The new face of warfare is electronic: cyber-war, cyber-terrorism, cyber-espionage and cyber-crime.
Cyber attacks can originate from terrorists, governments, their proxies, and common hackers. Computers and computer software are increasingly utilized to attack targets with computer viruses, malware, and other programs or to overload or deface websites. This theater includes both an offensive and defensive aspect.
There have been a multitude of offensive efforts to hack into various state systems, utilities or banks, to affect disruptions in operations, send political messages, or obtain sensitive information. Additionally, individuals and commercial enterprises have been hit by hackers as have electric utilities, most recently in Ohio.
An increasingly sophisticated dimension of offensive cyber warfare publically came to light with reports of a joint US-Israeli cyber effort to deter Iranian nuclear weapons development. The program, Stuxnet, sent instructions that spun Iranian uranium centrifuges into destruction.
According to the New York Times, President Barack Obama “secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities… significantly expanding America’s first sustained use of cyber weapons." The June 1 article, by David Sanger, drew from his new book Obama's Secret Wars and Surprising Use of American Power, and provided revelations regarding America’s use of cyber capabilities.
More recently a Russian-based security software firm reported that a sophisticated intelligence gathering program called “FLAME” had been infiltrating communications in Iran, possibly for years. The program was intended to secretly map and monitor Iran’s computer networks to pave the way for cyber attacks such as Stuxnet, the Washington Post later reported.
It is conjectured that recent US offensive cyber tactics may be setting a new precedent for similar highly sophisticated attacks by other states, even though in the Iranian situation there may be an alternative to kinetic military action. Russia reportedly used cyber tactics in a dispute with Estonia in 1997; Chinese hackers have repeatedly broken into US government and commercial systems to steal sensitive data.
Although state entities are believed to have the most sophisticated cyber capabilities, surrogates for certain states or terrorist groups may be able to develop increasingly sophisticated programs that can attack softer targets.
US systems are subject to thousands of intrusion attempts every year. Defense Secretary Leon Panetta warned in 2011 of a possible “Cyber Pearl Harbor” against the heavily computer dependent US, confirming fears that the threat of cyber terrorism and other cyber attacks is very real and present.
In recent years, the US government has been developing measures to defend against cyber terrorism and other such threats against websites, communications systems, data bases, key transportation, and other infrastructure.
An Overview of US Counterterrorism
A myriad of US government offices and programs are involved. The following overview of this effort is adapted from a recently published book I co-authored with retired Ambassador Edward Marks: US Government Counterterrorism: A Guide to Who Does What.
The Department of Homeland Security (DHS) is the lead agency responsible for cybersecurity in the US, while the Defense Department and other agencies also have important responsibilities. The DHS has primary responsibility for the civilian “dot gov” domains and the DOD for the “dot mil.”
In 2008, to strengthen and coordinate the US government’s cybersecurity effort, former President George W. Bush issued the National Security Presidential Directive 54/Homeland Security Presidential Directive 23, which established the Comprehensive National Cybersecurity Initiative (CNCI). The CNCI formalizes a series of continuous efforts to further safeguard federal government systems from cyber threats and attacks.
President Obama updated this directive in May 2009, accepting recommendations that included the appointment of an Executive Branch Cybersecurity Coordinator, now Michael Daniel, in the White House. The Executive Branch was also directed to work closely with all key players in US cybersecurity, including state and local governments and the private sector, to ensure an organized and unified response to future cyber incidents.
The 2009 review was followed by an International Strategy for Cyberspace, issued on May 16, 2011, that supported an open Internet and pledged continued US efforts to deter “malicious actors” who seek to disrupt internet networks and systems.
In May 2011, the White House also announced legislative proposals that were intended, among other things, to improve cybersecurity in the private sector. No agreement on this and other proposals have been reached and new legislation is still pending in Congress.
In an early domestic move, the Department of Homeland Security created the National Cyber Security Division (NCSD) in 2004 to better protect the US network systems from cyber attacks, partnering with government, industry and academia as well as the international community.
The DHS is responsible for assuring the security, resilience, and reliability of the nation's information technology (IT) and communications infrastructure. The NCSD programs include a Cybersecurity Preparedness and the National Cyber Alert System to provide current threat information to both technical and non-technical computer users. The National Cyber Response Coordination Group, with membership from 13 federal agencies, is the principal federal agency mechanism for cyber incident response. The Cyber Cop Portal program to promote coordination with law enforcement is an information sharing and collaboration tool accessed by over 5,300 investigators worldwide who are involved in electronic crimes cases.
