So far, the use of state-to-state digital attacks have been through proxies or focused on enhancing espionage capabilities; no attack has yet to be made on the level that would allow it to be dubbed ‘warfare’, in my opinion including attacks against command controls of critical infrastructure or operating military systems. Were the US to be the first to commit such an attack, it would open a whole new can of worms in terms of conflict, with other states that have similar capacities to inflict cyberstrikes, though not of the same magnitude as the US while still possessing the potential to wreak havoc, to readily seize the opportunity to openly incorporate similar cyber-initiatives into their own tactical planning. To wit: we would see a massive surge of data skirmishes between us and China, among others, and veritable digital onslaughts by more capable states against lesser neighbors or challengers across the globe. Think the darkest days of realist theory played out over ethernet cables.
Finally, the legal implications of the US military being the wielder of cyber-force against Libya are stunning. President Obama had enough trouble making the case that the Operation: Unified Protector did not fall under the War Powers Act of 1973 and didn’t require Congressional approval, a point that even the top lawyers at Defense and Justice had a difficult time acquiescing to. On a sidebar, I think that the United Nations Participation Act gave all the coverage needed after the passage of UNSC Resolution 1973, but I digress. Back on point, the use of cyber-capabilities would have muddied the water even further; while the War Powers act doesn’t define “hostilities”, it also was drafted before it was ever assumed that cyberoffensives would ever be possible. Since an attack using computers wouldn’t be physical in nature, it’s unsure whether launching a cyberattack would start the clock on Congressional notification, or require any notification at all, and now to start that debate surrounding Libya would be inopportune at best.
In any case, the Administration made the right call on this one. There will come a day where the United States faces an enemy that requires bringing out the big (digital) guns, but taking down Libya was certainly not it. Now if you’ll excuse me, I have to go re-watch The Matrix.