Cyberwarfare in the United States

From Wikipedia, the free encyclopedia
  (Redirected from Cyber operations)
Jump to: navigation, search

Cyberwarfare in the United States is an important issue. As a major developed economy, the US is highly dependant on the Internet and very exposed to attack, yet at the same time has very significant capabilities in both defense and power projection thanks to its advanced technology and large military budget.

The United States Department of Defense recognises the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security,[1] but also as a platform for attack.[2]

The United States Cyber Command centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. It is an armed forces sub-unified command subordinate to United States Strategic Command.

The Five Pillars[edit]

The five pillars is the framework for the United States military strategy for cyberwarfare.[3] The first pillar is to recognize that the new domain for warfare is cyberspace similar to the other elements in the battlespace. The second pillar is proactive defenses as opposed to passive defense. Two examples of passive defense are computer hygiene and firewalls. The balance of the attacks require active defense using sensors to provide a rapid response to detect and stop a cyber attack on a computer network. This would provide military tactics to backtrace, hunt down and attack an enemy intruder. The third pillar is critical infrastructure protection (CIP) to ensure the protection of critical infrastructure. The fourth pillar is the use of collective defense, which would provide the ability of early detection and to incorporate them into the cyberwarfare defence structure. The fifth pillar is maintain and enhance the advantage of technological change. This would include improved computer literacy and increasing artificial intelligence capabilities.

Cyberattack as an act of war[edit]

In 2011, The White House published an "International Strategy for Cyberspace" that reserved the right to use military force in response to a cyberattack:[4][5]

When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means — diplomatic, informational, military, and economic — as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests. In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.

International Strategy for Cyberspace, The White House, 2011

In 2013, the Defense Science Board, an independent advisory committee to the U.S. Secretary of Defense, went further, stating that "The cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War," and recommending, in response to the "most extreme case" (described as a "catastrophic full spectrum cyber attack"), that "Nuclear weapons would remain the ultimate response and anchor the deterrence ladder."[6] In a full-scale attack, the report warns of the following scenario:

Should the United States find itself in a full-scale conflict with a peer adversary, attacks would be expected to include denial of service, data corruption, supply chain corruption, traitorous insiders, kinetic and related non-kinetic attacks at all altitudes from underwater to space. U.S. guns, missiles, and bombs may not fire, or may be directed against our own troops. Resupply, including food, water, ammunition, and fuel may not arrive when or where needed. Military Commanders may rapidly lose trust in the information and ability to control U.S. systems and forces. Once lost, that trust is very difficult to regain.

The impact of a destructive cyber attack on the civilian population would be even greater with no electricity, money, communications, TV, radio, or fuel (electrically pumped). In a short time, food and medicine distribution systems would be ineffective; transportation would fail or become so chaotic as to be useless. Law enforcement, medical staff, and emergency personnel capabilities could be expected to be barely functional in the short term and dysfunctional over sustained periods. If the attack's effects were reversible, damage could be limited to an impact equivalent to a power outage lasting a few days. If an attack’s effects cause physical damage to control systems, pumps, engines, generators, controllers, etc., the unavailability of parts and manufacturing capacity could mean months to years are required to rebuild and reestablish basic infrastructure operation.

Resilient Military Systems and the Advanced Cyber Threat, Defense Science Board, 2013

Attacks on other nations[edit]


In June 2010, Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyber-worm ‘Stuxnet’, said to be the most advanced piece of malware ever discovered and significantly increases the profile of cyberwarfare.[7][8] It destroyed perhaps over 1000 nuclear centrifuges and, according to a Business Insider article, "[set] Tehran's atomic programme back by at least two years."[9]

Despite a lack of official confirmation, Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, made a public statement, in which he said, "we're glad they [the Iranians] are having trouble with their centrifuge machine and that we – the US and its allies – are doing everything we can to make sure that we complicate matters for them", offering "winking acknowledgement" of US involvement in Stuxnet.[10]


