Is “Cyberwar” War?

Are offensive cyber operations an act of war?

“I would say specifically to your question what defines an act of war [in the cyber domain]– that has not been defined. We are still working towards that definition across the interagency,” said Thomas Atkin of the Office of Secretary of Defense at a congressional hearing last year.

He elaborated in newly published responses to questions for the record:

“When determining whether a cyber incident constitutes an armed attack, the U.S. Government considers a number of factors including the nature and extent of injury or death to persons and the destruction of, or damage to, property. Besides effects, other factors may also be relevant to a determination, including the context of the event, the identity of the actor perpetrating the action, the target and its location, and the intent of the actor, among other factors.” See Military Cyber Operations, hearing of the House Armed Services Committee, June 22, 2016.

If cyberwar is in fact war, would civilians who support military cyber operations be lawful combatants? They might not be, Mr. Atkin said.

“During armed conflict, some civilians who support the U.S. armed forces may sit at the keyboard and participate, under the direction of a military commander, in cyberspace operations. The law of war does not prohibit civilians from directly participating in hostilities, such as offensive or defensive cyberspace operations, even when that activity would be a use of force or would involve direct participation in hostilities; however, in such cases, a civilian is not a ‘lawful combatant’ and does not enjoy the right of combatant immunity, is subject to direct attack for such time as he or she directly participates in hostilities, and if captured by enemy government forces may be prosecuted for acts prohibited under the captor’s domestic law.”

But any such danger to unlawful civilian cyber-combatants is probably not an imminent hazard, he added. “Most, if not the great majority, of our civilian cyber workforce involved in providing support to cyberspace operations during armed conflict will not be serving on the battlefield where they may be the object of attack or risk being detained by the enemy. Instead, most will be providing their support remotely from areas outside the area of hostilities, are not easily identifiable as an individual, and are likely serving in the United States.”

US Military Advantage in Cyberspace is Challenged

The superiority of the US military in cyberspace, which once could be taken for granted, is gradually eroding, says an Army Field Manual published this week.

In the past decade, “U.S. forces dominated cyberspace and the electromagnetic spectrum (EMS) in Afghanistan and Iraq against enemies and adversaries lacking the technical capabilities to challenge our superiority in cyberspace.”

“However, regional peers have since demonstrated impressive capabilities in a hybrid operational environment that threaten the Army’s dominance in cyberspace and the EMS,” according to the new Field Manual.

“Rapid developments in cyberspace and the EMS will challenge any assumptions of the Army’s advantage in this domain. While it cannot defend against every kind of intrusion, the Army must take steps to identify, prioritize, and defend its most important networks and data.”

The underlying principles of US Army operations in cyberspace were described in the new Field Manual 3-12, Cyberspace and Electronic Warfare Operations, 11 April 2017 (unclassified, 108 pages).

Air Force Updates Doctrine on Cyberspace Operations

Within living memory, even a passing mention of cyber weapons or U.S. offensive activities in cyberspace was deemed sufficient to justify national security classification. Now, although the Obama Administration generally neither claims nor receives credit for it, military cyberspace doctrine has become one of a number of significant policy areas in which this Administration is demonstrably “more transparent” than its predecessors.

A new US Air Force directive “provides policy guidelines for planning and conducting AF cyberspace operations to support the warfighter and achieve national security objectives.”

“The AF will execute Cyberspace Operations” — including both offensive and defensive actions — “to support joint warfighter requirements, increase effectiveness of its core missions, increase resiliency, survivability, and cybersecurity of its information and systems, and realize efficiencies through innovative IT solutions.” See Cyberspace Operations, Air Force Policy Directive AFPD 17-2, April 12, 2016.

A companion directive further specifies, for example, that “Air Force Space Command (AFSPC) will… deploy AF approved cyber weapon systems.” See Air Force Policy Directive 17-1, Information Dominance, Governance and Management, 12 April 2016.

A Bureaucratic History of Cyber War

When Gen. Keith Alexander became the new director of the National Security Agency in 2005, “his predecessor, Mike Hayden, stepped down, seething with suspicion”– towards Alexander.

As told by Fred Kaplan in his new book Dark Territory, Gen. Hayden and Gen. Alexander had clashed years before in a struggle “for turf and power, leaving Hayden with a bitter taste, a shudder of distrust, about every aspect and activity of the new man in charge.” The feeling was mutual.

