The US is waging an outright cyber war against Daesh, the self-proclaimed Islamic State, the Secretary of Defense and the Chairman of the Joint Chiefs
made clear this morning. While Carter did not say so, we believe this
is the first official confirmation by a senior military official that
the United States has waged war on an enemy using cyber weapons, as
opposed to the already widespread use of cyber for espionage.
“The methods we’re using are new, some of them will be surprising, and some of them are applicable to the other challenges that I described other than ISIL [Islamic State of Iraq & the Levant] around the world,” Secretary Ashton Carter told reporters this morning. Those “other challenges” which Carter listed at this morning’s press conference — as he does in almost every public statement — are Iran, North Korea, Russia, and China.
“Our use of cyber….particularly in Syria [is] to interrupt, disrupt, ISIL’s command and control, to cause them to lose confidence in their networks, to overload their networks so that they can’t function, and to do all of these things that will interrupt their ability to command and control forces there, to control the population and the economy,” Carter said. In brief, it’s an attack on Daesh‘s military, political and fiscal nervous system.
“Overload their networks” sounds a lot like a denial of service attack, when a hacker runs a simple program to ping the target with more requests for contact than it can handle. It could also refer to a simple virus that propagates itself in the target’s computers until they don’t have enough processing power for anything else. Both techniques seem pretty crude for the vaunted US Cyber Command, however. “Cause them to lose confidence in their networks” raises the intriguing possibility that more sophisticated approaches are being used, such as planting false information in the enemy’s system, not just making it malfunction.
Fort Meade-based Cyber Command (part of Strategic Command) is leading the cyber attack on ISIL for Central Command, but it supports all the theater commands. “All of the other combatant commanders are beneficiaries” of the experienced gained against ISIL, Carter said.
Is the cyber campaign against Daesh a “template” for future operations elsewhere, one reporter asked? It’s not so cookie-cutter, replied Gen. Joseph Dunford, Chairman of the Joint Chiefs of Staff: “What we’re building is an inventory of tools that the combatant commanders can employ,” he said, in different ways against different adversaries under different circumstances.
In terms of the art of war, these cyber attacks are just one more means of achieving an ancient goal, cutting the enemy’s “lines of communication.” The cyberspace offensive parallels the Iraqi government forces and other US allies cutting the physical lines of communication — roads, bridges, rivers, desert trails — on the ground. That is also underway, according to the chairman.
“Operations against Mosul have already started. We’re isolating Mosul as we speak; same with Raqqa,” Dunford said. Mosul is the largest Daesh-held city in Iraq; Raqqa is the group’s de facto capital in Syria.
Some of the cyber strikes may be too subtle for Daesh to realize they’re attacks, Dunford said: “They’re going to experience some friction that’s associated with us, and some friction that’s just the normal course of events in the information age, and we don’t want them to know the difference.”
If ISIL loses confidence in their online connections, however, won’t they just move to lower-tech means? Many terrorists swore off cellphones after Edward Snowden’s stolen secrets revealed the extent of National Security Agency eavesdropping, and the late and unlamented Osama bin Laden took to using old-fashioned couriers.
“As we disrupt ISIL communications via cyber or other methods,” such as electronic warfare, Carter acknowledged, “sometimes we do drive them to other means but it cuts both ways. Sometimes those other means are easier for us to listen to.”
While Carter naturally wouldn’t specify, this might mean forcing Daesh off of highly encrypted “dark web” channels back to cellphones. That’s good news because cellphones are basically small, short-range radios that require relay transmitters (cell towers), and all those transmissions can be tracked. Even without decoding the signal and listening in, an electronic warfare operator can use it to triangulate the target’s location. That’s grist for the intelligence mill or one more target to bomb.
It’s that integration with ongoing military operations — war — that makes this cyber campaign unique, said Jason Healey, senior research fellow at Columbia University and author of A Fierce Domain: Cyber Conflict, 1986 to 2012. What’s new is “the willingness to use this as an arm of military power, as opposed to intelligence.” as opposed to the technical tools or the scale of the attack, Healey told me.
“These are relatively unsophisticated targets, [so] technically it’s not that interesting,” Healey said, not compared to hacking masterpieces like Stuxnet. “Operationally, [however], it’s interesting because it gets into actual warfighting plans done by the military, and politically it’s maybe most interesting of all, because we’re saying we want to get credit for this”: Behind Carter’s candor this morning is the fact that the administration is under fire and under pressure to show results in Syria and Iraq.
