Cyberwar, depending on who you listen to, is either going to be the death of us all, or… it won’t.
Cyber weaponry appears to be entering a golden age of rapid development—a new arms race. The quest in Washington, Silicon Valley, and around the globe is to develop digital tools both for spying and destroying. The most enticing targets in this war are civilian—electrical grids, food distribution systems, any essential infrastructure that runs on computers. “This stuff is more kinetic than nuclear weapons,” says Dave Aitel, founder of a computer security company in Miami Beach called Immunity…
The race to master the perceived threats—or to even learn of their existence—could trigger an expensive and unnecessary new arms race, Steinberg continued. “It could be like the nuclear rivalry in the Cold War, which is that each side becomes preoccupied with the potential danger that the other could pose and begins to orient its own policy around those dangers.” Such a development could end up being self-defeating if it constrains Internet activity too much (although, of course, Cold-War era defense spending created the Internet in the first place).
So what’s the military significance of cyberwar? All the services (and even bigger than defense, all of government) are interested in the cyber domain as an operating environment given its great value and ubiquitous character. But the domain has its own disadvantages; you don’t develop the sort of profound expertise needed at an eight-week technical training course with a group of trainees who might otherwise be cops, cooks, or crew dogs. From the Businessweek article:
“That [an experimental white hat hacking] group was about finding a door and then picking it or punching it or doing whatever it takes to get it open,” says Christopher Klaus, a founder of ISS. “There are maybe 500 people in the world who could do this kind of stuff.”
So how does the military build profound competencies in such areas as offensive cyber capabilities, defensive cyber capabilities, or cyber forensics? It either: 1) buys them, 2) rents their services, 3) pretends it has them, or 4) develops them over a long period of time.
As far as service members having the requisite combination of cyber education and experiences, I’m guessing we’re looking squarely at door number three as ground truth.