The subject (and subtitle) of Kaplan’s book is “the secret history of cyber war.” But the most interesting secrets disclosed here have less to do with any classified missions or technologies than with the internal bureaucratic evolution of the military’s interest in cyber space. Who met with whom, who was appointed to what position, or even (as in the case of Hayden and Alexander) who may have hated whom all turn out to be quite important in the ongoing development of this contested domain.

Kaplan seems to have interviewed almost all of the major players and participants in this history, and he has an engaging story to tell. (Two contrasting reviews of Dark Territory in the New York Times are here and here.)

Meanwhile, the history of cyber war is becoming gradually less secret.

This week, the Department of Defense openly published an updated instruction on Cybersecurity Activities Support to DoD Information Network Operations (DoD Instruction 8530.01, March 7).

It replaces, incorporates and cancels previous directives from 2001 that were for restricted distribution only.

Army: Rapid Reprogramming Needed for Cyber Ops

Changes in the cyber threat environment require the Army to be able to rapidly reprogram its own military software, a newly updated Army Regulation directs.

“Warfare is rapidly moving into a new domain: cyberspace. This will affect warfighting in all domains, and the Army will take measures to adapt to the cyberspace environment.”

“This increased responsiveness demands shortened timelines to combat enemy threats as they adapt to new technology and to new methods of employment.”

“RSR [Rapid Software Reprogramming] will be required to become even more adaptive, automated, and integrated with weapons systems operating in the EMS [electromagnetic spectrum].”

“This policy gives the Army a process which enables soldiers a reach-back RSR capability that will assist commanders to attain tactical superiority, achieve surprise, gain and retain the initiative, maintain awareness of new and emerging threats, and obtain decisive results…,” the unclassified Regulation said.

The Assistant Secretary of the Army (ALT) will “Ensure that sensor-based weapons and CEMA [Cyber Electromagnetic Activities] systems are developed using software reprogrammable signature detection, classification, and response capabilities that can be responsive and enabling to EW [Electronic Warfare], spectrum management and cyber operations.”

See Software Reprogramming for Cyber Electromagnetic Activities, Army Regulation 525-15, 19 February 2016.

Air Force: Cyber Warriors Need Plenty of Rest

New guidance from the U.S. Air Force on the use of cyberspace weapons directs Air Force personnel to get a good night’s sleep prior to performing military cyberspace operations and to refrain from alcohol while on duty.

“Crew rest is compulsory for any crew member prior to performing any crew duty on any cyber weapon system,” the May 5 guidance says. “Each crew member is individually responsible to ensure he or she obtains sufficient rest during crew rest periods.”

Furthermore, “Crew members will not perform cyberspace mission duties within 12 hours of consuming alcohol or other intoxicating substances, or while impaired by its after effects,” the new Air Force guidance stated.

“This instruction prescribes operations procedures for cyberspace weapons systems under most circumstances, but it is not a substitute for sound judgment or common sense,” the Air Force said.

The document discusses the general conduct of Air Force cyber operations, including so-called “Real-Time Operations & Innovation” (RTOI) projects that enable the USAF “to generate tools and tactics in response to critical cyber needs at the fastest possible pace.”

See Cyberspace Operations and Procedures, Air Force Instruction 10-1703, volume 3, 5 May 2015.

With the growing normalization of defensive and (especially) offensive military operations in cyberspace, more and more U.S. military doctrine governing such activity is gradually being published on an unclassified basis. Some of the principal components of this emerging open literature include the following:

Cyberspace Operations, Joint Publication 3-12, 5 February 2013

Cyberspace Operations, Air Force Policy Directive 10-17, 31 July 2012

Command and Control for Cyberspace Operations, Air Force Instruction 10-1701, 5 March 2014

Legal Reviews of Weapons and Cyber Capabilities, Air Force Instruction 51-402, 27 July 2011

Information Assurance (IA) and Support to Computer Network Defense (CND), Chairman of the Joint Chiefs of Staff Instruction 6510.01F, 9 February 2011

Department of Defense Strategy for Operating in Cyberspace, July 2011

The Department of Defense Cyber Strategy, April 2015