- Cyberwarfare in the United States
Cyberwarfare in the United States is the United States Cyber Commands military strategy of proactive cyber defence and the use of cyberwarfare as a platform for attack. The United States Department of Defense sees the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security. The Joint Forces Command issued a statement: "Cyberspace technology is emerging as an "instrument of power" in societies, and is becoming more available to a country's opponents, who may use it to attack, degrade, and disrupt communications and the flow of information. With low barriers to entry, coupled with the anonymous nature of activities in cyberspace, the list of potential adversaries is broad. Furthermore, the globe-spanning range of cyberspace and its disregard for national borders will challenge legal systems and complicate a nation's ability to deter threats and respond to contingencies."
- 1 The Five Pillars
- 2 Cyberattack an act of war
- 3 United States Cyber Command components
- 4 Cyberwarfare activities in the U.S.
- 5 See also
- 6 References
The Five Pillars
The five pillars is the framework for the United States military strategy for cyberwarfare. The first pillar is to recognize that the new domain for warfare is cyberspace similar to the other elements in the battlespace. The second pillar is proactive defenses as opposed to passive defense. Two examples of passive defense are computer hygiene and firewalls, which detect approximately 70 to 80 percent of cyber attacks. The balance of the attacks require active defense using sensors to provide a rapid response to detect and stop a cyber attack on a computer network. This would provide military tactics to hunt down and attack an enemy intruder. The third pillar is critical infrastructure protection (CIP) to ensure the protection of critical infrastructure. The fourth pillar is the use of collective defense, which would provide the ability of early detection and to incorporate them into the cyberwarfare defence structure. The fifth pillar is maintain and enhance the advantage of technological change. This would include improved computer literacy and increasing artificial intelligence capabilities.
Cyberattack an act of war
The new United States military strategy, makes explicit that a cyberattack is casus belli for a traditional act of war. This is controversial; Howard Schmidt, the cybersecurity leader of the US, said in March 2010 that "there is no cyberwar... I think that is a terrible metaphor and I think that is a terrible concept. There are no winners in that environment."
United States Cyber Command components
United States Cyber Command
The United States Cyber Command (USCYBERCOM) is a United States armed forces sub-unified command subordinate to United States Strategic Command. USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."
Army Cyber Command
- Army Network Enterprise Technology Command / 9th Army Signal Command
- Portions of 1st Information Operations Command (Land)
- United States Army Intelligence and Security Command will be under the operational control of ARCYBER for cyber-related actions.
Marine Corps Forces Cyberspace Command
The Navy Cyber Forces (CYBERFOR) is the type commander for the U.S. Navy's global cyber workforce. The headquarters is located at Joint Expeditionary Base Little Creek-Fort Story. CYBERFOR provides forces and equipment in cryptology/signals intelligence, cyber, electronic warfare, information operations, intelligence, networks, and space.
Twenty-Fourth Air Force
The Twenty-Fourth Air Force (24 AF) is a Numbered Air Force (NAF) with the United States Air Force (USAF). The USAF is consolidating its cyberspace combat forces into 24 AF. The Twenty-Fourth Air Force, will be the Air Force component of United States Cyber Command (USCYBER). The 24AF has the following components:
United States Tenth Fleet
The United States Tenth Fleet is a functional formation of the United States Navy. It was first created as an anti submarine warfare coordinating organization during the Battle of the Atlantic in the Second World War. It has been reactivated as Fleet Cyber Command. The tenth fleet components are:
- Naval Network Warfare Command
- Navy Cyber Defense Operations Command
- Naval Information Operation Commands
- Combined Task Forces
Cyberwarfare activities in the U.S.
- In 2011 as part of The Anonymous attack on HBGary Federal information about private companies such as Endgame systems who design offensive software for the Department of Defense were revealed. It was shown that Endgame systems job applicants had previously "managed team of 15 persons, responsible for coordinating offensive computer network operations for the United States Department of Defense and other federal agencies."
- In August 2010, the U.S. for the first time is publicly warning about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies. The Pentagon also pointed to an alleged China-based computer spying network dubbed GhostNet that was revealed in a research report last year. The Pentagon stated:
- "The People's Liberation Army is using "information warfare units" to develop viruses to attack enemy computer systems and networks, and those units include civilian computer professionals. Commander Bob Mehal, will monitor the PLA's buildup of its cyberwarfare capabilities and will continue to develop capabilities to counter any potential threat."
