The virtual battle. by Mark Smith. Special to INSCOM 4 INSCOM JOURNAL

Transcription

1 The virtual battle by Mark Smith Special to INSCOM 4 INSCOM JOURNAL

2 For many, the term cyberspace conjures up images of science fiction, the stuff of novels and movies. In fact, in 1994 this was the term science fiction author William Gibson used to describe his vision of a global computer network, a network that linked all people, machines and sources of information around the globe and through which individuals would navigate through a virtual space. Over the past two decades, cyberspace has expanded at an exponential rate to become a ubiquitous feature of our daily lives, both professional and personal. Whether file sharing with a colleague in the next cubicle or Soldiers halfway around the world from banking, shopping or traveling to social networking, movies, and music cyberspace brings the world to our fingertips at the speed of light. At work or play, no matter where we might find ourselves, we are seemingly never disconnected from the virtual global grid that Gibson imagined more than 15 years ago. Army photo Defense Department systems are probed by unauthorized users more than six million times a day, potentially jeopardizing the safety of our Soldiers. The Fifth Domain While the technological revolution that produced this virtually wired-world has delivered unparalleled advantage to every aspect of military operations from smart bombs to smart phones it also produced new vulnerabilities that cunning adversaries continuously seek to exploit. Defense Department systems are probed by unauthorized users approximately 250,000 times an hour, over six million times a day, said Gen. Keith B. Alexander, the commander of U.S. Cyber Command, during a presentation to the Center for Strategic and International Studies in June. In the face of this onslaught, network security, protecting critical data and responding to cyber attacks pose complex challenges that reach into uncharted territory for public policy, national security and decision-makers at nearly every echelon. The cyber threats we face today involve a diverse spectrum of sophisticated perpetrators with various motivations, employing an array of tactics, pursuing an assortment of objectives. In broad terms, these perpetrators are comprised of individuals, criminal and terrorist groups, as well as nation-states whose motivations include, but are not limited to, profit, ideology or the search for competitive advantage. Each employs a full range of tactics that exploit network, system, supply chain and human vulnerabilities. In short, we face a complex cast of malicious actors and adversaries that exploit the shared and integrated, public and private cyberspace domain that is today s global commons. Cyberspace threats are generally categorized into four primary types: cybercrime, hackers, espionage, and cyber warfare. Cybercrime: Individuals or groups focused on profiting by theft through diversion of assets, money laun- INSCOM JOURNAL 5

3 photo by Sgt. Shawn Cassatt INSCOM s cyber brigade will bring added capacities to current capabilities, comprised of cyber warriors working from fixed, remote, and expeditionary locations around the world. dering, identity theft, wire fraud, etc. Hacking: Ideologically motivated individuals, sometimes referred to as hacktivists, that seek to interfere with government or corporate operations or expose information in the name of their respective cause. Cyber espionage: Exfiltration of data by foreign governments or corporatesponsored entities to obtain protected or sensitive information about another government or a business competitor. For example, pilfering intellectual property, national security 6 information, or trade secrets. Cyber warfare: State and non-state actors that seek to disrupt diplomatic, military or economic functions of another government. For example, the denial of service attacks on Estonia in 2007 or Georgia in Cyberspace Ops Recognizing the importance of this new reality, the Secretary of Defense ordered the establishment of U.S. Cyber Command with the mission to operate and defend the dot-mil domain, and integrate Defense Department cyberspace operations. In June 2009, the Army announced the formation of Army Cyber Command to serve as the Army service component of U.S. Cyber Command. ARCYBER is comprised of the Network Enterprise Technology Command, 9th Army Signal Command and elements of the 1st Information Operations Command (Land). The U.S. Army Intelligence and Security Command is under the operational control of ARCYBER for cyberspace operations and is also tasked INSCOM JOURNAL to provide multidisciplined intelligence support. As for ARCYBER, the new command is responsible for operating and defending all Army networks. When it comes to cyberspace operations, the maxim that the best defense is a good offense, has never been more true. Strong defenses are not enough, however, as offense almost always beats defense on the internet, said Scott Charney, vice president for trustworthy computing for Microsoft Corporate. So although stronger

