Previous IFPA-Fletcher Conferences
National
Stategies and Capabilities
for a Changing World
November
15-16, 2000
Crystal Gateway Marriott
1700 Jefferson Davis Highway,
Arlington, VA
Panel 2: Emerging Threats - Implications for Defense Strategy
Panel Members:
Dr. Robert L. Pfaltzgraff, Jr., President, Institute for Foreign Policy Analysis and Shelby Cullom Davis Professor of International Security Studies, the Fletcher School of Law and Diplomacy, Tufts University
Lieutenant General Edward G. Anderson III, USA, Deputy Commander in Chief, U.S. Space Command
Dr. Michael E. O'Hanlon, Senior Fellow, Foreign Policy Studies, The Brookings Institution
Mr. Michael A. Vatis, Chief of the National Infrastructure Protection Center of the FBI National Security Division
Dr. Pfaltzgraff: Ladies and gentlemen, could I ask everybody please to be seated. We are running just a few minutes behind time, and we plan to try to finish this panel within the original time allotted, which means that we have until 3:30. So I hope that we can proceed very quickly here.
This panel, of course, builds upon the very interesting and important discussion that we had this morning, and of course the outstanding presentations that we've had in the other sessions thus far including the luncheon presentation. We talk now about emerging threats and the implications of emerging threats for defense strategy. Whether or not the next decade will resemble the past decade, of course, remains to be seen. But as we think about threats near term and longer term, perhaps the only surprise about the future will be the absence of surprise in the future.
As we look out on the emerging scene, the emerging global landscape, there are numerous threats that are described, and I think quite well in the short essay that is contained in our program under panel two. They encompass possible terrorists acts as well as cyber war together with the proliferation of weapons of mass destruction and their delivery systems including missiles that could be launched against the United States and its allies and our overseas forces.
They encompass threats that straddle or cut across our traditional security structure. Between defense and law enforcement. Between the domestic and international settings, which is one of the themes of this meeting, the interconnectedness between the domestic setting and the international setting in the early 21st century. They include threats from the high end of the spectrum to low intensity challenges.
So we have here a panel which is eminently qualified to address questions and issues that are set forth in the agenda for this panel. Let me briefly introduce the members of the panel. First of all, Michael O'Hanlon, who is Senior Fellow, Foreign Policy Studies, Brookings Institutions. And has written widely, as we all know in this room, on issues of importance in the national security setting. He will be followed by Lieutenant General Edward G. Anderson, III, who very recently became Deputy Commander in Chief, United States Space Command. And in place of Mr. Terry Turchie, who has been called away on a special project, we are honored and privileged to have with us his colleague, Mr. Michael A. Vatis. He is Chief of the National Infrastructure Protection Center of the FBI National Security Division. There is a brief bio that has been distributed about Mr. Vatis that is available to you, as indeed there are more extensive biographies available in the program for each of the other two speakers in the panel session this afternoon.
I hope that each will take maybe ten to twelve minutes for his presentation, and that we will therefore have ample time for discussion from the audience. So let's first of all turn to Michael O'Hanlon. And I believe the panel has elected to deliver its presentations from the table here, which is just fine. That makes the conference a little less formal and therefore perhaps more spontaneous. Thank you.
Mr. O'Hanlon: Thank you, Bob. It's a great pleasure to be here and the threat I would like to talk about today, the emerging threat is China. It's an emerging threat that's been around for quite a while. Reminds me of what Sam Nunn said about Bill Clinton. Clinton was the only politician he knew who was a rising star in three successive decades and China's been an emerging threat for a long time in our military history.
But we're all reminded whether it's by today's Washington Post or just general thinking about the nature of the Taiwan Strait problem in particular that this could be, if we're going to have anything close to a pure rival in the foreseeable future, China's probably most likely to play that role. And so I don't want to pretend to cover all possible threats that China could pose to the United States or all possible forms of conflict, and certainly missile defense and cyber warfare may be subjects that are appropriate here that my fellow panelists will mention.
I want to focus a little more narrowly on sort of the old fashioned conventional military assessment of a possible amphibious assault, where an invasion effort by China against Taiwan After having argued that I don't think that threat is particularly worrisome, I then want to focus on one that I think is a little bit more of concern, a possible Chinese blockade, a naval blockade of Taiwan. And just briefly tick off why I think U.S. military help may be necessary for Taiwan in that scenario.
But just to give you a sense of where I'm headed, I'm trying to give some good news here from a force planning and budgeting perspective in that I believe we have ample force structure and capability to handle this already, even within sort of a one major theater war force package. This type of analysis has not been done sufficiently in recent years, we focused so much time on Iraq and North Korea that we haven't thought about things like China and Taiwan as much as we perhaps should. My analysis suggests a reassuring message at the end that we are in pretty good shape, maybe by default, that our major theater war planning has given us a force structure that probably is easily adequate for a Taiwan Strait problem, and that might be the only budgetary good news that you get out of this panel, I suspect, because other threats perhaps are not being countered sufficiently at this point and may require more effort in the future.
So forgive the very quick tour of this military contingency and I hope you'll feel free to challenge me or follow up with questions in the discussion. But I just want to lay out a few arguments on this particular emerging threat which is I think on our minds and should be on our minds in the foreseeable future. I very much hope, by the way, that war in this Strait will not occur, and I don't consider the chances to be inordinately high. But I do think that the possibility of conflict in the Taiwan Strait is perhaps comparably likely to the major theater war scenarios that we commonly assess. So I think we need to spend some time on this analytically.
By the way, a much longer version of this argument is on our web page at Brookings, at Brookings.edu and in the current edition of International Security, but I won't go over all that detail today.
