Offensive Cyber Operations Are

[Tisha]

Cyber-warfare is often discussed, but rarely truly seen. When does an intrusion turn into an attack, and what does that entail? How do nations fold offensive cyber operations into their strategies? Operations against networks mostly occur to collect intelligence, in peacetime. Understanding the lifecycle and complexity of targeting adversary networks is key to doing so effectively in conflict.

Not all offensive operations are created equal. Some are slow-paced, clandestine infiltrations requiring discipline and patience for a big payoff; others are short-lived attacks meant to create temporary tactical disruptions. This book first seeks to understand the possibilities, before turning to look at some of the most prolific actors: the United States, Russia, China and Iran. Each have their own unique take, advantages and challenges when attacking networks for effect.

Organized criminal groups across the globe have focused on highly profitable cyber exploits as a new line of business. According to the Verizon 2022 Data Breach Investigations Report, the 13% growth in ransomware this year is as large an increase as the last five years combined. Targeted organizations in 2022 included school districts, universities, hospitals and utilities.

The worldwide targeting of critical infrastructure and essential services represents a growing threat to economic stability and national security. The DarkSide group, a Russian-based criminal enterprise, is responsible for the 2021 Colonial Pipeline Company ransomware attack and extorted over $90 million in just a nine-month period from victims worldwide. According to a January 26 press release by the U.S. Department of Justice, the Hive ransomware group, also likely based in Russia, extorted over $100 million in ransoms in the past 18 months. These events in part appear to be the drivers for the March 2023 U.S. National Cybersecurity Strategy.

These ransomware events forced society to realize just how fragile infrastructure systems are to this type of attack. I contend that the worldwide growth of targeted cyber attacks and the disruption of essential services represent a real and growing national and international security threat.

The Colonial Pipeline attack may serve as the wake-up call for a global war on cyber crime. What is required is an offensive war on cyber crime like those campaigns against the global drug trade and terrorism. Nations with cyber forces will need to effectively coordinate active offensive measures to deny criminal groups access to computing resources.

It was only after DarkSide attacked a high-visibility target that their computer infrastructures were seized by authorities. Many nations have well-established cyber warfare elements that are quite capable of executing offensive cyber operations. Most of these international federal resources are exclusively focused on national security objectives. Collectively, these nations could apply the full range of their offensive cyber capabilities against criminal elements, just as has been done to thwart the drug trade and global terrorism. The growing threat to critical infrastructure sectors poses an international security threat, especially as essential services are targeted.

An approach that radically changes the cost/benefit model of cyber crime against organized criminal groups is needed. Outlined are a few recent examples of how effective offensive strategies can complement the collective approach to protecting systems, data and users.

Over a four-year period from 2018 through 2022, two law enforcement operations yielded hundreds of arrests globally and the seizure of millions in illicit cash, demonstrating a new era for cyber operations.

An approach that includes offensive operations is precisely what is needed to combat the growth of cyber crime. The United States must change the risk vs. gain calculus so the risks of cyber-crime activity are so great that any potential gain offers no attraction. This will require international coordination, as effectively demonstrated by the three operations highlighted. It will require nations to share cyber intelligence data, collectively identify criminal targets and eliminate all safe havens for these groups.

The community of users and like-minded nations need a more aggressive approach to combat cyber crime effectively. The United States and other nations must realize that the traditional education and defense approach is no longer enough. The full spectrum of cyber operations is needed to win this war on cyber crime. Equally strong offensive and defensive components are required to advance cybersecurity operations to safeguard national security and economic stability worldwide.

The new U.S. National Cybersecurity Strategy is an excellent step toward addressing the national security threat. It will take many years and extensive coordination and cooperation to fully implement the strategy. Bringing to bear the full weight and capability of the nation can and will begin to change the direction of the growing threat.

