The U.S. military combined cyber and kinetic operations to hunt down ISIS last year, general says

Cyber-warfare specialists serving with the 175th Cyberspace Operations Group of the Maryland Air National Guard engage in weekend training at Warfield Air National Guard Base, Middle River, Md., Jun. 3, 2017. The military and intelligence community are fighting over the future of government-backed hacking. (U.S. Air Force photo by J.M. Eddins Jr.)

Share

Written by

The military used cyber-operations alongside more conventional weaponry in an important battle against ISIS last year, a senior U.S. official revealed recently.

U.S. Cyber Command, the country’s leading cyberwarfare force, was involved in secretly launching a series of cyberattacks against the terrorist group in 2017 that knocked out its computer systems in Iraq, said Gen. Stephen Townsend, the former commander of the Army’s anti-ISIS coalition.

The tactic caused ISIS personnel to leave their heavy command posts, exposing them to attack with kinetic weapons such as missile strikes, Townsend said.

The general discussed the covert operation in detail for the first time last week. His comments were first reported by Military.com.

It’s unclear how often the U.S. military or its allies use such a combination of tactics against enemy forces, and it’s rare for top officials to even discuss such operations.

The general — who commanded Combined Joint Task Force-Operation Inherent Resolve in 2017 — told an audience of Hawaii conference-goers via teleconference that the coalition cyberattacks leveled against ISIS were part of “a multi-domain operation [that] unfolded in air, land, sea, cyberspace and space.”

As United States-led forces rebuffed ISIS advances, overtook its territorial holdings and prepared to mount a final offensive, they determined that the Euphrates River Valley was where the terrorist group would make a last stand. Coalition forces combed through a wide swath of land, from Al Qa’im, Iraq to Raqqa, Syria, for ISIS outposts. Though they located the primary command, they couldn’t find other subcommand posts in the area.

“We knew [they existed], but we didn’t know where they were,” Townsend said.

Instead of hitting the primary command post with a missile or special forces raid and risk not finding the other hidden outposts, the task force enlisted “capabilities from space and cyber to deny the enemy’s primary command post, forcing him to move and unveil his alternate command posts,” said Townsend.

As ISIS militants scattered to peripheral posts, they unmasked the locations. From there, the task force moved in and struck.

‘Evolutionary not revolutionary’

Since the operation dovetailed into a larger campaign that included intelligence gathering, special forces, overhead surveillance and boots on the ground, it can be best described as an instance of “cyber in warfare” rather than outright cyberwarfare, said Rick Forno, assistant director of the Center for Cybersecurity at University of Maryland, Baltimore County.

“Instead of blowing up [an outpost] with a bomb or missile, maybe we’re able to go in and disrupt the operations with a less lethal way of doing it. That’s not revolutionary, that’s evolutionary – using a new tool to achieve the same outcome,” Forno told CyberScoop.

But in many ways, the ongoing cyber campaign against ISIS represents a first.

U.S. leaders have publicly touted similar operations in the past, which is especially rare for these types of covert activities. “We are dropping cyber bombs,” Robert Work, then-deputy secretary of defense, told the New York Times in 2016. “We have never done that before.” And former President Barrack Obama referenced the attacks in one public speech in 2016.

“The role of cyber-capabilities in joint military operations is something that’s been talked about for a long time. The campaign against the Islamic State probably represents one of the more visible examples of those capabilities in action,” said Ben Buchanan, a postdoctoral fellow at Harvard’s Belfer Center.

For some time, the DOD has sought to combine cyber-operations with its more conventional military capabilities, planning and strategy. It has integrated cyber teams — both deployed and stateside — with regional commands over the last 12 months.

“Historically, cyberspace operations have been stovepiped and executed independently. As the domain has matured, we have started integrating cyber-operations into all of our planning efforts,” Gen. Joseph Votel, commander of U.S. Central Command, which covers parts of the Middle East and Central Asia, said in September 2017.

More broadly, the ISIS vignette also sheds light on the Pentagon’s push to ready its forces for so-called “multi-domain operations.”

Operation Inherent Resolve offered planners the chance to test and showcase some of the nation’s offensive cyber-capabilities while preparing for future battles.

Challenges remain, however, Townsend conceded: “The bottom line is it took us a couple of weeks to organize this pretty sophisticated but small, multi-domain operation that lasted less than a week, and it was against an enemy that could not really contest us in any of the domains.”

Since the Pentagon has stayed mum on operational details, it’s unclear just how successful this specific 2017 ISIS-focused cyber-operation truly was.

A Defense Department spokesperson did not respond to a request for comment.

“Decision-makers who were directly involved, such as Secretary of Defense Ash Carter, have expressed some doubt and frustration with how useful the cyber-operations actually were,” said Buchanan.

Experts say that if the U.S. were to find itself in a larger scale war with a well-resourced nation state then the dynamics of the conflict would be very different.

“Countries have organizations, deep pockets, resources and people that do this kind of stuff, much more so than a terrorist group,” said Forno.

Townsend acknowledged this reality as well by saying: “Let’s look to future war against a near-peer threat that can contest us in one or all of the domains. We are going to have to do better.”

With cyber-operations, “The trend line is clear: Nations seem to think that [they] will be a part of a hypothetical future conflict between sophisticated adversaries and are preparing as such. … In this environment, execution will be paramount,” Buchanan explained.

-In this Story-

cyber-espionage, cyberattack, Department of Defense, ISIS, offensive capabilities, offensive security
Continue to CyberScoop.com