How to Wage War in Cyberspace with Iran

Thursday, September 15, 2011

Joel Harding


Every now and then I see a question on Yahoo Answers which I find intriguing.  Here is the latest:

I want to be a part of the U.S military cyber warfare?

Do I have to go through basic training to receive the training to do the job from the government?

I thought about various ways to easily and succinctly answer the question, instead I thought it might be best to just write this up as a blog topic.

Iran has also been rattling their ‘cyber-saber’, so I wanted to venture an educated guess as to how the United States would work with the rest of the world to fight the ‘Persian threat in cyberspace’.

The United States just created the US Cyber Command but they do not wage war in cyberspace.  The US CyberCommand will coordinate and guide all the Service Components.

USCYBERCOM centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks.

Both the National Security Agency and the US Cyber Command are lead by four star General Keith B. Alexander.  For the most part, Cyber Command will only talk about Cybersecurity

There have been heavy discussions about the division of US Code Title 10 (role of Armed Forces) and USC Title 50 (the part dealing with intelligence collection) the discussions have ongoing for years.  Being entirely too simplistic, NSA and Cyber Command have the same commander but the staffs are divided. One, however, cannot operate independently of the other, so there will be a lot of overlap. 

Cyber Command is currently a sub-Unified Command under the Strategic Command, but recently a paper was approved for release, saying that the US Cyber Command would operate more effectively as its own Unified Command. Many of us who have been working in this field for the past ten to fifteen years expected this to occur three to five years after the formation of the US Cyber Command. The devil is in the details, however.

The US Army‘s part of the US Cyber Command is known as US Army Forces Cyber Command, abbreviated ARFORCYBER and also called 2nd Army.  The commander is a three star general, currently LTG Hernandez.

The US Air Force’s part is called Air Forces Cyber or AFCYBER and is also known as 24th Air Force. The Navy’s portion is called the US Tenth Fleet or US Fleet Cyber Command. The Marine’s cyber forces are consolidated in the United States Marine Corps Forces Cyberspace Command or MARFORCYBER.

These are the people that will wage war in cyberspace, although they will most likely never ‘wage war’ without close coordination with other unified commands, both regional and functional.

Each Service, Army, Navy, Air Force and Marine, has their own training programs for providing cyber specialists to the various component commands of Cyber Command.  Services are required to “train, man and equip’ soldiers, sailors, marines and airmen.  The acquisition and training program for cyber specialists varies for each Service and is still developing as I write this.

A person’s background might be as a computer specialist, a programmer, an intelligence specialist, a communicator, a cryptologist, an information warfare operator, special operator, there are a myriad of qualifications and few certification standards.  Training programs vary wildly also.  Almost all will require a top secret clearance.

How will they wage a war in cyberspace with Iran? Most will probably operate out of their home base, from Ft. Meade, Md, San Antonio, Texas, Virginia, and of course at various locations around the world.  There have been heavy discussions about who has the final approval authority, the functional commander or the geographic commander. 

There have been arguments that the US Special Operations Command is a good model for the deployment and use of cyber forces, the discussions continue. Any war in cyberspace will be aided by the use of conventional and special operations forces and weapons, I can guarantee they will be used.  A computer can quickly and easily be rebuilt with backups, but a router, a switching station, wires, fiber optic lines or other networking materials cannot be replaced so quickly.

There is no doubt in my mind that Iran has already begun deployment of their cyber forces, in small teams, throughout the world, specifically to avoid devastation if the networks internal to Iran are crippled.  I am also certain that a myriad of intelligence agencies are tracking their every move, monitoring their every transmission and gathering as much intelligence as possible for a possible war in cyberspace with Iran.

But, you ask, how will the war be fought?  The war already started the minute everybody began mapping the others’ networks.  They know what operating systems are used, which software patches have been installed and, more importantly, not installed.  Each others’ systems have been mapped, idiosyncrasies noted and physical layouts recorded. 

During this exploitation phase various exploits were also placed, some with dual use. During periods of crisis and war these payloads could easily be converted to damage, degrade, deny or destroy a targeted network.  The challenge is to abide by the laws of armed conflict and limit damage to the other systems.  We do not want to damage hospitals, religious facilities or cause undue hardship to anyone with whom we might be fighting.  We also want our responses to be proportional in response to others’ attacks on us, destroying a whole city is wrong, it is not a military target.

Will we fight an overt war against Iran?  I seriously doubt it.  Iran has few allies and all would be loathe to get involved, their economies are too dependent on the internet and all are heavily engaged in cybersecurity talks to protect their precious and sensitive infrastructures.  But, just in case, Iran, we’re ready.  Keep rattling your shamshir, we’re listening.

Related articles:

Update:  I was asked what is the most likely form of war that Iran will have with the rest of the world?  Iran will claim that is full of Kafirs (unbelievers) or they are Zionists and will invent any excuse to express their outrage.  Danish-published Mohammad cartoons could set them off.  Heck, it might even be this blog! 

