The American Cyber Warriors Assemble

March 20, 2013: U.S. Cyber Command (USCYBERCOM) recently announced that it was forming more offensive cyber-teams and would have

at least 40 of them within two years. Within the next three years over sixty defensive cyber teams will be formed, to provide defensive skills and expertise where needed most. Each team will have a mix of experienced software engineers (including civilian contractors) and personnel with skills but not much experience. The teams of a dozen or so people will benefit from Cyber Command intelligence and monitoring operations, as well as a big budget for keeping the software library stocked with effective tools (including zero day exploits, which are not cheap at all). Cyber Command also has contacts throughout the American and international software engineer community. This can provide crucial expertise when needed. The effectiveness of these teams will vary a great deal because one highly skilled Internet software whiz on a team can make a huge difference.

The majority of these teams will be assigned to the nine major commands (like Centcom or Socom), but 13 will be used to strike back at attacks on the United States. Exactly what weapons would be used was not discussed, nor was the exact size and organization of offensive cyber-teams. What is known is that there is work for such teams of Internet specialists if they work in conjunction with lawyers and the State Department. This kind of organization has already destroyed several Internet criminal organizations.

It works like this. The Internet specialists can usually determine how the attackers are operating and where from. This evidence can be used by the lawyers and American diplomats to get warrants to seize or shut down web sites or servers in foreign countries and even arrest (eventually) those identified as being behind the attack. But what do you do if the hacker attack comes out of countries that will not cooperate, like Iran, North Korea, China, or Cuba.

Cyber Command became operational in late 2010, and is still working on an official (approved by the government) policy stipulating how Internet based attacks can be responded to. The recent cyber-teams announcement implied that attacks are now allowed but not what kind of attack. While Cyber Command has long been asking for permission to fight back, technical, legal, and political problems have delayed agreement on how that can be done. It’s not for want of trying. A year ago the U.S. Congress approved a new law that allows the Department of Defense to conduct offensive Cyber War operations in response to Cyber War attacks on the United States. That is, the U.S. military is now authorized to make war via the Internet. The new law stipulates that all the rules that apply to conventional war also apply to Cyber War. This includes the international law of armed conflict (meant to prevent war crimes and horrid behavior in general) and the U.S. War Powers Resolution (which requires a U.S. president to get permission from Congress within 90 days of entering into a war). Meeting with all the fine print has so far delayed actually allowing a legal counterstrike to a Cyber War attack.

Meanwhile, there are some related serious problems with finding qualified people to carry out such counterattacks. Headquartered in Fort Meade (outside Washington, DC), most of the manpower and capabilities for Cyber Command come from the Cyber War operations the services have already established. U.S. Cyber Command has some smaller organizations of its own that coordinate Cyber War activities among the services, as well as with other branches of the government and commercial organizations that are involved in network security. But most of Cyber Command manpower actually works for the Cyber War organizations of the four services.

Of the four services the U.S. Air Force is the most experienced in Cyber War matters. Five years ago the air force officially scrapped its own planned Cyber Command, which was supposed to operate more like USCYBERCOM. That new air force organization was supposed to officially begin operating by the end of 2008. Instead, many of the personnel that were sent to staff the new command were sent to the new Nuclear Command. This change was made in response to growing (at the time) problems with the management of air force nuclear weapons. Despite that, the air force continued trying to establish some kind of new Cyber War operation and use it to gain overall control for all Department of Defense Cyber War activities. The other services were not keen on this. That resistance, plus the nuclear weapons problems, led to the Cyber Command operation being scaled back to being the 24th Air Force. This organization handles electronic and Internet based warfare.

The U.S. Army, following the example of the air force, also established a Cyber War operation. Some 21,000 soldiers were pulled from a large variety of signal and intelligence outfits to form ARFORCYBER (Army Forces Cyber Command). It became fully operational late last year, with its headquarters at Ft. Belvoir, Virginia.

Four years ago the U.S. Navy created an “Information Domination Corps”, in the form of a new headquarters (the 10th Fleet), with over 40,000 people reassigned to staff it. While the new Cyber War command will mainly deal with intelligence and network security, it will also include meteorology and oceanography. These last two items are very important for deep water navies, especially since a lot of the information about oceans and the weather is kept secret. The fleet will call upon the talents of 45,000 sailors and civilians. Most (44,000) of these personnel are reorganized into 10th Fleet jobs or will contribute from within other organizations. A thousand new positions will be created, mainly for 10th Fleet. All this is for giving the navy a more powerful and secure position in cyberspace. The navy does not want to repeat the mistakes of the air force in this area.

The U.S. Marine Corps established a Forces Cyberspace Command three years ago, with about 800 personnel, to help provide network security for marine units. The marines are accustomed to doing more with less.

All those Cyber War operations are dependent on contract workers (civilians) for their top technical talent. There is always a shortage of these people, partly because they have to be capable of getting a security clearance. This rules out a lot of the best hacking talent, who had misbehaved in the past and were identified or even prosecuted for it. A lot of otherwise qualified technical personnel won’t even apply for these Department of Defense jobs because a background check might reveal earlier hacking misadventures they would rather keep quiet about (at least to the government). Meanwhile, the Department of Defense has assembled a growing group of civilian Cyber War volunteers. Not all have security clearances but in the event of a national Cyber War crisis, that would be less of an issue.