The Obama administration has authorized a new online campaign in its slow, grinding war against ISIS, The New York Times reported earlier this week. The Pentagon’s Cyber Command will target ISIS in a way that essentially will get inside the heads of terrorist commanders to disrupt their military operations.
The goal appears to be to sow mistrust and confusion among ISIS leaders by interfering with their ability to pay their soldiers, execute operational orders, recruit new fighters, and communicate with one other.
The plan amounts to dropping cyberbombs on the enemy, Deputy Secretary of Defense Robert O. Work told the Times, which is something the U.S. never before has done in such a large-scale battlefield environment.
Shift in Strategy
The Cyber Command’s primary focus has been on Russia, China, North Korea and Iran, Admiral Michael S. Rogers, commander of the unit, said in testimony before the Senate Armed Services Committee earlier this month.
Also known as “the Islamic State in the Levant,” or “ISIL,” ISIS has limited organic cyberwarfare capabilities, he told lawmakers, and it has used the Web primarily for recruiting, propaganda, radicalization and fundraising.
The Pentagon intends to use cyberwarfare as one tool in the toolbox, suggested Isaac Porche III, associate director of the Forces and Logistics Program at the Rand Arroyo Center.
Although he has no inside information on the Pentagon strategy, it appears that the aim is to break the will of the enemy, he told TechNewsWorld.
That type of effort is not used as a substitute for traditional counterterrorism or battleground campaigns, but in conjunction with them, Porche pointed out.
“Cyber is just one domain that we fight in, and all the domains have to be addressed,” he emphasized. “No one domain is necessarily the place to take on an adversary. They understand it’s a test of wills.”
As a nation, the U.S. has to be prepared to respond to retaliatory attacks, Porche said.
One of the reasons there have been so few major attacks on the U.S. is that enemies know retaliation could come in a multitude of ways.
“The response from the U.S. would not necessarily be in cyber,” Porche noted.
In many ways, the U.S. is living in a pre-cyber-disaster world, observed GreatHorn CEO Kevin O’Brien. That is, it has not suffered a crippling large-scale cyberattack from a foreign entity.
“We have not yet seen a cyberattack take down the power grid, disrupt critical infrastructure, or — so far as we know — gain access to military secrets,” O’Brien told TechNewsWorld. “However, it is likely a matter of time before we see one of these events take place. There are routes through our cyberdefenses that are largely unsecured.”
For example, ISIS last year gained access to the Twitter accounts of U.S. Central Command, O’Brien noted.
“While this was essentially Web vandalism, one can imagine a scenario where instead of posting propaganda pictures, they used their access to begin a more sophisticated, longer-term, and insidious social engineering attack against targets both public and private,” he suggested.
Federal prosecutors just last month charged seven Iranians working for two companies sponsored by the Iranian government, ITSECTeam and Mersad, with a series of crimes against U.S. financial institutions that resulted in losses of tens of millions of dollars.
The suspects between 2011 and 2013 allegedly used botnets and other malicious computer code to carry out distributed Denial of Service attacks on nearly 50 financial institutions, preventing victims from gaining online access to their bank accounts.
One of the suspects, Hamid Firoozi, allegedly gained access to the Supervisory Control and Data Acquisition systems of the Bowman Dam in Rye, N.Y., in 2013.
Separately, federal prosecutors last month charged three members of the Syrian Electronic Army, a pro-Assad hacker collective, with spearphishing attacks against U.S. media organizations, a U.S. Marine Corp recruitment site, and the Executive Office of the President.