Fighting Talk In Cyberspace

With the recognition of cyberspace as a war fighting domain, Western militaries are talking up their offensive capabilities in cyberspace.

Anita Hawser
12 April 2017
US Army Cyber Protection Brigade discuss the response to a simulated cyber attack 
(US Army photo by Bill Roche)



Behind Coalition air strikes against ISIL or Daesh in Syria and Iraq, a war of a different kind is taking shape. Sending in ground forces to fight ISIL in Iraq and Syria may be off the table, but nobody mentioned anything about not using 'cyber warriors' to try and defeat the terrorist organisation.

Under the former Obama administration, the US Department of Defense (DoD) was unusually vocal about the US's intention to use cyber offensive weapons against ISIL. In its 2015 Cyber Strategy, the US DoD talked about defending and securing the DoD's information and data, mitigating risks to military missions and defending the country against “disruptive or destructive” cyberattacks.

But the fourth strategic goal of the strategy talks about “building and maintaining viable cyber operations and plans to use those options to control conflict escalation and to shape the conflict environment at all stages.” The text goes on to say: “If directed, the DoD should be able to use cyber operations to disrupt an adversary's command and control networks, military-related critical infrastructure and weapons capabilities.” It also talked about integrating cyber across all domains of military operations.

US Cyber Command, which was established in 2009 as a joint headquarters to orchestrate US Armed Forces’ cyber efforts, has 100 teams conducting cyberspace operations, including efforts to degrade, dismantle and ultimately defeat ISIL, US Cyber Command chief Admiral Michael Rogers told a hearing before the Senate Armed Services Committee last April.

In February this year, remarking on the future of US Cyber Command, Admiral Rogers stated that in the immediate near term, Cyber Command, or Cybercom as it is also referred to, needed to be elevated to a combatant command. Cybercom is currently a component of US Strategic Command.

Over the next five to 10 years, the admiral said he would like to see cyber integrated offensively and defensively “down to the operational tactical level.” Offensive cyber in some ways is treated like nuclear weapons, he added, “in the sense that their application outside a defined area of hostilities is controlled at the chief-executive level and is not delegated down.”


“We should be integrating [cyber] into the strike group and on the amphibious expeditionary side,” says Rogers. “We should view this as another toolkit that's available … as a commander is coming up with a broad schema of manoeuvre to achieve a desired outcome or end state. That’s what I hope.”




With the publication of its 2012 Defence Cyber Strategy, which talks about synchronising defensive, intelligence and offensive cyber activities, Lt. Col. Paul Hoen, Commander of the Dutch Defence Cyber Expertise Centre says the Netherlands treats cyber like any other military capability. “In cyberspace, often with numerous not even known potential attack vectors, a pure defensive stance equals planning for defeat,” says Hoen. “A secure digital fortress is deemed an illusion for now and the foreseeable future, so the Armed Forces of the Netherlands, within the limits of the law, want at least be able to proactively counter a potential cyber attack.”

In the case of an armed conflict, Lt. Col. Hoen says offensive cyber capabilities are complementary to more traditional military capabilities to achieve desired effects by other means, and as such provide new opportunities

The Dutch established a Defence Cyber Command in 2014, which is the central entity within the Dutch Ministry of Defence responsible for “the development and use of robust military operational and offensive capabilities.”

Germany is in the process of establishing a Cyber Command, which is expected to strengthen its computer network operations by consolidating cyber, information technology and electronic warfare into a single command.

Estonia, which experienced a Denial-of-Service attack on prominent government websites in 2007—alleged to have been perpetrated by Russian hackers—set up the Estonian Defence League Cyber Unit (EDL CU). The EDL CU provides cyber defence capabilities and expertise in the event of a large-scale national cyber event.

When it comes to cyber offensive capabilities, Piret Pernik, a research fellow at the International Centre for Defence and Security in Estonia says Estonia's national policy states that the military can use all means to ensure freedom of movement in cyberspace and refers to the use of deterrence and active measures.

Raul Rikk, head of National Cyber Security Domain at Estonia's e-Governance Academy, and one of the founders of the NATO Co-operative Cyber Defence Centre of Excellence in Tallinn, says if countries can talk openly about how many military tanks and aeroplanes they have, they should be able to talk about their cyber offensive capabilities.

NATO has a policy not to develop cyber offensive capabilities or weapons, but Rikk says member countries are free to develop them. “The US already has them; they don't hide it. Other countries will probably follow.”

Estimates range from 20 to 30 countries in terms of those that have disclosed plans to develop cyber offensive units in their militaries. For the UK and the US, the effective use of the internet and social media by organisations like ISIL to spread their doctrine and beliefs, as well as the advanced cyber warfare capabilities of countries like China and Russia, is forcing NATO member countries to develop both cyber offensive and defensive postures.

At the Counter Terror Expo in London last April, Jorge Bento Silva, deputy head of the Counter-Terrorism Unit, European Commission Directorate General Migration and Home Affairs, talked about the prospect of a 'cyber jihad.' In a report on cyber jihadists, the European Union Institute for Security Studies says conflicts in Syria and Iraq provided a fresh opportunity to leverage the power of social media among Western populations.

Cyber jihadists are also using the internet directly to raise money and to mount attacks on western governments. The so-called “Cyber Caliphate” has attacked the Twitter and YouTube accounts of US Central Command.