My guess is their small three to five man teams will use weapons and explosives transported by diplomatic containers into the country and attempt small guerrilla attacks which will be loud and kill a lot of people.  I think most Iranians would not be willing suicide bombers, they seem to have more brains than others (or less courage).

I see timed bombs left in restaurants, and all around public squares, perhaps shoulder launched antiaircraft missiles, shooting AK-47s into a crowd from a high vantage point and then disappearing, and other similar cowardly acts. If they get really brave they will highjack a gasoline truck, move it into a public square and set off a timed explosion, probably around lunchtime.

Their “Iranian Cyber Army” will attempt to deface as many high profile websites as possible, but most likely just the low hanging fruits, the ones easiest to deface.  Don’t forget, defacing a web page doesn’t “do” anything, it just makes a big splash.

Simultaneously the Iranian government will claim they are not behind these acts but will publicly claim they back their actions, because these people are bravely attacking Zionists and Kafirs.

For all their bravado and bluster, their unconventional weapons like stealth fighters, long range ground to ground missiles, their female ninja brigades and long range anti-ship missiles are not that effective and many of the pictures have already been documented to be heavily photoshopped. 

In the end they fear getting attacked and will limit their attacks to missile strikes against innocent shipping.  They’re not kafirs, they’re cowards.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Iran Military Cyberwar Network Security National Security U.S. Cyber Command
Post Rating I Like this!
Krypt3ia I don't buy the latter half of this article. 5 man teams and all. Frankly, all Iran need to is continue their support of AQ and let them do all the heavy lifting.

As to the Iranian Cyber Army, not buying in on that one either. They capabilities are yet to be created for the most part from what I am hearing and are not much of a threat as yet.

Time will tell, but this stuff to me, sounds a bit more fictional than real.
J. Oquendo I seriously wish I had enough time to devote to this. Since I don't I will go through my response with a fine tooth-comb to avoid cliches', FUD, arguments. I will start with the logical question no one wants to seriously ask or answer: "Will/Can a cyberwar lead to a real war?" Answer, of course not. No one wants a real war and the logical reality is, any so called "INSERT_COUNTRY_HERE_Cyberarmy" is going to do anything outside of annoy systems and security engineers and admins.

So let us think of some wonderful instances of "came really close" to which the logical answer is Stuxnet. The outcome of Stuxnet was akin to a precision strike by a predator drone. There was a target with enough information known about the target to render it inoperable. That is what made Stuxnet work however, it also failed since it was detected. A true strike would have been undetectable period - irrelevant to a degree.

Could Stuxnet have led to a war? My answer is no but it could have led to future terrorist attacks by those looking to defend their homeland. As much so as someone in the US calling themselve Patriotic. Do we shift the blame to the government of a country if individuals from that country act out? If so, why isn't Saudi Arabia on our poop list after 9/11?

Logically, I could not seeing any country surrendering because their websites were taken off-line, defaced, crashed, backdoored, etc., however, espionage is what everyone screaming "cyberwar" keeps missing or creatively forgetting to talk about.

In the espionage scenarios, there is the realistic threat that an enemy with the proper plans of say weapons and facilities, could use that information to subvert any of the technologies, processes or plans. Thereby giving them the upper hand in a real warfare scenario. Even so, no one really wants war and this is the ULTIMATE reality.

Read up on any one of "powers" that be and with the exception of under a handful, it all boils down to a financial situation. Many world leaders are more concerned with power and money than overthrowing the world. The days of Hitler-esque take overs is beyond over. Too many individuals are more concerned with become super wealthy than they are concerned with taking over countries. (This is reality whether you choose to accept it or not).

In the "cyberwarfare" landscape, we need to focus on minimizing or stopping the espionage factors rather than waste time on hollywood like themes: "They will hit the power grid!", "They will shut down the markets!" Those types of actions will likely come from country based patriots as the world revolves around money period. No country in their right mind wants to shut down anothers power grid especially if that country is dependent on the flow of currency from bank trades, stock markets, etc. The patriots though, won't care an iota about this.

So what would I aim for if I were in a "cybercommand" position? I would look for data to assist me in SUPPORTING a real war-time scenario. Data meaning, the plans of the planes the enemy is using, the plans and strategies on how they plan to defend/attack. THIS is worth more to any military's strategy than powering off computers, etc.

I would also look to implement many forms of deception, e.g.: On an enemies compromised system, give their pilots fake coordinates, have them fly in circles, etc. tamper with their radar to send them on goose chases.

Those small types of actions would be what I would focus on and I believe we likely DO focus on.

Cyberwar at this level should be changed to something like "cyberwar support" as there is no logical way I can think of that anyone is going to surrender based upon the outcome of a computer.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.