Pentagon's Plan X: how it could change cyberwarfare

The Pentagon has always been secretive about its desire and ability to carry out offensive cyberwarfare. Now, Plan X makes it clear that offensive cyberattacks will be in the Pentagon playbook.

Jacquelyn Martin/AP/File
In a speech to business leaders in New York City on Thursday, Defense Secretary Leon Panetta became the first US official to publicly confirm that Iranian hackers, likely supported by the Tehran government, were responsible for recent cyberattacks against oil and gas companies in the Persian Gulf and that they appeared to be in retaliation for the latest round of U.S. sanctions against the country. He is shown here, in a file photo, speaking to a news conference on Sept 27 in Washington.

The same Pentagon futurologists who helped create the Internet are about to begin a new era of cyberwarfare.

For years, the Pentagon has been open and adamant about the nation's need to defend itself against cyberattack, but its ability and desire to attack enemies with cyberweapons has been cloaked in mystery.

Next week, however, the Pentagon's Defense Advance Research Products Agency (DARPA) will launch Plan X – an effort to improve the offensive cyberwarfare capabilities “needed to dominate the cyber battlespace,” according to an announcement for the workshop.

Though the program will be closed to the press, the relatively public message is a first for the Pentagon. For one, it shows that the Pentagon is now essentially treating its preparations for cyberwar the same way it treats its preparations for any potential conventional war. Just as it takes bids from aerospace companies to develop new jet fighters or helicopters, Plan X will look at bids from groups that can help it plan for cyberwarfare and expand technologies.

Moreover, it opens a window into the highly secretive world of offensive cyberwarfare. No longer is it unclear whether the US is in the business of planning Stuxnet-style cyberattacks. Plan X indicates that such capabilities – which experts say could range from taking out electrical grids to scrambling computer networks in top-secret facilities to causing the pacemaker implanted in an enemy official to go haywire – will be an explicit part of the military playbook.

“If we can have a robust public discussion of nuclear weapons why not a robust discussion of cyberstrategy?” says Jim Lewis, director of the Technology and Public Policy program at the Center for Strategic and International Studies in Washington. “Up until now, cyber has been kind of ad hoc. What they’re doing now is saying that this is going to be a normal part of US military operations.”

The US is already engaged in offensive cyberwar. Media reports claim that the US helped develop and deploy the Stuxnet digital worm, which inflicted serious harm on Iran’s uranium enrichment program.

In his most wide-ranging speech to date on cyber warfare Thursday, Defense Secretary Leon Panetta hinted at the need for increased offensive capabilities, warning that America “won’t succeed in preventing a cyber attack through improved defenses alone.” 

“If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president,” Mr. Panetta said. “For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”

But the lack of discussion surrounding offensive cyber capabilities – and a clear US military plan for pursuing them – has been a significant roadblock for US military forces interested in honing those skills, says retired Col. Joe Adams, a former West Point professor who coached the military academy’s cyber team.

In the past there has been a “skittishness about teaching cadets offensive skills like how to hack” into systems, says Dr. Adams, now executive director of research and cybersecurity for Merit Network, Inc. “We’ve really ramped up the defensive part, but there hasn’t been any work done to identify people who have the intuitive ability to conduct operations on the offensive side.”

[Editor's noteThe original version of this story misspelled the name of Merit Network, Inc.]

Many of the threats the US faces – and may in turn inflict on other countries and non-state actors – will be nuanced.

The notion of a “cyber Pearl Harbor,” as Panetta has characterized it, is a misnomer, Adams adds.

“Everybody’s looking for a cyber Pearl Harbor – we don’t need a Pearl Harbor to really mess things up. That’s the very nature of this advanced, persistent threat: We’re not kicking people’s doors in anymore.”

Instead, cyber incursions will be more subtle. Just imagine what could happen in a hospital, Adams says. “I don’t even have to turn off the refrigerators. I just have to change the thermostat so they’re too warm, or too cold, or make some blood supplies go bad, or spoil a little medicine, or just reroute where they send ambulance alerts.”

In particular, offensive cyberskills “are more art than science,” says Adams. “These kids need to be screened right, and they need to be utilized. A career path in the military is built on building their skills, but also retaining them. We’ve done really poorly with that.”

Part of the problem is that American military training has long emphasized traditional skills, which are often are at odds with developing cyber warriors. You could have an outstanding cyberthinker in a class, but tradition dictates that “he’s going to be a tank platoon leader, or a rifle platoon – he’s going to have to prove himself as an Army officer before they’re going to make use of his talent,” says Adams.

In the meantime, his cyberskills atrophy. “The cadets I was teaching, there just wasn’t another outlet for them in the military yet.”

Plan X is designed to help the Pentagon “understand the cyber battlespace” and to develop skills in “visualizing and interacting with large-scale cyber battlespaces,” according to the DARPA proposal.

These, too, are unique skills that must be cultivated within the military, says Adams. “Another art piece is mapping a network [that could be a potential target]. How do you do it – and how do you do it subtly – without knocking things over and turning things off? And if it’s hostile, how do we do it without getting caught?”

Plan X hints at some of these needs – and makes it clear that the Pentagon is grappling with how to establish a framework for fighting cyberwar, too.

“Plan X is an attempt by the national security bureaucracy to come to grips with the multitude of issues around use of cyberweapon in an offensive form – the legal, diplomatic, ethical issues,” says Matthew Aid, a historian and author of "Intel Wars: The Secret History of the Fight Against Terror."

“We can’t have a public discussion about Stuxnet, about these brand new weapons – or their ethical implications – until the White House pulls back just a little the veil of secrecy that surrounds the entire program,” Mr. Aid adds.

For example, Stuxnet revealed how unwieldy such weapons can be when it inadvertently “jumped” into friendly computer systems that were never meant to be targeted.

Indeed, “One of the biggest problems in cyberwarfare is the potential for collateral damage,” says Mr. Lewis of the Center for Strategic and International Studies.

“You just can’t attack stuff and not worry that innocent civilians will be harmed – you have to take steps to mitigate the risk.”

Aid says now is the time to have these conversations. “We can only see one tenth of one percent lurking beneath the surface – what’s beneath the surface scares ... me," he says. "This is combat – this is war by a different name.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Pentagon's Plan X: how it could change cyberwarfare
Read this article in
QR Code to Subscription page
Start your subscription today