4 defenses might deter some who will seek easier targets persistent, well-funded and motivated adversaries are not readily deterred by defenses, especially because defenses have proven insufficient in so many cases. While a great defense may provide the 80-percent solution, it is not enough and INSCOM is at the forefront of building the offense needed to close the gap. expeditionary locations around the world. Whether forward deployed in areas of conflict or operating from sanctuary, these cyber professionals will design, plan, collect, analyze, exploit and conduct full-spectrum cyberspace operations, as well as support and enable, proactive defensive cyber operations. The four primary roles for Army cyber warriors are planners, analysts, operators and engineers. Getting offensive levied in May That is, to establish a cyber brigade, capable of providing the Army with a dedicated capability to conduct computer network exploitation and computer network attack. INSCOM s cyber brigade will bring added capacities to our current capabilities, comprised of cyber warriors both military and Civilian, active and reserve component working from fixed, remote, and In July 2008, the Army Network Warfare Battalion was provisionally established by realigning existing 704th MI Brigade resources. Simultaneously, INSCOM forged ahead on a concerted planning effort to further develop its cyberspace capabilities. Just nine months later, the command successfully secured approximately 800 new military and Civilian authorizations to expand the Army Network Warfare Battalion capabilities over the Fiscal Year timeframe. This early initiative postured INSCOM to respond rapidly to its most recent task ARCYBER Soldiers must track cyberspace threats, which are generally categorized into four primary types: cybercrime, hackers, espionage, and cyber warfare. Enablers As is the case with all military planning and operations, multidisciplined intelligence planning, collection, analysis, fusion, and data sharing remain critical enablers. Cyberspace operations are no exception. While success in cyberspace is heavily dependent upon the cryptologic enterprise and skill sets, it nonetheless requires the full weight of multi-disciplined intelligence be brought photo by Gregory Ripps INSCOM JOURNAL 7

5 to bear to ensure the Army and Joint forces can maintain freedom of action in cyberspace while denying our adversaries the same. All-source analysis, technical and human intelligence are critical to understanding the current and future capabilities of our adversaries and INSCOM is actively engaged with the intelligence community in assessing the capa- bilities and actions, while at the same time, assisting community efforts to forge a multidisciplined intelligence support framework for the Defense Intelligence Enterprise. INSCOM elements have established a support relationship with ARCYBER and will continue to evolve its support as the conduit for the Army Cyber Operations Integra- tion Center to leverage Defense-wide intelligence and IC support. Similarly, INSCOM brigades around the world are engaged with the combatant commands and Army service component commands providing multidisciplined collection, analysis, planning, and exercise support. Counterintelligence is a growing endeavor in support of cyberspace operations as we seek to improve our network defenses, and protect vital information while guarding against insider threats. INSCOM continues to refine its cyber CI capabilities and current plans call for a counterintelligence cyber company to be established as a key enabler for cyberspace operations. In conclusion Army photo INSCOM is actively engaged with the intelligence community in assessing the capabilities and actions, while at the same time, assisting community efforts to forge a multi-disciplined intelligence support framework for the Defense Intelligence Enterprise. 8 INSCOM JOURNAL

6 At current course and speed, industry and commercial markets will continue to rapidly drive the convergence of traditional telecommunications and internet-based networks. This globallyinterconnected world of digital information and telecommunications infrastructure that underpins every aspect of the modern world s interactions economy, trade, research, development, transportation, manufacturing, industry and commerce including warfare, makes cyberspace planning and operations an indispensable pillar of U.S. national security and military strategy. This new reality makes it imperative that INSCOM aggressively recruit, train, develop, equip and operationally invest in the force required to meet current and future Army, joint and national needs for cyberspace warriors. Much has been done, but much more remains to be done. As we proceed forward, we must be mindful of the impacts to the current force structure, capabilities and capacities needed to support the warf- photo by Gregory Ripps INSCOM brigades around the world are engaged with the combatant commands and Army service component commands providing multi-disciplined collection, analysis, planning, and exercise support. ight in Afghanistan and Iraq, as well as on-going operations around the globe. Prior to the Second World War, the Army s Gen. Billy Mitchell appealed for strategic foresight that still resonates today. Nations nearly always go into an armed contest with the equipment and methods of a former war, he said. Victory always comes to that country which has made a proper estimate of the equipment and methods that can be used in modern ways. This cautionary admonition reminds us that we must be innovative and forwardthinking while building the Army s full-spectrum cyber team and its enablers, as we collectively strive to meet the challenges of the modern battlefield and confront the persistent conflict in the fifth domain cyberspace. INSCOM JOURNAL 9