Pentagon mobilizes military hackers against Islamic State
Military commanders have mounted a cyberoffensive against Islamic State in Iraq and Syria in recent weeks by deploying hackers to penetrate the extremist group's computer and cellphone networks, according to the Pentagon.
The cyberassault, which Defense Secretary Ashton Carter authorized last month, marks the first time teams from U.S. Cyber Command have been integrated into an active battlefield since the command was established in 2009.
“These are strikes that are conducted in the war zone using cyber, essentially as a weapon of war,” Carter said in a National Public Radio interview. “Just as we drop bombs, we're dropping cyberbombs.”
Join the conversation on Facebook >>
Carter did not reveal details of the effort, which U.S. officials say is in its early stages.
But they said U.S. cyber attacks, as well as U.S. airstrikes, proved decisive in last week's battle by U.S. backed Kurdish militias to retake the northeastern Syrian town of Shadadi from Islamic State fighters.
The officials, who were not authorized to speak publicly about the operation, said teams operating from Ft. Meade, which is between Baltimore and Washington, identified and jammed Islamic State online-communication networks during the battle.
The victory severed a critical route that the militants used to funnel fighters and supplies from the Iraqi border to Raqqah, their stronghold and self-declared capital in Syria.
Pentagon officials describe the amplified role of Cyber Command as part of a “strategic shift” from cyberdefense to cyberoffense as the military relies on the operations as another tool for national security.
Cyberoffense doctrine remains secret, but Carter has spoken about the need to mobilize Cyber Command against Islamic State because the group has grown increasingly sophisticated at using social media and other Internet platforms to recruit and radicalize followers around the world.
The effort was set in motion in December when the White House directed senior Pentagon officials to prepare options to defeat the militants online.
The directive followed terrorist attacks organized by Islamic State in Paris on Nov. 13 that killed 130 people, as well as a Dec. 2 attack in San Bernardino that left 14 dead. The couple in the California attack had pledged allegiance to the group, but had no known contact with it.
Carter then ordered Adm. Michael Rogers, head of both Cyber Command and the National Security Agency, to develop a cyberstrategy to go after the militants.
Rogers presented a plan last month that called for a new authorization in how Cyber Command can support military operations and national security, officials said. He recommended that teams be allocated to missions based on demand.
“The capacity and capability is starting to come online,” Rogers said in a Jan. 21 speech at the Atlantic Council think tank in Washington. The military will rely on cyberattacks “in a broader and broader way.”
Cyber Command teams were instructed to work with U.S. Central Command, which oversees U.S. military operations in the Middle East, and told to focus on “disrupting [Islamic State's] ability to command and control, to communicate, and to run the so-called state,” according to a Defense Department official.
Martin Libicki, a cyber and national security analyst at the nonpartisan RAND Corp. think tank in Arlington, Va., said Cyber Command has far greater resources than Islamic State and should be able to overwhelm the group, which is also known as ISIS.
“They probably couldn't do this so easily with a sophisticated enemy, but ISIS is not a sophisticated enemy,” he said. “Let’s face it, ISIS is not going to re-engineer its computer systems after they realize they’ve been breached.”
But too large an effort to choke Islamic State communications on social media and cellphones in Syria and Iraq could shut access to the militants’ locations, messages and intentions.
The Pentagon aims to build 133 teams by 2018 to mount cyberattacks on foreign adversaries and defend critical U.S. networks.
The president’s budget request to Congress for the next fiscal year includes $6.8 billion for Cyber Command and other Pentagon cybersecurity operations, a more than 15% increase over the $5.9 billion this year.
“There's a monumental shift in global security happening right now, from simply protecting systems and equipment to having the capability to attack and control them,” said Alan Paller, research director at SANS Institute, a cybertraining center in Bethesda, Md. “No military campaign in the future will be fought without a cyber component.”