Cyber-wellness Means Cyber-awareRead more Addressing maternal mental healthcare in AfricaRead more Qatar v. Ecuador to kick off FIFA World Cup 2022™ on 20 NovemberRead more Webb Fontaine Announces Launch of Niger National Single Window (NNSW) to Bolster TradeRead more Ethiopia: Loan from United Nations Fund Allows Food and Agriculture Organization (FAO) to Scale Up Fertilizers for Farmers in TigrayRead more How Choosing the Right Printer Helps Small Businesses and Content Creators to Save Time, Maximise Productivity and Achieve GrowthRead more The United States Contributes USD $223 Million to Help World Food Programme (WFP) Save Lives and Stave Off Severe Hunger in South SudanRead more Eritrea: World Breastfeeding WeekRead more Eritrean community festival in Scandinavian countriesRead more IOM: Uptick in Migrants Heading Home as World Rebounds from COVID-19Read more

Operating in the shadows: US Cyber Command

show caption
An aerial view of the US Cyber Command joint operations center on the NSA campus is seen on May 25, 2020, in Fort Meade, Maryland./AFP
Print Friendly and PDF

May 25, 2021 - 11:55 AM

WASHINGTON — If the Pentagon’s Cyber Command launches an online attack and nobody knows about it, does it deter anyone?

Many Americans are asking what the country’s army of cyber warriors are doing after repeated attacks on US computer systems by Chinese, Russian and other hackers.

The answer may have been in the 780th Military Intelligence Brigade’s subtle retweet on May 14 of a security firm’s scoop that ransomware extortionist Darkside had been digitally shut down.

No one knows who took control of Darkside’s servers, a week after the shady Russia-based hackers forced the closure of a major US oil pipeline, causing gasoline shortages across the Eastern US.

But suspicions are that the 10-year-old CyberCom may have stepped in, to punish Darkside and to signal the small army of ransomware providers operating out of Eastern Europe that they too are vulnerable.

Even as it remains quiet, CyberCom’s role is hotly debated: is it to undertake strategic attacks during war, or to constantly joust online with adversaries’ military and intelligence hackers, or to go after non-military hackers like Darkside, normally the purview of law enforcement?

Malware strike on Iran  

The first sign that the US Defense Department was playing offense in the online world was in 2010 when it became known that a destructive, US and Israel-created computer worm Stuxnet had infected and damaged Iran’s nuclear enrichment facilities.

Cyberwarfare then was seen as a way of attacking or deterring enemies by wrecking their infrastructure with devastating malware strikes.

Since then, however,  the US government and private business have been hit time and time again, by Chinese stealing government databases and corporate secrets, Russia hacking US elections, North Koreans stealing bitcoins, and ransomware operators extorting hundreds of millions of dollars from companies, hospitals, and local authorities.

But without any news about their exploits, it didn’t seem like the Pentagon was either punishing or deterring attackers.

They are, General Paul Nakasone, CyberCom commander, told a recent Congressional hearing.

“When we see elements that are that are operating out of US, we try to impose the largest cost possible,” he said.

“Imposing costs” meant exposing the hackers, or counterattacking, he  said.

But he refused to give any examples of their work.

‘Persistent engagement’ 

Jon Lindsay, a University of Toronto assistant professor who researches online military conflict, said the cyberwar strategy had shifted since Stuxnet.

At that time, “cyber was looked at as a digital weapon of mass destruction,” something that could punish, or threaten to punish adversaries to deter their attacks.

“It was a very high level, presidentially controlled, covert action,” to be used strategically and sparingly, Lindsay said.

Since then, it has become something else: an ongoing low-level fight that doesn’t require top-level approval, called “persistent engagement,” that does not focus on deterrence.

“It’s very, very difficult, if not impossible, to deter adversarial activities in cyberspace. So what CyberCom needs to be able to do is be constantly engaged, constantly operating forward in the adversaries’ networks,” said Lindsay.

Intelligence contest 

That makes CyberCom more like ongoing intelligence operations, collecting information, blocking adversaries, and slightly escalating when the other side is seen to have gone too far.

Revealing what the Pentagon does could have deterrence value, according to Elizabeth Bodine-Baron, a senior information scientist at RAND Corp.

Some people, she said, believe that “if we never give concrete examples of, we went in, we did that, then no one’s ever going to believe us.”

But there is also a challenge of definitively attributing the source of an attack,  especially when a state actor is suspected of being behind it.

But, she added, if there is certainty about an attacker’s identity, going public with attribution “could potentially reveal something about our own capabilities.”

In addition, boasting about CyberCom’s exploits risks escalation — forcing adversaries to retaliate to satisfy their own public.

“So I think you see people kind of erring on the side of caution,” not announcing what they do, said Bodine-Baron.

Lindsay said the US and its main adversaries now treat cyber conflict as a way of avoiding escalation.

“There’s something about cyber that makes people unwilling to escalate,” he told AFP.

“What we’re looking at is not military warfare, it’s an intelligence contest.”

“Intelligence contests go on in peacetime. They shape the possibilities for war, but they try to make war less likely,” he said.

“Actually, there is there is no good example of cyber escalating something to a kinetic conflict,” he said.

  • bio
  • twitter
  • facebook
  • latest posts

ZONNTECH.COM uses both Facebook and Disqus comment systems to make it easier for you to contribute. We encourage all readers to share their views on our articles and blog posts. All comments should be relevant to the topic. By posting, you agree to our Privacy Policy. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, name-calling, foul language or other inappropriate behavior. Please keep your comments relevant and respectful. By leaving the ‘Post to Facebook’ box selected – when using Facebook comment system – your comment will be published to your Facebook profile in addition to the space below. If you encounter a comment that is abusive, click the “X” in the upper right corner of the Facebook comment box to report spam or abuse. You can also email us.