Quantcast

Friday, October 31, 2014         

NEW YORK TIMES


 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

Obama worried about effects of waging cyberwar in Syria

By New York Times

POSTED:



WASHINGTON » Not long after the uprising in Syria turned bloody late in the spring of 2011, the Pentagon and the National Security Agency developed a battle plan that featured a sophisticated cyberattack on the Syrian military and President Bashar Assad's command structure.

The military's ability to launch airstrikes was a particular target, along with missile production facilities. "It would essentially turn the lights out for Assad," said one former official familiar with the planning.

For President Barack Obama, who has been adamantly opposed to direct U.S. intervention in a worsening crisis in Syria, such methods would seem to be an obvious, low-cost, low-casualty alternative. But after briefings on variants of the plans, most of which are part of traditional strikes as well, he has so far turned them down.

Syria was not a place where he saw the strategic value in U.S. intervention, and even such covert attacks — of the kind he had ordered against Iran during the first two years of his presidency — involved a variety of risks.

The Obama administration has been engaged in a largely secret debate about whether cyberarms should be used like ordinary weapons, whether they should be rarely used covert tools, or whether they ought to be reserved for extraordinarily rare use against the most sophisticated, hard-to-reach targets.

And looming over the issue is the question of retaliation: whether such an attack on Syria's air power, its electric grid or its leadership would prompt Syrian, Iranian or Russian retaliation in the United States.

It is a question Obama has never spoken about publicly. He has put the use of such weapons largely into the hands of the NSA, which operates under the laws guiding covert action. As a result, there is little of the public discussion that accompanied the arguments over nuclear weapons in the 1950s and '60s, or the kind of roiling argument over the wisdom of using drones, another classified program that Obama has begun to discuss publicly only in the past 18 months.

But to many inside the administration, who declined to speak for attribution on discussions about one of the United States' most highly classified abilities, Syria puts the issue back on the table. Obama's National Security Council met Thursday to explore what one official called "old and new options."

One of the central issues is whether such a strike on Syria would be seen as a justified humanitarian intervention, less likely to cause civilian casualties than airstrikes, or whether it would only embolden U.S. adversaries who have themselves been debating how to use the new weapons.

Jason Healey, the director of the Cyber Statecraft Initiative at the Atlantic Council, argues that it is "worth doing to show that cyberoperations are not evil witchcraft but can be humanitarian."

But others caution whether that would really be the perception.

"Here in the U.S. we tend to view a cyberattack as a de-escalation — it's less damaging than airstrikes," said Peter W. Singer, a Brookings Institution scholar who has recently published a book titled "Cybersecurity and Cyberwar: What Everyone Needs to Know." "But elsewhere in the world it may well be viewed as opening up a new realm of warfare."

Internally, Obama has made no secret of his concerns about using such weapons. He narrowed Olympic Games, the program involving use of the Stuxnet computer worm against the Iranian nuclear enrichment program, to make sure that it did not cripple civilian facilities like hospitals.

What he liked about the program was that it was covert, and that, if successful, it could help buy time to force the Iranians into negotiations. And that is exactly what happened.

But when a technological error resulted in the broadcast of Stuxnet around the world, ultimately leading to the revelation of the program's origins with the NSA and Unit 8200 of Israel, Obama's hopes of keeping such programs at arm's length were dashed.

Since then, there has been no clear evidence that the U.S. has used the weapons in another major attack. It was considered during the NATO attacks on Libya in the spring of 2011, but dismissed after Obama's advisers warned him that there was no assurance they would work against Moammar Gadhafi's antiquated, pre-Internet air defenses.

The head of the NSA, Gen. Keith B. Alexander, said in an interview last year that such weapons had been used only a handful of times in his eight-year tenure.

But Syria is a complicated case, raising different issues than the attack on Iran did.

In Syria, the humanitarian impulse to do something, without putting Americans at risk or directly entering the civil war, is growing inside the administration. Most of that discussion focuses on providing more training and arms for what are seen as moderate rebel groups. But in the conversations about stepping up covert action, cyberweapons are one tool under discussion.

Part of the argument is that Syria is a place where the United States could change its image, using its most advanced technology for a humanitarian purpose.

"The United States has been caught using Stuxnet to conduct a covert cybercampaign against Iran as well as trawling the Internet with the massive PRISM collection operation," Healey wrote recently, referring to the NSA's data-mining program. "The world is increasingly seeing U.S. cyberpower as a force for evil in the world. A cyberoperation against Syria might help to reverse this view."

Yet that would require openly taking credit for such an attack, something the U.S. has never done. "The question is whether the president would be willing to give the kind of speech he gave about why it would be justified to shoot off missiles in response to Assad's use of chemical weapons," a senior administration official said. Obama pulled back from that strike at the last moment.

Even if the U.S. wanted to act covertly, a cyberattack on Syria would be hard to keep secret. Anything that grounded the air fleet, or turned out the lights at key facilities in Damascus and at major military outposts, would be instantly noticed — and would not necessarily be accomplished quickly.

U.S. military planners concluded after putting together options for Obama during the past 2 1/2 years that any meaningful attack on Syria's facilities would have to be both long enough to make a difference and targeted enough to keep from making an already suffering population even worse off.

For those and other reasons there are doubters throughout the military and intelligence establishment. "It would be of limited utility, frankly," one senior administration official said.

For instance, an attack could disrupt or shut down the navigational systems for Syria's aircraft, including the Russian-designed Mi-8 and Mi-17 helicopters that are carrying out many of the so-called barrel-bomb attacks against civilians in Homs and Aleppo.

But Syrian commanders would probably just shift to other weapons in their arsenal, such as an array of rockets and missiles, including longer-range Scud missiles, that Assad's forces have already employed with deadly effect.

Syria is no stranger to these attacks, either on the receiving or the giving end.

A September 2007 strike by Israel that destroyed a nuclear reactor being built in the Syrian desert was accompanied by an ingenious cyberattack that blinded the country's air defenses. When the Syrian military awoke the next morning, the reactor being built with North Korean help was a smoking hole in the ground, as were some associated facilities.

On the offensive end, the Electronic Frontier Foundation, which follows such issues, assembled evidence in a report published late last year that the Syrians had used a "spear phishing" ploy, which gets the target to click on a link in an email, in this case videos of war atrocities, to identify people who are aiding the rebel groups and get inside their computer systems.

And the Syrian Electronic Army, which U.S. intelligence officials suspect is actually Iranian, has conducted strikes against targets in the U.S. during the past year, including the website of The . Mostly, these have been denial-of-service attacks, annoying and disruptive, but not truly sophisticated.

The chances that Syria could manage a significant response is low, U.S. officials and outside experts said. But the precedent could embolden the Russians and the Iranians — who also have stakes in the Syrian war, and far more ability — into taking a greater part in a new and rapidly escalating form of warfare.

David E. Sanger, New York Times






 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(2)
You must be subscribed to participate in discussions


IN OTHER NEWS