Very quickly, just a couple of reasons why I don't think China has a realistic chance to seize Taiwan before turning to the more worrisome scenario of a blockade. The simplest thing, and what many people would quickly mention in a cocktail party or in a casual conversation, and probably many people in this room would agree, China just does not have enough lift of any kind, amphibious or airborne or just rapid sea lift, for that matter, roll on, roll off sea lift, to possibly be able to get a lot of troops ashore in Taiwan in a short space of time.
But if I could have the first slide, I don't want to begin with lift. I'd like to begin with giving three main ideas, or three main criteria that I think have commonly been necessary for a country trying to conduct a successful amphibious assault. And I actually want to argue that China has none of the three, vis-à-vis Taiwan. Historically countries that accomplish successful amphibious assaults tend to have at least two of the three and generally speaking, all three.
And the three are air superiority, the ability to get local troop concentrations ashore quickly with local superiority where one elects to try to come ashore, and then finally the ability to reinforce that beachhead quickly to the point where one's beachhead becomes at least as strong as the enemy's effort to counter-concentrate against. So three big ingredients. And I'm sure if others in this room took this problem on analytically, as perhaps some of you have, you might break out the problem differently. But I tried to look through some historical cases and say historically, when people succeed at amphibious assaults, they tend to have outright air superiority. They tend to be able to get their forces ashore, either unopposed or in a place where they marshal enough superiority to fight their way ashore. For example, Normandy, D-Day. Or finally, they also manage as a rule to have enough rapid reinforcement capability by sea lift and air lift that they can then build up over the ensuing days faster than the enemy who's on shore can build up based on reserve capability that may be nearby.
I could easily get into a lot of detail. I'm not going to do much except to say I think China fails on all three of these counts. I mentioned the idea of lift. China could plausibly deploy perhaps 10,000 people in a single wave of its amphibious ships, perhaps another 5,000 people in an initial air assault or airborne invasion. And after that point, it could probably sustain build up rates of a few thousand soldiers per day over the ensuing days and weeks.
Taiwan has a military of a quarter million active duty strength, and 1.5 million or so reservists. And when you go through the numbers, Taiwan has the advantage and disadvantage of being on a small island. The good news for Taiwan, that means it's not that hard to move forces. And also China's air force is not very good at night operations or precision strike. So if China tries to impede those movements, it's not going to do very well, especially at nighttime. So I think Taiwan has the ability to counter-concentrate and probably move at least five times as many forces to an initial place where China tries to establish a beachhead as China can move. Five times as great of a rate.
So the long and short of my assessment here is that China lacks not only the three major ingredients to successful amphibious assault, if one looks at history. But it lacks many of these by an order of magnitude. Or at least by a factor of three to five in terms of its numerical capabilities. I think China is a long ways away from being able to invade Taiwan, even if the United States sits the war out. I'm not saying we would or should sit the war out, but in terms of the raw military balances, I don't think China has a realistic chance, so I'm not too concerned.
The blockade scenario is more troublesome, and I'm going to leave missile issues off the table for my opening remarks, and we can perhaps get to them later. But the blockade scenario is the one I worry about most. And let me just quickly mention why. I think that in a surprise attack, to the extent that China would be capable of pulling such an attack off, and I'm not really convinced it could, but if it managed to do a decent job of striking Taiwanese airfields and ports and ships, I think there is some chance that China could at least hold its own vis-à-vis Taiwan in the air and on the seas thereafter. In terms of military assets after having initiated a conflict with a first strike of that sort. Which means that China would have a pretty good ability to institute what I would call a leaky blockade of Taiwan. It wouldn't be able to shut down all traffic, and it could very easily lose its own assets and its own ships and aircraft as it tried to enforce this sort of a blockade, but it could at least have a decent chance of achieving a stalemate of some kind that would lead to a prolonged war of maritime attrition. Which would, of course, be terrible news for Taiwan's economy if nothing else. China may not manage to achieve an outright military victory, but I think it could come close enough to achieving a naval stalemate with this sort of an operation that Taiwan might find its economy really brought down over a period of months.
So I think if China did try this sort of surprise attack followed by a leaky blockade effort, a leaky enforcement of a blockade, the United States might feel very strongly that it had to intervene to help Taiwan.
On the other hand, by the way, we might not. We might say if we felt Taiwan had provoked this war by an outright declaration of independence, for example, we might say to Taiwan, you know, "At some point, we'll come to your aid. But in the meantime, I think it's partly your fault and time to ratchet down the rhetoric, and we'll certainly find some way to punish China economically for this aggressive act because this is unacceptable as a way of international behavior. But you know our policy. It's that neither side should provoke conflict." So I'm not sure we would immediately come to Taiwan's aid. But over the ensuing weeks, we would have the opportunity to do so if we so chose.
And if I could— Actually, I'll skip the second graph because this simply summarizes the point I was making about amphibious assault and respective build up rates in Taiwan. So I'm trying not to spend too much time on the invasion scenario, get back to the U.S. force planning question.
If I could look here, you can see some relatively comparable numbers on the sea between Taiwan and China for major warships. And you also see that Taiwan has the qualitative edge in airplanes, even if China has an enormous numerical advantage. This is just one of the— One of the indices. It's a bean count. It's a static indicator. But even after having done a quantitative and dynamic assessment, I come to the same conclusion, that it's hard to predict who would prevail in this sort of a conflict. It could play out over a period of many weeks and months. That would give the United States the opportunity to them marshal a maritime force, largely out of American bases, because I think we would need more forces than we have in the Pacific today. And cross the Pacific with something on the order of three to four carrier battle groups, roughly 15 attack submarines, and on the order of half a dozen to a dozen mine sweepers, half a dozen to a dozen P3 aircraft, and perhaps also some additional vessels that we used to talk about a lot in the Cold War, and anti-submarine warfare analyses, T-AGOS, SURTASS, the towed sonar arrays that we have still in our naval inventory that can be towed by barges.
