Cyber Defense

Cyber operations come out of the shadows

Cyber operations, which have long been conducted in the background, have been gaining more prominence. With high-profile intrusions into U.S. systems – the Office of Personnel Management and the email system for the Joint Chiefs of Staff, to name a couple – cyber conflict, capability and awareness has been brought to the attention of the public. Director of National Intelligence James Clapper even acknowledged the practicality of the OPM breach, saying that the United States would do the same thing. Despite these apparent setbacks, the United States is also publicly stepping up its cyber game.

Defense Secretary Ashton Carter has tasked Cyber Command to “take on the war against ISIL as essentially the first major combat operation of Cybercom,” he said in front of Congress last week, using another acronym for ISIS. “The objectives there are to interrupt ISIL command and control, interrupt its ability to move money around, interrupt its ability to tyrannize and control population, interrupt its ability to recruit externally – all of that it does in a cyber-enabled way,” he continued. “We’re talking about cyber operations in Syria and Iraq and my feeling about that was and is very direct, which is we’re bombing them and we’re going to take out their Internet and so forth as well…This is the first big test of Cybercom. I have very high expectations that they can be successful.”

“The overall effect we’re trying to achieve is virtual isolation and this compliments very much our physical actions on the ground. And the particular focus is external operations that might be conducted by ISIL,” Chairman of the Joint Chiefs of Staff Gen. Joseph Dunford told the Senate Armed Services Committee last week.

Cyber operations, many military experts and scholars have said, will likely be used as a tool in conjunction with larger, more conventional military efforts in future conflicts. Russia has used this to great effect, first in Georgia in 2008 and recently in Ukraine, where Russian sympathizers shut down part of the electrical grid. “The 2008 war between Russia and Georgia may represent the first time in history of ‘a coordinated cyberspace…attack synchronized with major combat actions in the other warfighting domains’,” Antonia Chayes, professor at Tufts University, wrote last year in the Harvard National Security Journal. “The cyber attacks on Georgia’s military and government networks, including [distributed denial of service attacks] and website defacements, began three weeks before the physical hostilities and continued throughout the war. Linked to Russia’s ‘patriotic hackers/cyber militias,’ the attacks were timed with the Russian military’s ground, air, and naval combat operations and closely coordinated with the ‘overall strategic objectives of the Russian government’.”

President Barack Obama has even acknowledged that cyber operations against ISIS are taking place, which is a rare occurrence.

“The operations against ISIS in the cyber domain are notable in that they are the first time that the U.S. is openly declaring that it is engaging in this space,” Peter Singer, strategist and senior fellow at the New America Foundation, told Defense Systems via email. “We've been active in the past, but in covert espionage operations, ala Stuxnet. So it’s a big step in the ‘normalization’ of cyber operations, not just to do it, but to openly admit to doing it.”

These tactics line up neatly with the so-called “light footprint” the Obama administration has tried to apply to counterterrorism. Such a policy aims to avoid large-scale deployments of conventional combat troops and/or overthrowing heads of state. “The first thing I'd say about the use of drones is that it is a far more targeted way of taking out terrorist leaders and terrorist networks than invading and occupying a country like Iraq. So there is far less civilian casualties, far less suffering than large-scale military operations like we saw in Iraq,” Deputy National Security Adviser Ben Rhodes said on the Al Jazeera program “Up Front” in September, regarding how the use of drones fits this light footprint model.

“Within just eight years from 2002 to 2010, the Department of Defense’s inventory of UAVs increased 40-fold. Since then, drones have become the weapon of choice in hostile, remote areas throughout the world,” wrote naval officer Andrew Poulin, highlighting how such as capability can go from emergent to pivotal. For example, drone strikes now outnumber strikes from manned aircraft in Afghanistan.

For Cyber Command, which was established in 2009 and will not reach its full operational capability for another 19 months, the assignment from Carter will be a chance to demonstrate its capabilities as part of a larger conflict. In a nod to how important cyber operations could become, members of the House Armed Service Committee passed a draft National Defense Authorization Act for 2017 last week that would elevate Cyber Command to a unified command, something Cyber Command commander Adm. Michael Rogers has told Congress he agrees with.

“In 2016, as I tell our team, you can tell we’re at the tipping point now. The capacity and capability is starting to come online,” Rogers said at the Atlantic Council in January. “We have now been in existence as an organization for a little over five years. The first part of that life was largely spent on starting to generate capacity and capability in the form of the cyber mission force…using that cyber mission force of 6,200 people to generate the spectrum of capabilities from the defensive to the offensive to ensure that our operational commanders and our policy makers and our nation have a wide range of options to apply.”

Despite the acknowledgement of Cyber Command’s first assignment, the U.S. intelligence community – through the nation’s premier signals intelligence agency, the National Security Agency, which Cyber Command is co-located with at Fort Meade and even shares a director – as well as the most elite special operations forces have deployed cyber capabilities in past conflicts, most recently in Iraq.

Iraqi sources “would enter [an] Internet café without arousing suspicion and upload software onto the computers. Sometimes the software was of the keystroke recognition type, at other times it would covertly activate a webcam if the computer had one, allowing the task force to positively identify a target,” Sean Naylor wrote in his book “Relentless Strike: The Secret History of Joint Special Operations Command,” recounting the efforts of U.S. special operators during the Iraq war to combat insurgents. Naylor also documented how special operations forces pioneered operationalizing what became to be known as cyber operations during conflict in Iraq. “In the first years after the September 11 attacks, the ‘program’ became a stand-alone unit. It started as a small yet effective troop, but by 2007 had grown into the Computer Network Operations Squadron—headquartered in Arlington, Virginia, with a troop at Fort Meade and another at the CIA’s Langley headquarters—and reporting straight to the JSOC commander. The military kept CNOS in JSOC ‘because we want it to operating in areas that are not necessarily…where we’re currently at war,’ said a military intelligence officer. ‘We want it to operate around the globe [pursuing] national objectives’.”