In 2013, Edward Snowden, a former systems administrator for the Central Intelligence Agency (CIA) and a counterintelligence trainer at the Defense Intelligence Agency (DIA), revealed that the United States government had hacked into Chinese mobile phone companies to collect text messages and had spied on Tsinghua University, one of China’s biggest research institutions, as well as home to one of China’s six major backbone networks, the China Education and Research Network (CERNET), from where internet data from millions of Chinese citizens could be mined. He said U.S. spy agencies has been watching China and Hong Kong for years.[11]

According to classified documents provided by Edward Snowden, the National Security Agency (NSA) has also infiltrated the servers in the headquarters of Huawei, China's largest telecommunications company and the largest telecommunications equipment maker in the world. The plan is to exploit Huawei’s technology so that when the company sold equipment to other countries — including both allies and nations that avoid buying American products — the NSA could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.[12]


  • In 1982, a computer control system stolen from a Canadian company by Soviet spies caused a Soviet gas pipeline to explode. The code for the control system had been modified by the CIA to include a logic bomb which changed the pump speeds to cause the explosion.[13]
  • In 1991, it was reported by the US Air Force that a computer virus named AF/91 was created and was installed on a printer chip and made its way to Iraq via Amman, Jordan.[14] Its job was to make the Iraqi anti-aircraft guns malfunction; however, according to the story, the central command center was bombed and the virus was destroyed.[15] The virus, however, was found to be a fake.[15]
  • In 1998, in order for US and NATO to bomb Serbian targets successfully in Kosovo, the USA needed to hack into the Serbian air defense system and trick the Serbian Air Traffic Controllers.[16] The US accomplished its goal so well that there was concern about continuing or escalating the attacks because the US didn't want to hack into any further Serbian targets because of fear of damaging civilian targets.[citation needed]

Cyber threat information sharing[edit]

The Pentagon has had an information sharing arrangement, the Defense Industrial Base Cybersecurity and Information Assurance (DIBCIA) program, in place with some private defense contractors since 2007[17] to which access was widened in 2012.[18]

A number of other information sharing initiatives such as the Cyber Intelligence Sharing and Protection Act (CISPA) and Cybersecurity Information Sharing Act (CISA) have been proposed, but failed for various reasons including over fears that they have too few limits, and could be used to spy on the general public.

United States Cyber Command components[edit]

United States Cyber Command[edit]

The United States Cyber Command (USCYBERCOM) is a United States armed forces sub-unified command subordinate to United States Strategic Command. USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."[19]

Army Cyber Command[edit]

The Army Cyber Command (ARCYBER) is an Army component command for the U.S. Cyber Command.[20] ARCYBER has the following components:

Marine Corps Forces Cyberspace Command[edit]

United States Marine Corps Forces Cyberspace Command is a functional formation of the United States Marine Corps to protect infrastructure from cyberwarfare.[24]

Navy Cyber Forces[edit]

The Navy Cyber Forces (CYBERFOR) is the type commander for the U.S. Navy's global cyber workforce. The headquarters is located at Joint Expeditionary Base Little Creek-Fort Story. CYBERFOR provides forces and equipment in cryptology/signals intelligence, cyber, electronic warfare, information operations, intelligence, networks, and space. In September 2013, the United States Naval Academy will offer undergraduate students the opportunity to major in Cyber Operations.[25]

Twenty-Fourth Air Force[edit]

The Twenty-Fourth Air Force (24 AF) is a Numbered Air Force (NAF) with the United States Air Force (USAF). The USAF is consolidating its cyberspace combat forces into 24 AF.[26] The Twenty-Fourth Air Force, will be the Air Force component of United States Cyber Command (USCYBER). The 24AF has the following components:

United States Tenth Fleet[edit]

The United States Tenth Fleet is a functional formation of the United States Navy. It was first created as an anti submarine warfare coordinating organization during the Battle of the Atlantic in the Second World War. It has been reactivated as Fleet Cyber Command. The tenth fleet components are:


