Cyber War and America’s Response

TYW27

TYW27

Verified Military
Joined
Jan 15, 2013
Messages
128
Location
East Tennessee
I wanted to see what your professional thoughts are on state-sponsored hacks and talk a little about what our response as a Nation should be. I’m growing increasingly concerned with state-sponsored attackers and the damage they are doing to this Nation.

I first became aware of how much damage stat-sponsored hackers can do when China attacked OPM The OPM hack explained: Bad security practices meet China's Captain America

Then Equifax Chinese Government Hackers Charged With Massive Equifax Hack

The Marriot Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing (Published 2018)

And Anthem Member of Sophisticated China-Based Hacking Group Indicted for Series of Computer Intrusions, Including 2015 Data Breach of Health Insurer Anthem Inc. Affecting Over 78 Million People

The scary thing is realizing that China is building a data base of government and military personnel with details from an SF-86 form and correlated through credit and travel agencies.


Lately the US Government has been scrambling to control the fallout with the alleged Russian attack on SolarWinds with specific targets in the National Treasury, Pentagon, and Department of Energy among others. What We Know About Russia's Alleged Hack Of The U.S. Government And Tech Companies

My question is, when does a cyberattack warrant military action? Or should it? So far we are being reactive (it seems) making movement to contact without any real ability to pro-actively locate and destroy these attackers in the cyber realm.
 
TYW27 said:
The scary thing is realizing that China is building a data base of government and military personnel with details from an SF-86 form and correlated through credit and travel agencies.
Click to expand...
Bud, that's been going on for a VERY long time. A very, very long time. You can look at the instances of espionage that you're trained on that have been discovered (and consider which ones HAVEN'T been). \

TYW27 said:
My question is, when does a cyberattack warrant military action? Or should it? So far we are being reactive (it seems) making movement to contact without any real ability to pro-actively locate and destroy these attackers in the cyber realm.
Click to expand...
It already does, and has; the problem that most people have is separation of kinetic and non-kinetic response. As we (and the world) drive more and more into full digitalization and informationalization, actions which attack or use information as the weapon become more common, more effective, and more useful overall. Even China speaks on these types of things in some of their documentation when talking about the Informationalization of War. Now, you have to be able to read/understand it in Mandarin... but the white papers are not difficult to find on the clear web.
 
frostyred said:
Bud, that's been going on for a VERY long time. A very, very long time. You can look at the instances of espionage that you're trained on that have been discovered (and consider which ones HAVEN'T been). \
Click to expand...

Absolutely I agree with you that China has been doing this (and I’m sure Russia as well) for a long time. However, the OPM breach was pretty significant in my opinion. If they already had all the information they needed on us why continue to gather more?

Then you have the Russian hack with SolarWinds and the different agencies who were impacted- which we still don’t know how bad this is. I think there is a very big difference between stealing information for reconnaissance purposes and an outright digital attack. In my opinion I believe the SolarWinds attack could be considered an open attack against us in the Cyber realm.

My question is: What should our response be?
 
AWP said:
Let's say the US runs a cyber op that is successful...does anyone think we'll announce our success? Sooner or later someone will talk, but our failures are publicized, do we think China and Russia have the same openness as the US?
Click to expand...

Hopefully we wouldn’t announce it to avoid retaliation, but I seem to remember that we did just that when we killed UBL with a top secret Tier I unit.

Our own media would out us as it has in the past.
 
AWP said:
Let's say the US runs a cyber op that is successful...does anyone think we'll announce our success? Sooner or later someone will talk, but our failures are publicized, do we think China and Russia have the same openness as the US?
Click to expand...
At some point, perhaps. It depends on the narrative structure and how we intend to use the story. Whether that becomes an avenue to destroy adversary credibility, loosen belief and morale for the military and its constituent personnel in their command structure... or to cause an inflammatory response, in order to goad the first strike, therefore justifying a swift and decisive response.

TYW27 said:
My question is: What should our response be?
Click to expand...
Wholly depends on who's steering the ship, and what the adversary has done recently.

The bigger picture is less that we are shooting little cyber payload bullets at each other, and more than we're literally waging information warfare. Adversaries are stealing data and pushing narratives less to eliminate, and more to subjugate. And that's really how wars are won, sans, ya know, dropping a literal nuke onto small Japanese regions.

If the right people are in charge, our response will be one that probably undermines the belief in whatever capability we degraded, on the red side.
 
