USA TODAY SPECIAL EDITION
58 components from all four military branches to defend the DOD’s information networks, conduct cyber operations against adversaries and protect critical online infrastructure so that the U.S. and its allies remain free to act in cyberspace as they please. The tip of Cyber Command’s spear is the Cyber Mission Force, a dedicated unit formed in 2012 that will consist of 6,200 military personnel in 133 teams when fully staffed. The force should reach its full operational capacity in October 2018, after additional training and experience, and will operate in both offensive and defensive modes in cyberspace.
OUT IN THE OPEN
For years, the U.S. has demurred on its alleged cyber capabilities and cyberweapons, such as the Stuxnet computer virus that destroyed centrifuges in an Iranian uranium enrichment plant in 2009. Much of Cyber Command’s capabilities still remain classified. No longer, though, will all cyber assets remain mere scuttlebutt. “Cyber is a domain like air, sea and land,” Cyber Command’s deputy commander, Lt. Gen. James K. McLaughlin told the House Armed Services Committee in June. “As we continue to conduct cyber operations in support of broader operations, like we are doing against ISIL, we expect to talk about it with increasing openness.” That first declaration of cyberwarfare in 2016 was further meant to warn other potential U.S. cyber opponents such as Russia, China and Iran, as well as non-state actors, that the U.S stands ready. “In part, that idea of publicly acknowledging the fact that we were using cyber as a capability to counter ISIL was not just
to signal ISIL, but was also to make sure others are aware that the Department of Defense is investing in these capabilities (and) we are prepared to employ them, within a legal, lawful framework,” said Adm. Michael Rogers, commander of Cyber Command and NSA director, in testimony before the Senate Armed Services Committee in September.
▶ Russian agents are also the chief suspects in breaches of unclassified email systems the past two years at the State Department, the White House, the Joint Chiefs of Staff and the Democratic National Committee. The vulnerability of these computer systems speaks to the broader U.S. government’s reliance on the relatively unprotected commons of cyberspace. WHAT LIES AHEAD “The internet is now crucial to anything Numerous incidents in recent years offer and everything that the military wants to a taste of cyber aggressions that could rise do,” Singer said. “Right now, 98 percent to the level of national of the United States’ security, for both military military communications and civilians: go over the civilian“A military ▶ In March 2016, the owned and operated Department of Justice internet.” organization has issued an indictment A particularly against hackers at Iranian egregious example, short gone public saying government-backed of cyberwarfare but it is engaging in companies who had certainly of foreign attacked the networks cyber-meddling, suroffensive cyber of at least 46 financial rounded the recent operations — that institutions and corpresidential elections. porations in the U.S. to U.S. intelligence is a historic first.” disrupt business. agencies linked hacks of — Peter Singer, ▶ The same hackers Democratic Party orgastrategist and senior fellow, also broke into the nizations’ and campaign New America computerized controls officials’ email accounts of a small hydroelectric back to Russia. The dam in New York’s stolen emails, released Westchester County in 2013, perhaps as by Wikileaks, roiled an already volatile a dry run before targeting a larger facility. election season; some think that the leaks (The dam was not operating at the time, may have helped Donald Trump win the however, so no damage was done.) presidency. Lawmakers and other officials ▶ Utilities generally make attractive had already expressed concern ahead of targets. In December 2015, a hack, the election that Russia might tamper with allegedly from inside Russia, on a regional the vote data-collection process. electricity distribution company in Ukraine In a September hearing, senators caused power losses to 225,000 customers. suggested that voting systems should be
ALEX WONG/GETTY IMAGES
A federal grand jury in March indicted seven Iranians who worked for companies linked to their government on charges of hacking numerous financial institutions and corporations in the U.S., disrupting the businesses.
deemed critical infrastructure, alongside financial systems, nuclear power plants and power grids, thus perhaps coming under the aegis of Cyber Command. “If there were scenarios where we could envision attacks having significant consequences in our electoral context, we really do need to consider that,” Lettre said.
CYBERWARFARE’S TOMORROW
To keep up with the rapidly evolving, potentially escalating cyberspace domain, the DOD is also fostering a next generation of cyber soldiers. For instance, the NSA assists in running summer cybersecurity-themed camps at the K-12 level for students and teachers to cultivate interest and talent, further aided by relationships with more than 200 U.S. universities. In November, the DOD announced a new Vulnerability Disclosure Policy, “a ‘see something, say something’ policy for the digital domain,” Carter said in a statement. The policy creates a path for security researchers to test and find DOD vulnerabilities and report them. But Rogers acknowledged that the DOD recognizes that humans at their keyboards will not suffice. The agency is therefore highly focused on utilizing automated, “smart” computer systems with artificial intelligence capabilities. Such systems could identify threats and deploy countermeasures at a speed and scale human operators could never remotely achieve. “We’re very much interested in artificial intelligence, machine learning,” Rogers said in his Senate testimony. “Because if we’re just going to make this a largely human capital approach to doing business, that is a losing strategy.
CHIP SOMODEVILLA/GETTY IMAGES
Navy Adm. Michael Rogers, commander of U.S. Cyber Command and director of the National Security Agency, publicly acknowledged this year that the U.S. is taking the offensive in cyberattacks in an attempt to undermine the Islamic State and other cyber opponents.