And the concept of operations that I would imagine, and I'll wrap up here quickly because I'm throwing a lot at you just to get a discussion on the table, or get this subject on the table and I don't want to get too much into detail. But the basic concept of operations that I would envision would be the United States assuring itself of the ability to establish air superiority with those naval aircraft carrier battle groups. It's not clear Japan would allow us to use Okinawa for air force operations. I hope they would. We might even consider putting airplanes on Taiwan itself. But I'm assuming that we might need to rely primarily on aircraft carriers to establish air superiority. Once we had the air superiority, China could not plausibly operate surface ships in this operation. We could sink them very straightforwardly, and therefore China's only remaining recourse would be to use its submarines. They have perhaps eight or nine relatively good submarines, as I indicate on the table.
And I think the gist of my analysis is about figuring out how to get at those eight or nine submarines and ultimately to sink them and to prevent China from sinking many commercial vessels moving in and out of Taiwan in the process. So the concept of operations that I envision is setting up this aircraft carrier force to the east of Taiwan where it's out of immediate range of shore-launched weapons from China and not as easily accessible to a lucky shot from an old diesel submarine that China might manage to sneak across the Taiwan Strait. Keep it out of the way, keep these carrier groups out of the way. And then use attack submarines to go forward and try to bottle up China's ports and try to pursue Chinese attack submarines where possible. And then use an additional 20 or so U.S. surface combatants as convoy escorts to help ships sail in and out of Taiwan's major harbors.
So the basic concept of operations is carriers to the east of Taiwan to establish air supremacy. Attack submarines forward deployed, and then convoy escorts in and out of the region. And I'll just summarize and conclude by saying that working through my numbers, it looks to me as if that's roughly the quantitative requirement we would need for this scenario. It's roughly the amount of naval power that we would imagine using today in a major theater conflict. We might be able to substitute some air force capability for a carrier or two if necessary. Or if we decided we wanted to launch strikes against China's own territory, to go after its ports, to go after its ships in harbor. We would have the opportunity of doing that. Although we want to be very careful about the escalation dynamics there, obviously.
But basically one major theater war package of naval capability and limited air power I think would be enough to prevail. I apologize for ruining your lunch by talking about great power war immediately after dessert, but since we are talking about emerging threats, I thought it was at least useful to lay a little bit of this on the table. Thank you very much.
Dr. Pfaltzgraff: Thank you very much, Michael. We now turn to another type of threat, and in this case we're going to hear from General Anderson, who I assume will be talking to us more about the threat that may come from space.
General Anderson: Thanks very much, Bob, and thanks very much for the opportunity to sit on this panel. And if I can, let me add my congratulations to you and the folks at IFPA as well as the Fletcher School for organizing and hosting this superb conference, as they always are.
As you know, the panel is empowered to look at emerging threats, and so that will be the thrust of my presentation if I could have the first slide please? Next slide please?
Let me try to set the stage for you here just a little bit. At the risk of stating the obvious, I think it's clear that during the past ten years, the global security environment has significantly changed. And certainly we could characterize today's environment as both being complex and dynamic. And certainly we just got a view from Mr. Tom Friedman here as to how the current environment as well as the future environment may look as well.
But all of that not only creates challenges for us today, but it also creates challenges for us in terms of trying to predict what the future is going to be, and what those threats will be within the future. So as we look to the future, and when I refer to the future, I'm referring to 2020 and basically drawing upon the joint strategy review, joint vision 2020 and our own space command vision 2020. And we see certainly that there are some positives there. No apparent peer competitor during that timeframe. Very remote chances that there's going to be any kind of a global conflict. Certainly we are— We have over this period of time and will continue to strengthen our relationships with our very close allies and— As well as new allies. And we even find ourselves working in number of very controversial issues and cooperating with some folks who used to be some of our adversaries. So maybe that's some of the good news.
But I'd contend to you that there certainly is some bad news there as well. Certainly the potential for cross-border and internal conflict continues to exist and we could very easily, we being the U.S. military, could very easily be drawn into that. Associated with that, of course is the proliferation of dangerous military technologies, not the least of which are weapons of mass discussion and certainly transnational threats such as terrorism.
So what does all of this say? What I'd suggest to you is that potential adversaries, and I believe that in fact there are those out there that are potential adversaries, are not going to take us head on. But rather what they're going to try to do is they're going to try to employ asymmetries. Now, our superior conventional forces and our nuclear balance help considerably and drive them to that kind of an approach and to that kind of a strategy. They will try to avoid our potential strengths and seek our weaknesses and attack those.
So what we've done and what we show here on this chart is that we see three emerging asymmetric threat areas. Ballistic missiles, cyber warfare, and space control. Now, that's not to say that those are the only three. Certainly there are a lot of other things out there as well. Now, the National Command Authority and the Chairman of the Joint Chiefs of Staff through the Unified Command Plan has assigned responsibility to SPACECOM to counter these threats. And so what I'd like to do is take the next few moments just to talk to each of those three. Next slide please.
First of all, I think everybody— It's a well established fact that there is a worldwide proliferation of ballistic missile technology. And certainly that's not new, and it's exacerbated by the proliferation now of missile components as well as that missile technology. And one of the outcomes of that, of course, is the traditional extended development time for ballistic missiles has been shortened considerably. The bottom line is that the number as well as the capability of strategic ballistic missiles is certainly on the rise. Now I admit, and Senator Levin mentioned this morning, had a discussion about national missile defense. There has been no decision to deploy national missile defense. There is public law in the National Defense Act of '99 which says that we will deploy a national missile defense system as soon as the technology is ready.
