September 19, 2024:
Since 2009, when U.S. Cyber Command (USCYBERCOM) was founded, the Americans have been diligent in establishing and maintaining robust defenses against foreign Cyber War attacks on the United States. A decade ago USCYBERCOM announced the formation of additional offensive cyber-teams. Since then more than sixty defensive cyber teams have been formed. These teams provide defensive skills and expertise where needed most. Each team has a mix of experienced software engineers, including civilian contractors, as well as personnel with skills but not much experience. Each team has a dozen or so people. These teams benefited from USCYBERCOM intelligence and monitoring operations, as well as a big budget for keeping the software library stocked with effective tools, including Zero Day exploits. Each of these Zero Day items are very expensive, often costing thousands of dollars to purchase. These Zero Day items have a short shelf life because others eventually discover or reinvent them. USCYBERCOM also has contacts throughout the American and international software engineer community. This can provide crucial expertise when needed. The effectiveness of these teams will vary a great deal because one highly skilled Internet software whiz on a team can make a huge difference.
The majority of these teams are assigned to the nine major commands like Centcom and Southcom. Thirteen of these Cyber teams are trained to promptly strike back at attacks on the United States. Exactly what weapons would be used is classified, as is the exact size and organization of offensive cyber-teams. What is known is that there is work for such teams of Internet specialists if they work in conjunction with lawyers and the State Department. This kind of organization has already destroyed several Internet criminal organizations.
Before an attack, or after an attack, Internet specialists can usually determine how the attackers were operating and where from. This evidence can be used by the lawyers and American diplomats to get warrants to seize or shut down websites or servers in foreign countries and even eventually arrest those identified as being behind the attack. That is not the case when the hackers are based in Iran, North Korea, China, or Cuba.
During the last two decades Cyber War has become more of a problem and USCYBERCOM has had to expand its operations and upgrade its personnel, equipment and techniques to stay ahead of threats as well as maintain the ability to inflict severe damage on an enemy.
Cyber Command became operational in late 2010 and spent years developing an official, government approved policy stipulating how Internet based attacks can be responded to. Initially cyber-teams revealed that preemptive Cyber-attacks are allowed but additional details are classified. While Cyber Command has long been asking for permission to fight back, technical, legal, and political problems have delayed agreement on how that can be done. In 2023 Congress provided $13.5 billion for Cyber security, as well as offensive operations. A new law allows the Department of Defense to conduct offensive Cyber War operations in response to Cyber War attacks on the United States. That is, the U.S. military is now authorized to make war via the Internet. The new law stipulates that all the rules that apply to conventional war also apply to Cyber War. This includes the international law of armed conflict, which are meant to prevent war crimes and horrid behavior in general. The U.S. War Powers Resolution which requires a U.S. president to get permission from Congress within 90 days of entering into a war is now applied to major Cyber War attacks against a foreign entity or country. There were some related problems finding qualified people to carry out such counterattacks. USCYBERCOM headquarters is located in Fort Meade, a base outside Washington, DC.
USCYBERCOM is staffed with personnel already working for Cyber War operations the military services already established. U.S. Cyber Command has some smaller organizations of its own that coordinate Cyber War activities among the services, as well as with other branches of the government and commercial organizations that are involved in network security. But most of Cyber Command manpower actually works for the Cyber War organizations of the Army, Air Force, Navy and Marines.
Of the four services, the U.S. Air Force is the most experienced in Cyber War matters. In 2008 the air force scrapped its own planned Cyber Command, which was supposed to operate more like USCYBERCOM. Many of the personnel assigned to the new Cyber Command were sent to the new Nuclear Command. This change was made in response to growing problems with the management of air force nuclear weapons. Despite that, the air force continued trying to establish some kind of new Cyber War operation and use it to gain overall control for all Department of Defense Cyber War activities. The other services were not keen on this. That resistance, plus the nuclear weapons problems, led to the Cyber Command operation being scaled back. The eventual Air Force Cyber Command handles electronic and Internet based warfare.
The U.S. Army, following the example of the air force, also established a Cyber War operation. Some 21,000 soldiers were pulled from a large variety of signal and intelligence outfits to form ARFORCYBER (Army Forces Cyber Command). It was fully operational in 2009, with its headquarters at Ft. Belvoir, Virginia.
At the same time the U.S. Navy created an Information Domination Corps, in the form of the new 10th Fleet, with over 40,000 people reassigned to staff it. While the new Cyber War command mainly deals with intelligence and network security, it also includes meteorology and oceanography. These last two items are very important for deep water navies, especially since a lot of the information about oceans and the weather is kept secret. The fleet assembled an organization containing 45,000 Cyber qualified sailors and civilians. Except for a thousand new Cyber War jobs created, the other 44,000 personnel were reorganized into 10th Fleet jobs or will contribute from within other organizations. All provided the navy a more powerful and secure position in cyberspace. The navy does not want to repeat the mistakes of the air force in this area.
The U.S. Marine Corps established a Forces Cyberspace Command in 2010, with 800 personnel to help provide network security for marine units. The marines are accustomed to doing more with less. All these Cyber War operations hire civilian contract workers for their top technical talent. There is always a shortage of these people, partly because they have to be capable of getting security clearances. This rules out a lot of the best hacking talent, who had misbehaved in the past and were identified or even prosecuted for it. A lot of otherwise qualified technical personnel won't even apply for these Department of Defense jobs because a background check might reveal earlier hacking misadventures, they would rather keep quiet about, at least to the government.
The Department of Defense also established a program to make it possible for civilian Cyber War volunteers to contribute. Many of these volunteers do not have security clearances but do possess critical skills they use while working for corporations to financial firms. These men and women realize the Cyber War threat to the United States in peacetime and believe that there is a major threat. Deliberate attacks on key infrastructure targets like water supply and sewage systems as well computer-controlled equipment in many factories have already occurred. These attacks were carried out by foreigners, usually individuals. A few were caught and explained that they were self-taught Internet security experts and were just trying to see what their skill could accomplish. Getting caught was not part of their playful adventures online. Identifying and interviewing these skilled amateurs was a revelation to many Cyber War experts. It made the existing official experts realize that anyone with some skills and persistence could become an expert. That’s the American way.