- On June 19, 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010", which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the President emergency powers over parts of the Internet. However, all three co-authors of the bill issued a statement that instead, the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks".
- In February 2010, the United States Joint Forces Command released a study which included a summary of the threats posed by the internet:
- With very little investment, and cloaked in a veil of anonymity, our adversaries will inevitably attempt to harm our national interests. Cyberspace will become a main front in both irregular and traditional conflicts. Enemies in cyberspace will include both states and non-states and will range from the unsophisticated amateur to highly trained professional hackers. Through cyberspace, enemies will target industry, academia, government, as well as the military in the air, land, maritime, and space domains. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication. Indeed, adversaries have already taken advantage of computer networks and the power of information technology not only to plan and execute savage acts of terrorism, but also to influence directly the perceptions and will of the U.S. Government and the American population.
- In December 2009 through January 2010, a cyber attack, dubbed Operation Aurora, was launched from China against Google and over 20 other companies. Google said the attacks originated from China and that it would "review the feasibility" of its business operations in China following the incident. According to Google, at least 20 other companies in various sectors had been targeted by the attacks. McAfee spokespersons claim that "this is the highest profile attack of its kind that we have seen in recent memory."
- On April 7, 2009, The Pentagon announced they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.
- On April 1, 2009, U.S. lawmakers pushed for the appointment of a White House cyber security "czar" to dramatically escalate U.S. defenses against cyber attacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.
- On February 9, 2009, the White House announced that it will conduct a review of the nation's cyber security to ensure that the Federal government of the United States cyber security initiatives are appropriately integrated, resourced and coordinated with the United States Congress and the private sector.
- In 2008, a hacking incident occurred on a U.S. Military facility in the Middle East. United States Deputy Secretary of Defense William J. Lynn III had the Pentagon release a document, which reflected a "malicious code" on a USB flash drive spread undetected on both classified and unclassified Pentagon systems, establishing a digital beachhead, from which data could be transferred to servers under foreign control. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. This ... was the most significant breach of U.S. military computers ever and it served as an important wake-up call", Lynn wrote in an article for Foreign Affairs.
- In 2007, the United States government suffered an "an espionage Pearl Harbor" in which an unknown foreign power...broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.
- Titan Rain was the U.S. government's designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionage, corporate espionage, or random hacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown.
- Systems in the US military and private research institutions were penetrated from March 1998 for almost two years in an incident called Moonlight Maze. The United States Department of Defense traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement.
- In 1998, in order for US and NATO to bomb Serbian targets successfully in Kosovo, the USA needed to hack into the Serbian air defense system and trick the Serbian Air Traffic Controllers. The US accomplished its goal so well that there was concern about continuing or escalating the attacks because the US didn't want to hack into any further Serbian targets because of fear of damaging civilian targets.
- In 1991, it was reported by the US Air Force that a computer virus named AF/91 was created and was installed on a printer chip and made its way to Iraq via Amman, Jordan. Its job was to make the Iraqi anti-aircraft guns malfunction; however, according to the story, the central command center was bombed and the virus was destroyed. The virus, however, was found to be a fake.
- In 1982, a computer control system stolen from a Canadian company by Soviet spies caused a Soviet gas pipeline to explode. The code for the control system had been modified by the CIA to include a logic bomb which changed the pump speeds to cause the explosion.
