David A. Fulghum and Robert Wall

As cyberwar gains operational maturity, the discipline has emerged as a tool of finesse and not brute force, in part to counter political concerns about the fallout from unrestricted computer attacks.
"When you're discussing computer network warfare, you can get completely derailed and talk about worms and viruses and self-propagating programs and everyone thinks it's like unconstrained weapons of mass destruction," said Army Col. David Kirk, deputy commander of the Joint Information Operations Center.
Those uncontained scenarios are "a possibility, but it's too indiscriminate" for Defense Dept. planners, said Col. David Stinson, vice commander of the Air Force Information Warfare Center.

"There are lots of methodologies out there that are very precise, and you can anticipate the consequences of software on a machine with great fidelity," Kirk said. Defense officials have pointed out that sometimes they prefer not to damage enemy communications or computer systems if they can be mined for information.
"You want to have a bounded effect, and today we have that capability," Stinson stressed. "You can localize the distributed consequences of that attack."

As information warfare is refined, this pre-conflict period will also be used to convince senior commanders that cyber-weapon effects are predictable.
"The national command authority has to be assured that you have properly identified the enemy system or node that these technologies will be used against," Kirk said.
A request to the special technical operations authority for approval to use innovative devices, such as computer-based effects, demands a clear definition of the enemy target. "You have to convince them that your weapon system will attack only that," he said.

HOW THE DEFENSE DEPT. will build a target folder for information warfare is now being debated and tested by the organizations developing such weaponry and tactics. The process is stringent enough that at the end, its author will be able to say, "I can assure you with a high degree of confidence that the risk of collateral damage is X, risk of compromising technology is Y, risk to U.S. systems is Z."
There are instances where an all-out, obvious computer attack may be launched against an enemy's systems, one information warfare official noted. That would be to temporarily shut down an opponent's network during a time of high crisis as a warning of what other consequences the adversary might face unless the country modifies its behavior.

There are some potential legal barriers to cyberwar. In an era of unconstrained computer networking, "we no longer have those geographic boundaries that made it clear what is foreign and what is friendly," Kirk said. "When you get to a collection or attack capability, the line becomes blurred."
If it's a military network, U.S. operators have clear authority to monitor or attack it. But if it has connections to national or international networks that could pass along ripple or cascading effects, authority is less clear.

"You can't actually hang an operationally relevant definition on computer network warfare yet," Kirk said.

Help may be on the way, however. The Air Force is working on the demonstration of an information operations planning tool.

THE RESEARCH, which wraps up at year's end, "will be blended into our information warfare planning capability," Stinson said. Infowar troops assigned to various commands will use the planning device to show the relationships between information weapons and targets "so that they can integrate the necessary options to best leverage an adversary," he said. "These guys will have the planning architecture that allows the air operations center to do the visualization and [use the infowar weapons]."

Another obstacle that is only emerging is the creation of international regimes or treaties restricting cyberwarfare