But the United— the UCP, the Unified Command Plan for '99 has assigned SPACECOM with the responsibility for providing warning of ballistic missile attack for all 50 states and for developing the requirements for the strategic ballistic missile defense of the nation. Now of course, we already have the requirement to provide warning as well as attack assessment to our theater commanders. The key system elements are as you see them there. Certainly the first three, the inceptors, the ground base radars and the space base sensors are the technological challenge that lies ahead, and they've got to work if we're going to employ an effective national missile defense.
But the fact is none of that's going to work unless we have a good battle management, a command control system and it's integrated with our current early warning radar system. And so what we at SPACECOM are doing is we are trying to bring these together. We have developed a conops, a concept of operations for the employment of the total system and we have been working with BIMDO in terms of working the technological problems, along with the Army, who has the lead for national missile defense and work through space and missile defense command, Lieutenant General Jack Costello, as well as the Air Force in developing the cybers.
But we this next month will conduct another, and it's about the fifth or sixth that we've done now, command and control simulation of an attack on the nation using strategic ballistic missiles. So we are in fact working and challenging this problem. And what we are doing is we're trying to make sure that we are prepared so that when or if a decision is made to deploy a national missile defense system, we will have all the pieces and the total system ready to go. Next slide please.
I'd now like to turn to cyber warfare. Now, for our military forces, it's not just a case of defending against kinetic attacks, but it's a case of defending against attacks of ones and zeros, as somebody once said. There are all kinds of examples. Mr. Friedman mentioned a few of them during his lunch speak. We've already seen attacks targeted against not only the government but our commercial interests, the Melissa Virus, the I Love You Virus. Every day you read about the Middle East and the cyber interfada that's going on. And of course the alleged action by some Russian hackers who got into Microsoft and stole some of their software.
And we already know many nations have openly stated that they are developing computer network attack techniques and capabilities should they be necessary to be used in the case of war. So it's these activities and these capabilities plus the very increasing dependence that we in the military are placing upon computers and cyber capabilities that lead us to a great cause for concern. Again, the UCP designated SPACECOM as the military lead for computer network defense and computer network attack. And we are, in fact, developing and operationalizing our capabilities. We have started the joint task force computer network defense, was already in existence at the time this decision was made. However, it has been assigned to SPACECOM effective 1 October '99. And effective 1 October of this year, we stood up the Deputy Director of Operations for Computer Network attack and the SECDEF has approved our computer network attack implementation plan. And we do have the joint information operations center in San Antonio. That is in business as well.
We are developing and operationalizing the information assurance vulnerability alert process. And we are developing and staffing an op plan 3900 which is an operations plan which is intended to describe how we would defend the defense information infrastructure and synchronized planning efforts across the CINCs as well as the services in other government agencies.
And now we are also putting in place our capability for crisis planning as well as deliberate planning capabilities so that we can provide these capabilities to all of our worldwide CINCs. All of this is going to require unprecedented cooperation with other government agencies, commercial enterprises as well as our allies. And certainly the NIPC is a major player. But we feel like it's very important that we start now in terms of protecting and exploiting computer networks. Next slide, please
The last one I'd like to talk to is space control. I think space— The space landscape has changed dramatically over the last 40 years, and I think it's safe to say that we can guarantee that it will continue to change. There has been considerable effort put into force enhancements, trying to develop the communications capabilities, the ISR navigation, weather. All of those kinds of capabilities. And the current capabilities, plus the improvements on those capabilities plus future capabilities such as space-based radar definitely provide our war fighters a significant war fighting edge.
But, over the next 20 years, we need to be seriously concerned about threats to those systems as well as the threat from our adversary's space systems. The blending of military and commercial space systems, ASAP, anti-satellite attack capabilities, asymmetric attacks on ground facilities, ground based lasers, all of these things are threats to space and require that we not only place effort on force enhancement, but that we also put effort and considerable resources into space control in order to insure that we sustain the space superiority that our war fighters currently enjoy. Again the UCP assigned SPACECOM the responsibility as the single POC for space and embedded within that is the responsibility for space control.
Our assessment is that effective space control is going to require a number of things. Surveillance of the space operating environment which includes not just space but ground and air so that we may achieve and maintain space situational awareness. Protection of our systems from both hostile acts as well as environmental hazards. Prevention of unauthorized access and exploitation of our systems. And negation of systems that are threatened or placed at risk, ours or our allies capabilities. We in SPACECOM are moving out. We have a strategic concept for space control. We have a requirements document that has been approved by the joint requirements Silver Side council, the JROC and we have a concept of operations.
But there is much to be done. And the fact is that if we fail to deny our adversaries their use of space, and if we fail to assure our access to space, then this will significantly degrade our war fighting capabilities. So let me wrap up. Next slide please.
In conclusion, uncertain futures certainly present many challenges to our nation, as well as to our war fighters, and we are a global power and certainly we expect that we will be staying that. But predicting the threat of the future is certainly a challenge as well as uncertainty. But we do strongly believe that our potential adversaries will apply asymmetric techniques and approaches to exploit our weaknesses and to degrade our superior capabilities and neutralize our strengths. And as I've said, three of these are ballistic missiles, cyber warfare, and space control. And we in space command are working aggressively to address these issues. But don't let me misrepresent this. We are not there yet. There is still a long ways to go, and there are still resources that are going to be required to apply against these three areas if we are going to be successful and if we are going to be prepared to meet the asymmetric threats that we see in the future. Thank you very much.
