There is a very interesting article in today's New York Times that reports that US defense officials considered launching a cyber attack "... to disrupt and even disable the Qaddafi government’s air-defense system, which threatened allied warplanes."
According to the Times, the objective would have been to sever the military communication links between Libyan early-warning radars and SAM sites.
However, the plan never was placed into action because there were worries over: (a) the precedent it would set, (b) the amount of time needed to launch such an attack, and, (c) whether Congress would have to be informed of such an attack under the War Powers Resolution.
As you may remember, the Obama Administration argued that it did not have to inform Congress about what it was doing in Libya under the War Powers Resolution because US forces were not engaged in "hostilities."
Its torture of logic on this subject would likely pale in comparison to any Administration argument trying to make the case that a cyber attack against Libyan military forces wasn't an engagement in hostilities. It also doesn't take much imagination to see how other countries would quickly use the same reasoning as they launched their own "non-hostile" cyber attacks.
What was also interesting in the Times article is that the idea was again considered - and rejected - for the operation against Osama bin Laden. The Times article states that, "... military planners suggested a far narrower computer-network attack to prevent Pakistani radars from spotting helicopters carrying Navy Seal commandos" who were flying to the compound where bin Laden was hiding.
I am curious about how the two cyber war planning episodes - the first in the February/March time frame and the other in March/April timeframe - influenced the US Department of Defense cyber war guidelines that were officially signed in June (or vice versa). The guidelines indicate that a cyber attack against the US could be considered as an act of war and trigger a convention military response. Or as one military official put it:
"If you shut down our power grid, maybe we will put a missile down one of your smokestacks."
I think it would be pretty hard for the US to argue that shutting down a radar system in a foreign country via a cyber attack wouldn't likewise be seen by that country - or its allies - as an act of war.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.