cyberwar · Information operations · Information Warfare

Pentagon GreenLights Offensive Cyber

The New York Times published a story titled Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict.

I couldn’t help but notice the negative spin on the headline, predisposing a negative perspective on the Pentagon’s approval before even starting the article.

The objective, according to the new “vision statement” quietly issued by the command, is to “contest dangerous adversary activity before it impairs our national power.”

This is a very illustrative statement which, as a former insider, I completely understand.

Please allow me to give a concrete example of something we did back in 1998, and the day after we got our collective butts chewed.

A foreign hacker group, based outside the United States, actually advertised it was going to attack the Pentagon’s networks over a weekend.  We even had examples of their doing exactly that previously.

An unnamed genius wrote a script, using captured code from their previous attacks, that would open up a browser on the attacker’s computer. Since the attacks were coming at us at dozens of attacks per minute, an incredible number of browsers were opened on the attacker’s computers, causing them to crash.

Basically, they got whupped.  You know, they got their butts handed to them.

It was when the lawyers got involved that they declared what we did as an offensive operation. Frigging lawyers…

Much to my consternation while reading the New York Times’ story, I realize they have 1 – no practical experience, 2 – no advisors with practical experience, and 3 – no credible sources.  I also realize whoever wrote the title has a bias, but it being the New York Times, I didn’t expect anything less.

The bottom line, when it comes to offensive cyber warfare, there are hundreds, perhaps thousands of different ways to launch them.  Some quietly, some loud and ostentatious.  Before launch, however, they will go through the process of a ‘murder board’, where possible collater damage will be discussed, limited, and assessed.  The ‘toolbox’ of available cyber tools will be assessed for the applicable ‘tool’.  The targeted networks, devices, geography, even the personalities will be assessed, along with a wide-range of seemingly unrelated factors. We may see distractions in the form of deceptions, we may see pre-emptive information actions, we might see an accompanying show of force using real-world assets, we might even see the quietest non-event you can imagine.  There is even a better than good possibility that nobody, not even the targets, will know anything happened.  Not now, not ever. Best of all, I can almost guarantee, the targets will never know who it was that hit them.  The Quiet Professionals.