Cyber-attacks against American computer networks escalate every year. In response, the military is working through how best to operationalize its responses, and develop new rules of engagement for cyberspace.
A recent article in Fifth Dimension explored this issue, and explained how currently Cyber Command takes the point in responding to cyber-attacks, including taking offensive capabilities when deemed appropriate:
“Offensive cyber operations are wholly Cyber Command’s domain right now, Brig. Gen. Kevin Kennedy, director, Cyberspace Operations and Warfighting Integration, said during an AFCEA DC event Feb. 16. ‘As we look forward the capability doesn’t exist with the services.’ One of the design constructs in the creation of Cyber Command was that it would act as an integrator and coordinator of cyber activities, namely offensive cyber activities, as to properly deconflict operations and prevent individual services from tripping over each other in cyberspace.”
While Cyber Command takes the lead, it is also vital that the cyber capacities within the various services become unified. In fact, in 2015 the DoD released its Cyber Strategy that listed as its first strategic goal to build the unified platform and develop the detailed requirements for integrating disparate cyber platforms along with building an interoperable network of cyber capabilities. “This Unified Platform will enable the Cyber Mission Force to conduct full-spectrum cyberspace operations in support of national requirements,” according to the document.
That messaging synchs up perfectly with information shared last week at a major cybersecurity conference in Washington, D.C. Sponsored by the leading cybersecurity company FireEye, the keynotes laid out how American networks are under almost constant assault by recognized advanced persistent threats (ATPs), many of which can be attributed to Russia and China.
CEO Kevin Mandia is a former Air Force intelligence officer, and laid out five areas of focus for what the government could do to better protect private companies and the American public at large from these attacks:
- Defend our networks – better information and vulnerability sharing.
- Develop a true deterrence – with no cost for attacking, the U.S. is a fat target. Mandia explained there are only two kinds of deterrence – “money or might.” Attackers must pay financially or we must have an offensive capacity for proportional responses.
- Attribution – the Internet is not anonymous. Get attribution right, and make it public whenever possible.
- Work for international norms – this will be difficult, but over time it will be possible to segregate the bad actors, nations that want to exploit modern connectivity to deleterious ends.
- Design a “Shields Up” capability – even if American intelligence detected signs of an imminent cyber-attack on an American company or piece of infrastructure, there is nothing we could do today to protect that asset. This capability must be developed, then applied first to critical infrastructure and then to more and more soft targets in our country.
Defend, deter, respond – these are the same capabilities required in traditional kinetic military operations. And they are exactly what’s needed for effective cyber defense. Until we have these capabilities, cyber-attacks will remain a low-risk, high-reward proposition for our adversaries.