Dr. Pfaltzgraff: Thank you very much, Ed. As you see, we're establishing a kind of seamless web of threats across a very broad spectrum here, and that's just what this panel is designed to do. There's one important missing piece that we have here that we now need to fill in. And this is the domestic setting. The interconnectedness between the domestic setting and the international scene that we face. And here again, we turn to Michael Vatis for his remarks at this time. Michael?
Mr. Vatis: Thank you, Bob. I'd like to talk about two emerging threat areas this afternoon. The first is terrorism and the second, like General Anderson, is that of cyber attacks or information warfare. Both of these threat areas have a common thread, or several common threads that distinguish them from conventional military threats.
The first is that both areas can involve attacks within the continental United States. They can also involve both state actors and non-state actors. In addition, for each of these areas, the attribution of responsibility is normally not instantaneous. Meaning that determination of the U.S. government's response to a terrorist attack or cyber attack is difficult and is not immediately apparent.
In addition, the response to these sorts of threats, particularly those that originate in, or have their effects in the continental United States is determined by legal regimes, at least in part, that the Defense Department is not normally used to having to deal with. Things such as Title III of the Omnibus Safe Streets Act of 1968. The Electronic Communications Privacy Act. The Foreign Intelligence Surveillance Act. Some of these you've probably not even heard of, and yet these are the types of laws that determine what the U.S. government's response will be in many instances of terrorism or cyber attack.
And finally, dealing with these threat areas requires the development of close relationships between the military services and law enforcement agencies with clear rules of engagement for standard operating procedures. And these are issues that are emerging in the sense that— Not in the sense that they're on the horizon, but in the sense that they're here now. We have to deal with them right now and we're facing them, but they're only going to grow more serious. So it's almost as if we've seen the tip of the iceberg, but there is a looming mass beneath the surface.
And let me give you a couple of examples of each of these threats to illustrate some of the points that I've outlined. The first is the attack on the U.S.S. Cole. In the normal time of conflict, if there were that sort of attack on a U.S. Navy warship, it would usually be fairly apparent who was responsible for it, because we would be in a time of conflict with known adversaries. But when it's an act of terrorism like the one we witnessed, we don't instantly know who is responsible. And so the response of the U.S. government to that sort of attack can't immediately be determined, because we don't know who would we be directing our response against.
And so when many people were scratching their heads when they read the newspapers and learned at least the most public response to the attack was to deploy hundreds of FBI agents over to Yemen to begin investigating, I think if you think about that problem of attribution that I mentioned, it becomes clearer why that is a necessary response.
It is not just so that we can put— We can find the responsible people and put them behind bars. It is first and foremost to determine who was responsible so that the U.S. government as a whole can then decide what is our response. Does it involve military action against a state or non-state actor? Does it involve diplomatic activity, or does it involve law enforcement activity or some combination of those and other activities as well?
And attribution is critical because the reliability of attribution affects U.S. policy, and it affects the perceived legitimacy of whatever response we take. Recall the criticism that the U.S. government received for cruise missile attacks back in 1998 on a factory in Sudan, and on Osama bin Laden camps in Afghanistan. Many people simply disbelieved that we had the requisite evidence to attribute those attacks to bin Laden and to draw connections to that factory in Sudan.
Or go back even further to 1993, when missile strikes were launched against Iraq in retaliation for a plot to assassinate former President Bush. The same issues were raised in the court of public opinion around the world. And so we need to make sure that when we take that sort of aggressive response that we clearly have the evidence that attributes the terrorist attack what we're responding to, to a particular party. That we have the goods on them so that we can back up whatever response we take.
And the FBI, because of its investigative mission, is clearly an important player in gathering the information that is necessary to get to that point where we can attribute responsibility. The FBI is expert at doing forensic examinations of crime scenes, at doing witness interviews, at following leads. And clearly our intelligence agencies are also vital partners in this endeavor, using all forms of intelligence, human, cyber, what have you. But the on the ground investigation that the FBI is so renowned for is also a critical part of dealing with that effort.
The second example that I'd like to just put on the table very briefly is that of dealing with weapons of mass destruction. A nuclear, biological and chemical weapons that could be deployed again by either a state actor or non-state actor including within the United States. Because of the possibility that someone could sneak one of those weapons inside our borders and deploy it with the possibility of massive casualties.
Again, here we have the concern about attribution. If we have the deployment of such a weapon, how do we begin to find out who was responsible so that in addition to managing the crisis, we can determine what our response would be. But in dealing with that crisis, which is why I put this second example on the table, it is clearly a much different ballgame than merely trying to manage the seam of an attack on one warship or one federal building or an office building in lower Manhattan. Clearly when you have a radiological weapon deployed, you're dealing with a much more significant, widespread and potentially harmful situation that clearly exceeds the ability of the first responders in state and local government, or even of federal agencies, federal civilian agencies like the FBI, to deal with alone.
And so obviously there is a significant and vital role for the Defense Department to play in that area. But since it's in the United States and oftentimes that crisis has to be managed before we even know whether we're dealing with a terrorist event, an act of war, or something else, DOD needs to work closely and in concert with law enforcement authorities. And Congress and the executive branch have both taken steps in recent years to try to make clear the operating procedures and the rules of engagement for dealing with those sorts of events.
But I would suggest that we still have a ways to go because there are so many issues raised; legal issues, technical issues. Issues about who is going to deal with the state and local first responders, etc., and that is a vitally important issue. But again, one where our success is going to depend on how well our military services and our civilian leadership in the department of defense on the one hand and our federal, state and local law enforcement agencies on the other hand can work together.
