Cybercrime · cyberwar · Information operations · Iran

How to Wage War in Cyberspace with Iran

Unified Combatant Commands ab 2008
Image via Wikipedia

Every now and then I see a question on Yahoo Answers which I find intriguing.  Here is the latest:

I want to be a part of the U.S military cyber warfare?

Do I have to go through basic training to receive the training to do the job from the government?

I thought about various ways to easily and succinctly answer the question, instead I thought it might be best to just write this up as a blog topic. Iran has also been rattling their ‘cyber-saber’, so I wanted to venture an educated guess as to how the United States would work with the rest of the world to fight the ‘Persian threat in cyberspace’.

The United States just created the US Cyber Command but they do not wage war in cyberspace.  The US CyberCommand will coordinate and guide all the Service Components.

USCYBERCOM centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks.
Both the National Security Agency and the US Cyber Command are lead by four star General Keith B. Alexander.   For the most part, Cyber Command will only talk about Cybersecurity.  There have been heavy discussions about the division of US Code Title 10 (role of Armed Forces) and USC Title 50 (the part dealing with intelligence collection) the discussions have ongoing for years.  Being entirely too simplistic, NSA and Cyber Command have the same commander but the staffs are divided.  One, however, cannot operate independently of the other, so there will be a lot of overlap.  Cyber Command is currently a sub-Unified Command under the Strategic Command, but recently a paper was approved for release, saying that the US Cyber Command would operate more effectively as its own Unified Command. Many of us who have been working in this field for the past ten to fifteen years expected this to occur three to five years after the formation of the US Cyber Command. The devil is in the details, however.

The US Army‘s part of the US Cyber Command is known as US Army Forces Cyber Command, abbreviated ARFORCYBER and also called 2nd Army.  The commander is a three star general, currently LTG Hernandez.

The US Air Force’s part is called Air Forces Cyber or AFCYBER and is also known as 24th Air Force.

The Navy’s portion is called the US Tenth Fleet or US Fleet Cyber Command.

The Marine’s cyber forces are consolidated in the United States Marine Corps Forces Cyberspace Command or MARFORCYBER.

These are the people that will wage war in cyberspace, although they will most likely never ‘wage war’ without close coordination with other unified commands, both regional and functional.

Each Service, Army, Navy, Air Force and Marine, has their own training programs for providing cyber specialists to the various component commands of Cyber Command.  Services are required to “train, man and equip’ soldiers, sailors, marines and airmen.  The acquisition and training program for cyber specialists varies for each Service and is still developing as I write this. A person’s background might be as a computer specialist, a programmer, an intelligence specialist, a communicator, a cryptologist, an information warfare operator, special operator, there are a myriad of qualifications and few certification standards.  Training programs vary wildly also.  Almost all will require a top secret clearance.

How will they wage a war in cyberspace with Iran? Most will probably operate out of their home base, from Ft. Meade, Md, San Antonio, Texas, Virginia, and of course at various locations around the world.  There have been heavy discussions about who has the final approval authority, the functional commander or the geographic commander.  There have been arguments that the US Special Operations Command is a good model for the deployment and use of cyber forces, the discussions continue. Any war in cyberspace will be aided by the use of conventional and special operations forces and weapons, I can guarantee they will be used.  A computer can quickly and easily be rebuilt with backups, but a router, a switching station, wires, fiber optic lines or other networking materials cannot be replaced so quickly.

There is no doubt in my mind that Iran has already begun deployment of their cyber forces, in small teams, throughout the world, specifically to avoid devastation if the networks internal to Iran are crippled.  I am also certain that a myriad of intelligence agencies are tracking their every move, monitoring their every transmission and gathering as much intelligence as possible for a possible war in cyberspace with Iran.

But, you ask, how will the war be fought?  The war already started the minute everybody began mapping the others’ networks.  They know what operating systems are used, which software patches have been installed and, more importantly, not installed.  Each others’ systems have been mapped, idiosyncracies noted and physical layouts recorded.  During this exploitation phase various exploits were also emplaced, some with dual use. During periods of crisis and war these payloads could easily be converted to damage, degrade, deny or destroy a targeted network.  The challenge is to abide by the laws of armed conflict and limit damage to the other systems.  We do not want to damage hospitals, religious facilities or cause undue hardship to anyone with whom we might be fighting.  We also want our responses to be proportional in response to others’ attacks on us, destroying a whole city is wrong, it is not a military target.

Will we fight an overt war against Iran?  I seriously doubt it.  Iran has few allies and all would be loathe to get involved, their economies are too dependent on the internet and all are heavily engaged in cybersecurity talks to protect their precious and sensitive infrastructures.  But, just in case, Iran, we’re ready.  Keep rattling your shamshir, we’re listening.

Update:  I was asked what is the most likely form of war that Iran will have with the rest of the world?  Iran will claim that <fill in the country name> is full of Kafirs (unbelievers) or they are Zionists and will invent any excuse to express their outrage.  Danish-published Mohammad cartoons could set them off.  Heck, it might even be this blog!  My guess is their small three to five man teams will use weapons and explosives transported by diplomatic containers into the country and attempt small guerrilla attacks which will be loud and kill a lot of people.  I think most Iranians would not be willing suicide bombers, they seem to have more brains than others (or less courage). I see timed bombs left in restaurants, and all around public squares, perhaps shoulder launched antiaircraft missiles, shooting AK-47s into a crowd from a high vantage point and then disappearing, and other similar cowardly acts. If they get really brave they will highjack a gasoline truck, move it into a public square and set off a timed explosion, probably around lunchtime.

Simultaneously their “Iranian Cyber Army” will attempt to deface as many high profile websites as possible, but most likely just the low hanging fruits, the ones easiest to deface.  Don’t forget, defacing a web page doesn’t “do” anything, it just makes a big splash.

Simultaneously the Iranian government will claim they are not behind these acts but will publicly claim they back their actions, because these people are bravely attacking Zionists and Kafirs.

For all their bravado and bluster, their unconventional weapons like stealth fighters, long range ground to ground missiles, their female ninja brigades and long range anti-ship missiles are not that effective and many of the pictures have already been documented to be heavily photoshopped.  In the end they fear getting attacked and will limit their attacks to missile strikes against innocent shipping.  They’re not kafirs, they’re cowards.