An Air Force general this week stoked speculation about the military's cyberwar preparedness when he revealed it had reclassified six cyber tools as weapons.
Reclassifying the tools -- which weren't explained in any detail -- will enable their programs to more effectively compete for scarce funds in the Defense Department's budget, reasoned Lt. Gen. John Hyten, vice commander of the Air Force Space Command.
The move would help "normalize" military cyber operations, said Hyten at a cyber conference held in conjunction with the National Space Symposium in Colorado Springs, Reuters reported. It will also help cyber capabilities "get more attention and the recognition [they deserve]," he added.
The stance is a significant departure from the military's attitude toward cyber warfare as recently as two years ago. "It was hard to find information in the public domain because much of the information about cyber weapons was classified," said David Bodenheimer, who heads the homeland security practice at the law firm of Crowell & Moring in Washington, D.C.
He said the military's recent attitude readjustment about cyber tools has a couple of purposes. One is to deter nations from launching cyber attacks -- clandestine or otherwise -- on the United States. "When the military discusses the cyber weapons in its arsenal, it may discourage some countries from launching destructive cyber attacks on the U.S.," Bodenheimer explained.
"The general wisdom is that the U.S. is way ahead of the rest of the world on offensive cyber weapons, so in a cyber war we would be able to do great to other countries," he said. "On the other hand, our cyber defenses are considered to be way behind other nations."
Another purpose for the attitude change could be to drum up funding support from Congress. "These weapons show that we're making progress and advances in this area," Bodenheimer observed, although weapons discussed in public are probably not on the top shelf of the Pentagon's cyber arsenal.
"We can be sure we're seeing only the tip of the ice berg," he said. "The best and most advanced cyber weapons are almost certainly highly classified."
By opening up the discussion of cyber warfare, the military is attempting to make cyber part of normal military operations, observed James Barnett, a former Navy Rear Admiral and head of the cybersecurity practice at the Venable law firm in Washington, D.C.
"They're trying to show that this is a military domain, and we're very good at it," he said told CSO. "You don't want to have your enemies under or over estimate what your capabilities are."
"We were never very secret about what our nuclear weapons capabilities were," Barnett added. "It makes sense to have people know your capabilities and what's out there."
[Also see: U.S. rattles preemptive cyberattack saber | Preemptive cyberattack disclosure a warning to China | Chinese Army link to hack no reason for cyberwar]
It also makes sense to publicize a cause when you want to bump up funding for it. Hyten told attendees of the Colorado forum that the Air Force wants to add 1,200 more people to its current cyber workforce, now at about 6,000.
"As with anything else with the military, you've got to scream and fight for the resources you need to invest in these things," said Richard Stiennon, chief research analyst with IT-Harvest.
The military may also be preparing budget watchdogs for a need to modify contract procedures so the right private sector talent can be acquired to work on its cyber projects. "If you read between the lines, you can see they want to spend money with IT security vendors, and they've got to be able to grease the skids to do that," Stiennon said.
Most vendors on the cutting edge of cyber capabilities are small and don't have relationships with the federal government, he explained. For those firms, it isn't worth their time jumping through hoops for a government contract. "Complying with government certification programs can cost more than the revenues of most of these startup companies," Stiennon said.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.