And the final area is the one that I deal with directly in my role as Director of the NIPC, and that is the cyber threat. This is clearly a big concern for DOD, which is why space command has now been given the dual role of being responsible for both computer network defense and computer network attack. And as General Anderson pointed out, we know that many foreign countries have been development the doctrine and the capabilities and the programs to engage in information warfare with guess who? The United States as a prime target.
But it's not just the Defense Department systems that they would target or that they are targeting. It is also our civilian infrastructures that underlie the very functioning of our economy. Our banks, our telecommunication system, our electrical power system, civilian government operations that are necessary for maintaining public order. All of these things, because of their reliance on information technology are vulnerable to cyber attacks in a way they weren't ten years ago, or especially even longer than that.
And unlike dealing with ballistic missiles or other conventional military threats, we don't really have an indications and warning system that will alert us to when electrons are coming over the fiber optic pathways headed for one of these critical infrastructures. We have to rely on an amalgamation of many different indicators that might, and only might, give us a sense of whether there's an attack that's imminent or is indeed under way. And if you think back to the I Love You Virus, when it started spreading around the world, in a matter of a couple of hours back in May, we had indications from people as they were being victimized in Asia, in Europe, and then in this country.
But we see thousands of new viruses every day. We see thousands of virus hoaxes every day. And to discern a true damaging attack from something that really constitutes part of the noise that is out there every day is not an easy task. It's not one that we have a silver bullet to answer. It's a problem that really requires close cooperation among agencies that have not typically worked together very much in the past. And most importantly, between the government and the private sector because the private sector owns these infrastructures, most of them that we're talking about protecting. And it has a lot of those first line indicators of an attack without which we in the government can't do our jobs. So fostering that two-way communication is actually vital for us to do our job on the civilian side, and for the military services to do their job on the DOD side.
And again, in this area, because of several factors, attribution is even more difficult than when it comes to an act of physical terrorism. And that's because of several things. One is that the Internet is ubiquitous. It allows people to engage in these attacks from anywhere in the world. From someplace remote in Eastern China or even from someplace across the street from this hotel. And because the attacker can loop through many different countries, many different Internet providers, universities, companies, to mask his attack, it might come from across the street and be made to look like it was coming from China. Or vice versa. So that what looks like a mere hacker attack, something that's part of that noise that we deal with every day could in fact be something much more serious. And something that looks like it's merely a hacker attack could in fact be the beginning of an information warfare attack, or an instance of cyber espionage.
And we've had many examples of both of those situations where it's not immediately apparent which one we're dealing with. I'll give you just two examples of that. In 1986, the system administrator at University of California at Berkeley noticed that someone seemed to be getting free computer time on his network and started looking into it. He couldn't get law enforcement interested because it amounted to a 75 cent discrepancy in his accounting logs. So he started looking into it on his own and learned after a while that the people who were getting that free computer time on the Berkeley network were using Berkeley as a jump site to get into hundreds of DOD systems where he was taking information and then ex-filtrating it and then bringing it out somewhere, which the system administrator, Cliff Stoll didn't realize. He didn't know where it was going.
At that point, obviously, it became interesting enough for the federal government to get involved, and it did. And it traced these hacks ultimately back to what was then Hanover, West Germany. And what made this case really interesting, and illustrative of my point, is that it wasn't just a bunch of hackers working on their own to see if they could break into DOD systems, which we face by the thousands every year. It was, in fact, a group of very sophisticated hackers who were taking this information and selling it to the KGB. And that was 14 years ago. I think at that point alone, how dated that is, makes you a little bit concerned about what's going on today, or likely going on today.
But contrast that with an event that we came to call Solar Sunrise, which was nearly three years ago now, February of '98. During a time when DOD was deploying troops and material to the Gulf in anticipation of air strikes against Saddam because he wasn't letting the U.N. weapons inspectors in. Right at that same time, hundreds of DOD computers were being hit by hackers who were able to obtain what the techies call root access, meaning that the hacker had the same control over the system as the system administrator. He could take any information he wanted. He could erase information, alter it, or he could shut the systems down without the system administrator being able to do anything in response.
Now, none of these things were happening, but the hacker could do any one of those things. Now because of the timing of these attacks and because some of the attacks in the first instance were traced back to an Internet provider in the United Arab Emirates, a lot of people immediately jumped to the conclusion that this must be Saddam engaging in information warfare to try to disrupt the attack. And there were a lot of people who were urging immediate response. Immediate, aggressive response in retaliation.
And yet it turned out after several days when we followed the digital evidence through various countries and various Internet providers, that the attacks ultimately came back to two teenagers in Cloverdale, California. And so again you take those two examples, and you think about them, and it really— They're bookends to that problem of attribution. We have to engage in an investigation to determine who was behind something.
Now a lot of people in the Defense Department, I think as many of you are aware of, and this is a problem that's been discussed in many fora are uncomfortable with having to rely on law enforcement agencies when their own networks are under attack, and that is a completely understandable reaction. If a base were attacked with a missile or some other form of conventional weaponry, no one would have to call in the FBI to determine who was responsible and what the response should be. There are clear responses that are already in the base commander's plan of action to respond.
But when it comes to the cyber realm, because these attacks could just as easily be coming from a teenager in the United States as they could from a foreign hostile military organization, and because much of the evidence that we need to gather to even determine who's responsible for it, is located within the United States, we operate under a legal regime that constrains what we do and how we do it. And so that's why the partnership between the military and law enforcement in this area in particular is so vital. And my— What I try to urge people all the time is that rather than try to fight the need for partnership that we try to enhance the partnership. That we nourish it and that we make it work better through clear rules about information sharing, through joint detail leads so that we can have clear insight into the needs and requirements of each of our agencies and departments. And that we determine together how we can best approach this problem that really crosses borders. Not just physical boundaries between nations, but borders between agencies and areas of responsibility unlike any other problem we've ever had to deal with. Thank you very much.
