U. S. IS USING A NEW WEAPON IN WAR
Pentagon’s disclosure of cyberoffensives against Islamic State militants represents a shift in strategy.
WASHINGTON — U. S. commanders mounted a cyberoffensive against Islamic State in Syria for the f irst time in recent weeks by deploying military hackers against the extremist group’s computer and cellphone networks, according to the Pentagon.
The digital assault, launched from Ft. Meade in Maryland, marked the f irst major integration of U. S. Cyber Command into a large battlefield operation since the command was established in 2009.
More important, Secretary of Defense Ashton Carter’s disclosure of a government- sanctioned cyberattack represents a shift in America’s war- f ighting strategy and power projection. No other nation has publicly acknowledged launching cyberwar.
But in December, after deadly terrorist attacks in Paris and San Bernardino, frustrated officials in the White House pushed the Pentagon and intelligence agencies to crack down harder on Islamic State’s use of the digital realm to recruit and radicalize followers, handle logistics and communicate with commanders and fighting units.
Carter said Monday at the Pentagon that the goal was to “overload their networks” and “interrupt their ability to command and control forces” with jamming and other cybertools.
“This is something that’s new in this war,” Carter said before he left on a four- day swing through the West Coast to meet Silicon Valley executives, address a cybersecurity conference in San Francisco and visit Amazon and Microsoft in Seattle.
Carter did not reveal details of the new cybercampaign, and its effect and extent are difficult to assess.
Gen. Joseph F. Dunford
Jr., chairman of the Joint Chiefs of Staff, who appeared with Carter, said secrecy was necessary to ensure Islamic State commanders don’t know if they’re under attack, or just suffering technical problems.
“We don’t want the enemy to know when, where and how we’re conducting cyberoperations,” he said. “We don’t want them to have information that allows them to adapt over time.”
Just as the Pentagon seeks to avert civilian casualties in airstrikes, it needs to calibrate cyberattacks to avoid unintended consequences.
Blocking all communications in territory held by the militants, for example, could hamper U. S. collection of in- telligence on their locations, operations and plans. It also could affect civilian networks or those used by humanitarian groups in Syria’s civil war.
But U. S. officials said targeted denial of service and other cyberattacks, plus more than 85 coalition airstrikes, helped U. S.- backed Syrian rebels retake the strategic town of Shaddada and nearby oil f ields in midFebruary, a major prize in the war.
The officials, who were not authorized to speak publicly about ongoing operations, said teams working from Ft. Meade identif ied and jammed Islamic State online communication networks during the fourday battle.
The victory severed a critical route that the mili- tants used to funnel fighters and supplies from the Iraqi border to Raqqah, their selfdeclared capital in northeastern Syria.
Pentagon officials described the growing role of Cyber Command as part of a “strategic shift” from cyberdefense to cyberoffense as the military adopts digital sabotage as a new tool for combat and counter- terrorism.
Cyberoffense doctrine remains secret, but Carter has spoken about the need to mobilize Cyber Command to counter Islamic State’s sophisticated use of social media and other Internet platforms.
The effort was set in motion in December, shortly after Islamic State sponsored an attack in Paris that killed 130 people, and a couple loyal to the group killed 14 in San Bernardino. In a White House meeting, officials directed senior Pentagon officials to prepare options for more aggressive cyberoperations.
Carter ordered Adm. Michael S. Rogers, head of both Cyber Command and the National Security Agency, to develop the strategy.
“The capacity and capability is starting to come online,” Rogers said in a Jan. 21 speech at the Atlantic Council think tank in Washington. The military will rely on cyberattacks “in a broader and broader way.”
Hacker teams working with U. S. Central Com- mand, which oversees U. S. military operations in the Middle East, were ordered to focus on “disrupting [ Islamic State’s] ability to command and control, to communicate, and to run the socalled state,” a Defense Department official said.
The Obama administration’s budget request to Congress for the next f iscal year includes $ 6.8 billion for Cyber Command and other Pentagon cybersecurity operations. That’s a 15% increase over this year even as the Pentagon has faced budget cuts.
Martin Libicki, a cyber and national security analyst at the nonpartisan Rand Corp. think tank in Arlington, Va., said Cyber Command has far greater resources than Islamic State and should be able to overwhelm the group, which is also known as ISIS.
“They probably couldn’t do this so easily with a sophisticated enemy, but ISIS is not a sophisticated enemy,” he said. “Let’s face it, ISIS is not going to reengineer its computer systems after they realize they’ve been breached.”
Experts say Russia, China, North Korea and other countries have hacked U. S. government networks in recent years, mostly to steal information. But none has publicly acknowledged it.
Cybersabotage also has begun to emerge in conf lict zones.
In January, Ukraine’s military blamed hackers in Russia for malware that caused power outages. Moscow, which is supporting insurgents in eastern Ukraine, denied involvement.
One reason for the caution is fear of potential blowback. U. S. communication and digital networks, from f inance to public safety, are potentially at risk of counterattacks.
“There is no end to what the enemy could do to us,” Lani Kass, a former senior Pentagon official now with defense contractor CACI International, warned at a recent symposium.
It’s clear those concerns no longer are enough to stop America’s use of cyberweapons.
“There’s a monumental shift in global security happening right now, from simply protecting systems and equipment to having the capability to attack and control them,” said Alan Paller, research director at SANS Institute, a cybertraining center in Bethesda, Md. “No military campaign in the future will be fought without a cybercomponent.”