Since its creation in 2009, US Cyber Command has focused its
efforts mostly on sophisticated cyber-actors on the world stage,
states like Iran, Russia, and North Korea. It acts mostly in the new
realm of cyber-conflict, in which states can take digital shots at
one another without getting too worried about starting a real
shooting war. But now, the American war on ISIS is blurring the
lines between digital and kinetic conflict, opening a new
cyber-front in the physical world: For the first time in its short
history, the US military’s Cyber Command will now run its own
aggressive operations as part of the War on Terror, and even augment
regular, lethal military strikes with cyber capabilities.
The announcement came as President Obama prepared to discuss the
war on ISIS in Hanover, Germany earlier this week, where he met with
world leaders and laid out this new cyber initiative,
among others. Deputy Secretary of Defense Robert O. Work has the
key quote encapsulating the effort: “We are dropping cyberbombs…
We have never done that before.”
Indeed,
until now the cyber war on ISIS has been mostly confined to
disruption of communications. While ISIS has always been vulnerable
to attack online, if only thanks to the youth and modernity of its
members, messing with their Twitter accounts simply cannot do the
job on its own. If it could, Anonymous would be the most beloved
group in the world by now. What we’re talking about here is
functionally very different; from diverting ISIS’ troop payment
transfers to sending its fighters fake military coordinates, this is
cyber as a technical use of military force.
According to Brigham Young professor of law
Eric Jensen, there have been basically three major, publicly
known cyber-attacks that probably constitute a use of force under
international law:
Stuxnet, a
devastating 2012 attack on the Saudi Aramco oil company, and
a recent, rather terrifying attack on Swedish air traffic
control. It is possible that this particular cyber-campaign won’t
affect that total number of attacks, since ISIS is not a legitimate
state. Still, if “cyberbombs” do prove useful against ISIS, we can
expect the strategy to continue against real states, as the
US rolls out these capabilities to complement attacks in other
theaters.
For instance, we don’t currently know if the US attack on Osama
Bin Laden’s compound in Pakistan had a cyber component, perhaps
taking down the local aircraft tracking systems. If the US launches
a similar mission in a few years’ time, the use of cyber weapons to
complement real ones will likely be totally routine. Cyber-attacking
national infrastructure to support attacks with lethal consequences
could change the severity of an otherwise isolated incident, a
serious concern with nations already threatening to take cyber
incursions as provocative acts of war.
Now, you might wonder what good a “cyberbomb” could do in this
case — used against a reasonably modern nation like Iran, sure, but
a band of medieval thugs like ISIS? At this point, though, it’s
almost impossible to insulate yourself from the effectiveness of
cyber war. Al-Qaeda chose to train and sometimes live in literal
caves, and yet they still had to use potentially hackable,
jammable technology to communicate and coordinate, especially if
they were under active attack at the time. Not even the parallel
universe of ISIS territory can keep out the modern world to the
extent that cyber war becomes ineffective.
ISIS is trying to run a literal war, as opposed to Al-Qaeda’s
figurative one, and that means they must hold territory, collect
taxes, buy or manufacture supplies, provide (meager) services, and
more. There are more than enough points of attack for any cyber
warfare outfit, and many of those weaknesses could be debilitating
if hit hard enough.
This photo of a Syrian military base was taken by an ISIS drone,
showing some of the groups technical sophistication.
We’ve already seen
the effectiveness of blowing up their physical cash shipments
with bombs, and now, Cyber Command is messing with their books. ISIS
commanders have reportedly become aware that sophisticated hacking
is altering their records — we don’t know the details, but this
presumably means that the Western attackers are changing
the books, rather than deleting them, which would make financial
organization all but impossible. Fighters are reportedly deserting
the terrorist organization due to low pay, so we should expect some
good returns if Cyber Command can make it impossible to get the
right amount of pay to the right people, on a regular basis.
Cyber Command will also basically weaponize forum trolling.
They’ve already infiltrated some of ISIS’ communications networks
with fake identities, hiding or posing as real commanders so they
could learn the group’s habits. Now, they hope to exploit this
access to distribute false information — like, change the
coordinates of a meeting so terrorist leaders drive into a nice open
area within easy striking distance of a nearby American drone. At
the least, Cyber Command could introduce an element of doubt into
every order, or bog ISIS down with unwieldy authentication routines.
The options are virtually endless. They could help shut down a
bank to keep it from offloading data right before a missile strike.
They could turn off some vital cooling system in a facility so it
destroys itself and becomes useless. They could make easy pickings
of an ISIS officer by
hacking his newer-model car and driving it into a wall. The
future of war is going to be very different than the past — and
today, the US took a big step toward making that future a reality.
Copyright 1996-2016 Ziff Davis, LLC.PCMag Digital Group All
Rights Reserved.