The subject of offensive cyber action by the U.S. government was classified for many years and was hardly discussed in public at all. Then several years ago the possibility of U.S. cyber offense was formally acknowledged, though it was mostly discussed in the conditional mood, as a capability that might be developed and employed under certain hypothetical circumstances.
Today, however, U.S. offensive cyber warfare is treated as an established fact. Not only that but, officials say, the U.S. military is pretty good at it.
“We believe our [cyber] offense is the best in the world,” said Gen. Keith B. Alexander, director of the National Security Agency and Commander of U.S. Cyber Command. His comments appeared in newly published answers to questions for the record from a March 2013 hearing of the House Armed Services Committee (at p. 87).
“Cyber offense requires a deep, persistent and pervasive presence on adversary networks in order to precisely deliver effects,” Gen. Alexander explained in response to a question from Rep. Trent Franks (R-AZ). “We maintain that access, gain deep understanding of the adversary, and develop offensive capabilities through the advanced skills and tradecraft of our analysts, operators and developers. When authorized to deliver offensive cyber effects, our technological and operational superiority delivers unparalleled effects against our adversaries’ systems.”
“Potential adversaries are demonstrating a rapidly increasing level of sophistication in their offensive cyber capabilities and tactics. In order for the Department of Defense to deny these adversaries an asymmetric advantage, it is essential that we continue the rapid development and resourcing of our Cyber Mission Forces.”
In response to another question for the record from Rep. James R. Langevin (D-RI), Gen. Alexander said that “Over the next three years we will train the Cyber Mission Forces that will perform world-class offensive and defensive cyber operations as part of our Cyber National Mission Teams, Cyber Combat Mission Teams and Cyber Protection Forces. We do not require additional authorities or resources to train the currently identified cyber professionals” (at page 85).
See Information Technology and Cyber Operations: Modernization and Policy Issues to Support the Future Force, hearing before the House Armed Services Committee, Subcommittee on Intelligence, Emerging Threats and Capabilities, March 13, 2013 (published July 2013).
At the time of his confirmation hearing before the Senate Armed Services Committee in 2010, Gen. Alexander was asked in a pre-hearing question, “Has the U.S. ever ‘demonstrated capabilities’ in cyberspace in a way that would lead to deterrence of potential adversaries?” He replied (Question 15p): “Not in any significant way.”
This seems to have been an incomplete response. Committee Chairman Sen. Carl Levin noted in questions for the record of Gen. Alexander’s confirmation hearing in 2010 that in fact offensive cyber capabilities had already been demonstrated: “Unfortunately, we also learned, after asking a specific question following the appearance of a Washington Post article reporting on an apparent offensive cyber operation, that DOD has undertaken a number of offensive cyber operations in the last several years, none of which was reported to the Armed Services Committees….”
On the vital question of oversight, Senator Levin asked: “Lieutenant General Alexander, do you agree that it is appropriate that the Armed Services Committees be informed of all U.S. offensive cyber operations?”
Gen. Alexander provided an affirmative response, but in a way that altered the terms of the question: “Yes, I agree that in almost all circumstances the Armed Services Committees should be informed in a timely manner of significant offensive cyber operations conducted by CYBERCOM.”