Page last updated at 13:18 GMT, Thursday, 30 April 2009 14:18 UK

US 'should go on cyber-offensive'

The Pentagon
Col Williamson said the proposed botnet should be made public

A US Air Force officer has told the BBC that his country should create an offensive botnet to target any forces that launch a cyber-attack against it.

Speaking on Radio 4's The Report, Col Charlie Williamson said the US was currently in "defensive mode" on cyber-warfare and that needed to change.

"[Armies] have always had some form of offensive capability. And that's really all I'm calling for," he said

Col Williamson stressed he was speaking in a personal capacity.

Botnets are networks of computers which have been subverted by malicious code so they fall under someone else's control, usually that of a cyber-criminal. However, there have been reports of politically motivated botnet attacks on Georgian computers during the South Ossetia conflict and on the Dalai Lama's network.

Typically owners of machines forming a botnet do not know their computer has been hijacked. Home users account for 95% of all attacks mounted by botnet, according to figures from security firm Symantec.

Col Williamson - who served with the US Air Force Intelligence, Surveillance and Reconnaissance Agency - says that the US military should be ready to take such an attack to the enemy.

"The idea is that if we have the capability to strike back, then a potential attacker has to take that into account before launching an attack.

"I recommend that we make our botnet - the botnet I propose - public. The whole world knows about it. That we exercise it on ranges that other countries can see electronically, that they know what we're doing and then they are going to be more likely to back off before doing an attack because they have to take this into account," he said.

US Airman fixing PC
There are reports the US is stepping up its offensive cyber-weaponry

He believes that the botnet would be legal under international law, whether it is used against an enemy country or a terrorist group. Botnet controllers would need a "no-strike list" of protected computers, such as those used in hospitals.

And he argues that if a computer owner has failed to use anti-virus software and install the latest security patches, that machine may be a legitimate military target.

"It may, in the right circumstance, be worthwhile and even fair for the US to hit a computer that is hitting us and stop it from harming us for an hour or days when that computer owner failed to take basic steps to protect us," Col Williamson told the programme.

Just this week, an American newspaper reported that the Pentagon was indeed developing offensive cyber-weaponry - although it remains heavily classified.

Barack Obama's adviser on online security, Melissa Hathaway, delivered a report on cyber-warfare to the president last week. And he's being asked to weigh up the merits of developing a robust capability to wage war in cyberspace.

When asked whether the US military might already have created an offensive botnet, Col Williamson replied: "That's entirely possible. It's just my hope that it becomes public because we can't have a deterrent that adversaries don't know about."

The Report is broadcast at 2000 BST on BBC Radio 4. You can listen again or download the podcast from the website.

Print Sponsor

Is the UK safe from cyber attack?
30 Apr 09 |  Technology
Botnet 'ensnares government PCs'
21 Apr 09 |  Technology
Al-Qaeda websites down for weeks
22 Oct 08 |  Special Reports
The battle against the botnet hordes
21 Feb 08 |  Technology
Zombie plague sweeps the internet
04 Sep 08 |  Technology
Boom times for hi-tech criminals
02 Jan 08 |  Technology
Criminals 'may overwhelm the web'
25 Jan 07 |  Business
Cyberwar the coming threat
01 Jul 01 |  Science/Nature


The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific