Today someone posed a question and I had to sit back and remember: not everybody has been in the military or not everybody has been in a military leadership position.
After more than 35 years in or working on behalf of the military, I sometimes forget the qualifications of the people with whom I am working.
Here is what was posed:
"What is the benefit of having a “cyber” capability on site? What can be better “cybered” from 20km away than from 20.000km? Electronic warfare on site is valuable and needed, but cyber? And would one want to send a cyber specialist, being probably one of a rare breed, and whose education cost God knows how much, into a situation where a semi-neolithic tribal warrior with an RPG can blow his head off? Better teach the regulars (or just the special forces) how to install interfaces and such, to have the cyber guys back home tap into them. For everything else we have to wait another 50 years I think."
My response was much like this, I’ve clarified where I could. There are many reasons to distribute cyber capabilities and not have them all centralized at US Cyber Command.
First, modern military commanders distribute forces to avoid massive loss of forces, a la Pearl Harbor. It’s called dispersal of forces and that’s taught in every basic military leadership course.
Second, actions taken by teams from Cyber Command can be fully integrated with a geographic commander’s battle plan at every level, from strategic to operational to tactical, to better avoid interference with friendly forces. This also decreases the Indications and Warnings or ‘signatures’ to potential adversaries to any actions taken in the other domains by friendly forces, be they actions in cyber, air, land, sea or space.
One also can, especially in cyber, dissipate forces to avoid IP blockage. Once an adversary locates the IP addresses from which attacks are launched, they can easily be blocked. Sure, you can reroute an attack or change IP addresses, but that takes time and/or deliberate planning. Don’t forget, routes need to be preplanned and permission sought if transiting foreign networks.
One can mask one’s activities by distribution of forces as well. If I decide to launch an attack against a group of targets, I can use a very low and slow approach method from a wide variety of start points and routes. The initiation of such actions, usually an exploitation and the planting of a dual-use tool (exploitation and pre-attack placement of something that might be used as a warhead) can be so quiet and disguised such that an adversary might never know they are pwned until it is way too late.
One can distribute the information effects, spread around the various functionalities and operate seamlessly within an overload, as part of the noise. The internet is billions of times noisier than it was only one decade ago, the number of trons bouncing up against your firewalls have increased almost exponentially.
Binary weapons, meaning a warhead and/or a transport, can be pieced together on a targeted system using different exploits and/or methodologies, and unless the particular code has already been previously used, the functionality may never be discovered. The attack might even be distributed on different parts of the same system, just waiting for an execute code. They can also appear to be a part of a much larger use of common network management tools, looking like routine network traffic, such an approach may never be noticed.
These effects can also be enabled globally. For instance, if a CENTCOM target is attacked by a SOUTHCOM team routing through a dozen servers in denied areas, even if traced back it would be almost psychologically damaging to any analyst trying to figure out the bigger picture.
Imagine Joe Analyst looking at traffic, even if the unthinkable occurs and they attack directly, there would be no accounting for the origin of the action. He might think the attack is from Outer Carjackistan or Inner Slobovia… If you think about this, the patriotic hackers that attacked Georgia as part of the South Ossetia campaign as part of the Russian campaign, might have looked just like that to any network analyst.
Combining cyber with planned kinetic operations, even feints or gestures will keep any force off balance, a globally distributed attack and defense network in cyberspace can stifle any meaningful responses. Who is to know how good US Cyber Command’s sensors are?
We are all painfully aware of the reach of NSA’s intelligence gathering network, what is to say our cyber intelligence sensors aren’t just as good? You may have already heard General Alexander’s speech in which he says we are moving towards an Active Defense. That, ladies and gentlemen, is the military version of my geekspeek.
With the way US forces are distributed globally, cyber capabilities and flexibilities are only enhanced. Cyber, both offense and defense, can be launched from anywhere. All functional Combatant Commanders have liaisons and representative elements with geographic commands, Cyber Command is no different. Anywhere in the world, Cyber Command teams and liaisons are already positioned. What’s to prevent them from launching attacks and defenses from almost anywhere in the world?
I haven’t really reached down deep into my evil professional self, my years in SF and SOF might make me think of tons of other suggestions…
And please don’t forget about all the contractors out there, possible patriotic hackers wanting to support the US, other countries and other friendly groups? …and I didn’t even touch on the use of a cyber militia.
Seriously, don’t you think SOF or OGA teams have been deploying for years with cyber specialists, a potent USB stick or something else? Cyber warriors can also be warriors, specialists sometimes are accompanied by a team, just for their protection. Just think: Is the Juice worth the Squeeze? If the answer is yes, there’s your answer.
Cross-posted from To Inform is to Influence