Pages

4 September 2016

CYBERCOM wants adversary to know it’s hacked

Mark Pomerlau
September 1, 2016

CYBERCOM wants adversary to know it’s hacked

As Cyber Command is beginning to reach initial operational capability and entering into both defensive and offensive operations around the globe, America’s cyber warriors need cyber tools to conduct their missions. However, unlike the tools used by members of the intelligence community, which seek to operate without being detected, the Defense Department is interested in “louder” tools. 

First reported by FedScoop, Cyber Command’s Executive Director Shawn Turskey said the command desires tools that can be attributed to DoD. 

“In the intelligence community you never want to be caught, you want be low and slow, you never really want to be attributed. There’s a different paradigm from where you are at in the intelligence community,” Tuskey said at a government cybersecurity workshop hosted by the Department of Homeland Security August 30, according to FedScoop reporter Chris Bing. “But there’s another space over here, where maybe you definitely want to be louder, where attribution is important to you and you actually want the adversary to know.” 

An official at Cyber Command, speaking to C4ISRNET on background, said joint force commanders might want their goals or objectives to be known in order to convey a message. Some cyber teams work directly to support the objectives of joint force commanders by providing options in cyberspace in furtherance of these goals. 

CYBERCOM is currently engaged in the global anti-ISIS coalition to help degrade and ultimately destroy the group by disrupting its command and control as well as ability to communicate. As part of the effort, CYBERCOM Commander Adm. Michael Rogers had stood up a specific task force headed by the commander of Army Cyber Command GenEdward Cardon designed specifically at building tools tailored toward ISIS and their capabilities. 

Joint Task Force – Ares, as it is called, is “very consistent with what we talked earlier but from a real specific operations point of view,” Ronald Pontius, deputy to the commanding general of ARCYBER, said in a recent interview with C4ISRNET. “It’s not just about tools, it is about how do you achieve effects that are integrated into Joint Task Force – Operation Inherent Resolve as the overall joint task force leading the efforts. So how do you integrate non-kinetic with kinetic to achieve those effects. The Joint Task Force – Ares is working that very much.” 

Pontius added that this project is a collaboration between CYBERCOM and Central Command, responsible for the geographic area encompassing ISIS’s largest territory to include the group’s de facto capital. Joint Task Force Ares is “integrated with Joint Task Force – OIR because they have responsibility in the entire battlespace of all the airspace, land domains,” he continued. 

The CYBERCOM official noted that the initiative to create attributable cyber tools is broad based and not specific to any one specific effort. 

As CYBERCOM is nearing IOC, which will occur at the end of 2016, and while there have been reports the organization will be elevated to a unified command, it will continue to remain a close partner with the intelligence community and the NSA, its de facto parent, for the foreseeable future. “We will continue to work with the intelligence community for offensive means and offensive operations, but as the United States Cyber Command, we need totally separate tools and infrastructure to conduct our operations,” Tusky said. 

There is a close working relationship between signals intelligence and cyber. One can inform the other but also the other informs the other,” Pontius, whose organization isrelocating its headquarters from Fort Belvior, VA to Fort Gordon, GA in 2020, collocating with NSA-Georgia, said. “There’s things that we very much could see from a cyberspace operations point of view that could say here’s something we need to look at from a signals intelligence point of view or we may have indications and warnings from signals intelligence that says we believe adversaries are thinking about pursuing this kind of thing against our networks or our systems – you need to look in this area.” 

In a general sense, Col Brandon Pearce, formerly chief of current intelligence for CYBERCOM, told C4ISRNET that this relationship is absolutely critical. “I believe that the relationship between signals intelligence and what U.S. CYBERCOM is trying to do in order to leverage signals intelligence and other types of intelligence to figure out what to do next inside the cyberspace is absolutely critical,” he said following an appearance at an FCW-hosted event on August 24, noting he has been out of that position for two years and was not commenting on current operations or polices. 

Pontius was sure to articulate the key differences between Title 10 military operations and Title 50 intelligence operations as they apply to the intelligence-military partnership in cyberspace. “Cyberspace operations as a Title 10 operations is that, it’s a military operation, not an intelligence operation. And so it’s very important and we go through a lot of training and we have our operational lawyers very much with us on everything…You have to understand under what authorities are you conducting what operation and we work that very carefully,” he said.

No comments:

Post a Comment