Why The USA Hacks
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
February 17, 2015
7 Min Read
Last in a six-part series on the motivations that compel nation-states to hack.
The United States operates in the cyber domain as a national entity for a simple reason -- to protect its citizens. Like traditional notions of national defense, cyber operations extend across political, economic and military pillars of national power. But cyber operations are, in a sense, more complex, because they affect the pillars of power more profoundly, due to the speed at which they occur.
Consider how quickly the Allied Forces moved across Europe during World War II following the D-Day invasion on June 6, 1944. Within about a year, the allies coordinated a multi-pronged campaign attacking the German military on the ground, the economy from aerial bombardment of German industry, and politically by strengthening the Allies while simultaneously dismantling the Axis forces. Now consider the speed at which a modern aggressor nation could attack another nation’s military, economy and political establishment through cyber warfare. With the right planning, a well-coordinated cyber campaign could be executed with an immediate impact and with the same devastating effects.
In spite of the insight into NSA operations provided to us by Edward Snowden, I am steadfast in my belief that U.S. cyber operations are focused solely on national defense and that those operations do not include the exploitation of information for economic or financial gain. Moreover, the U.S. government imposes strict limits on cyber espionage through statutes and regulations, and holds agencies accountable for violations of those statutes and regulations through comprehensive political oversight.
This is not to say that there isn’t potential for abuse of power of agencies in the cyber national defense community and the political establishment. That potential certainly exists and could manifest itself, should the wrong people ascend to leadership roles in government at the wrong time. For skeptical readers, I can only emphasize that my assessment is based upon personal observations made during my recent tenure in the Department of Defense cyber community. For this discussion, I’ll focus on the three organizations that contribute to the national security effort by confronting threats from aggressor nations: CIA, NSA, and United States Cyber Command.
CIA Mission Statement
Preempt threats and further US national security objectives by collecting intelligence that matters, producing objective all-source analysis, conducting effective covert action as directed by the President, and safeguarding the secrets that help keep our nation safe.
Cyber operations in a nation-state context map directly to every aspect of the CIA mission statement. By collecting intelligence and producing analytical reports, the CIA plays an important role in building the threat picture for the intelligence community. But CIA cyber operations are bounded by the guidelines of Executive Order 12333 and Title 50 of the U.S. Code. EO 12333 restricts CIA operations involving U.S. citizens in the United States, and Title 50 refers to intelligence agencies, intelligence activities, and covert operations. Because CIA operations are clandestine, there isn’t a broad body of knowledge available to the public that demonstrates how the agency operates in the cyber domain. But most recently, we did learn that the CIA was allegedly involved in Operation Olympic Games, a cyber campaign directed at denying Iran nuclear weapons capability.
NSA Mission Statement
The National Security Agency/Central Security Service (NSA/CSS) leads the U.S. Government in cryptology that encompasses both Signals Intelligence (SIGINT) and Information Assurance (IA) products and services, and enables Computer Network Operations (CNO) in order to gain a decision advantage for the Nation and our allies under all circumstances.
Although the reputation of the NSA, courtesy of Snowden, has been tarnished both inside and outside of the U.S., it’s important to realize that this agency has a long and storied history of protecting the United States from the full spectrum of adversaries, by leveraging superior technology throughout the electromagnetic spectrum. Prior to the age of cyber, NSA operated in the spectrum to collect and analyze signals intelligence across the globe. Although information related to NSA operations is limited, because of security concerns, many operations find their way to the media, but the stories are often based more upon speculation than hard facts.
Clearly written in the NSA mission statement is the task of enabling computer network operations, implying both offensive and defensive capability. From a practical standpoint, the NSA is the functional leader of U.S. computer network ops across government, including the Department of Defense. There is a deep symbiotic relationship between NSA and the uniformed services, particularly the Navy. That link was formalized through CSS, the component of NSA responsible for providing cryptologic support to the Armed Services.
[Read the latest news about how a Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet.]
Like the CIA, NSA operations are highly classified, and when aspects of an operation end up in the public forum, they are typically subjected to a tremendous amount of speculation. The end result is usually an interesting story loosely based upon opinion. But some accounts of NSA operations are compelling and simply make sense. Ronald Reagan’s decision to launch air strikes against Libya (Operation Eldorado Canyon) following the 1986 German disco bombing which, unfortunately, took the lives of at least two U.S servicemen, was believed to be based upon critical signals intelligence provided by NSA.
United States Cyber Command (USCC) Mission Statement
USCYBERCOM plans, coordinates, integrates, synchronizes, and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
In the information age, military operations are completely dependent upon information systems for myriad reasons, ranging from command and control of operational forces in the battle space, to weapons systems, to everyday business of running the Navy, Army, Air Force, and Marine Corps. That dependence was the motivation behind the establishment of the United States Cyber Command in 2009.
As Director of NSA, General Keith Alexander was the driving force behind the creation of an organization dedicated to supporting U.S. combatant commanders in the field. General Alexander knew that the U.S. military needed a unified force of cyber operators, which could operate with the warfighters in the uniformed services, as well as with agencies like NSA. The connection already existed from an administrative standpoint, but there was no operational link with NSA. The distinction between operations and administration is significant because the U.S. government, particularly DoD, correctly views cyber space as another warfighting domain, akin to air, land, and sea. The bond between NSA and USCC was solidified with the dual responsibility of the Director NSA and Commander USCC.
The cyber army that General Alexander envisioned is taking the form of a Cyber National Mission Force of roughly 6,000 military personnel. The force, which will be distributed across 133 teams and is on track to be fully functional by 2016, will focus on three areas: providing support to combatant commanders across the globe, defense of the DoD information network, and protection of the nation's critical infrastructure and key resources.
Why we hack
When we look at all of the nations which we have discussed in this series, it isn’t surprising that the common answer to the question of “Why They Hack” is national defense. But to assume that national defense has the same meaning to different governments is overly simplistic. While we understand, intuitively, what a literal defense of a nation commonly means, the behavior of some nations in the name of national defense is difficult to explain.
We see China and Russia engaging in exploitation of intellectual property for economic and financial gain. We see Iran and China conducting cyber operations in an effort to expand their spheres of influence. We see North Korea lashing out in an effort to demonstrate its relevance in the geo-political community. Finally we see Israel and the United States conducting cyber operations to protect their national security.
Does this mean that the United States and Israel maintain higher ethical standards of cyber conduct? I believe the United States does, but I admit that the point is arguable. We know that the United States has made mistakes; the Snowden data suggests that it did. But in the end, US cyber operations are bounded by laws, regulations, and accountability, and that’s the only way to maintain order in an environment rooted in disorder.
About the Author(s)
Managing Director Security Operations & Analysis, EdgeWave
Mike Walls is the Managing Director of Security Operations at EdgeWave. During his time as a captain with the US Navy, he was commander of Task Force 1030 and was directly responsible for the cyberreadiness of more than 300 ships, 4,000 aircraft, and 400,000 Navy personnel. He personally directed forces conducting cyber operations across the global Navy cyberdomain and oversaw development and implementation of cooperative (Blue Team) and non-cooperative (Red Team) cyberreadiness assessments across the Navy cyber infrastructure.
You May Also Like
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
Securing the Software Development Life Cycle from Start to FinishMar 06, 2024
Laptop with ransomware, and bitcoin in the palm of a man's hand to illustrate ransomwareCyberattacks & Data Breaches