Small Wars Journal

Cyber Offensive Operations: Is There a Digital Delta Force?

Share this Post

Cyber Offensive Operations: Is There a Digital Delta Force?                                                                                                                     

Kane S. VanVuren

Problem

As cyber-attacks become more frequent and cause more damage, the US government and the vast majority of private and commercial companies dig deeper into a defensive posture.  Offensive cyber operations do not happen, except for maybe a few confidential US military or government (NSA) operations that cannot be confirmed or denied.  Over 90 percent of the internet, including the massive amounts of data the travel through it; belong to non-government entities that so far are unable to punch back against their attackers. 

There are many distractions concerning the use of offensive or counter-strike cyber weapons against attackers.  These are valid points; however, while we discuss the morals and ethics of an attack against a foreign entity, or spend time comparing and contrasting Just War Theory, Law of Warfare (LOW), or Laws of Armed Conflict (LOAC) to the cyber domain; Russia and China are writing the next attack code and developing attack capabilities.  James McGhee points out the while the Department of Defense (DoD) has touted its cyber force of 6,200, Russia and China have “tens of thousands doing the same kind of work" (2016, 59 emphasis added).  Considering the frequency and skill of current attackers the US, both government and public internet users, need a new warrior, the Digital Delta Force.             

Background

William Banks writes that while the US response to the Democratic National Committee (DNC) hack in September 2015 was the strongest ever by the US to a state-sponsored cyber intrusion, but on the sidelines, critics wondered out loud why the US response took so long and why it did not do more than impose "limited self-help measures" (2017, 3).  This brings about the first two, and probably the most substantial issues pertaining to the cyber domain and retribution – attribution and the law.    

Attribution is a widely discussed issue in cyber and probably one of the more complicated problems to address.  The problems in this area lie in the fact that current technology cannot accurately identify the source, nonetheless, the person behind the keyboard, therefore any technical investigations must include credible human intelligence (Banks 2017, 3).  Most experts in this field agree that attribution is, unfortunately, a necessary evil.  Even the relatively non-destructive/non-life threatening nature of a cyber counter-attack can have collateral damage.  Moreover, if a counter-attack is launched against a bystander instead of the actual offender, the liable state could face significant legal challenges.  McLaughlin points out that each day as technology evolves, determining the identities of cyber attackers becomes more difficult (2011, 59).  However, as tricky as identification is becoming, being sure of the attacker's identity is critical to an organizations decision to deploy counter-measures (McLaughlin 2011, 59).

Legally, the definitions of terms surrounding cyber warfare do not have a singular agreed upon meaning.  Hence, the lacking clarity for specific laws that would guide state sanctions across borders or military action.  For example, Voitasec (2015, 552) writes that the NATO Glossary of Terms and Definitions describes computer network attacks (CNA) as “action to disrupt, deny, degrade or destroy information resident in a computer and/or computer network, or the computer and/or computer network itself.”  The NATO Glossary also says that CNA is a type of cyber-attack.  In comparison, the Tallinn Manual on the International Law Applicable to Cyber Warfare defines cyber operations as the “employment of cyber capabilities with the primary purpose of achieving objectives in or by the use of cyberspace,” and a cyber-attack as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects” (Voitasec 2015, 553). 

McGhee points out that these vague definitions lead to the confusion between cyber operation and kinetic operations.  Further, ironically, those actual kinetic operations that could likely cause death or destruction have fewer restrictions than cyber operations (McGhee 2016, 52).  “There seems to be a generalized fear that if we use a cyber operation to take down a server, it is more serious than if we had bombed the same server” (McGhee 2016, 52).

Solution

The Department of Defense has the legal authority of the President to launch both cyber and kinetic attacks against an aggressor if it is deemed the best course of action (McLaughlin 2011, 61).  Also, each US military service has cyber response teams capable of launching cyber counterattacks supported by ground, sea, or air attack if needed (McLaughlin 2011, 61).  One of the most powerful entities that the United States has in cyber warfare is the National Security Agency (NSA), but sometimes it forgets it is a DoD support agency and it does not like to collaborate and share with others (McGhee 2016, 59). 

