14 March 2016

Why the Pentagon is finally acknowledging the U.S.'s 'offensive cyber' efforts


http://www.bizjournals.com/jacksonville/news/2016/03/04/why-the-pentagon-is-finally-acknowledging-the-u-s.html 
Mar 4, 2016, James Bach Staff ReporterWashington Business Journal
U.S. Secretary of Defense Ashton Carter was in Washington this past week testifying on the Pentagon’s budget before jetting off to Silicon Valley to talk innovation with tech business leaders, but whether he’s on the East Coast or the West Coast there’s one issue that every audience is asking about: offensive cyber.
The buzz began when Carter acknowledged before the House Appropriations Subcommittee on Defense that in fighting the Islamic State in Syria and Iraq, the U.S. Cyber Command was using offensive cyber tactics to disrupt the organization's command and control operations and communications.
“Cyber can be a tool that we can use against our enemies,” he said before the committee Feb. 25.
At the Commonwealth Club in San Francisco on Tuesday, Carter added, “It is the kind of thing we’ve done in electronic warfare over the radio spectrum for decades and decades.”
It surprises no one that the U.S. government is using cyber as a tool for war. What was surprising was that the Pentagon publicly acknowledged it is waging active cyber campaigns against its adversaries.
“Make no mistake, this is a very big deal,” said Peter W. Singer, a strategist at theNew America Foundation, a D.C.-based public policy think tank. “We’ve long had cyber offensive capability, we have used it but in an espionage setting.”
But “when it came to using it by the military and openly admitting — openly claiming — that we used it, we’ve never done that before.”
Singer told me the option has been on the table. The Pentagon mulled over the decision when it was involved in NATO operations in Kosovo in 1999 and even considered using it to disrupt the Russian and Chinese-made air defenses in Libya in 2011, before tabling the idea. The Defense Department simply hadn’t fleshed out the ethical, political and legal implications of fighting on this front and wasn’t ready to take the plunge.

Even Stuxnet, the malicious computer worm that was believed to be developed jointly by the U.S. and Israel to disrupt centrifuge operations at Iranian nuclear facilities, has yet to be publicly claimed by the U.S. government, Singer noted.
But it’s much more palatable to go public with these details when the Pentagon is waging a battle against an enemy as ruthless as the Islamic State, Singer said.
Carter’s strong words about the terrorist organization’s digital presence indicate as much.


“CYBERCOM is operating against ISIL because … why should they be able to communicate? Why should they be using the Internet?” Carter said in Washington. “This is evil … the Internet should be used for that purpose.”

While the White House is becoming more open to discussing the U.S.’s cyber operations, don’t expect industry to do the same.

Cybersecurity companies and big systems integrators with large cyber businesses are quick to tout their defensive solutions but won’t even acknowledge that they operate on the offensive side.

Putting aside the fact that a lot of these federal contracts are classified and companies don’t control the PR for these jobs, being an offensive cyber company can attract undue attention.

The Boeing Co. (NYSE: BA) of Chicago discovered this when it was revealed that Narus, a commercial cyber company owned by Boeing, was found to have a hand in the Egyptian government’s shutdown of the Internet during protests in 2011. Boeing shed Narus in a sale to Symantec Corp. last year.

“If they are known to develop those things and have those capabilities, it has repercussions,” said Jon Yim, a director at Tysons-based aerospace and defense investment bank KippsDeSanto & Co.

Cyber companies also want to keep their techniques under wraps, so responders aren’t ready to patch or mitigate prior to an attack.

Cyber warfare “depends on vulnerabilities that are not known,” Singer said.

James Bach covers federal contracting.

No comments: