Cyberwarfare in the United States

The Department of Defense Cyber Strategy

1. Defend DoD networks, systems, and information.
2. Defend the United States and its interests against cyber attacks of significant consequence.
3. Provide integrated cyber capabilities to support military operations and contingency plans.

The Five Pillars

Trump Administration's National Cyber Strategy

Cyberattack as an act of war

Attacks on other nations

Iran

China

Russia

Others

• In 1982, a computer control system stolen from a Canadian company by Soviet spies caused a Soviet gas pipeline to explode. It has been alleged that code for the control system had been modified by the CIA to include a logic bomb which changed the pump speeds to cause the explosion, but this is disputed.
• A 1 April 1991 article in InfoWorld Magazine "Meta-Virus Set to Unleash Plague on Windows 3.0 Users" by John Gantz was purported to be an extremely early example of cyber warfare between 2 countries. In fact the "AF/91 virus" was an April Fools Joke that was misunderstood and widely re-reported as fact by credulous media.

  Cyber threat information sharing

United States Cyber Command

Army

• Army Network Enterprise Technology Command / 9th Army Signal Command
• Portions of 1st Information Operations Command
• United States Army Intelligence and Security Command will be under the operational control of ARCYBER for cyber-related actions.

Marine Corps

Air Force

• 67th Network Warfare Wing
• 688th Information Operations Wing
• 689th Combat Communications Wing

Navy

• Naval Network Warfare Command
• Navy Cyber Defense Operations Command
• Naval Information Operation Commands
• Combined Task Forces