AWP said:
Let's say the US runs a cyber op that is successful...does anyone think we'll announce our success? Sooner or later someone will talk, but our failures are publicized, do we think China and Russia have the same openness as the US?
Click to expand...
One publicly announced successful cyber op was operation Glowing Symphony with Joint Task Force ARES.

A great podcast called Darknet Diaries did an interview with one of the Os in charge of the op.

Article

Podcast
 
Response to any Level 4 or Level 5 cyber attack should be full-spectrum retaliation. Whatever you have that still functions, pull the chain.
 
Last edited:
Kheenbish said:
One publicly announced successful cyber op was operation Glowing Symphony with Joint Task Force ARES.

A great podcast called Darknet Diaries did an interview with one of the Os in charge of the op.

Article

Podcast
Click to expand...

That makes sense that it was made public since it was a terrorist group (ISIS) and not a near-peer adversary like China or Russia.

I would imagine we could kick off WWIII if it was public that we hacked Russia the way they hit us with SUNBURST.
 
TYW27 said:
That makes sense that it was made public since it was a terrorist group (ISIS) and not a near-peer adversary like China or Russia.

I would imagine we could kick off WWIII if it was public that we hacked Russia the way they hit us with SUNBURST.
Click to expand...
True, but the the reported cyber attack by CYBERCOM against Iranian shipping lanes and the ability to track maritime ships was made public in 2019.

Article

It seems some of these attacks are made public, but not picked up by mainstream media or the general public still hasn't come to full terms with the reality of cyber warfare.
 
Teufel said:
There is a big difference between a cyber intrusion and a cyber attack. One is espionage and the other is warfare. It can be difficult sometimes to define the two with widely accepted terms unfortunately.
Click to expand...

Has there ever been a large-scale Title 50 “war”?
 
Teufel said:
There is a big difference between a cyber intrusion and a cyber attack. One is espionage and the other is warfare. It can be difficult sometimes to define the two with widely accepted terms unfortunately.
Click to expand...
Could you say that's by design? Seems that gives one an out when determining the response. The cyber side worries me like nothing else. It's far scarier than anything kinetic in my opinion.
 
GOTWA said:
Could you say that's by design? Seems that gives one an out when determining the response. The cyber side worries me like nothing else. It's far scarier than anything kinetic in my opinion.
Click to expand...
I mean, it shouldn't. We have to take the same mentality as big companies such as Microsoft and assume that either networks have already been compromised (which, in most of these instances, is true) and mitigate what we can. Informationalized warfare is a bitch because it's got so, so many more vectors of attack.
 
GOTWA said:
Could you say that's by design? Seems that gives one an out when determining the response. The cyber side worries me like nothing else. It's far scarier than anything kinetic in my opinion.
Click to expand...
Think of it this way. How would you define an operation to steal some classified files on some emerging technology? There are a number of ways you can do this but I think we would all call this an intelligence operation. You an bribe someone to give you the files, sneak into the office, spy on the office with a telephoto lens, and etc. It's all espionage. What's the difference between that and a cyber intrusion? Conceptually nothing. The objective is not the problem here but the scale. These hackers aren't just stealing one file, they are stealing thousands of files with one fell swoop. This is what makes it hard to define. You can't call something an attack if the intruder didn't actually attack anything.
 
I think the international community defines a cyber attack as an action in cyberspace that destroys or manipulates something. This can be physical destruction, like when Stuxnet destroyed a centrifuge in an Iranian nuclear facility, or cyber destruction like when the US deleted a Hezbollah database after they took over a British tanker. Denying someone service, like what Russia did to Estonia a few years back, also qualifies. I think that we need to define a third category. Hacking into a military target like the Pentagon is one thing but hacking into our critical infrastructure is another. Where do you put the red lines? What do you do when someone crosses them? Do you respond in kind or with a kinetic attack? No one has good answers to these questions.
 

Similar threads

R.Caerbannog
Economic shifts in Central America and China
2
Replies
27
Views
1K
R.Caerbannog
R.Caerbannog
RackMaster
Army launches direct commissioning program for civilian cybersecurity experts
2 3
Replies
44
Views
8K
Teufel
Teufel
Mister_Geek
  • Locked
Cyber Warfare, he cool guys behind the screens
Replies
3
Views
2K
racing_kitty
racing_kitty
DA SWO
The Siege of Jadotville
Replies
5
Views
2K
RackMaster
RackMaster
dmcgill
Australia's Response to the Islamic State Threat
Replies
10
Views
5K
dmcgill
dmcgill
Back
Top