Cyber Cold War and the need for an Offensive Cyber Special Forces Group

I was speaking to a veteran the other day that has about 20 years of service and has been in more countries than I can remember. As we talked about the war in Afghanistan, possible future war with Iran and other current military affairs, he told me, “Things are changing. They are after military websites, online accounts and even Facebook pages of active duty troops. It is a Cyber Cold War now.”

International websites are under siege by everyone from political hacktivists to cyber-crime organizations, to Nation State backed hackers. But what is the real threat?

  • Political Hacktivists – The current Anonymous leak of the intercepted FBI call concerning Anonymous told me everything I needed to know about how serious a threat political hacktivism is taken. During the call, FBI agents and British agents joke around and laugh up to the point where a senior agent joins the conference call. Then it was all business. Denial of service threats and the releasing of credit card info is a nuisance, but not really a threat, especially when compared to the other heavy crime that the FBI is used to dealing with.
  • Cyber Crime – This is a lot more serious than political hacktivism. International cyber-crime is booming, and recently more money was stolen through cyber-crime than was made in the illicit drug trade. But this really is an extension of organized crime and not cyber war.
  • Nation State Hackers – This is where the threat really lies. From the release of counterfeit network equipment that could be backdoored to industrial sabotage to military based espionage. This is where our military level cyber forces should be focused.

In essence we are in a Cyber Cold War. Nation State hackers are very active in attacking and compromising military, government and defense contractor sites. Terrorists are using social media sites to recruit, train and spread their poison.  It is very representative of the espionage, politics and spread of communism during the Cold War.

Is our current military cyber force capable of dealing with this threat? I think when our cyber command was created, it had in mind the threats they were facing and had the desire to be both offensive and defensive. Blocking the threats and counter-attacking in the cyber realm. But before cyber command even got off the ground, it was hamstrung by the legal and political ramifications of offensive operations.

What then is needed?

We need a Cyber Special Forces group.

After the failed Bay of Pigs invasion, President John F. Kennedy realized that the US was facing a new battle with the spread of communism. He made it a priority to get Special Forces groups created and active to face this threat.

Troops were selected that were intelligent, capable and willing to learn. They were put through intense training that allowed them to move undetected in enemy territory and engage the enemy on their own terms.

As Special Forces groups evolved, their peacetime missions became two fold. They were sent into countries to train allied or somewhat friendly forces, but at the same time to gather intelligence about countries that at some point in the future may not be allied with US intentions.

Right now, our Cyber Command seems more defensive oriented. Instead of just monitoring and detecting threats, a capable offensive unit is needed. One that can not only counter-hack, assess potential targets, train friendly nations, and stop electronic threats. But also be able to put boots on the ground and physically shut down terror cells and any other physical threats that arise from intelligence gained.

12 thoughts on “Cyber Cold War and the need for an Offensive Cyber Special Forces Group”

  1. Hoi!

    I appreciate the discussion on this topic, as it is very difficult to find someone who deals with issues such as strategy and cyber warfare from this angle.

    Therefore, with all due respect, I think it is the other way around. There should be a much higher investment in cyber security, especially of critical information infrastructure. Policies, IT personell, trained staff, equipment, software – all this is needed to make the infrastructure more secure. And is needed badly especially in very vulnerable countries (wired countries) such as the United States is. Clarke and Knake in their 2010 publication pointed out that the US is not only the most vulnerable nation-state but also one with the lowest defense capabilities (comparison among Iran, China, Russia, France and the US). Whereas, the offensive capabilities were quiet good.

    Of course, I do not say that Red Teams are not necessary or that there should not be a development of more offensive cyber warfare capabilities, however, the focus should be on strengthening the defense.

    The old saying, ‘the best defense is a good offense’ does not hold true in cyber warfare.

    1. Very good points z_edian, but I think we already have some capability to have a very strong defense. The problem on defense as I see it is two fold:

      1. We are very lax against security threats. Just look at the recent hacking of SCADA systems at the utility companies. Even after YEARS of warnings, critical SCADA systems are still wide open.

      2. Advanced threats bypass defense in depth anyways. Look at the major technology companies that have layers of firewalls, intrusion detection systems, ACLs, and a highly trained security team. Though they had all of this in place, they were compromised anyways.

      The US has a very high level of electronic warfare skill, and has for decades. In war time, I can not think of another country that has better capabilities.

      The problem is that we are facing an evolving battlefield, like we were during the cold war, and we need to create an offensive force, or allow our current cyberwarriors to act offensively even when we are not “officially” at war, just as our conventional special forces do.

  2. I’ll have to take issue, respectfully, with your assertion that this doesn’t already exist. The existence of covert and clandestine offensive “cyberwar” by the West (and the US in particular) is just about the worst kept secret in intelligence since Israel got nuclear weapons.

    1. I agree Kyle. We absolutely have the capabilities. When “Cyber Command” was created, it was supposed to be an offensive and defensive entity. Shackles have been placed on our troops, not by inability, but by policy. A hold was placed on offensive operations until a lot of red tape legal-eze could be unraveled.

      This doesn’t mean certain government agencies aren’t active in doing offensive operations now. The CIA has always done it’s own thing. I am pretty sure the US worked with Israel on Stuxnet. 🙂

      1. That’s definitely the canonical example, though of course not the only one. My suspicion is that, over the next 12-18 months, we’ll see a number of other operations come into public view that will not be publicly acknowledged by the US, to no particular avail other than to avoid diplomatic repercussions…

      2. You could very well be right about the disclosures. I totally agree with you, and can’t understand why all of a sudden the Electronic Warfare tactics that we have been using for decades are now a political no-no just because we have added terms like “Cyber Space” and “Cyber War” to it.

  3. Well, I think we do not have to discuss the SCADA issue. It’s frightening and has always been. And it’s not like the Iranian system which has not even been receiving security updates from Siemens since the sanctions started.

    Well, I understand that the shift from being re-active to being pro-active is almost impossible in cyber security terms due to the wide range of possible loop holes. However, I think that too many things that should be in the dark are wired and that convenience is often preferred to security – which makes the need for cyber security more obvious.

    I also do not disagree with the EW capabilities of the US. But cyber warfare capabilities do no equal EW capabilities.

    I agree with your last point. cyber warfare conducted currently, such as planting logic bombs is part of espionage/ exploitation. There should be less restrictions in doing so, cause the enemies do not limit themselves either.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.