Cyberwar Against Islamic State Is Struggling

The so-called "cyber bombs" that the US military is virtually dropping on Islamic State targets aren't working as well as first hoped.

The Pentagon is tracking ISIS growing threat to US and Iraqi forces by deploying small commercial drones armed with improvised explosives devices or spy cameras that can evade detection. The drones would be deployed within two years, if not sooner, according to a Pentagon spokesman.

UAS Vision reports that the Defense Department office charged with monitoring and countering improvised explosive devices has asked that Congress approve shifting $20 million to provide seed money for a counter-drone effort.

The funds would be invested in moves to “identify, acquire, integrate and conduct testing” of technologies that would “counter the effects of unmanned aerial systems and the threats they pose to US forces,” according to a budget document sent to Congress last week. It was part of a request for approval to shift $2.5 billion in defense funds from other purposes to reflect changing needs.

IS can use cheap commercail drones 

Commercially available drone technology has proliferated beyond hobbyists to adversaries. In its latest annual report on Iran’s military capabilities, the Defense Department said the Islamic Republic is fielding armed drones among other “increasingly lethal weapon systems.” At the Pentagon, the police force has posted “no drone” signs around the sprawling complex along with the usual “no photos” reminders.

In the fight against Islamic State, “small and tactical unmanned aerial systems” equipped with improvised explosive devices, or IEDs, “pose a direct threat to US and coalition forces,” according to the budget document, as quoted by UAS Vision.

The Joint Improvised-Threat Defeat Agency, the Pentagon office that has worked to combat improvised explosive devices since the 2003 Iraq war, has seen Islamic State fly “quadcopters and fixed-wing type drones you can buy commercially” as “both an IED delivery system and for reconnaissance,” according to its spokesman.

The commercial drones used by Islamic State have weighed about 50 pounds or less, he said, without providing any details on the number of attacks or resulting casualties.

In addition to using drones with full-motion video to look for attack opportunities and to monitor Iraqi Security Forces, the pilotless aircraft are being used to provide target information for vehicles carrying suicide bombs, added the spokesman.

Pentagon's 'cyber bombs' against the Islamic State aren't working

Secretary of Defense Ash Carter apparently coined the term "cyber bombs" in an interview with NPR earlier this year, describing the US military's cyber-offensive against the radical terrorist group.

But a new report by The Washington Post says the militant group's "sophisticated" use of technology is making it difficult for the Pentagon to disrupt the group's operations and spread of propaganda with specially-crafted malware designed to target the group's computers, mobile devices, and infrastructure.

The Pentagon earlier this year took the bizarre and almost unheard-of step to disclose it was ramping up its cyber-offensive against the Islamic State, better known as ISIS (or ISIL).

Carter didn't say exactly how the Pentagon would achieve its goals, but he hinted that it could take advantage of the US government's stockpile of exploits and cyber-weapons at its disposal.

With that, US officials were hoping to interrupt and disrupt the group's "command and control" apparatus. But that's proving difficult. The Washington Post said in a recent report that US operations so far have "not yet developed a full suite of malware and other tools tailored to attack an adversary dramatically different than the nation-states [US Cyber Command] was created to fight".

The situation is difficult because the group isn't a government or nation-state, which relies on fixed and traditional infrastructure, like North Korea and Iran. The group's decentralized and constantly moving units means any US government offensive has to target individuals with malware, or long-range jamming equipment, which may have an adverse effect on civilians.

That means Islamic State fighters can switch servers and other hardware to "stay ahead of the attacks," The Washington Post reports.

Lt. Gen. Edward Cardon, whose job it is to oversee a division of the National Security Agency tasked with creating digital weaponry, admits the war "is not going to be won in cyberspace".

This is said to be the first, significant push by a nation-state's military to use cyber-weapons and attack tactics traditionally used by clandestine intelligence services.

The Pentagon is developing cyber warfare tools to fight ISIS

US Cyber Command chief Adm. Michael S. Rogers has created a dedicated unit tasked with developing a suite of malware and digital weapons that can be used to wage digital war against ISIS. The Pentagon originally gave Cyber Command the daunting task of launching online attacks against the Islamic State earlier this year. 

Unfortunately, according to The Washington Post, Cybercom was ill-prepared for the role - besides lacking the tools to get the job done, it didn't have the right people to pull it off. WP says the new team is called "Joint Task Force Ares," and some of their possible missions include disrupting the terrorist group's payment system and knocking their current chat app of choice offline.

The Pentagon could also use the task force if it will reduce the risk of civilian casualties, for instance, cutting off communications to a hideout instead of bombing it. However, while it will be in charge of offensive operations, it won't be responsible for finding the military's airstrike targets. 

At this point in time, Joint Task Force Ares will only deploying cyber-attacks against ISIS in Iraq and Syria. A Pentagon official told the WP, though, that the unit will go global in the future.

Cyberwar against IS struggling

However, an unprecedented Pentagon cyber offensive against the Islamic State has gotten off to a slow start, officials said, frustrating Pentagon leaders and threatening to undermine efforts to counter the militant group's sophisticated use of technology for recruiting, operations and propaganda.

The US military's new cyberwar, which strikes across networks at the group's communications systems and other infrastructure, is the first major, publicly declared use by any nation's military of digital weapons that are more commonly associated with covert actions by intelligence services.

The debut effort is testing the ability of the military's 7-year-old US Cyber Command to conduct offensive operations against an enemy that has proved to be an adept user of technology to organize operations, recruit fighters and move money.

But defense officials said the command is still working to put the right staff in place and has not yet developed a full suite of malware and other tools tailored to attack an adversary dramatically different from the nation-states US Cyber Command was created to fight.

The very nature of the Islamic State, not a country or a government that would have vast institutions or infrastructure vulnerable to attack, makes it a challenging target for cyberattacks. It is unlike more traditional foes such as Iran, a country whose nuclear infrastructure was attacked in a joint US-Israeli operation by a sophisticated piece of malware designed to infiltrate and damage the computers running an enrichment facility.

"The more dependent you are on technology, the more you are a target for cyberattack. And ISIS is less dependent," said James Lewis, a cyber-policy expert at the Center for Strategic and International Studies, said, using an acronym for the Islamic State. "It doesn't mean you get no military advantage out of it. But scruffy insurgents aren't the best target for high-tech weapons."

I-HLS:    Ein News:    ZD Net:    Ein News

 

« In The UK Cybercrime Has Overtaken Traditional Crime
Civil Liberties Group Crashes Thailand Government Website »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

CyberHunter Solutions

CyberHunter Solutions

CyberHunter is a leading website security company that provides penetration testing, Network Vulnerability Assessments, cyber security consulting services to prevent cyber attacks.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

Judy Security

Judy Security

Judy (formerly AaDya Security) provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

Netia

Netia

Netia is a Polish telecommunications company providing a range of business services including network solutions, communications, data centre and cloud, and cybersecurity.

Cyber Advisors

Cyber Advisors

Cyber Advisors offers customizable cyber security solutions and IT services for businesses of all sizes across the nation from experts you can trust.

CodeShield

CodeShield

CodeShield is a SaaS that helps software developers and security teams secure IAM in the public cloud. With us, you detect IAM privilege escalations easily and achieve least privilege.