The U.S. military’s reported inability to effectively “drop cyber bombs” on the Islamic State is raising new questions about the military’s existing “cyberweapons arsenal,” a loosely defined collage of digital warfare capabilities shrouded in secrecy.
Computer network attacks have been conducted by operators within the National Security Agency and U.S. Cyber Command, the military’s top cyberwarfare unit, under the order of Joint Task Force Ares. While the two organizations are inherently aligned, the NSA and Cyber Command follow different missions and employ different capabilities.
Very little is publicly known about either the intelligence community or U.S. military’s ability to conduct offensive cyber-operations; the subject matter is generally considered classified if not highly sensitive.
A leaked CIA document published by WikiLeaks in March and identified by CyberScoop provides a rare window into how analysts conduct cyberwarfare operations; describing one instance in which an operator worked to remotely disrupt a video player likely being used by a terrorist through a computer network attack.
Reports in The New York Times and Washington Post have given a voice to critics of the military’s recent offensive cyber efforts intended to cripple the Islamic State’s communications and propaganda channels, including accounts tied to YouTube and other social media outlets.
“The Islamic State’s agenda and tactics make it a particularly tough foe for cyber warfare,” The New York Times reported Monday. “The jihadists use computers and social media not to develop or launch weapons systems but to recruit, raise money and coordinate future attacks … the fundamental problem of how to use cyber-techniques effectively against the Islamic State remains.”
Experts say that the nascent technology behind some of today’s digital weapons is partly to blame for a lack of results from the battlefield.
“The cyberweapon payloads needed to defeat nation states differ significantly from that needed to defeat terrorist entities,” a former intelligence official told CyberScoop on condition of anonymity to broadly discuss Cyber Command’s ongoing efforts. “Countering terrorist operations online is similar to countering Russian propaganda efforts … [But] performing these sorts of operations raises significant legal gray area and questions on exactly what should and should not be censored.”
Cyber Command’s leadership does not consider information operations to be a key responsibility.
Another factor currently inhibiting the military’s ability to wage cyberwar is that a considerable percentage of Cyber Command’s cyber-mission force is still in training — learning to hack into networks typically requires months of technical training per recruit — and the deployment of such capabilities can be legally and administratively challenging.
“ISIS isn’t exactly the most technical threat group on the planet. Some of their lack of infrastructure lends itself to resisting cyber attack from Cyber Command,” said another former intelligence official. “Cyber Command mostly needs to disrupt. [And] you can’t disrupt and collect intel at the same time. So for any Cyber Command effort they have an Intel loss/gain evaluation.”
Digital warfighting capabilities are notably different in nature than what is being used by today’s intelligence analysts — a complexity that represents two separate development tracks.
While talented U.S. cyber-spies rely on sophisticated hacking capabilities to covertly collect signals intelligence — a collection of tools designed to pierce specific versions of commonly used software — the types of digital arms used by soldiers must be engineered in a different fashion, explained Raytheon government cyber solutions Director Bill Leigher.
A former Deputy Commander in the U.S. Navy’s Fleet Cyber Command, Leigher told CyberScoop that the military’s future cyberweapons systems must meet a certain criteria if they are to be useful to combatant commanders: easy to deploy, with the impact containable, measurable and clearly attributable.
“It has to be developed with the client [and user] in mind,” Leigher, who was involved in crafting this year’s National Defense Authorization Act, told CyberScoop. “For lack of a better description, I think it’s going to look more like a black box with a button [in the future] … all that technical skill and ability of today’s operator will be packaged in a sort of box, which a soldier could use in the battlefield by just” hitting a simple command that creates a desired effect.
Regarding attribution and the need to signal intent and motive in a cyberweapon, Leigher agreed with and referenced public comments previously made by Shawn Turskey, head of the Department of Defense’s capability and tool development project within Cyber Command.
FedScoop first reported last year a speech made by Turskey at the annual Department of Homeland Security business conference, where he mentioned the need for “loud cyberweapons” at Cyber Command rather than stealthy tools like those used by the intelligence community.
“We will continue to work with the intelligence community for offensive means and offensive operations,” Turskey said last year. “But as the United States Cyber Command, we need totally separate tools and infrastructure to conduct our operations.”
A former U.S. Cyber Command official, who also spoke on condition of anonymity, said that the concept of embedding attribution into U.S. digital weapons had been discussed during his time in service, but was never fully realized.
Private defense contractors expect that U.S. Cyber Command will be involved in a series of weapons development and service contracts worth upwards of $1.5 to $2 billion over the next five years as the organization continues to mature and is eventually elevated to a combatant command. And though the high end of that price range is a sliver of the Department of Defense’s annual budget, it still represents a noticeable spike in spending and potential technological advancement, said Leigher.
“It’s speculative to say that we know what our mission set will be by the end of Fiscal Year 2018, but if recent incidents are any indication, we can anticipate that the [cyber-mission force] will be a high-demand capability in the defense of our nation,” a Cyber Command spokesperson told CyberScoop in October.