Cyber Goes On Offense – Are Network Drone Strikes Coming?

After months of anticipation by the cyber protection community and three years of grueling internal debate at the highest levels of the DOD, it appears that the Joint Chiefs is poised to approve new rules empowering commanders to counter direct cyber attacks with offensive efforts of their own — without White House approval. Does this sound familiar? Think Drone Strikes, but without the White House in the loop! It appears that the Chinese hacker breach of top weapon designs is the straw that snapped the camel’s back – or perhaps the crack that finally broke the dam holding back offensive cyber tools for the information warriors.

Once signed, the new cyber rules contained in the US military’s new standing rules of engagement (SROE) — the classified legal document that outlines when, how and with what tools America will respond to an attack — will mark a far more aggressive tack than envisioned when the process started in 2010, or even much more recently. To date, any cyber action requires the approval of the National Security Council (NSC).

A defense insider tells me that much of the focus on cyber has revolved around defensive action, and that preemptive offensive action would still require presidential approval. But that same source said the new rules are vital to address a rapidly developing domain that should be integrated into normal military rules, but still remains largely closed to outside observers by heavy layers of classification. Because the SROE is classified, conversations about technical composition and details of deliberations are all considered very sensitive, and the sources with direct knowledge of the declined to be named. The new rules were supposed to have been implemented in late 2010, but were delayed as top government lawyers debated how aggressively the US should respond to cyber attacks, and what tools commanders could use to protect assets and information.

According to reporting in Defense News, lawyers from the Joint Staff and US Cyber Command (CYBERCOM) gathered in Washington to try to update the Defense Department’s standing rules of engagement in late 2010, with two major policy areas remaining as subjects of debate: rules regarding deployed ships and rules about cyber warfare.

As a long time advocate of counter cyber activity, I believe we still have a chink in the armor of our networks. Any offensive campaigner depends on high quality situational awareness to conduct both defensive and offensive operations. Cyber ISR is still in its infant stages, with little ability to picture the battle space. Battle field situational awareness is easy when the topographic maps of the battle space shift in geologic time frames. But Cyber battle fields shift at the speed of light. How does one take a picture of the battle space when it moves as fast as photons?

So although I welcome the move by DOD to go on the offensive, I wonder if we are perhaps doing so with a great risk of “friendly fire” casualties without better ISR, situational awareness, and identify friend or foe tools for the cyber domain. While we add new focus to anti access and strategic cyber counter strike, we should not forget the lessons from the physical battle fields – lets not take unwarranted risk of casualties on our side of the battle lines through friendly fire due to lack of situational awareness of high quality. Lets also invest in battle space awareness for the cyber domain. Watch out folks, your server could be collateral damage in some future attempt to strike back at hackers in an imperfect view of the net. When DOD strikes that bot contaminating your server and exploiting your company resources to do harm, you may be the collateral damage of the cyber drone strike…. Just saying….

You can leave a response, or trackback from your own site.

Featuring Recent Posts WordPress Widget development by YD