U.S. Navy ships moving to watch Billy Mitchell’s Project B bombing demonstration. Image courtesy of U.S. National Archives.
Friday’s Last Word – Pull Pin, Throw Grenade, Run Away: A provocative thought to kick off the weekend…
By Major Matt Cavanaugh
I’m a little tired of the back-and-forth between cyber “experts” (an overused superlative when one considers how early it is into this domain’s usefulness in security affairs), particularly the deliberately provocative expressions about a potential “cyber Pearl Harbor.” In my mind, Richard Clarke’s 2012 book adequately represents the hype about the threat, while Thomas Rid’s 2013 book might be read as a response or a bucket of cold water to the keyboard. Why doesn’t the cyber community put up or shut up? Frankly, Stuxnet was not enough for proof of concept. Show us the money – especially with respect to cyber’s ability to create physical destruction in a useful or meaningful way. Or, as I’d put it: pass the “Mitchell Test.”
During the dawn of military aviation, Brigadier General Billy Mitchell of the U.S. Army Air Corps was instrumental in setting up testing to ascertain whether airplanes could make for cost effective coastal defense tools; could they sink a naval ship? So in February 1921, a series of joint Army-Navy exercises known as “Project B” were established using surplus or captured (German) ships as targets. Though the conditions were hotly debated, in the end the German ship Ostfriesland sank – providing Mitchell a very strong data point suggesting the utility of airpower.
What’s interesting is the impact that a single success can have in driving development. There’s actually a related case I just happened to be reading about on a long flight in Bill Bryson’s recent book, One Summer: America 1927 (British paperback edition). The book’s central storyline is that of Charles Lindbergh’s flight to Paris and subsequent air industry-supporing barnstorming tour across the United States. Bryson writes about the “galvanizing” (p. 407) impact of the cross-Atlantic endeavor – particularly that the $25,000 prize and flight had “spurred as much as $100 million in aviation investments in America.” (p. 569) Later in the summer, on August 1st, an aviator named Clarence Chamberlain even became the first person to take off from a ship at sea. (p. 409)
Again we find ourselves at the dawn of a new potential military domain, with proponents and critics shouting each other down. Will cyber go the way of airpower? Or will it go the way of non-lethal munitions? Instead of wasting so much energy with the debate, why don’t we just subject the cyber community to a Mitchell Test: set a bunch of surplus vehicles or airplanes somewhere, create some ground rules and safety measures, and tell our cyber “warriors” to destroy them by utilizing their digital and electronic means. DARPA (or the West Point Cyber Research Center) could run it if the services didn’t want to get directly involved. Maybe I’m missing something here, but someone has to have proposed this somewhere, right? While not definitive, this would be a very useful demonstration and would likely spur innovation and investment like what was seen in the air domain in the 1920s.
1921 cartoon from the Chicago Tribune. Image courtesy of Wikipedia.
To your point, the Department of Energy did run such a demonstration with the"Aurora Project" <http://www.youtube.com/watch?v=fJyWngDco3g> and <http://www.militaryphotos.net/forums/showthread.php?121081-AURORA-test-validated-fears-of-Dept-of-Homeland-Security>
Cyber is also getting testing regularly in major military exercises.
But there is also a gap between the people who are actually "in" cyber and those who write about it publicly. Using cyber to cause a bunch of hunvee’s in the desert to explode would be pretty difficult, like trying to use MISO to do the same thing: not impossible, but demanding the test is really a misunderstanding of what cyber brings to warfighting.
Would you require physical destruction of the vehicles/airplanes, or would you be satisfied with a digital attack that rendered them inoperable?
Leying: Great points – actually, the 2006 Aurora test at Idaho National Laboratories was just covered in an Economist article (link below). I’m with you on the jab about MISO; in fact, that’s sort of my point – we ought to be walking through practical applications to help us think about cyber – as opposed to theoretical prognostications (often meant to drive book sales!) about what cyber might be able to accomplish at some future date.
David: I think both have merit for military utility. Another factor would be the speed with which you could achieve each (i.e. either destroy the tank in 3 hours versus electrical/digital mobility kill in 3 minutes). These are the things that I think testing can achieve – helping us work through what this domain can do. I’d hope that it’s being tested secretly and at remote locations (i.e. Aurora at Idaho National Labs), but some of these tests ought to be brought into the public sphere for signaling purposes as well as to unlock some of the private sector’s creative genius.
Does Cyber need to prove itself through physical destruction? Think of the setbacks and other effects Stuxnet, in this example, had. As well, compare it to other branches such as Psyops. Military operations have more than just physical ends.
Matt: you may use this note as an IOU for a beer for this article!
Spot on and well stated!