Jim Wolf

WASHINGTON (Reuters) - Even as it fights in Afghanistan with bombs and guns and allies on horseback, the U.S. military is gearing up to use computers and code as potentially decisive weapons in the next phases of its campaign.

The goal would be to disable air defense systems, scramble enemy logistics and perhaps infect software through tactics being honed by a joint task force set up in 1999 under the Colorado Springs, Colorado-based U.S. Space Command.

The U.S. military has been working on tools that could wreak electronic havoc on countries accused of harboring terrorists as well as on ways of defending global networks against cyberattack.

``Transformation cannot wait,'' Defense Secretary Donald Rumsfeld said last week, using military jargon for souping up U.S. forces to meet 21st-century threats and to cash in on high-tech covert capabilities.

``We must act now to prepare for the next war, even as we wage the current war against terrorism,'' he wrote in a Nov. 1 Washington Post guest column.

After the Sept. 11 blitz that turned civilian airliners into missiles, killing some 4,800 people, the United States must plan for new and different foes who will rely on ''surprise, deception and asymmetric weapons,'' or those meant to overcome the lopsided U.S. edge in conventional arms, Rumsfeld said.

``To deal with those future surprises, we must move rapidly now to improve our ability to protect U.S. information systems and ensure persistent surveillance, tracking and rapid engagement of an adversary's forces and capabilities,'' he said.

CYBERARMS JOIN U.S. ARSENAL

The Defense Department has been readying to make cyber blitzes on enemy computer networks a standard tool of war, Air Force Gen. Richard Myers, now chairman of the Joint Chiefs of Staff, said earlier this year as he left the Space Command.

Army Gen. Henry Shelton, Myers's predecessor as the top U.S. military officer, confirmed that the United States had jabbed electronically into Serbian computer networks throughout the 78-day NATO bombing campaign over Kosovo in 1999.

``We only used our capability to a very limited degree,'' Shelton said on Oct. 7, 1999.

At the same time, unspecified hostile countries have probed U.S. computer networks for ways to spark mayhem in wartime, Richard Clarke, the White House National Security Council staff coordinator for security, infrastructure protection and counter-terrorism, said in June.

``This is not theoretical. It's real,'' Clarke said at the time. He was tapped by President George Bush on Oct. 16 to head a new senior advisory board on critical infrastructure protection -- in other words, the country's vital communications, transportation, food and health care systems.

CIA and Pentagon war games already feature foes using bits and bytes, not bombs or ballistic missiles, to attack U.S. financial institutions, communications hubs and spy satellites.

SAT OUT Y2K

If Afghanistan were home to anything but one of the world's least computer-reliant societies, U.S. forces might have kicked off the campaign they began Oct. 7 with keyboard-launched strikes to disrupt the Taliban militia's command and control.

But a cyberblitz would have had scant impact on Afghanistan, one of only a handful of nations that never even bothered to touch base with a United Nations network that prepped governments for feared Year 2000 computer disruptions.

``They're just not connected,'' said information security strategist Bruce McConnell, who tried unsuccessfully to include the Taliban in the International Y2K Cooperation Center he headed under U.N. aegis.

Since the start of the U.S.-led campaign against Afghan protectors of terror suspect Osama bin Laden, ``We've seen absolutely no indication of terrorists attacking via cyberspace,'' Space Command spokesman Army Maj. Barry Venable said.

But guerrilla forces are bound to turn to cyber weapons to wage their battles in an increasingly networked future, just as political activists have used denial-of-service attacks and Web page defacements to amplify their messages.

``As we harden our bridges, airports and other infrastructure, terrorists are going to seek the path of least resistance,'' said Steven Roberts, a computer security expert at Georgetown University. ``That means they're likely to embrace information warfare tools such as viruses, Trojan Horses and password crackers.''

LEGAL ISSUES

From the standpoint of international law, there are two big questions to tackle before unleashing any kind of military response, whether it is clubs and spears or bits and bytes.

The first is whether a strike -- including one in cyberspace -- amounts to a ``use of force'' or an ``armed attack'' under international law, said Thomas Wingfield of Falls Church, Virginia-based Aegis Research Corp., a national security consultancy that has worked on the issue for U.S. government clients.

If so, four distinct tests would have to be met before the use of cyber weapons or other arms would be considered lawful self-defense.

The first is discrimination -- targeting combatants and not civilians. The second is necessity -- using no more force than required to accomplish a mission nor using inhumane means such as chemical or biological weapons.

The third is proportionality, or balancing the military advantage against harm to civilians, said Wingfield, a naval intelligence officer turned national security lawyer.

Finally comes the age-old principle of chivalry. It permits ''ruses of war'' to trick a foe but not ``perfidy'' -- defined as treacherous deceit about the legal status of the combatants. ''Tactical deception: OK. Legal deception: war crime,'' he said. ''And all of these things extend into cyberspace.''

Because these are the newest weapons in the U.S. arsenal, many of the questions surrounding their use are being confronted for the first time.

``They will have to be resolved on a case-by-case basis, much as new legal doctrines were developed for aircraft at the beginning of the last century,'' Wingfield said.