Cyberwarfare limitation treaty
- Air Force Cyber Command (Provisional)
- Computer insecurity
- Cyber Operations
- Cyber spying
- Cyber terrorism
- Cyberwarfare by Russian state
- Defense Information Systems Network
- Denial-of-service attack
- Electronic warfare
- Hacker (computer security)
- Information warfare
- List of cyber attack threat trends
- Penetration testing
- Proactive Cyber Defence
- Siberian pipeline sabotage
- Signals intelligence
- Chinese Intelligence Operations in the United States
- Chinese Information Operations and Warfare
- Economic and Industrial Espionage
- U.S. Cyber Command
- ^ American Forces Press Service: Lynn Explains U.S. Cybersecurity Strategy
- ^ DOD - Cyberspace
- ^ a b "The Joint Operating Environment", Report released, Feb. 18, 2010, pp. 34-36
- ^ Red Orbit: Official: NATO Should Build A 'Cyber Shield'
- ^ New York Times: Pentagon to Consider Cyberattacks Acts of War
- ^ "White House Cyber Czar: ‘There Is No Cyberwar’" Wired magazine, March 4, 2010
- ^ U.S. Department of Defense, Cyber Command Fact Sheet, May 21, 2010 http://www.stratcom.mil/factsheets/cc/
- ^ US Department of Defense (May 24, 2010). "DoD Release No. 420-10 Establishment of Army Forces Cyber Command". defense.gov. http://www.defense.gov//releases/release.aspx?releaseid=13549. Retrieved May 24, 2010.
- ^ 20091203 IO Newsletter v10 no 03
- ^ Patrick Jackson (2010-03-15). "Meet USCybercom: Why the US is fielding a cyber army". BBC News. http://news.bbc.co.uk/2/hi/technology/8511711.stm. Retrieved 2010-07-10.
- ^ "News Release: Army Forces Cyber Command Headquarters Standup Plan Announced". Defense.gov. http://www.defense.gov//releases/release.aspx?releaseid=13549. Retrieved 2010-07-10.
- ^ "Fort Mead News: USMC Cyber Command". Ftmeade.army.mil. 2010-01-28. http://www.ftmeade.army.mil/pages/news/stories/2010/jan/cyber.html. Retrieved 2010-07-10.
- ^ http://www.afcyber.af.mil/library/factsheets/factsheet.asp?id=10688 Frequently Asked Questions
- ^ Haroon Meer (March 11, 2011). "Lessons from Anonymous on cyberwar". Al Jazeera English. http://english.aljazeera.net/indepth/opinion/2011/03/20113981026464808.html.
- ^ ANNUAL REPORT TO CONGRESS Military and Security Developments Involving the People’s Republic of China 2010
- ^ AP: Pentagon takes aim at China cyber threat
- ^ Senators Say Cybersecurity Bill Has No 'Kill Switch', informationweek.com, June 24, 2010. Retrieved on June 25, 2010.
- ^ "A new approach to China". Google Inc.. 2010-01-12. http://googleblog.blogspot.com/2010/01/new-approach-to-china.html. Retrieved 17 January 2010.
- ^ "Google Attack Is Tip Of Iceberg", McAfee Security Insights, Jan. 13, 2010
- ^ CBS News: Pentagon Bill To Fix Cyber Attacks: $100M
- ^ Senate Legislation Would Federalize Cybersecurity
- ^ CBS News: White House Eyes Cyber Security Plan
- ^ The Washington Post: Pentagon computers attacked with flash drive
- ^ "Cyber War: Sabotaging the System". CBS News. November 6, 2009. http://www.cbsnews.com/stories/2009/11/06/60minutes/main5555565.shtml.
- ^ Hancock, Bill. "Security Views." Computers & Security 18 (1999): 553-64. ScienceDirect. Web. 11 October 2009. <http://www.sciencedirect.com/science?_ob=MImg&_imagekey=B6V8G-463GSGP-2-1&_cdi=5870&_user=47004&_orig=search&_coverDate=12%2F31%2F1999&_sk=999819992&view=c&wchp=dGLzVlz-zSkWA&md5=a6d6590f9a8954864a1abbd91dd0a981&ie=/sdarticle.pdf>.
- ^ Smith, George. "Iraqi Cyberwar: an Ageless Joke." SecurityFocus. 10 Mar. 2003. Web. 11 Oct. 2009. <http://www.securityfocus.com/columnists/147>.
- ^ <http://www.securityfocus.com/columnists/147>.
- ^ <http://www.securityfocus.com/columnists/147>.
- ^ "Cyberwar: War in the fifth domain". The Economist. 1 July 2010. http://www.economist.com/node/16478792?story_id=16478792&fsrc=rss. Retrieved 4 July 2010.
- ^ WSJ: U.S. Backs Talks on Cyber Warfare
Air Forces Bases UnitsWingsGroupsSquadrons
Wikimedia Foundation. 2010.