Where Should The Pentagon Focus In Cyberspace?

The cyber domain as an operational environment is still relatively new, and the US Department of Defense is still working out tactics, techniques, procedures and authorities in cyberspace for military operations.

But despite the DoD and NATO declaring cyberspace a domain of warfare, “nobody has defined what that means,” said Alex Crowther, of the National Defense University.

Recently at the annual conference of the Association of the US Army, he called for a circumscribed mission set, as forces can’t be everywhere all the time. Lagos would swallow the entire US Army, he said, using the Nigerian city as a physical analogy to cyberspace, which he noted would swallow all of the DoD’s cyber capability.

“There are pressures for DoD to do more in cyberspace. But if DoD was to do that, you would be frittering away cyber capability,” Crowther asserted. “It’s like going into a city and leaving two guys at every street corner, and pretty soon you don’t have a reaction platoon. Your combat power is frittered away.”

So, what are appropriate mission sets and spheres for operation in cyberspace for the military? Crowther offered four: crime, intelligence, information and operations.

The crime space for the DoD is quite limited, he said, but the agency needs to operate in this space given actors use cyberspace to commit crimes via hacking against the DoD and the defense industrial base; a prominent example of the latter is the theft of F-35 plans from its contractor.

The Pentagon needs to operate in the crime cyberspace to fight crimes involving DoD personnel, such as the misuse of DoD assets, he added.

On the intelligence space, he said that virtually all aspects of intelligence will eventually be cyber-enabled. This means that while traditional intelligence operations such as terrorist network analysis would be done the old-fashioned way, the big-data analysis of the intelligence would be the cyber-enabled portion.

Cyber intelligence itself, he added, would be the hack of the Office of Personnel Management (announced in 2015) where all of the intelligence operation is performed in cyberspace.

Like cyber intelligence, more information operations are becoming cyber-enabled, Crowther said. The 2016 hack of the Democratic National Committee would be cyber-enabled, but not entirely cyber-based, Crowther said, because while cyber was the means of extracting the data, it was disseminated through print outlets such as The New York Times.

The Islamic State group, he noted, has a different view of information operations than that of the US military, and it might be worth taking a page from the group’s book. The US military executes information ops in support of operations, whereas ISIS performs operations in support of information ops.

In other words, the military will perform an objective and relay the results back to a central location for dissemination via a news release. Conversely, ISIS will scout an objective prior to an attack to determine the best place from which to capture footage to later post online.

He also offered a common complaint of activity in the “information” space: Actors and nations such as Russia conduct information operations below the threshold of triggering a military response. “You’ve heard of the gray zone. That’s exactly what those operations are designed to do: Create an effect without triggering a crossing-over into a military response,” Crowther said.

The last sphere of cyberspace where the military should exist is operations, according to Crowther. He split this between conventional operations and special operations, but noted he has been informed by officials there is no such thing as cyber special operations.

However, he contended, if one looks at the definition of special operations from the joint publication on special ops and compares it to certain cyber operations, “it’s very clear that things like the Stuxnet operation meet many of the criteria of being a special operation.”

Conventional cyber operations include the dropping of  “cyber bombs” on ISIS, as described by former Secretary of Defense Ash Carter. These are designed to disrupt the group’s command-and-control capability.

Cyber-enabled operations involve elements of cyber with conventional military activity, such as Russia’s invasion of Georgia, said Crowther. This saw the use of conventional ground and air operations against the Georgian military in concert with cyber operations to attack command, control and communications.

Contrast that to the attack against the Estonian government, which was a distributed denial-of-service attack against its infrastructure; that would be an entirely cyber operation, Crowther said.

He also discussed cyber-enabled special ops, citing a Pakistani operation as an example. Forces performing reconnaissance in Mumbai had GoPro cameras mounted to them to survey the routes for intel on terrain. During the execution phase, which was remotely run from Pakistan, mission controllers monitored traditional and social media in India, steering the teams away from Indian security forces.

Federal Times

You Might Also Read: 

US Ready To Fight Hybrid War By 2030:

Overconfident: US Will Win A Cyber War With China In 2017:

Modern Fiction: A Novel  Is Required Reading At The Pentagon:

Cybersecurity: The Human Dynamic:

 

 

« US Ready To Fight Hybrid War By 2030
Poor North Korea Is A Cyber Superpower »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

ABL Cyber Academy

ABL Cyber Academy

ABL provide certified training courses in the field of cyber security and IT project management.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Living Security

Living Security

Living Security specializes in metric driven and engaging security awareness solutions that reduce risk by increasing security culture and changing employee behaviour.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Data Terminator

Data Terminator

Data Terminator provide a comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

PNGCERT

PNGCERT

PNGCERT is the national Computer Emergency Response Team (CERT) for Papua New Guinea.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.

EK3 Technologies

EK3 Technologies

EK3 Technologies mission is to provide comprehensive cybersecurity and IT solutions that allow our clients to focus on sustaining their business.