The United States is finally making no bones about its willingness to go after adversaries in cyberspace.
During the week leading up to Tuesday’s midterm elections, White House National Security Adviser John Bolton confirmed that U.S. cyber forces were going on the offensive against foreign interference in the election process. At the same time, U.S. Cyber Command (CYBERCOM) was targeting individual Russian hackers to deter them from conducting what the Justice Department has described as a campaign of information warfare, according to the New York Times.
Department of Defense (DoD) officials wouldn’t go into specifics on how many Russian operatives were targeted or what methods CYBERCOM was using, but the principle goal was deterrence–using various methods, including the threat of possible indictments or sanctions, to change their behavior.
The news that the United States is engaging in offensive cyber operations isn’t exactly earth shattering. The Stuxnet computer worm, discovered in 2010 and considered the first example of weaponized malware, disrupted Iranian nuclear operations in a highly targeted attack. Top secret documents disclosed by National Security Agency leaker Edward Snowden revealed that U.S. intelligence agencies had conducted 231 offensive cyber operations in 2011 alone. The Washington Post reported a year ago that CYBERCOM had been taking offensive cyber action against North Korea’s Reconnaissance General Bureau.
But those and similar revelations were either leaked or uncovered. Bolton’s comments mark a change in that they make it official that offensive cyber operations are being carried out, and that there will be more of them. “Our hands are not tied as they were in the Obama administration,” Bolton said at a press briefing. On top of that, DoD just recently made public its joint publication on Cyberspace Operations, which had been issued by the Joint Chiefs as a secret-level document in February 2013. The document lays out the reasons for offensive operations, as well as the potential hazards of taking them on.
The administration’s statements reflect the escalating free-for-all in cyberspace, where attacks carried out by nation-states have become an everyday thing, whether in the form of Russian attacks on infrastructure, Chinese thefts of military secrets and intellectual property, attacks being mapped out by Iran, or countless other smaller-scale incursions. The response, publicly at least, has focused on deterrence, by making the cost to adversaries of carrying out attacks higher than they are willing to pay.
Not all of the countermeasures have come in cyberspace. In response to cyberattacks, the U.S. has imposed sanctions on Russian companies, and has counted cyber thefts as a reason for imposing new tariffs on China. The Department of Justice (DoJ) last month indicted 10 Chinese intelligence officers and co-conspirators for hacks aimed at stealing U.S. and European aircraft engine technology, which follows charges from previous years against Chinese cyber spies. The DoJ also in October brought indictments against seven Russian intelligence officers for hacking attacks against nuclear development employees at Westinghouse Electric, and the U.S. and international anti-doping agencies that police the Olympic Games and international soccer (which Russia has run afoul of).
But on the cyber front, Bolton’s comments and other measures–such as the release of the Cyberspace Operations document, the White House’s National Cyber Strategy and DoD’s Cyber Strategy 2018–make clear that the military is engaged in the fight.
Another recent, somewhat under-the-radar sign of stepped-up operations came with the Air Force’s Oct. 29 award of a $54.6 million contract to Northrop Grumman for a unified platform to manage Cybercom’s cybersecurity processes, including offensive and defensive operations. Although not a large contract in DoD terms, the deal makes Northrop the system coordinator for what will be Cybercom’s first joint platform. Cybercom, which has 6,200 personnel, incorporates all of the military services as well as some intelligence agencies and to date has worked with a mix of tools and capabilities. The unified platform would only increase its ability to conduct operations involving some or all of its parts.