Dr. Pfaltzgraff: Thank you very much. Now, we have just a few minutes for questions because we want to be back here by 3:30 for the next panel. So what I'd like to do is something somewhat different than we did this morning. I would like to ask those who would like to pose questions, first of all, we'll have all the questions and I hope our panel members have some paper or pen and pencil and write down the question. And I'm going to give each panel member a couple of minutes to sum up and to try to respond to one or more of these questions.
So let's start with the questions. Please wait for the microphone. State your name, affiliation, and please be very brief. Who would like to go first? Right over here, yes. Wait for the microphone. There it is.
Audience: Yes, I'm Juan Barba, and I'm with the AUSA's project on the role of American military power. And my question is for Michael O'Hanlon, but if anybody else wants to respond, I'd appreciate it as well. In your China Taiwanese conflicts and aerial equations that you had and your charts, you didn't seem to make any mention of possible Chinese use of weapons of mass destruction. My question would be, first of all, if China decided to use WMD in conjunction with an invasion, wouldn't that radically alter the balance of power in the equation in favor of the Chinese? And if so, what could or should be the proper U.S. response to that?
Dr. Pfaltzgraff: Okay, next question? Who was next on the list? Please. Microphone's on its way.
Audience: Hi, I'm Erin Winnegrad with "Inside the Army" newsletter. As I recall, when Solar Sunrise occurred, DOD was particularly mum on the subject. And you're mentioned that there needs to be a lot of public and private sector cooperation in order to counter information attacks. What is the FBI's recommendation for getting more openness between public and private sector? And what does the Army want to do about that?
Dr. Pfaltzgraff: Okay, we have that question. Who would like to be the next? We have time for a few more? Over here. Please.
Audience: Ann Campbell, OSDPNE. My question is primarily for Dr. O'Hanlon. From all that I've read so far, China looks to punish its enemies, and I wondered what you thought might lead up to something like a naval blockade?
Dr. Pfaltzgraff: Okay. Next question? We have time for one or two more if you would like. Over here, please?
Audience: I'm John Thompson. I'm the U.K. Defense Attaché. I'd be interested to know from the panel members what they saw as the end product of these threats? The threats have been described as individual events, but what do you think any potential adversary would be trying to get from the United States?
Dr. Pfaltzgraff: Okay. We have one more now. Is there someone else who would like— Yes, please. Right back here.
Audience: Yes, I'm Jim Hendricks, and I'm from the U.S. Army Space Missile Defense Command. I'd like to direct this to Mr. O'Hanlon. And during your presentation, you did not really address the potential ballistic missile defense threat against Taiwan. So my question is how serious is the proliferation of missiles, both conventional and WMD onto projection of U.S. military capability as you depicted it in your scenario?
Dr. Pfaltzgraff: And maybe to add to that question, what would happen if the Chinese made an even more credible threat than they did in the oblique sense in 1996 against the United States in the event of a crisis in the Taiwan Strait? In other words, a threat to use nuclear weapons against the United States itself? How would that play into the calculation? Maybe I'd just add that to what you asked, and let the panel deal with that as well.
So I think we have probably all the questions we can take unless someone has a burning desire for a quick question. And I see no such evidence of that. So what I'm going to do now is turn back to the panel and ask the panel to give us a few summation comments in the order in which they spoke. So we'll start with Michael O'Hanlon, and we hope that each person will take maybe three, four minutes. No more than that, so we can remain right on schedule. Michael, would you like to proceed?
Dr. O'Hanlon: Thanks, Bob. And for the questions, they're very good and very tough questions. Let me begin with what might cause this sort of Chinese use of force. I think the most plausible route to this type of conflict would be continual effort by Taiwan to find some new way of moving towards independence, probably without saying so, in so many words. But certainly using phrases like "Two Chinas, state-to-state relations," pleading for membership in more and more international bodies, trying to visit more foreign countries from the heads of state, visiting more foreign countries. And then perhaps some especially unfortunate or, from Beijing's point of view, provocative statement that that really was the icing on the cake. I don't know how to predict, but that's the sort of thing that I believe might lead to a conflict.
In that event, I think China, as you say, would be more interested in punishing Taiwan. My guess is they've come to the same military conclusions that I have about the unlikelihood that an invasion would work. And they also recognize that if they fail, it's going to be a huge disaster for them. They're going to lose a fairly sizable chunk of their military and be embarrassed around the world. It wouldn't be good for us or for Taiwan either, but it would be especially bad for China. So I think they'd be more apt to try the punishment route on strategic grounds as well as on military grounds. I think missile strikes and blockades are the most plausible.
So let me get now to the issue of how China might use missiles, which I agree I didn't spend much time on. My assessment of where China is today and for the foreseeable future with its missile force, it's a very inaccurate force. Certainly there are some anti-ship cruise missiles that China's developing that are pretty capable. And that's why I want to keep the U.S. aircraft carriers east of Taiwan and basically clear the seas of any Chinese ships. I might try to set up a limited rule of engagement where if Chinese ships that stayed in Chinese ports I might resist the idea of going after them initially. Because we have to care a lot about avoiding escalation in this sort of a war.
