US Cyber Command Is A Tool Of Foreign Policy

The US National Security Strategy announced by President Trump at the end of 2017 was aimed at “redefining its cyber security mission” and stemming the tide of nation-state attacks on the US. This  has include the open use of cyber weapons to influence,deter and punish other nation states.

Much of the information we have about recent US cyber activities has come from unnamed, but most likely authorised, government sources which have been used as a foreign policy too to signal to adversaries that certain actions are infringing upon US national interests. 

By 2013 US domestic networks were overwhelmed by  constant attack from sophisticated nation-state actors. Hackers stole millions of sensitive records from the Office of Personnel Management, gained access to White House networks and destroyed dozens of computers at Sony Pictures from thousands of miles away. At that time the US Department of Defense’s own cyber teams couldn’t hit back or work on enemy networks abroad because the rules for such operations were incredibly stringent. In fact, one US senator said DoD didn’t conduct an offensive operation for five years. 

That’s not to say the United States sat idly by in cyberspace, experts pointed to covert strikes and intrusions, but it does mean the Pentagon rarely or never used cyber operations as an overt response or to flex its power.

The way Cyber Command meets those goals is through persistent engagement, which means challenging adversary activities wherever they operate, however, cyber tools and networks are a limited commodity; publicising them makes them harder to use a second time. The hope is that using this scarce commodity effectively will persuade potential challengers of American resolve.  

This represents a shift from the Obama administration, which was far more reticent to combine covert cyber activities with more overt signaling. Surely, the United States undertook secret operations to degrade, disrupt, destroy, manipulate, operations in cyberspace. The most famous Obama-era cyber operation was Stuxnet, a worm that caused Iranian nuclear centrifuges to tear themselves apart.  Obama Administration officials engaged only reluctantly in overt signaling. They officially denied involvement, only talking with select reporters on deep background and after the operation was being discussed in the media.

In comparison, the Trump administration is  more openly using cyberspace activities to signal to adversaries that when certain lines are crossed it will result in consequences. 

Examples include operations against Iran after the Saudi oil attack in August 2019 and after the drone downing in September; and operations against Russia after the 2018 midterm elections.

The administration is clearly signaling to Russa in its efforts to deter Moscow’s meddling in the 2020 elections. Officials have told media outlets of efforts to develop information warfare tactics that target Russia’s senior leaders and elites. Such open declarations represent even larger costs because they cannot be easily backed away from. If it works and the threat proves credible enough to deter Russian meddling in the upcoming elections, the US will likely continue with this type signaling

The new philosophy has engendered praise, criticism and confusion among experts. One lawmaker said the White House is stonewalling oversight of the new operations. Academics have questioned whether the strategy will indeed slow hacking from the United States’ enemies. 

Because of the sensitivity of operational details, the Pentagon rarely discusses how the new strategies have worked. But based on interviews with military officials and several cyber experts this is the story of how, in two years, a new strategy is forcing the national security community to rethink cyber operations and the strategy’s long-term effects.

Ultimately, cyber is one tool in the US arsenal and experts have cautioned that it will be hard to point directly to a more assertive cyber posture as the one thing that changes the calculus of adversaries.

New Statesman:       Fifth Domain:            Defense One:

You Might Also Read:

Shockwave - A Global Transformation In Warfare:

 

« Electric Grids Targeted For Cyber Attacks
Cyber Stocks Soaring From Conflict With Iran »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Satisnet

Satisnet

Satisnet is a leading Security Reseller, Managed Security Services Provider (MSSP) and Cyber Training Innovator, with operations throughout the UK, EMEA and United States.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.