Where Should The Pentagon Focus In Cyberspace?

The cyber domain as an operational environment is still relatively new, and the US Department of Defense is still working out tactics, techniques, procedures and authorities in cyberspace for military operations.

But despite the DoD and NATO declaring cyberspace a domain of warfare, “nobody has defined what that means,” said Alex Crowther, of the National Defense University.

Recently at the annual conference of the Association of the US Army, he called for a circumscribed mission set, as forces can’t be everywhere all the time. Lagos would swallow the entire US Army, he said, using the Nigerian city as a physical analogy to cyberspace, which he noted would swallow all of the DoD’s cyber capability.

“There are pressures for DoD to do more in cyberspace. But if DoD was to do that, you would be frittering away cyber capability,” Crowther asserted. “It’s like going into a city and leaving two guys at every street corner, and pretty soon you don’t have a reaction platoon. Your combat power is frittered away.”

So, what are appropriate mission sets and spheres for operation in cyberspace for the military? Crowther offered four: crime, intelligence, information and operations.

The crime space for the DoD is quite limited, he said, but the agency needs to operate in this space given actors use cyberspace to commit crimes via hacking against the DoD and the defense industrial base; a prominent example of the latter is the theft of F-35 plans from its contractor.

The Pentagon needs to operate in the crime cyberspace to fight crimes involving DoD personnel, such as the misuse of DoD assets, he added.

On the intelligence space, he said that virtually all aspects of intelligence will eventually be cyber-enabled. This means that while traditional intelligence operations such as terrorist network analysis would be done the old-fashioned way, the big-data analysis of the intelligence would be the cyber-enabled portion.

Cyber intelligence itself, he added, would be the hack of the Office of Personnel Management (announced in 2015) where all of the intelligence operation is performed in cyberspace.

Like cyber intelligence, more information operations are becoming cyber-enabled, Crowther said. The 2016 hack of the Democratic National Committee would be cyber-enabled, but not entirely cyber-based, Crowther said, because while cyber was the means of extracting the data, it was disseminated through print outlets such as The New York Times.

The Islamic State group, he noted, has a different view of information operations than that of the US military, and it might be worth taking a page from the group’s book. The US military executes information ops in support of operations, whereas ISIS performs operations in support of information ops.

In other words, the military will perform an objective and relay the results back to a central location for dissemination via a news release. Conversely, ISIS will scout an objective prior to an attack to determine the best place from which to capture footage to later post online.

He also offered a common complaint of activity in the “information” space: Actors and nations such as Russia conduct information operations below the threshold of triggering a military response. “You’ve heard of the gray zone. That’s exactly what those operations are designed to do: Create an effect without triggering a crossing-over into a military response,” Crowther said.

The last sphere of cyberspace where the military should exist is operations, according to Crowther. He split this between conventional operations and special operations, but noted he has been informed by officials there is no such thing as cyber special operations.

However, he contended, if one looks at the definition of special operations from the joint publication on special ops and compares it to certain cyber operations, “it’s very clear that things like the Stuxnet operation meet many of the criteria of being a special operation.”

Conventional cyber operations include the dropping of  “cyber bombs” on ISIS, as described by former Secretary of Defense Ash Carter. These are designed to disrupt the group’s command-and-control capability.

Cyber-enabled operations involve elements of cyber with conventional military activity, such as Russia’s invasion of Georgia, said Crowther. This saw the use of conventional ground and air operations against the Georgian military in concert with cyber operations to attack command, control and communications.

Contrast that to the attack against the Estonian government, which was a distributed denial-of-service attack against its infrastructure; that would be an entirely cyber operation, Crowther said.

He also discussed cyber-enabled special ops, citing a Pakistani operation as an example. Forces performing reconnaissance in Mumbai had GoPro cameras mounted to them to survey the routes for intel on terrain. During the execution phase, which was remotely run from Pakistan, mission controllers monitored traditional and social media in India, steering the teams away from Indian security forces.

Federal Times

You Might Also Read: 

US Ready To Fight Hybrid War By 2030:

Overconfident: US Will Win A Cyber War With China In 2017:

Modern Fiction: A Novel  Is Required Reading At The Pentagon:

Cybersecurity: The Human Dynamic:

 

 

« US Ready To Fight Hybrid War By 2030
Poor North Korea Is A Cyber Superpower »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

CyberArrow

CyberArrow

CyberArrow (formerly EBDAA) is a consultancy company providing high quality consultancy services in Risk & Compliance and Awareness & Education.

Cyber Base

Cyber Base

Cyber Base is an Information Technology company based in Uganda providing software and hardware solutions to clients.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

Anterix

Anterix

Anterix is focused on empowering the modernization of critical infrastructure and enterprise businesses by enabling private broadband connectivity.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Baselime

Baselime

Baselime, the cloud-native observability platform. Resolve issues in your cloud application before they become problems.

Planisys

Planisys

Planisys is a cybersecurity leader specializing in cutting-edge DNS security and email security solutions.