Is the U.S. Waging a Virtual War?

Kyle Stock, special to PCWorld.com

WASHINGTON-- Computer viruses, worms, and electronic "pulses" could be doing substantial damage in Iraq, according to some cybersecurity experts.

As U.S. military forces move through sandstorms to Baghdad, battling Iraqi resistance and worrying about biological and chemical attacks, soldiers sitting in tents in Kuwait--or in offices in Washington--could be making equally critical moves on keyboards.

Cyberwarriors may be invading Iraqi computer networks, shutting down utility grids, stopping or intercepting communications, and jamming radar. Other weapons including e-pulse bombs and microwave lasers may be silently and bloodlessly knocking out computers all over the country.

Don't Ask, Don't Tell

All of this might be happening--but it might not. Security experts are speculating, but nobody can offer confirmation that such a virtual war is actually under way. When asked about cyberattacks in Iraq, military leaders are tight-lipped.

"The only thing I can say is, if that's part of our ongoing operations, I couldn't comment on it," says Lieutenant Commander Charles Owens, a U.S. Army spokesperson based at Central Command Headquarters in Qatar.

The United States' guidelines and capabilities surrounding cyberwarfare are as secret as the atomic bomb operations of the early 1940s.

In July, President Bush signed a secret national security directive ordering the government to develop rules on when and how the U.S. would engage in cyberattacks, news that wasn't released until early February.

"We have the capabilities, we have organizations; we do not yet have an elaborated strategy, doctrine, procedures," Bush's chief cybersecurity advisor, Richard A. Clarke, said at the time.

Pandora's Box

Setting a precedent for cyberattack is one of the major sticking points for U.S. commanders and politicians. In early February, Clarke warned that the United States might stand to lose more than other nations by "legitimizing" cyberattacks.

The United States would be brought to its knees if its communications, power grids, 911 emergency systems, and air traffic control systems were locked up, says James Adams, founder of IDEFENSE, a company that helps governments and corporations assess and address cybersecurity.

Information attacks could be more crippling than any physical invasion, Adams says.

Dan Woolley, a former U.S. Air Force computer specialist and the vice president of Internet security company SilentRunner, says that cyberdefense and infiltration is a constant cat-and-mouse game.

"The U.S. likes to claim that it hasn't been invaded since 1812, but the reality is we're being attacked and invaded every day," Woolley says. "If you're thinking of all the possible scenarios of how someone is going to attack you, you think 'Could I not use that technology to attack?' And you have to assume that that thinking has gone through our war planners' minds."

One group that has used technology during the current war: antiwar protestors. Activists closed down the U.K. government's 10 Downing Street Web site for a short period over the weekend via a denial-of-service attack.