The Office of Cybersecurity and Communications (CS&C)is responsible for enhancing the security, resilience, and reliability of the nation's cyber and communications infrastructure. CS&C actively engages the public and private sectors — as well as international partners — to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets.
CS&C carries out its mission through three divisions: National Communications System, the National Cyber Security Division, and Office of Emergency Communications. The latter office developed the National Emergency Communications Plan (NECP) to ensure that emergency response personnel at all levels of government can communicate as needed.
CS&C operates the NCS' National Coordinating Center (NCC) for communications, as well as US Computer Emergency Readiness Team (US-CERT), which is the Department's 24×7 watch and warning center for the federal government's Internet infrastructure. US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate actionable cyber security information to the public.
The EINSTEIN Program provides government officials with an early warning system, including early identification of malicious activity and a more comprehensive network defense. The Program helps identify unusual network traffic patterns and trend.
Department of Defense
The Defense Department gives high priority to protect both its non-combat operating systems and those that support military operations.
A key element is the US Cyber Command (CYBERCOM), which began initial operations in May 2010. It is a sub-command of US Strategic Command (STRATCOM).
CYBERCOM’s stated purpose is to plan, coordinate, and synchronize activities to “lead day-to-day defense and protection of DOD information networks and coordinate DOD operations providing support to military missions. It is also charged with, “when directed, to conduct full spectrum military cyberspace operations.” This is an apparent reference to offensive cyber war activities as well as defensive efforts.
CYBERCOM assists other government and civil authorities and industry partners, through the Department of Homeland Security (DHS) — the lead agency for domestic infrastructure protection.
The Office of the Deputy Assistant Secretary of Defense for Cyber Policyis the lead component within the Defense Department for policy and coordination matters related to activities in cyber space or involving cyber systems. Its mission includes ensuring cyber-related activities are integrated into national and DoD strategies and the implementation of US Government and DoD policy and strategy for military and intelligence cyber operations activities.
In October 2010, Defense Secretary Robert Gates and DHS Secretary Janet Napolitano signed a memorandum of agreement to enhance operational coordination and joint program planning. The agreement is intended to ensure that both agencies’ priorities and requests for support are clearly communicated and met.
National Security Agency
The agency’s Information Assurance National Information Assurance Research Laboratory (NIARL) develops advanced intrusion detection tools and other measures to protect communications “from the most determined adversaries in the world.”
The Federal Bureau of Investigation is a substantial component of the Comprehensive National Cybersecurity Initiative (CNCI), and is the lead law enforcement agency for investigating cyber matters. The FBI’s Cyber Division coordinates the FBI’s efforts against cyber threats, and addresses all violations with a cyber nexus, which often have international facets and national economic implications. The Cyber Division also assists other FBI components in counterterrorism, counterintelligence, and other criminal investigations when technological investigative assistance is required.
The FBI, along with the Department of Defense Cyber Crime Center, helped develop the National Cyber Investigative Joint Task Force (NCIJTF), which the White House mandated in 2008 to be the focal point for all government agencies to coordinate, integrate, and share information related to all domestic cyber threat investigations.
Joint FBI-DHS teams conduct voluntary assessments for critical infrastructure owners and operators who are concerned about their network security.
Central Intelligence Agency (CIA)
The CIA’s Information Operations Center’s Analysis Group (IOC/AG) evaluates foreign threats to US computer systems, particularly those that support critical infrastructures. The Agency says that IOC/AG analysts consider potential threats from state and non-state actors and evaluate a wide array of information, including foreign intentions, plans, and capabilities.
The State Department created the position of Coordinator for Cyber Issues in February, 2011 to bring together the many elements in the State Department working on cyber issues to coordinate and more effectively advance US cyber interests overseas.
The Department also promotes international efforts to strengthen global cybersecurity by building capacity in developing countries, promoting interoperable standards, and enhancing international cooperation to respond to cyber threats.
As the diverse cyber threat continues to grow, the US and other governments are taking commensurate defensive measures, including improving organizational norms, structures, doctrine, technology, and awareness. However, many experts nevertheless believe that the advantage lies with the offense and that countermeasures will play a continual game of catch up.
The views expressed in this article are the author's own and do not necessarily reflect Fair Observer’s editorial policy.