Cyberwar defense team
  • Systems in the US military and private research institutions were penetrated from March 1998 for almost two years in an incident called Moonlight Maze. The United States Department of Defense traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement.
  • Titan Rain was the U.S. government's designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionage, corporate espionage, or random hacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown.
  • In 2007, the United States government suffered "an espionage Pearl Harbor" in which an unknown foreign power...broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.[27]
  • In 2008, a hacking incident occurred on a U.S. Military facility in the Middle East. United States Deputy Secretary of Defense William J. Lynn III had the Pentagon release a document, which reflected a "malicious code" on a USB flash drive spread undetected on both classified and unclassified Pentagon systems, establishing a digital beachhead, from which data could be transferred to servers under foreign control. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. This ... was the most significant breach of U.S. military computers ever and it served as an important wake-up call", Lynn wrote in an article for Foreign Affairs.[28]
  • On 1 April 2009, U.S. lawmakers pushed for the appointment of a White House cyber security "czar" to dramatically escalate U.S. defenses against cyber attacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.[30]
  • On 7 April 2009, The Pentagon announced they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.[31]
  • In December 2009 through January 2010, a cyber attack, dubbed Operation Aurora, was launched from China against Google and over 20 other companies.[32] Google said the attacks originated from China and that it would "review the feasibility" of its business operations in China following the incident. According to Google, at least 20 other companies in various sectors had been targeted by the attacks. McAfee spokespersons claimed that "this is the highest profile attack of its kind that we have seen in recent memory."[33]
  • In February 2010, the United States Joint Forces Command released a study which included a summary of the threats posed by the internet: "The open and free flow of information favored by the West will allow adversaries an unprecedented ability to gather intelligence."[34]
  • On 19 June 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010",[35] which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the President emergency powers over parts of the Internet. However, all three co-authors of the bill issued a statement that instead, the bill "[narrowed] existing broad Presidential authority to take over telecommunications networks".[36]
  • In August 2010, the U.S. for the first time is publicly warning about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies. The Pentagon also pointed to an alleged China-based computer spying network dubbed GhostNet that was revealed in a research report last year.[37] The Pentagon stated that the People's Liberation Army was using "information warfare units" to develop viruses to attack enemy computer systems and networks, and those units include civilian computer professionals. Commander Bob Mehal would monitor the PLA's buildup of its cyberwarfare capabilities and "will continue to develop capabilities to counter any potential threat."[38] In response to these and other clandestine cyber attacks by China, Amitai Etzioni of the Institute for Communitarian Policy Studies has suggested that China and the United States should agree to a policy of mutually assured restraint with respect to cyberspace. This would involve allowing both states to take the measures they deem necessary for their self-defense while simultaneously agreeing to refrain from taking offensive steps; it would also entail vetting these commitments.[39]
  • In 2010, American General Keith B. Alexander endorsed talks with Russia over a proposal to limit military attacks in cyberspace, representing a significant shift in U.S. policy.[40]
  • In 2011 as part of The Anonymous attack on HBGary Federal information about private companies such as Endgame systems who design offensive software for the Department of Defense were revealed. It was shown that Endgame systems job applicants had previously "managed team of 15 persons, responsible for coordinating offensive computer network operations for the United States Department of Defense and other federal agencies."[41]
  • In October 2012, the Pentagon was to host contractors who "want to propose revolutionary technologies for understanding, planning and managing cyberwarfare. It is part of an ambitious program that the Defense Advanced Research Projects Agency, or DARPA, calls Plan X, and the public description talks about 'understanding the cyber battlespace', quantifying 'battle damage' and working in DARPA's 'cyberwar laboratory.'"[42]
  • In August 2014, "gigabytes" of sensitive data were reported stolen from JPMorgan Chase, and the company's internal investigation was reported to have found that the data was sent to a "major Russian city." The FBI was said to be investigating whether the breach was in retaliation for sanctions the United States had imposed on Russia in relation to the 2014 Russian military intervention in Ukraine.[46][47]
  • On 29 May 2014, iSIGHT Partners uncovered a "long-term" and "unprecedented" cyber espionage that was "the most elaborate cyber espionage campaign using social engineering that has been uncovered to date from any nation". Labelled "Operation Newscaster", it targeted senior U.S. military and diplomatic personnel, congresspeople, journalists, lobbyists, think tankers and defense contractors, including a four-star admiral.[48]
  • In December 2014, Cylance Inc. published an investigation on so-called "Operation Cleaver" which targeted over 50 world's unnamed leading enterprises, including in United States. Federal Bureau of Investigation tacitly acknowledged the operation and "warned businesses to stay vigilant and to report any suspicious activity spotted on the companies' computer systems".[49][50]