McGhee reports that the NSA has spent years penetrating and implanting cyber code in foreign networks, but once deployed those implants can no longer be used again and the host will build protections against further similar attacks (2016, 60).  Taking into account the DNC hack, Huskaj and Moradian (2018, 304) introduce the strategy of cyber deterrence and that existing research does not consider the connection between the “human and technological dimensions” highlighting that the relationship between an adversary and a deterrent (i.e., legal or physical/military strength projection) has not been fully developed.

Artificial Intelligence (AI) is another consideration that should be further developed in both cyber and military domains.  Machine Learning (ML) applications are already employed through civil and military technologies like speech/image/face recognition, and battlefield solutions to aid Commanders to make real-time decisions are being developed (Hallaq et al. 2017, 153).  ML operates by applying algorithms to data sets to discover patterns of interest, and in the case of cyber warfare, Hallaq et al. (2017, 155) cite that cyber relevant strategies “are likely to become increasingly reliant on artificial intelligence” in areas of computational speed and situational awareness as an equal but opposite strategy against automated cyber-attacks from adversaries.                

Conclusion

This white paper has only just touched the surface in exploring the capability of offensive cyber operations.  While it appears no ‘Delta Force' of the cyber world currently exists, like the initial creation of all militaries, building a conventional force is the first priority.  As scholars and academics opine about theories and legality, surely inside the US military and Intelligence Community cyber warfare experts are preparing for contingencies and possibly developing surgical cyber strike capabilities.  Similar to how we learn from historical battles, these tactics and strategies are fundamental to the process of cyber warfare.  The speed at which technology is being developed is concerning though, and the United States cannot afford to only keep pace with many nations that would love to claim the top spot in global economic and military strength. 

A solid solution is not yet clear for this dilemma, but as time goes by and more parameters are set, we could possibly have more information with which to concentrate our efforts.  Therefore, it is imperative that in addition to developing tools to conduct cyber warfare, the US must also take the lead in defining the terms, boundaries, and ethical use of these weapons.  The elite rise once the battlefield is defined, and in the meantime, patience and a sound defensive posture is the best strategy.                 

References

Aybar, Luis, Gurminder Singh, and Alan Shaffer. 2018. "Developing Simulated Cyber-Attack Scenarios Against Virtualized Adversary Networks.". Academic Conferences International Limited. https://search-proquest-com.ezproxy1.apus.edu/docview/ 2018924067?accountid=8289.

Banks, William. 2017. "State Responsibility and Attribution of Cyber Intrusions After Tallinn 2.0." Texas Law Review 95, no. 7: 1487-1513, https://search-proquest-com.ezproxy2.apus.edu/docview/1968935144?accountid=8289.

Hallaq, Bil, et al. 2017. "Artificial Intelligence Within the Military Domain and Cyber Warfare.". Academic Conferences International Limited. 06. https://search-proquest-com.ezproxy1.apus.edu/docview/1966801093?accountid=8289.

Huskaj, Gazmend and Esmiralda Moradian. 2018. "Cyber Deterrence: An Illustration of Implementation.". Academic Conferences International Limited. https://search-proquest-com.ezproxy1.apus.edu/docview/2018924628?accountid=8289.

McGhee, James E. 2016. "Liberating Cyber Offense." Strategic Studies Quarterly10, no. 4: 46-63, https://search-proquest com.ezproxy2.apus.edu/docview/1846669748? accountid=8289.

McLaughlin, Kevin L. 2011. "Cyber Attack! Is a Counter Attack Warranted?." Information Security Journal: A Global Perspective 20, no. 1: 58-64. International Security & Counter Terrorism Reference Center, EBSCOhost (accessed September 18, 2018).

Voitasec, Dan-Iulian. 2015. "Applying International Humanitarian Law To Cyber-Attacks." Challenges of the Knowledge Society: 552-556, https://search-proquest-com.ezproxy1.apus.edu/docview/1698604823?accountid=8289.

About the Author(s)

Kane S. VanVuren retired from active duty as a US Army CW3 Blackhawk pilot, Tactical Operations and Personnel Recovery Officer.  Kane has deployed for operations including Somalia, special operations support for Bosnia, Iraq, and Afghanistan.  When not digesting massive amounts of intelligence literature, or looking for new ties online, Kane works as an Army contractor instructing intelligence analysis software and is completing his Master’s degree in Intelligence Operations from American Military University.