Stuxnet was an act of espionage, governed by Title 50 in American law. This is war, governed by Title 10 — and war, as Clausewitz said, is the continuation of politics with other means.
Breakinfdefense
“The methods we’re using are new, some of them will be surprising, and some of them are applicable to the other challenges that I described other than ISIL [Islamic State of Iraq & the Levant] around the world,” Secretary Ashton Carter told reporters this morning. Those “other challenges” which Carter listed at this morning’s press conference — as he does in almost every public statement — are Iran, North Korea, Russia, and China.
“Our use of cyber….particularly in Syria [is] to interrupt, disrupt, ISIL’s command and control, to cause them to lose confidence in their networks, to overload their networks so that they can’t function, and to do all of these things that will interrupt their ability to command and control forces there, to control the population and the economy,” Carter said. In brief, it’s an attack on Daesh‘s military, political and fiscal nervous system.
“Overload their networks” sounds a lot like a denial of service attack, when a hacker runs a simple program to ping the target with more requests for contact than it can handle. It could also refer to a simple virus that propagates itself in the target’s computers until they don’t have enough processing power for anything else. Both techniques seem pretty crude for the vaunted US Cyber Command, however. “Cause them to lose confidence in their networks” raises the intriguing possibility that more sophisticated approaches are being used, such as planting false information in the enemy’s system, not just making it malfunction.
Fort Meade-based Cyber Command (part of Strategic Command) is leading the cyber attack on ISIL for Central Command, but it supports all the theater commands. “All of the other combatant commanders are beneficiaries” of the experienced gained against ISIL, Carter said.
Is the cyber campaign against Daesh a “template” for future operations elsewhere, one reporter asked? It’s not so cookie-cutter, replied Gen. Joseph Dunford, Chairman of the Joint Chiefs of Staff: “What we’re building is an inventory of tools that the combatant commanders can employ,” he said, in different ways against different adversaries under different circumstances.
In terms of the art of war, these cyber attacks are just one more means of achieving an ancient goal, cutting the enemy’s “lines of communication.” The cyberspace offensive parallels the Iraqi government forces and other US allies cutting the physical lines of communication — roads, bridges, rivers, desert trails — on the ground. That is also underway, according to the chairman.
“Operations against Mosul have already started. We’re isolating Mosul as we speak; same with Raqqa,” Dunford said. Mosul is the largest Daesh-held city in Iraq; Raqqa is the group’s de facto capital in Syria.
Some of the cyber strikes may be too subtle for Daesh to realize they’re attacks, Dunford said: “They’re going to experience some friction that’s associated with us, and some friction that’s just the normal course of events in the information age, and we don’t want them to know the difference.”
If ISIL loses confidence in their online connections, however, won’t they just move to lower-tech means? Many terrorists swore off cellphones after Edward Snowden’s stolen secrets revealed the extent of National Security Agency eavesdropping, and the late and unlamented Osama bin Laden took to using old-fashioned couriers.
“As we disrupt ISIL communications via cyber or other methods,” such as electronic warfare, Carter acknowledged, “sometimes we do drive them to other means but it cuts both ways. Sometimes those other means are easier for us to listen to.”
While Carter naturally wouldn’t specify, this might mean forcing Daesh off of highly encrypted “dark web” channels back to cellphones. That’s good news because cellphones are basically small, short-range radios that require relay transmitters (cell towers), and all those transmissions can be tracked. Even without decoding the signal and listening in, an electronic warfare operator can use it to triangulate the target’s location. That’s grist for the intelligence mill or one more target to bomb.
It’s that integration with ongoing military operations — war — that makes this cyber campaign unique, said Jason Healey, senior research fellow at Columbia University and author of A Fierce Domain: Cyber Conflict, 1986 to 2012. What’s new is “the willingness to use this as an arm of military power, as opposed to intelligence.” as opposed to the technical tools or the scale of the attack, Healey told me.
“These are relatively unsophisticated targets, [so] technically it’s not that interesting,” Healey said, not compared to hacking masterpieces like Stuxnet. “Operationally, [however], it’s interesting because it gets into actual warfighting plans done by the military, and politically it’s maybe most interesting of all, because we’re saying we want to get credit for this”: Behind Carter’s candor this morning is the fact that the administration is under fire and under pressure to show results in Syria and Iraq.
Stuxnet was an act of espionage, governed by Title 50 in American law. This is war, governed by Title 10 — and war, as Clausewitz said, is the continuation of politics with other means.
Breakinfdefense