  Timeline

• Systems in the US military and private research institutions were penetrated from March 1998 for almost two years in an incident called Moonlight Maze. The United States Department of Defense traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement.
• Titan Rain was the U.S. government's designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature and their real identities remain unknown.
• In 2007, the United States government suffered "an espionage Pearl Harbor" in which an unknown foreign power... broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.
• In 2008, a hacking incident occurred on a U.S. Military facility in the Middle East. United States Deputy Secretary of Defense William J. Lynn III had the Pentagon release a document, which reflected a "malicious code" on a USB flash drive spread undetected on both classified and unclassified Pentagon systems, establishing a digital beachhead, from which data could be transferred to servers under foreign control. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary. This... was the most significant breach of U.S. military computers ever and it served as an important wake-up call", Lynn wrote in an article for Foreign Affairs.
• Operation Buckshot Yankee, conducted by the United States in response to the 2008 breach which was allegedly conducted by Russia. This operation lasted three years, starting in October 2008 when the breach was first detected. The operation included attempts to recognize and mitigate the malicious code, which had spread to military computers around the world. The team conducting the operation requested permission to use more offensive means of combating the code, but it was denied by senior officials. Operation Buckshot Yankee was a catalyst for the formation of Cyber Command.
• On 9 February 2009, the White House announced that it will conduct a review of the nation's cyber security to ensure that the Federal government of the United States cyber security initiatives are appropriately integrated, resourced and coordinated with the United States Congress and the private sector.
• On 1 April 2009, U.S. lawmakers pushed for the appointment of a White House cyber security "czar" to dramatically escalate U.S. defenses against cyber attacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.
• On 7 April 2009, The Pentagon announced they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.
• From December 2009 to January 2010, a cyber attack, dubbed Operation Aurora, was launched from China against Google and over 20 other companies. Google said the attacks originated from China and that it would "review the feasibility" of its business operations in China following the incident. According to Google, at least 20 other companies in various sectors had been targeted by the attacks. McAfee spokespersons claimed that "this is the highest profile attack of its kind that we have seen in recent memory."
• In February 2010, the United States Joint Forces Command released a study which included a summary of the threats posed by the internet: "The open and free flow of information favored by the West will allow adversaries an unprecedented ability to gather intelligence."
• On 19 June 2010, United States Senator Joe Lieberman introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010", which he co-wrote with Senator Susan Collins and Senator Thomas Carper. If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the President emergency powers over parts of the Internet. However, all three co-authors of the bill issued a statement that instead, the bill " existing broad Presidential authority to take over telecommunications networks".
• In August 2010, the U.S. for the first time publicly warned about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies. The Pentagon also pointed to an alleged China-based computer spying network dubbed GhostNet that was revealed in a research report last year. The Pentagon stated that the People's Liberation Army was using "information warfare units" to develop viruses to attack enemy computer systems and networks, and those units include civilian computer professionals. Commander Bob Mehal would monitor the PLA's buildup of its cyberwarfare capabilities and "will continue to develop capabilities to counter any potential threat." In response to these and other clandestine cyber attacks by China, Amitai Etzioni of the Institute for Communitarian Policy Studies had suggested that China and the United States should agree to a policy of mutually assured restraint with respect to cyberspace. This would involve allowing both states to take the measures they deem necessary for their self-defense while simultaneously agreeing to refrain from taking offensive steps; it would also entail vetting these commitments.
• In 2010, American General Keith B. Alexander endorsed talks with Russia over a proposal to limit military attacks in cyberspace, representing a significant shift in U.S. policy.
• In 2011 as part of The Anonymous attack on HBGary Federal information about private companies such as Endgame systems who design offensive software for the Department of Defense were revealed. It was shown that Endgame systems job applicants had previously "managed team of 15 persons, responsible for coordinating offensive computer network operations for the United States Department of Defense and other federal agencies."
• In October 2012, the Pentagon was to host contractors who "want to propose revolutionary technologies for understanding, planning and managing cyberwarfare. It is part of an ambitious program that the Defense Advanced Research Projects Agency, or DARPA, calls Plan X, and the public description talks about 'understanding the cyber battlespace', quantifying 'battle damage' and working in DARPA's 'cyberwar laboratory.'"
• Starting in September 2012, denial of service attacks, were carried out against the New York Stock Exchange and a number of banks including J.P. Morgan Chase. Credit for these attacks was claimed by a hacktivist group called the Qassam Cyber Fighters who have labeled the attacks Operation Ababil. The attacks had been executed in several phases and were restarted in March 2013.
• In 2013, the first Tallinn Manual on the International Law Applicable to Cyber Warfare was published. This publication was the result of an independent study to examine and review laws governing cyber warfare sponsored by the NATO Cooperative Cyber Defence Centre of Excellence in 2009.
