FNC: The U.S. has ramped up its fight against the Islamic State terror group’s online capabilities, dropping so-called “cyber bombs” on the militants, a top Pentagon official said Tuesday.
“Those guys are under enormous pressure. Every time we have gone after one of their defended positions over the last six months, we have defeated them. They have left, they have retreated,” Deputy Defense Secretary Robert Work told Reuters.
Defense Secretary Ash Carter gave some explanation for the concept of “cyber bombs” in a February NPR interview.
“We are using cyber tools, which is really a major new departure… These are strikes that are conducted in the warzone using cyber essentially as a weapon of war, just like we drop bombs,” Carter said.
Analysts say ISIS has frequently used the Internet to spread its message, regularly releasing photos and videos on social media. The latest edition of its magazine “Dabiq” went online this week.
Meanwhile, the U.S. has helped Iraqi forces as they prepare operations to retake the northern city of Mosul. While they got off to a slow start, there have been some recent advances, and officials say momentum has been growing in the fight against ISIS.
Secretary of State John Kerry, during a visit to Baghdad last Friday, pledged $155 million in new U.S. aid to Iraq and offered a show of political support to Iraq’s beleaguered Prime Minister Haider al-Abadi.
****
DefenseSystems: Given the classifications and operational security surrounding cyber operations, details on anti-ISIS activity in this domain are scant, though Carter added some information in a Pentagon press conference with reporters on Monday, saying the cyber component is aimed at disrupting ISIS’s command and control to cause them to lose confidence in their networks, as well as overloading their networks to limit their operational functionality. But given that the cyber tools are new, Carter said details are being kept under wraps, especially considering they are applicable to other conflicts globally.
Chairman of the Joint Chiefs of Staff Gen. Joseph Dunford reiterated the point that DOD does not want to provide operational details in hopes of keeping the element of surprise. Dunford did say that, conceptually, DOD is trying to isolate ISIS in the same way it is trying to so in the physical space.
Both Dunford and Carter said that the capabilities being used against ISIS, and others globally, are exactly why the U.S. Cyber Command was established in the first place. Dunford said the command is building an inventory of tools to be used in cyberspace going forward.
Carter has said previously that the Defense Department will look to take the fight to ISIS in the cyber domain, even resorting to targeting members of ISIS’s hacking cadre with bombs. However, it is still believed that ISIS’ cyber capabilities remain low, limited to merely website defacements and denial-of-service attacks.
One concern, whether from nation-states or groups such as ISIS should they gain cyber acumen, is the targeting of U.S. critical infrastructure. “Although it’s not a popular target for people trying to make a profit – that’s good and bad, because the flip side is that the adversaries who are interested in potentially targeting critical infrastructure could potentially be more sophisticated adversaries,” Isaac Porche, associate director of the Forces and Logistics Program at RAND, told a panel of lawmakers last week. “So critical infrastructure today might have to deal with a more sophisticated threat than, let’s say, a hardware store might have to.”
Military and U.S. intelligence officials in the past have been careful about what, in their minds, the term “attack” connotes in cyberspace, potentially allowing conclusions to be drawn regarding current U.S. activity against ISIS. “Terminology and lexicon is very important in this space,” Adm. Michael Rogers, the head of the National Security Agency and Cyber Command, told the House Intelligence Committee last year.“And many times I’ll hear people throw out ‘attack’ and ‘act of war’ and I go, ‘That’s not necessarily in every case how I would characterize the activity that I see’.”
Director of National Intelligence James Clapper has said previously that the hack and theft of millions of records from the Office of Personnel Management did not constitute an attack, because it did not result in the destruction of systems, infrastructure or data.
“We generally look at all cyber events and we define it as an attack. In many cases you can do reconnaissance, you can do espionage, you can do theft in this domain we call cyberspace,” Director of the Defense Intelligence Agency Lt. Gen. Vincent Stewart told lawmakers recently. “But the reaction always is, whether it’s an adversary doing reconnaissance, an adversary trying to conduct a [human intelligence] operations in this domain, we define it as an attack and I don’t think that’s terribly helpful.”
