The US Air Force is talking openly about forming botnets to launch preemptive attacks in cyberspace.
In the May 2008 issue of Armed Forces Journal, Col. Charles W. Williamson III wrote that "America needs a network that can project power by building an af.mil robot network [botnet] that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic. America needs the ability to carpet bomb in cyberspace to create the deterrent we lack."
He argues, "The time for fortresses on the Internet also has passed, even though America has not recognised it. Now, the only consequence for an adversary who intrudes into or attacks our networks is to get kicked out — if we can find him and if he has not installed a hidden back door. That is not enough."
Want to know more?
For all the latest news, analysis and opinion on security, click here
"While America must harden itself in cyberspace, we cannot afford to let adversaries maneuver in that domain uncontested. The af.mil botnet brings the capability to help defeat an enemy attack or hit him before he hits our shores," he concluded.
"Although it's hard to prove it, I believe the cyberspace is already in use by various governments for intelligence purposes," said Yuval Ben-Itzhak, CTO at security company Finjin. "The disclosure that the Air Force plans to have offensive cybertools should not surprise us since many systems rely on the Internet to operate/communicate." He added that someone will also need to make sure these systems can be protected when needed.
That's a sentiment echoed by Dancho Danchev, who offers some insight on ZDNet. Among his observations is that these systems can be spoofed or otherwise fooled. For example, attacks against the US may appear to originate in a country that the enemy wants to suffer DDoS.
A poll of readers worldwide carried out by security vendor F-secure showed that nearly 70 percent of the respondents feel the US should not build its own offensive botnet.
