The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
Thread Tools Display Modes
Old 04-27-2019, 10:29 AM
Boats's Avatar
Boats Boats is offline
Senior Member

Join Date: Jul 2002
Location: Chicago, IL
Posts: 11,410
Arrow Is Cyber Command really being more ‘aggressive’ in cyberspace?

Is Cyber Command really being more ‘aggressive’ in cyberspace?
By: Mark Pomerleau / Fifth Domain

Photo link:
Some inside and outside government are careful to couch new cyber authorities as offensive in nature, saying they allow greater flexibility in defense. (Patrick Semansky/AP)

Earlier this year, Congress and the White House granted the U.S. Cyber Command a range of new authorities, and, in the months since national security experts have said the Department of Defense will be more aggressive in cyberspace, leading attacks against bad actors who have stolen intellectual property or against those who are attempting to influence American elections.

But a new narrative with additional nuance now surrounds that discussion. Rather than thinking of the United States as being more aggressive, national security experts and government officials say that Cyber Command has more flexibility and that the authorities allow for offensive action in the name of defensive purposes.

“During peacetime, we’re not seeking to escalate, we’re not trying to be aggressive in behavior, we are trying to defend those that breach norms to be able" to enact consequences, Burke “Ed” Wilson, deputy assistant secretary of defense for cyber policy, said during an April 23 event hosted by the Atlantic Council.

Adversaries have been increasingly active in the so-called “gray zone” of conflict. Top military officials argue that those activities, while individually not rising to the level of armed conflict, have a cumulative strategic effect on the United States.

“In this space, there is going to be constant contact, there is going to be continuous engagement. The question we have to ask ourselves is ‘what are the acceptable things below that threshold of armed conflict,’” said Emily Goldman, who serves on the policy planning staff in the office of the secretary at the Department of State. Goldman, who is on loan to the State Department from the National Security Agency, spoke at the same conference.

Wilson said that to be successful in the cyber arena, concepts such as persistent engagement, persistent contact and persistent innovation are necessary.

In 2018, Congress clarified which activities qualify as an exemption to the covert action statue by listing “clandestine” cyber operations as a traditional military activity and excluding it from previous restrictions. This allowed the Defense Department to hunt outside of its networks to see attacks before they reach the United States.

This is important because cyber operations, often portrayed in Hollywood as a few keystrokes, are far from simple. They require gaining access to adversaries’ networks — not always an easy task in and of themselves — mapping those networks to understand where files are and then figuring out how to degrade or destroy portions of the network. Complicating matters, if an adversary changes portions of the network via a software patch, the access gained could be negated.

The new language better postures Cyber Command to make necessary preparations prior to some operations.

“There [are] certain things you must do in order to prepare for operations and you can’t wait until the operations begin,” Lt. Gen. Vincent Stewart, the recently departed deputy commander of Cyber Command, told Fifth Domain in November. The changes from Congress “freed us up to do some of the things, the operational preparation of the environment, that we were limited from doing outside of the counterterrorism mission and now can do much more broadly against all of our peers and competitors.”

Moreover, the new language in the 2019 annual defense policy bill “clearly articulated an expectation for the Department of Defense to use its capability to compete with adversaries that were operating outside of international norms,” Brig. Gen. Timothy Haugh, commander of the Cyber National Mission Force, said during the same conference. “That allowed us, as a department, to begin to organize and resource in partnership with the other combatant commands.”

Goldman noted that under these new authorities, defense leaders are more assertive in defensive actions.

“That doesn’t mean aggressive or offensive. That means actually defending outside of, for example, military networks,” she said.

She also clarified that U.S. actions can be couched under a grand deterrence strategy “because it’s not threatening to punish afterwards.”

“But over time, if you push back, hopefully you’ll get a deterrence effect,” she said. “At some point, [adversaries will] come to a sense that this is not worth the energy we’re putting in to try to do x, y or z.”

Similarly, some national security commentators have noted that the alleged Cyber Command strike against the notorious Russian troll farm the day of the 2018 midterm elections, was not an act of signaling or deterrence, but a preventative act.

“This was not about ‘deterrence’ or ‘signaling’ but a specific counter-offensive op to counter a specific adversary from conducting a specific activity during a specified window of high-vulnerability. It was part of campaign specifically approved by the president,” Jay Healey, a former Bush administration White House official and senior research scholar at Columbia University, wrote in February.

Rob Morgus, senior policy analyst at the New America Foundation, noted that certain cyber actions, such as the purported action in Russia, aren’t always conducted with a single purpose in mind.

“Signaling in order to compel or deter behavior is certainly one reason for a response, but — as was the case with the countermeasures taken against the Internet Research Agency — blunting the capacity or halting the operation of an adversary who is actively conducting an attack or an operation is certainly another purpose. An ideal response can serve these two purposes together, while also living up to our international legal and normative obligations,” he told Fifth Domain in an email.

Healey added this action against the Internet Research Agency was “the right kind of cyber operation and one that all democracies should applaud,” noting that potential interference in democratic processes from foreign nations are red lines that should be drawn, more so than hitting back over the North Korean attack on Sony Pictures or Iran’s attack on the Sands casino.

About this writer: Mark Pomerleau is a reporter for C4ISRNET and Fifth Domain.

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

sendpm.gif Reply With Quote
Sponsored Links

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 07:13 AM.

Powered by vBulletin, Jelsoft Enterprises Ltd.