Summary: Our war with ISIS is almost invisible to Americans. Only lightly reported by the press, visible mostly in the domestic terrorism it inspires. Even less visible is our cyberwar with ISIS. One of the most active fronts of the war, it is a harbinger of future conflicts. Here Emilio Iasiello briefs us on the US attacks by the lavishly-funded US Cyber Command. What are they doing? What successes? Second of two posts today.
Screenshot: you have been hacked by ISIS.
By Emilio Iasiello from CyberDB.
Reposted with his generous permission.
Mid-July 2016 reporting reveals that U.S. cyber offensives against the Islamic State of Iraq and Syria (ISIS) online recruiting and propaganda activities has not yielded the types of results that were initially anticipated. According to the news article, the debut effort of the U.S. Cyber Command (CYBERCOM) has not been effective, despite officials declining to provide any specifics as to the types of operations being conducted. What was revealed was that CYBERCOM’s commander Admiral Michael Rogers had created a unit charged with the mission of developing digital weapons to support this effort. Joint Task Force Ares, a 100-person strong unit, will not only build tools, but may engaged in other possible missions such as disrupting the terrorist group’s payment system and denying access to their current chat application of choice.
Nevertheless, despite aspirations and being the first publicly declared online military operation by any nation state, success has been fleeting. This is certainly a disappointing turn of events for a country largely believed to be the most cyber capable in the world. The recent slow progress is impeding the normalization of how cyber attacks can be used as a potential military tool. Officials hoped that the ISIS campaign would help normalize how cyber attacks can be leveraged similarly as airstrikes to support military objectives, to take cyber out of the shadows and provide a bit more transparency, according to a senior Pentagon official. As of now, there has been little anecdotal evidence showing this type of success.
Part of the problem may be that CYBERCOM, despite being an official sub-unified command for approximately seven years, is simply not ready. Admiral Rogers conceded that the first dedicated cyber troops will be operational by early fall, and expected the command to be fully operational by September 30, 2018, calling into question the capability and talent of the current staffing levels. Such speculation has been raised in a June 2016 article that highlighted CYBERCOM’s struggles with identifying, recruiting, and retaining top talent. The Command’s Cyber Mission Force will eventually have 6,200 people split into 133 teams, half of which will be assigned to protecting networks, 20 percent dedicated to combat missions, 10 percent assigned to national mission teams to protect critical infrastructure, and the remaining fifth assigned unspecified “support” functions.
Central Command’s Twitter and YouTube accounts hacked by ISIS in January 2015.
Failure to mitigate or minimize a technically-proficient non-state actor threat in cyberspace may be indicative of the difficulty trying to apply traditional military operations against an untraditional adversary. ISIS does not have organizations or set infrastructure that can be targeted by either conventional or cyber strikes; therefore for example, an attack against any current command and control (C2) infrastructure, it now employs would likely serve only a momentary pause in operations, and may serve to better inform and educate ISIS on United States targeting interests and tactics, techniques, and procedures. The 2015 drone killing of its then leading propagandist and hacker Junaid Hussain neither impacted ISIS recruiting nor its propaganda efforts.
However, what these efforts may conclude is that nation states trying to use cyber weaponry against a non-state threat not confined to or by geographic boarders may be an elusive undertaking. Complicating matters is that ISIS has proven to be an adept player in cyberspace, and while not engaging in destructive cyber attacks, has demonstrated proficiency and resiliency in using cyberspace to organize operations, recruit, and transfer money. As a group like this continues to leverage and even develop their own advanced technologies, they may enjoy the advantage of being resilient and agile in their operations for the express reason they are neither confined nor restricted by cyberspace. A military operation may target and successfully deny, degrade, disrupt, or destroy a C2 node, or an account, or a website, but will the impact enjoyed in the near term come at a cost later on?
For example, an Edward Snowden-leaked classified National Security Agency document intimated that cyber attacks conducted against Iran (e.g, the 2010 Stuxnet discovery, the 2012 Flame incident, and the 2012 wiper malware launched against Iran’s Khang Island facility, to name some of the more prominent ones) may have enabled it to improve its own capabilities by studying and replicating those tactics. If ISIS is as cyber savvy as many experts have asserted, then it is logical to assume that these activities enable ISIS to garner valuable insight from every successful tactical mission that CYBERCOM conducts, study them, and provide them opportunity to learn from them and even replicate them in the future.
The Commander of CYBERCOM testified before Congress that ISIS “remains the most adaptive target I’ve ever worked in 35 years as an intelligence professional.” This is testament that in cyberspace, smaller more technically-capable groups can make noticeable impacts against larger adversaries, particularly given the fact that both technical and informational fighting in cyberspace is relatively a new endeavor for everyone involved.
About the Author
Emilio Iasiello has more than 12 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as a private sector companies. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in peer-reviewed journals.
For More Information
See the activity in three months of the cyberwar between the West and ISIS, described in the July – September 2015 report of the International Institute for Counter-Terrorism (ICT). Both sides are busy, fighting both visible and covert.
- Cyberwar: a Whole New Quagmire. Part 1: The Pentagon Cyberstrategy — by Marcus Ranum.
- Is the best defense a strong offense in cybersecurity? — by Emilio Iasiello.
- The US & Russia: Cyber-cooperation against common foes — by Emilio Iasiello.
- How would Sun Tzu defend computer systems? Poorly. A new era needs new thinking. — by Steve Tornio and Brian Martin.
- Advice from Sun Tzu and John Boyd on winning at cyberwar — By Chet Richards.