SAN DIEGO, Calif. – The US military recognizes cyber as a war fighting domain in the same league as ground and air war now, but its unique nature can be a bit hard to comprehend.
Fortunately, Coast Guard Vice Adm. Marshall Lytle gave the perfect analogy that demonstrates how unique, and difficult it can be, for the US military to operate in the cyber realm.
“Cyberwarfare is like a soccer game with all the fans on the field with you and no one is wearing uniforms,” Lytle, who serves as the Chief Information Officer of the Joint Staff, said during a panel discussion on information warfare at the AFCEA West 2017 conference on Wednesday.
Lytle’s remark highlights the “wild west” nature of the cyberwarfare, where the US, Russia, China, and many other non-state actors routinely hack into each others’ networks, steal critical information, and deceive or propagandize for their side.
Cyber soldiers are now an integral part of military strategy, but unlike pilots who can see targets of their bombs and can see their effects, or infantrymen who wear uniforms and fight along much clearer lines, cyber warfare is much messier.
As Lytle explained, cyberwarfare doesn’t have clear battle lines. It’s not like football, he said, where there’s an offensive line and a defensive line, and you’re going up against the opposition that’s composed in a similar fashion.
Instead, the Pentagon’s hackers don’t always know who they’re up against, since technology exists to obfuscate online identities. There is also a noticeable lack in defined rules of engagement for militaries operating online, such as the law of war that keeps most militaries from committing war crimes.
“The rules don’t fit. When you think of traditional areas of hostility,” said Marine Brig. Gen. Dennis Crall, the CIO for the Department of the Navy. “It doesn’t really fit in the world of cyber.”
As US military leaders warn of the growing progress of Russia, China, and North Korea in cyberspace, the Pentagon has ramped up its own efforts in what it calls the “cyber domain” after the release of a new cyber strategy in April 2015.
The cyber strategy stood up 133 teams comprising some 4,300 personnel for its “cyber mission force,” 27 of which were directed to support combat missions by “generating integrated cyberspace effects in support of … operations.”
They are up against China’s own “specialized military network warfare forces,” North Korea’s secretive Bureau 121 hacker unit, other nation-states, hacktivists like Anonymous, and criminal enterprises alike.
They have been further tasked with breaking into the networks of adversaries like ISIS, disrupting communications channels, stopping improvised explosive devices from being triggered through cellphones, or even, as one Marine general put it, just “trying to get inside the enemy’s [head].”
But, as Lytle noted, lawmakers have so far not offered clearly-defined policies and processes for how the military operates in cyberspace. There have been some attempts, such as the Army’s cyberwarfare “bible” and a top secret presidential policy directive requiring approval for hacks that could potentially result in loss of life, such as the 2009 Stuxnet attack against Iranian nuclear sites.
“There are no internationally agreed upon peacetime norms on cyberspace that keep a tamp on an arms race,” Navy Vice Adm. Michael Gilday said at the conference on Tuesday. “There is no significant deterrent to malicious activity in cyberspace.”