See also[edit]

Further reading[edit]


  1. ^ DOD – Cyberspace[dead link]
  2. ^ "American Forces Press Service: Lynn Explains the U.S Cybersecurity Strategy". 
  3. ^ "Official: NATO Should Build A 'Cyber Shield'". Red Orbit. 16 September 2010. 
  4. ^ "International Strategy for Cyberspace" (PDF). The White House. 2011. Retrieved 4 September 2014. 
  5. ^ Alexander, David (15 November 2011). "U.S. reserves right to meet cyber attack with force". Reuters. Retrieved 4 September 2014. 
  6. ^ "Resilient Military Systems and the Advanced Cyber Threat" (PDF). Defense Science Board. January 2013. 
  7. ^ AFP: Stuxnet worm brings cyber warfare out of virtual world. (1 October 2010). Retrieved 8 November 2011.
  8. ^ Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon | Video on. Retrieved 8 November 2011.
  9. ^ "US General: Iran's Cyber War Machine 'A Force To Be Reckoned With'". Business Insider. Retrieved January 2013. 
  10. ^ Gary Samore speaking at the 10 December 2010 Washington Forum of the Foundation for Defense of Democracies in Washington DC, reported by C-Span and contained in the PBS program Need to Know ("Cracking the code: Defending against the superweapons of the 21st century cyberwar", 4 minutes into piece)
  11. ^ Rapoza, Kenneth (2013-06-22). "U.S. Hacked China Universities, Mobile Phones, Snowden Tells China Press". Forbes. 
  12. ^ SANGER, DAVID; PERLROTH, NICOLE (March 22, 2014). "N.S.A. Breached Chinese Servers Seen as Security Threat". The New York Times. 
  13. ^ "Cyberwar: War in the fifth domain". The Economist. 1 July 2010. Retrieved 4 July 2010. 
  14. ^ Smith, George. "Iraqi Cyberwar: an Ageless Joke." SecurityFocus. 10 Mar 2003. Web. 11 Oct 2009. <>.
  15. ^ a b George Smith (10 March 2003). "Iraqi Cyberwar: an Ageless Joke". 
  16. ^ Hancock, Bill. "Security Views." Computers & Security 18 (1999): 553–64. ScienceDirect. Web. 11 October 2009. <>.
  17. ^ "Increased trust boosts Pentagon-industry info sharing", Sean Lyngaas, Apr 22, 2014,
  18. ^ Reed, John. "Pentagon expanding public-private cyber information sharing program." Foreign Policy Magazine, 27 September 2012.
  19. ^ U.S. Department of Defense, Cyber Command Fact Sheet, 21 May 2010
  20. ^ US Department of Defense (24 May 2010). "DoD Release No. 420-10 Establishment of Army Forces Cyber Command". Retrieved 24 May 2010. 
  21. ^ "20091203 IO Newsletter v10 no 03". 
  22. ^ Patrick Jackson (15 March 2010). "Meet USCybercom: Why the US is fielding a cyber army". BBC News. Retrieved 10 July 2010. 
  23. ^ "News Release: Army Forces Cyber Command Headquarters Standup Plan Announced". Retrieved 10 July 2010. 
  24. ^ "Fort Mead News: USMC Cyber Command". 28 January 2010. Retrieved 10 July 2010. 
  25. ^ Mike Hoffman (8 June 2013). "Naval Academy Launches Cyber Operations Major". 
  26. ^ Frequently Asked Questions