Over the last year, the cyber security community has encountered new challenges and worked to adapt and respond in innovative ways. Ransomware is no longer considered just criminal activity, but a threat to national defense and infrastructure; deterrence is conducted across multiple domains simultaneously; and the value of cyber defense partnerships across nations is reasserted again and again.

CYBERCOM Commander U.S. Army Gen. Paul M. Nakasone recently highlighted the work both CYBERCOM and the National Security Agency (NSA) have performed against foreign ransomware actors, including conducting successful offensive cyber operations that disrupted their malicious activity. CYBERCOM focuses on the away game, executing operations in foreign spaces against foreign actors.

As General Nakasone said this year, partnerships are the lifeblood that makes us so different than our adversaries. The Command has benefited from a historic partnership with the Five Eyes, but there are other partnerships with likeminded nations that we will continue to work.

The idea was a key part of the Ph.D. work he was then undertaking at King's College London and has now been explained in his book Offensive Cyber Operations, published by Hurst last May. Despite having been completed and sent to the printers well before the start of the Russian invasion of Ukraine in February 2022, the book's arguments about the role of cyber during warfare have been corroborated by much of what we have seen since.

The IDF offered Danny more than just the military knowledge and credentials that have informed his book, he said. You are responsible for things that usually junior people just entering the industry would not be a part of. The significance of your work, as in the consequence of success and failure, are very different. The stakes are much higher. And the possibilities for leadership, both people leadership and subject-matter leadership, come at you so quick. A year into it you're not the junior anymore, so you're 19-years-old and you're like the expert at something, which is wild, right?

The issue for Danny, as someone who had spent years in the field as a practitioner, was how the initial migration into academic cybersecurity of international relations scholars and strategists had shaped the discussion.

In his day job, Moore is a senior security expert at Meta, which after our interview published a handful of reports, including on the growing challenge posed by spyware and covert information operations on a global scale.

Moore took our trays away and we went a short walk around the West End in the drizzle, stopping at WatchHouse for a coffee; a double espresso for him and a flat white for me. We both agreed that the coffee is excellent. I ask him, half-joking, whether the good guys are winning.

Defensively, I think we are in a very bad place, especially the United States, but not exclusively. I think that very American design, to connect everything to everything, creates a massive vulnerability surface for any future campaign, one that our adversaries are very much aware of. And that is potentially exploitable in weirdly creative ways.

The Department of Defense designated cyberspace as its newest warfighting domain in 2011. Immediately thereafter, an academic debate over the practicality and nature of cyberspace warfare ensued, with many experts including cyber scholar, Marin Libicki, Chief Technology Officer at Human Rights First, Welton Chang, and author, Sarah Granger weighing in.[1] Academic objections to the acceptance of cyberspace as a warfighting domain did little to detract from the development and maturation of United States (US) Cyber Command. Nonetheless, misunderstandings continue to appear in academic articles about the nature of offensive cyber operations (OCO), in part because many aspects of OCO are secret due to operational requirements. As senior military leaders lobby for resources and policy makers struggle to fit OCO into the spectrum of international competition, both groups display an unintentional bias toward treating cyberspace as exempt from doctrine that applies to the physical warfighting domains. Misunderstandings of OCO and its effects are clouding the environment for decision makers. This article is intended to increase clarity for decision makers by debunking common myths about OCO.

The first criterion, that cyber operators know the exact make and model of the target phone through technical intelligence sources, is plausible. However, simple operational security (OPSEC) practices (such as using multiple phones) increase the required weight of effort. A knowledgeable and well-trained adversary could replace a phone frequently to avoid being tracked. This technique is well-known to criminals, as portrayed in the television show The Wire.

If, somehow, all of these criteria were met, the effect is likely to be underwhelming. Although an exploding battery could cause burns or start a fire, the irony is that more people have died from swallowing coin-sized batteries than from exploding ones.[8] Since all commercially-available mobile devices face regulatory pressure to mitigate possible damages from battery failure, even the prospect of such a defect could rapidly drive a product off the market.

c80f0f1006