In the shadows of the Sony hacking incident and North Korea’s massive Internet outage, the Pentagon has quietly built a multibillion-dollar cyberwarfare capability and trained its commanders to integrate these weapons into their battlefield plans.
U.S. Cyber Command was officially stood up in 2010, based at Fort Meade in the Maryland suburbs of the nation’s capital, consolidating intelligence and cyberwarfare capabilities of the Army, Air Force, Navy and Marines under one house. Soon, billions of dollars were being invested in the concept that cyberattackers targeting America should be prepared to sustain their own damage.
Little has been discussed in public about U.S. Cyber Command’s specific capabilities since, though budget documents detail a growing commitment to this form of warfare. The Pentagon’s cyberwarfare budget has grown from $3.9 billion in 2013 to $4.7 billion in 2014 and an estimated $5.1 billion in 2015.
PHOTOS: Best handguns ever made
The first commander of U.S. Cyber Command, then-Army Gen. Keith Alexander, gave Congress in 2013 one of its first public overviews of how quickly an offensive cyberwarfare mindset was spreading across the Pentagon. In military parlance, it means “normalizing” cyberoperations into the daily routine.
“We have no alternative but to do so because every world event, crisis and trend now has a cyber-aspect to it, and decisions we make in cyberspace will routinely affect our physical or conventional activities and capabilities as well,” Gen. Alexander told lawmakers.
“Normalizing cyber requires improving our tactics, techniques and procedures, as well as our policies and organizations. It also means building cybercapabilities into doctrine, plans and training — and building that system in such a way that our Combatant Commanders can think, plan and integrate cybercapabilities as they would capabilities in the air, land and sea domains,” he said.
PHOTOS: Top 10 U.S. fighter jets
Beyond Gen. Alexander’s broad descriptions, a few hints have emerged about the specific capabilities of the military to conduct offensive attacks in cyberspace.
The New York Times’ David Sanger reported in a June 2012 article that remains unchallenged that the U.S. was the primary developer of the Stuxnet computer worm that struck Iran’s nuclear computers, causing significant damage to centrifuges.
Later that summer, Marine Lt. Gen. Richard P. Mills bluntly told a conference in Baltimore that commanders under his control in Afghanistan routinely used cyberwarfare tactics to attack and disable al Qaeda and Taliban enemies.
“I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyberoperations against my adversary with great impact,” Gen. Mills was quoted at the time as saying. “I was able to get inside his nets, infect his command and control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.”
While the military is developing the capability, the political and policy realm is struggling with the right parlance.
While the U.S. government remained mum Monday on whether it was behind Pyongyang’s downed Internet service, it offered a clear and confident message that the Pentagon is equipped to conduct such offensive operations in cyberspace.
Army Lt. Col. Valerie Henderson, a Pentagon spokeswoman, said the Defense Department constantly prepares to counter cyberthreats. State Department spokeswoman Marie Harf described the U.S. retaliation against North Korea for the Sony hack this way: “Some will be seen. Some may not be seen.”
One of the government’s former top cybersecurity specialists said the Pentagon’s capabilities to attack in cyberspace are essential to deterrence, and that most Americans, including policymakers, need to be better educated about the devastating damage our enemies may try to inflict in a digitally connected world.
“I really see this issue as in line with weapons of mass destruction, a nuclear-type attack,” said Shawn Henry, a former chief of FBI cybercrimes who now heads the technology firm Crowd Strike that helps corporate clients fight cyberthreats.