Cyberwar Against Islamic State Is Struggling

The so-called "cyber bombs" that the US military is virtually dropping on Islamic State targets aren't working as well as first hoped.

The Pentagon is tracking ISIS growing threat to US and Iraqi forces by deploying small commercial drones armed with improvised explosives devices or spy cameras that can evade detection. The drones would be deployed within two years, if not sooner, according to a Pentagon spokesman.

UAS Vision reports that the Defense Department office charged with monitoring and countering improvised explosive devices has asked that Congress approve shifting $20 million to provide seed money for a counter-drone effort.

The funds would be invested in moves to “identify, acquire, integrate and conduct testing” of technologies that would “counter the effects of unmanned aerial systems and the threats they pose to US forces,” according to a budget document sent to Congress last week. It was part of a request for approval to shift $2.5 billion in defense funds from other purposes to reflect changing needs.

IS can use cheap commercail drones 

Commercially available drone technology has proliferated beyond hobbyists to adversaries. In its latest annual report on Iran’s military capabilities, the Defense Department said the Islamic Republic is fielding armed drones among other “increasingly lethal weapon systems.” At the Pentagon, the police force has posted “no drone” signs around the sprawling complex along with the usual “no photos” reminders.

In the fight against Islamic State, “small and tactical unmanned aerial systems” equipped with improvised explosive devices, or IEDs, “pose a direct threat to US and coalition forces,” according to the budget document, as quoted by UAS Vision.

The Joint Improvised-Threat Defeat Agency, the Pentagon office that has worked to combat improvised explosive devices since the 2003 Iraq war, has seen Islamic State fly “quadcopters and fixed-wing type drones you can buy commercially” as “both an IED delivery system and for reconnaissance,” according to its spokesman.

The commercial drones used by Islamic State have weighed about 50 pounds or less, he said, without providing any details on the number of attacks or resulting casualties.

In addition to using drones with full-motion video to look for attack opportunities and to monitor Iraqi Security Forces, the pilotless aircraft are being used to provide target information for vehicles carrying suicide bombs, added the spokesman.

Pentagon's 'cyber bombs' against the Islamic State aren't working

Secretary of Defense Ash Carter apparently coined the term "cyber bombs" in an interview with NPR earlier this year, describing the US military's cyber-offensive against the radical terrorist group.

But a new report by The Washington Post says the militant group's "sophisticated" use of technology is making it difficult for the Pentagon to disrupt the group's operations and spread of propaganda with specially-crafted malware designed to target the group's computers, mobile devices, and infrastructure.

The Pentagon earlier this year took the bizarre and almost unheard-of step to disclose it was ramping up its cyber-offensive against the Islamic State, better known as ISIS (or ISIL).

Carter didn't say exactly how the Pentagon would achieve its goals, but he hinted that it could take advantage of the US government's stockpile of exploits and cyber-weapons at its disposal.

With that, US officials were hoping to interrupt and disrupt the group's "command and control" apparatus. But that's proving difficult. The Washington Post said in a recent report that US operations so far have "not yet developed a full suite of malware and other tools tailored to attack an adversary dramatically different than the nation-states [US Cyber Command] was created to fight".

The situation is difficult because the group isn't a government or nation-state, which relies on fixed and traditional infrastructure, like North Korea and Iran. The group's decentralized and constantly moving units means any US government offensive has to target individuals with malware, or long-range jamming equipment, which may have an adverse effect on civilians.

That means Islamic State fighters can switch servers and other hardware to "stay ahead of the attacks," The Washington Post reports.

Lt. Gen. Edward Cardon, whose job it is to oversee a division of the National Security Agency tasked with creating digital weaponry, admits the war "is not going to be won in cyberspace".

This is said to be the first, significant push by a nation-state's military to use cyber-weapons and attack tactics traditionally used by clandestine intelligence services.

The Pentagon is developing cyber warfare tools to fight ISIS

US Cyber Command chief Adm. Michael S. Rogers has created a dedicated unit tasked with developing a suite of malware and digital weapons that can be used to wage digital war against ISIS. The Pentagon originally gave Cyber Command the daunting task of launching online attacks against the Islamic State earlier this year. 

Unfortunately, according to The Washington Post, Cybercom was ill-prepared for the role - besides lacking the tools to get the job done, it didn't have the right people to pull it off. WP says the new team is called "Joint Task Force Ares," and some of their possible missions include disrupting the terrorist group's payment system and knocking their current chat app of choice offline.

The Pentagon could also use the task force if it will reduce the risk of civilian casualties, for instance, cutting off communications to a hideout instead of bombing it. However, while it will be in charge of offensive operations, it won't be responsible for finding the military's airstrike targets. 

At this point in time, Joint Task Force Ares will only deploying cyber-attacks against ISIS in Iraq and Syria. A Pentagon official told the WP, though, that the unit will go global in the future.

Cyberwar against IS struggling

However, an unprecedented Pentagon cyber offensive against the Islamic State has gotten off to a slow start, officials said, frustrating Pentagon leaders and threatening to undermine efforts to counter the militant group's sophisticated use of technology for recruiting, operations and propaganda.

The US military's new cyberwar, which strikes across networks at the group's communications systems and other infrastructure, is the first major, publicly declared use by any nation's military of digital weapons that are more commonly associated with covert actions by intelligence services.

The debut effort is testing the ability of the military's 7-year-old US Cyber Command to conduct offensive operations against an enemy that has proved to be an adept user of technology to organize operations, recruit fighters and move money.

But defense officials said the command is still working to put the right staff in place and has not yet developed a full suite of malware and other tools tailored to attack an adversary dramatically different from the nation-states US Cyber Command was created to fight.

The very nature of the Islamic State, not a country or a government that would have vast institutions or infrastructure vulnerable to attack, makes it a challenging target for cyberattacks. It is unlike more traditional foes such as Iran, a country whose nuclear infrastructure was attacked in a joint US-Israeli operation by a sophisticated piece of malware designed to infiltrate and damage the computers running an enrichment facility.

"The more dependent you are on technology, the more you are a target for cyberattack. And ISIS is less dependent," said James Lewis, a cyber-policy expert at the Center for Strategic and International Studies, said, using an acronym for the Islamic State. "It doesn't mean you get no military advantage out of it. But scruffy insurgents aren't the best target for high-tech weapons."

I-HLS:    Ein News:    ZD Net:    Ein News

 

« In The UK Cybercrime Has Overtaken Traditional Crime
Civil Liberties Group Crashes Thailand Government Website »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

SecWest

SecWest

SecWest is the organizer of CanSecWest, PACSEC, originator of PWN2OWN, security auditing, and virtual engagement/training.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

IDnext

IDnext

IDnext is the open and independent platform to support innovative approaches in the world of the Digital identity.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

CyberSure

CyberSure

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

Avanade

Avanade

Avanade is a leading provider of innovative digital, cloud and advisory services, industry solutions and design-led experiences across the Microsoft ecosystem.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.

HazeGrayCyber

HazeGrayCyber

HazeGrayCyber offers comprehensive technical services to bring your company to the next level.

Qubika

Qubika

Qubika are shaping the future of next-generation applications by seamlessly integrating high-quality UX, robust security, and AI-driven intelligence.