• In February 2013, the White House Presidential Executive Order 13636 "Improving Critical Infrastructure Cybersecurity" was published. This executive order highlighted the policies needed to improve and coordinate cybersecurity, identification of critical infrastructure, reduction of cyber risk, information sharing with the private sector, and ensure civil and privacy liberties protections are incorporated.
• In January 2014, the White House Presidential Policy Directive 28 on "Signals Intelligence Activities" was published. This presidential policy directive highlighted the principles, limitations of use, process of collection, safeguarding of personal information, and transparency related to the collection and review of cyber intelligence signal activities.
• In August 2014, "gigabytes" of sensitive data were reported stolen from JPMorgan Chase, and the company's internal investigation was reported to have found that the data was sent to a "major Russian city." The FBI was said to be investigating whether the breach was in retaliation for sanctions the United States had imposed on Russia in relation to the 2014 Russian military intervention in Ukraine.
• On 29 May 2014, iSIGHT Partners, a global provider of cyber threat intelligence,uncovered a "long-term" and "unprecedented" cyber espionage that was "the most elaborate cyber espionage campaign using social engineering that has been uncovered to date from any nation". Labelled "Operation Newscaster", it targeted senior U.S. military and diplomatic personnel, congresspeople, journalists, lobbyists, think tankers and defense contractors, including a four-star admiral.
• In December 2014, Cylance Inc. published an investigation on so-called "Operation Cleaver" which targeted over 50 world's unnamed leading enterprises, including in United States. Federal Bureau of Investigation tacitly acknowledged the operation and "warned businesses to stay vigilant and to report any suspicious activity spotted on the companies' computer systems".
• In December 2014, in response to a hack on the US based company Sony believed to be perpetrated by North Korea, the US government created new economic sanctions on North Korea and listed the country as a state sponsor of terrorism. After the hack, there was an internet blackout over most of North Korea allegedly caused by the US, but there was no definitive evidence to support that claim.
• In January 2015, terrorist group ISIS hacked United States Central Command and took over their Twitter and YoutTube accounts. They distributed sensitive information obtained during the attack on various social media platforms.
• In April 2015, The Department of Defense Cyber Strategy was updated and published. Original DoD Strategy for Operating In Cyberspace was published in July 2011.
• In 2015 the United States Office of Personnel Management was victim to what has been described by federal officials as among the largest breaches of government data in the history of the United States, in which an estimated 21.5 million records were stolen. Information targeted in the breach included personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses, and likely involved theft of detailed background security-clearance-related background information.
• In June 2015, the US Department of Defense included a chapter dedicated to cyber warfare in the DoD Law of War Manual. See Cyber Warfare section on p. 994.
• In 2016 Cyber Command mounted computer-network attacks on ISIS under Operation Glowing Symphony with the intent to disrupt internal communication, manipulate data, and undermine confidence in the group's security. A particular emphasis was placed on locking key figures out of their accounts, deleting files of propaganda, and making it all look like general IT trouble instead of an intentional attack. This operation prompted an internal debate in the American government about whether or not to alert their allies that they would be attacking servers located within other countries.
• In March 2018, the Office of Foreign Assets Control sanctioned two Russian intelligence agencies, the Federal Security Service and the Main Intelligence Directorate for committing "destructive cyber-attacks." The attacks include the NotPetya attack, an assault that was allegedly conducted by the Russian military in February according to statements of the White House and British government, and which the United States Treasury described as "the most destructive and costly cyber-attack in history."
• In March 2018, the United States Justice Department charged nine Iranians with stealing scientific secrets on behalf of Iran's Revolutionary Guard Corps. The defendants "stole more than 31 terabytes of academic data and intellectual property from universities, and email accounts of employees at private sector companies, government agencies, and non-governmental organizations."
• In September 2018, the United States Justice Department published a criminal complaint against Park Jin Hyok, a professional hacker alleged to be working for North Korea's military intelligence bureau, for his commitment of three cyber-attacks: attack against Sony Pictures in 2014, the theft of $81m from the central bank of Bangladesh in 2016, and WannaCry 2.0 ransomware attack against hundreds of thousands of computers.
• September 2018, The White House has "authorized offensive cyber operations" against foreign threats as a result of loosened restrictions on the use of digital weapons in line with the president's directive; the National Security Presidential Memorandum 13. This allows the military to carry out such attacks with a shortened approval process.
• In October 2018, the United States Cyber Command launched the still-classified Operation Synthetic Theology. A team of experts were deployed to Macedonia, Ukraine, and Montenegro to identify Russian agents interfering in the election. The team was also gathering intelligence on Russia's cyber capabilities and attacking the Internet Research Agency, a "Kremin-backed troll farm in St. Petersburg".
• Beginning at least by March 2019, persistent cyber operations were applied by the United States against Russia's power grid, seemingly per National Security Presidential Memorandum 13.
• June 2019, White House National Security Adviser John Bolton announced that U.S. offensive cyber operations would be expanded to include "economic cyber intrusions". These comments appear to reference China's alleged theft of information and data from U.S. corporations.
• In June 2019, President Trump ordered a cyber attack against Iranian weapons systems in retaliation to the shooting down of a US drone being in the Strait of Hormuz and two mine attacks on oil tankers. The attacks disabled Iranian computer systems controlling its rocket and missile launchers. Iran's Islamic Revolutionary Guard Corps was specifically targeted.