In a briefing Monday afternoon, Defense Department leaders announced
that the US was participating in a coalition operation with Iraqi and
Kurd forces to recapture the city of Mosul from the Islamic State (also
known as ISIS, ISIL, and Daesh). The leading edge of that effort, Defense Secretary Ashton Carter said, is an ongoing cyberwarfare operation against the communications infrastructure of the city.
This may be the first time that the US has openly announced that it
is using network-based electronic attacks as an integrated part of a
military operation. Electronic warfare efforts such as radio jamming
have long been part of military operations, and the US allegedly used
electronic sabotage against Iraq in the 1991 Gulf War. But while
cyberattacks in the past have been attributed to the US (such as the Stuxnet attack
on Iran's nuclear program), and the US has used electronically gathered
intelligence to target individuals in the past, the US has rarely
acknowledged offensive computer and network attacks. And the DOD has
never announced these sorts of attacks as part of an ongoing broader
military operation.
Carter said the attacks were intended to "interrupt and… disrupt
ISIL's command and control, to cause them to lose confidence in their
networks, to overload their networks so they can't function, and to do
all of these things that will interrupt their ability to command and
control forces there, control the population and the economy."
The US military certainly has a foot in the door with such attacks.
Much of Iraq's telecommunications infrastructure was put in place by the
US during reconstruction from the Iraq War, and the military and NSA
used that infrastructure for intelligence-gathering purposes while
fighting the insurgency. The DOD can also attack wireless networks from
the air, affecting radio, cellular phone, and wireless Internet
communications.
Secretary Carter would not give details of the attack. "We don't want
the enemy to know when, where, and how we're conducting cyber
operations," he said. "We don't want them to have information that will
allow them to adapt over time. We want them to be surprised when we
conduct cyber operations." The goal would be for IS forces to not know
whether their problems were caused by their own network's connectivity
issues or by US cyber attacks.