  27. ^ "Cyber War: Sabotaging the System". CBS News. 6 November 2009. 
  28. ^ The Washington Post: Pentagon computers attacked with flash drive[dead link]
  29. ^ "White House Eyes Cyber Security Plan". CBS News. 9 February 2009. 
  30. ^ Warrick, Joby; Pincus, Walter (1 April 2009). "Senate Legislation Would Federalize Cybersecurity". 
  31. ^ "Pentagon Bill To Fix Cyber Attacks: $100M". CBS News. 7 April 2009. 
  32. ^ "A new approach to China". Blogspot. 12 January 2010. Retrieved 17 January 2010. 
  33. ^ "Google Attack Is Tip Of Iceberg", McAfee Security Insights, 13 January 2010
  34. ^ "The Joint Operating Environment", Report released, 18 Feb 2010, pp. 34–36
  35. ^ pdf
  36. ^ Senators Say Cybersecurity Bill Has No 'Kill Switch',, 24 June 2010. Retrieved on 25 June 2010.
  37. ^ "ANNUAL REPORT TO CONGRESS Military and Security Developments Involving the People's Republic of China 2010" (PDF). 
  38. ^ AP: Pentagon takes aim at China cyber threat
  39. ^ Etzioni, Amitai, "MAR: A Model for US-China Relations," The Diplomat, September 20, 2013, [1].
  40. ^ "WSJ: U.S. Backs Talks on Cyber Warfare". 4 June 2010. 
  41. ^ Haroon Meer (11 March 2011). "Lessons from Anonymous on cyberwar". Al Jazeera English. 
  42. ^ Shane, Scott (26 September 2012). "U.S. Officials Opening Up on Cyberwarfare". The New York Times. 
  43. ^ "Chase, NYSE Websites Targeted in Cyber Attacks.". Retrieved 15 March 2013. 
  44. ^ "Phase 2 Operation Ababil.". Retrieved 15 March 2013. 
  45. ^ "Bank Attackers Restart Operation Ababil DDoS Disruptions.". Retrieved 15 March 2013. 
  46. ^ Michael Riley; Jordan Robertson (27 August 2014). "FBI Examining Whether Russia Is Tied to JPMorgan Hacking". Bloomberg. Retrieved 5 September 2014. 
  47. ^ Jordan Robertson; Michael Riley (3 September 2014). "Computers for Hire Send JPMorgan Data to Russia". Bloomberg. Retrieved 5 September 2014. 
  48. ^ Finkle, Jim (May 29, 2014). Tiffany Wu, ed. "Iranian hackers use fake Facebook accounts to spy on U.S., others". Reuters. Retrieved March 30, 2015. 
  49. ^ Riley, Michael A; Robertson, Jordan (December 2, 2014). "Iran-Backed Hackers Target Airports, Carriers: Report". Bloomberg News. Retrieved March 30, 2015. 
  50. ^ Finkle, Jim (December 2, 2014). Richard Valdmanis, Christian Plumb and W Simon, ed. "Iran hackers targeted airlines, energy firms: report". Reuters. Retrieved March 30, 2015. 
  51. ^ Barrett, Devlin (5 June 2015). "U.S. Suspects Hackers in China Breached About four (4) Million People's Records, Officials Say". Wall Street Journal. Retrieved 5 June 2015. 
  52. ^ Risen, Tom (5 June 2015). "China Suspected in Theft of Federal Employee Records". US News & World Report. Retrieved 5 June 2015. 
  53. ^ Sanders, Sam (4 June 2015). "Massive Data Breach Puts 4 Million Federal Employees' Records At Risk". NPR. Retrieved 5 June 2015.