The Central Control Facility at Eglin Air Force Base oversees electronic warfare mission data flight testing. Portions of their missions may expand under the new Air Force Cyber Command  (US Air Force photo/Capt. Carrie Kessler)




The US has developed military doctrine pertaining to the rules of engagement in cyberspace. According to IISS's strategic dossier on the cyber domain, the US Army's field manual talks about “cyber electromagnetic activities” being applied at the brigade, division, corps and theatre levels.

Whilst NATO itself will not develop or use cyber offensive operations, Pernik says it is possible within the framework of coalition operations that it could be done unilaterally, multilaterally or bilaterally by countries. NATO's revised 2010 Policy on Cyber Defence refers to cyber threats as a potential trigger for Article 5 of the Treaty, which refers to collective defence. If a NATO member country was attacked by another country, there is nothing to say that cyber offensive measures could not be used as a means of self-defence.

However, Rikk says cyber is not a clear operational domain yet. “How international regulations and legal agreements apply in the cyber domain need to be better understood,” he says. “We're not there yet.”

Pernik says cyber offensive measures have been mostly used for intelligence-gathering, reconnaissance or surveillance purposes, but when it comes to using them to degrade or destroy another country's infrastructure she says countries are exercising self-restraint. “Countries have these [offensive] capabilities, but they don't want to create a precedent,” she explains. “However, in Ukraine, malware was used to cause a massive electricity outage that affected 220,000 people. The purpose was to show what can be done and perhaps test offensive capabilities. The militarisation of cyberspace has been going on for many years and offensive capabilities will be used sooner or later.”

A cyberattack on a country's electricity infrastructure could cause a loss of life and widespread panic. “Especially with cyber, specific attention is required,” says Lt. Col. Hoen of the Netherlands' Defence Cyber Expertise Centre, “since effects could potentially spread at the speed of light, with a world-wide reach, and without proper planning and execution hitting not to be targeted dual-use technologies.”

Yet, there are also actors who consider cyber, due to its highly asymmetric character and the attribution challenge, as the ultimate tool offering plausible deniability and as such a means to stay below the threshold of armed conflict.

“It will be extremely difficult to put the lid back on Pandora's Box,” says Hoen. “We may have to be prepared to face a long-lasting situation of 'Anything you can get away with goes,' from actors living by other norms and standards than ours.”

Pernik says cyber offensive weapons will not be used easily as it is difficult to plan and use such weapons in military campaigns. However, for Russia, China and the Syrian Electronic Army, cyber offensive measures are regularly used as part of a comprehensive approach to warfare, which relies not only on conventional weapons, but information warfare via social media or attacking government and military networks, mobile and telecom infrastructure. 




The US is "the most technologically and materially developed nation in terms of military cyber power," says the International Institute for Strategic Studies.  US Cyber Command was established in 2009 to coordinate efforts, but it does not have as well-developed cyber military theory or doctrine as Russia and China. US cyber operations overlap with information and electronic warfare. Operations in cyberspace could target “personnel, facilities, equipment,” with the objective of degrading, neutralizing or destroying enemy capabilities. Main methods used tend to be electronic warfare and “network operations.” The US is credited, alongside Israel, with launching the Stuxnet worm, which attacked systems controlling Iran's nuclear enrichment facilities. There is some suggestion that the recent failed North Korean missle launch over the Easter weekend, which saw the missile blow up, may have been caused by a US cyber attack, but there is no official confirmation of this. 

The IISS says Russia has a “comprehensive approach to cyber warfare” encompassing disinformation, propaganda, monetary supply, access to external information.” Although the Russian military has what IISS describes as a “robust cyber warfare doctrine,” most of the country’s cyber capabilities reside within the Federal Security Service and other intelligence and security agencies rather than the military. Russia has reportedly used cyber offensive measures against Ukraine, Georgia, Estonia and in the first and second Chechen wars. In the Second Chechen War in 1999, IISS says Russia allegedly hacked “pro-Chechen” internet servers. Computer network attacks were launched against Georgian government websites and communication systems to isolate the government alongside Russian military operations in South Ossetia, and in Crimea and eastern Ukraine reports allege that Russia suppressed mobile phone networks and attacked internet communication systems.   

Chinese cyber warfare capabilities centre round information warfare in terms of obtaining or supressing information or obtaining “information dominance,” political or economic espionage. China’s military has two major cyber-related units: The Third Department which deals with signals intelligence, cryptography, computer security; and the Fourth Department, which handles electronic warfare and countermeasures.

According to IISS, the Syrian Electronic Army (SEA) is a bunch of “hackers” loyal to President Bashar al-Assad. It is described as “the first virtual army in the Arab world,” which emerged in 2011. SEA uses social media to launch cyberattacks on opponents. SEA even has its own Twitter handle. Journalists covering the Syrian conflict say that SEA reportedly sent malware to the families of jihadists fighting against the Assad regime.
Home page slider photo: A 97th Communications Squadron network administrator, inserts a hard drive into a retina server inside the 97th network control center as the 97th Air Mobility Wing prepares to undergo its first phase three Command Cyber Readiness Inspection (US Air Force photo by Senior Airman Franklin R. Ramos)