The US Steps Up Its Cyberwar Capability

In the 21st century military attack and defence increasingly involves the use of cyber operations between rival states. Cyberspace is a warfighting domain, and the US military is beginning to take an active role in cyber defending the country and its allies from threats in that realm, US Defense Secretary Mark T. Esper has said.

US military superiority in the air, land, sea, and space domains is critical to its ability to defend their interests and protect values. Achieving superiority in the physical domains now often depends on superiority in cyberspace. The security of the US has become also partly dependent on cyber security and this issue will increase with th development AI and cyber-attacks.

China and Russia are honing their offensive cyber capabilities. Both have been focused on extracting COVID-19-related research, but post-pandemic China’s cyber campaigns will go back to targeting Western intellectual property and other valuable commercial information, while Russia will pursue anti-Western political manipulation.

Technological decoupling, most apparent in geopolitical divisions over Huawei’s role in building 5G telecoms infrastructure, forms part of the West’s defensive cyber security strategy.

US Defense policy and processes need to keep pace with the speed of events in cyberspace to maintain a decisive advantage and superior strategic effects depend on the alignment of operations, capabilities, and processes, and the seamless integration of intelligence with operations. Indeed, some military analysts have promoted the idea of a coming “Cyber Pearl Harbor,” but instead the domain is littered with covert operations meant to manage escalation and deter future attacks. Cyber strategy and policy must start from an accurate understanding of the domain, not imagined realities.

Recently Montenegro has faced increased harassment from Russia since joining NATO in 2017, and the Cyber Command team has been there to investigate signs that hackers had penetrated the Montenegrin government’s networks. Working side by side with Montenegrin partners, the team saw an opportunity to improve American cyber defenses ahead of the 2020 election. 

The 'Hunt Forward' mission to Montenegro represented a new, more proactive strategy to counter online threats that reflects Cyber Command’s evolution over the last ten years from a reactive, defensive posture to a more effective, proactive posture called “persistent engagement.” The findings enable the US government to defend critical networks more effectively and allow large antivirus companies to update their products to better protect their users.

When Cyber Command was established in 2010, the assumption was that its focus should be on trying to prevent the military’s networks from being infiltrated or disabled. But a reactive and defensive posture proved inadequate to manage evolving threats.​ Even as the military learned to better protect its networks, adversaries’ attacks became more frequent, sophisticated, and severe.
 
Russia uses cyberspace for espionage and theft and to disrupt US infrastructure while attempting to erode confidence in the nation’s democratic processes. Iran undertakes online influence campaigns, espionage efforts, and outright attacks against government and industrial sectors. In the face of these threats, the US government has changed how it will respond. In 2018, Congress clarified the statutory authority for military cyber operations to enable Cyber Command to conduct traditional military activities in addition to the mostly preparatory operations to which it had been limited previously.

The White House also released a National Cyber Strategy, which aligned economic, diplomatic, intelligence, and military efforts in cyberspace.

Some specialists have speculated that competing with adversaries in cyberspace will increase the risk of escalation, from hacking to physical war. The thinking goes that by competing more proactively in cyberspace, the risk of miscalculation, error, or accident increases and could escalate to a crisis.

US Cyber Command takes these concerns seriously, and reducing this risk is a critical part of the planning process, however, cyberspace operations are not silver bullets and to be most effective, they require much planning and preparation. Cyber Command thus works closely with other combatant commands to integrate the planning of kinetic and non-kinetic effects.

Cyber Command’s capabilities are meant to complement, not replace, other military capabilities, as well as the tools of diplomacy, sanctions, and law enforcement. Controlling cyberspace as a military domain is a challenge that demands critically assessing issues, questions, and assumptions, especially those at the foundation of the military’s decision making for operations and requirements. 

Foreign Affairs:      US  Cyber Command:      CATO Institute:      US Dept. of Defense

You Might Also Read:

Cyber Command’s Plan to ‘frustrate’ Hackers Is Working:

 

« Superhuman Brain-Hacking Device
Fixing Britain's Digital Skills Gap »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: 2024 and beyond: Top six cloud security trends

ON-DEMAND WEBINAR: 2024 and beyond: Top six cloud security trends

Learn about the top cloud security trends in 2024 and beyond, along with solutions and controls you can implement as part of your security strategy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

Jenson Knight

Jenson Knight

Jenson Knight is a global cyber security, cloud and IT infrastructure staffing specialist.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

Aura

Aura

Aura is a mission driven technology company dedicated to creating a safer internet for everyone. We’re making comprehensive digital security that's simple to understand and easy to use.

Judy Security

Judy Security

Judy provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.