But the bottom line is that anything that moved out of China's ports on the waters, I think we could sink quite easily and quite quickly. And any ballistic missile threat from China for the foreseeable future, as I see it, and my panelists may disagree or may have some things to add. But as I see it, it's just not a credible threat to a U.S. Navy warship that's in motion. China's not good enough yet at satellite reconnaissance or at precision ballistic missile strike to make this a near term concern. However, it will be perhaps a medium term concern, and I certainly would encourage continued attention to it in that regard.
As for the issue of China's possible use of weapons of mass destruction, very messy problem. I think if China used chemical weapons, I don't think it would have the ability to deliver enough to make a definitive difference and soften up a beachhead prior to coming ashore that it could successfully invade that way. It's tough to deliver chemical weapons from long range gunfire from Navy ships. And I think China's capacity for doing this would be rather limited. So I'm not too concerned about the chemical threat. It would make life harder for Taiwan, certainly. But I think at the end, China trying to launch chemical weapons from battleships or from naval gunfire and then follow up with poorly equipped, poorly protected infantrymen would be a prescription for at least as many problems for China as for Taiwan.
However, the nuclear issue, of course, is extraordinarily messy, and if we get into this area, it's all bets are off as to where we go. Which is why I think that— It's part of why I structured my scenario the way I did. We have to send messages to China if we find ourselves in the extremely unfortunate position of getting in this war. We have to send messages to China that we don't want to escalate. We have to limit our attacks, in my opinion, to at most China's ports. We don't want to start bombing Shanghai and Beijing the way we bombed Belgrade. We have to find all sorts of fire breaks in this conflict because to the extent that either side used nuclear weapons against the other or against Taiwan, we're obviously in a mess of a situation.
I think if China began by using a nuclear weapon against Taiwan, and I'll finish here, I think that clearly the idea that China had any right to rule Taiwan goes out the window immediately. China has pledged it never would do this. I hope we can keep it to its word. But this is the messiest part of this scenario, and that's why we have to find ways to limit our wartime aims, to try to discourage escalation. It's the most fundamentally unpredictable and obviously the most dangerous part of the whole thing.
Dr. Pfaltzgraff: Okay. Thank you, Michael. We now turn to General Anderson. Ed?
General Anderson: I'd like to say a couple words on the China piece. And not so much from my current perspective. But I think the threat of use of nuclear weapons by China should they feel compelled that they have to do something, and that's a big if, is probably greater in the near term than in the far term. My rationale for that is this: that as they are able to curb the Taiwanese rhetoric and keep them at bay, what they do is they buy time to develop their missile capabilities. And by develop it, I'm talking about in numbers. So that they then have the numbers to be able to threaten them by other than nuclear means.
If you have sufficient conventional capability, then obviously nuclear is not perhaps necessary and a very viable scenario could be that they launch a massive conventional missile attack on Taiwan, massive— And I'm not talking about near term, but in the future, and then stop and sue for peace. Then what? And what is the situation? What are we going to do? Will we be able to react quickly? And so on and so forth. And there are a number of different scenarios, I realize. There are probably others that would make that one not quite as viable as well. So I think it's an if and when part of the equation as well.
Dr. Pfaltzgraff: Now we return finally to Michael for your concluding comments?
Mr. Vatis: The first question regarding what is our recommendation for more openness with the private sector on cyber attacks, that's a really critical part of our mission at the NIPC. We've established many programs to share information that we get from law enforcement sources, from intelligence sources, to share that with the private sector so that they can take steps to protect their own systems. So when we had instances like the Melissa Virus, the distributed denial of service attacks back in February on e-commerce sites, the I Love You Virus, and most recently the Mid East cyber conflict between supporters of the Palestinians on the one hand and supporters of the Israeli government on the other hand hacking each other's sites, we issued warnings, public warnings and also warnings directly to our counterparts at the JTFCND and space command, and also in the private sector and at other government agencies. So that people could know everything that we knew that was relevant to their protecting their own systems.
And that has helped build trust so that in turn people are more willing to come to us when they have an intrusion. Because they realize that we're capable of helping them respond to the problem and actually getting to the bottom of it. And that's why you saw companies like Bloomberg when it was hacked come to the FBI. Or Microsoft when it was hacked a month ago come to the FBI to seek assistance.
And the second question asked by, I think the British gentleman, about what are these adversaries who use these sorts of emerging threats, what do they seek to gain from the U.S. I think in the case of terrorists they are normally seeking to intimidate or coerce the U.S. government into doing something or into not doing something. With a lot of the radical Islamic fundamentalists, I think one of their main goals is to get the U.S. to leave the Middle East and particularly the Arabian peninsula.
With domestic, homegrown terrorists, I think it's usually harder to figure out what their end game is. It's often an attempt to retaliate for something. And I think when you look at the Oklahoma City bombing, it was at least in part a response to what were perceived as government injustices in Waco. That was at least one of the things cited by McVeigh and Nichols. And when it comes to cyber attack, the adversaries could be seeking any number of things. They could be using cyber techniques as a form of espionage to get sensitive information from U.S. government or from private sector entities.
In the case of organized crime, the same techniques could be used to steal money or to steal proprietary information. And in the case of information warfare, I think the main goal is to cause so much disruption or the threat of so much disruption in the U.S. that the U.S. government would not engage in conventional military response. Because of that threat of an asymmetric battle in cyber space or using one or the other emerging threats.
Dr. Pfaltzgraff: Thank you very much to each of the members of the panel for their outstanding contributions to our conference this afternoon. We have ranged across a variety of threats. I'm sure there are some that we have not had an opportunity to examine, but we have indeed talked about many of the types of threats that we need to be concerned about building upon the interests that we discussed in the panel this morning.
So I thank the panel for its precision, its concision and for letting us get back more or less on schedule.