This article has multiple issues. Please help
improve it or discuss these issues on the
talk page. (
Learn how and when to remove these template messages)
|
Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.
The United States Department of Defense recognizes the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security, but also as a platform for attack. [1] [2]
The United States Cyber Command centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. It is an armed forces Unified Combatant Command. A 2021 report by the International Institute for Strategic Studies placed the United States as the world's foremost cyber superpower, taking into account its cyber offense, defense, and intelligence capabilities. [3]
In September 2023, Department of Defense (DoD) published its latest Cyber Strategy, building upon the previous DoD Strategy for Operating in Cyberspace published in April 2015 and July 2011. [4] The DoD Cyber strategy focuses on building capabilities to protect, secure, and defend its own DoD networks, systems and information; defend the nation against cyber attacks; and support contingency plans. This includes being prepared to operate and continue to carry out missions in environments impacted by cyber attacks.
The DoD outlines three cyber missions:
In addition, the Cyber Strategy emphasizes the need to build bridges to the private sector, so that the best talent and technology the United States has to offer is at disposal to the DoD. [5]
1. Build and maintain ready forces and capabilities to conduct cyberspace operations;
2. Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions;
3. Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyber attacks of significant consequence;
4. Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages;
5. Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability.
—US Department of Defense Cyber Strategy, US DoD, April 2015.
The five pillars is the base of the Department of Defense's strategy for cyber warfare. The first pillar is to recognize that the new domain for warfare is cyberspace and that it is similar to the other elements in the battlespace. The key objectives of this pillar are to build up technical capabilities and accelerate research and development to provide the United States with a technological advantage. The second pillar is proactive defenses as opposed to passive defense. Two examples of passive defense are computer hygiene and firewalls. The balance of the attacks requires active defense using sensors to provide a rapid response to detect and stop a cyber attack on a computer network. This would provide military tactics to backtrace, hunt down and attack an enemy intruder. The third pillar is critical infrastructure protection (CIP) to ensure the protection of critical infrastructure by developing warning systems to anticipate threats. The fourth pillar is the use of collective defense which would provide the ability of early detection, and incorporate it into the cyber warfare defense structure. The goal of this pillar is to explore all options in the face of a conflict, and to minimize loss of life and destruction of property. The fifth pillar is building and maintaining international alliances and partnerships to deter shared threats, and to remain adaptive and flexible to build new alliances as required. This is focused on "priority regions, to include the Middle East, Asia-Pacific, and Europe". [5]
Shortly after his election, U.S. President Donald Trump pledged to deliver an extensive plan to improve U.S. cybersecurity within 90 days of his inauguration. [6] Three weeks after the designated 90-day mark, he signed an executive order that claimed to strengthen government networks. [7] [8] By the new executive order, federal-agency leaders are to be held responsible for breaches on their networks and federal agencies are to follow the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity in consolidating risk management practices. In addition, the federal departments were to examine cyber defense abilities of agencies within 90 days, focusing on "risk mitigation and acceptance choices" and evaluating needs for funding and sharing technology across departments. Experts in cybersecurity later claimed that the order was "not likely" to have a major impact. [9]
In September, President Trump signed the National Cyber Strategy- "the first fully articulated cyber strategy for the United States since 2003." [10] John Bolton, the National Security Advisor, claimed in September 2018 that the Trump administration's new "National Cyber Strategy" has replaced restrictions on the use of offensive cyber operations with a legal regime that enables the Defense Department and other relevant agencies to operate with a greater authority to penetrate foreign networks to deter hacks on U.S. systems. Describing the new strategy as an endeavor to "create powerful deterrence structures that persuade the adversary not to strike in the first place," Bolton added that decision-making for launching attacks will be moved down the chain of command from requiring the president's approval. [11]
The Defense Department, in its strategy document released in September 2018, further announced that it would "defend forward" U.S. networks by disrupting "malicious cyber activity at its source" and endeavor to "ensure there are consequences for irresponsible cyber behavior" by "preserving peace through strength." [12]
The National Cyber Strategy has also garnered criticisms that evaluating acts of cyberwarfare against the United States still remains ambiguous, as the current U.S. law does not specifically define what constitutes an illegal cyber act that transcends a justifiable computer activity. The legal status of most information security research in the United States is governed by 1986 Computer Fraud and Abuse Act, which was derided to be "poorly drafted and arbitrarily enforced" by enabling prosecution of useful information security research methods such as Nmap or Shodan. As even the needed services fall into prohibition, top-level information security experts find it challenging to improve the infrastructure of cyberdefense. [13]
In 2011, The White House published an "International Strategy for Cyberspace" that reserved the right to use military force in response to a cyberattack: [14] [15]
When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means – diplomatic, informational, military, and economic – as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests. In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.
—International Strategy for Cyberspace, The White House, 2011
In 2013, the Defense Science Board, an independent advisory committee to the U.S. Secretary of Defense, went further, stating that "The cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War," [16] and recommending, in response to the "most extreme case" (described as a "catastrophic full spectrum cyber attack"), that "Nuclear weapons would remain the ultimate response and anchor the deterrence ladder." [17]
In June 2010, Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyber-worm 'Stuxnet', said to be the most advanced piece of malware ever discovered and significantly increased the profile of cyberwarfare. [18] [19] It destroyed perhaps over 1,000 nuclear centrifuges and, according to a Business Insider article, "[set] Tehran's atomic program back by at least two years." [20]
Despite a lack of official confirmation, Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, made a public statement, in which he said, "we're glad they [the Iranians] are having trouble with their centrifuge machine and that we—the US and its allies—are doing everything we can to make sure that we complicate matters for them", offering "winking acknowledgement" of US involvement in Stuxnet. [21]
In 2013, Edward Snowden, a former systems administrator for the Central Intelligence Agency (CIA) and a counterintelligence trainer at the Defense Intelligence Agency (DIA), revealed that the United States government had hacked into Chinese mobile phone companies to collect text messages and had spied on Tsinghua University, one of China's biggest research institutions, as well as home to one of China's six major backbone networks, the China Education and Research Network (CERNET), from where internet data from millions of Chinese citizens could be mined. He said U.S. spy agencies have been watching China and Hong Kong for years. [22]
According to classified documents provided by Edward Snowden, the National Security Agency (NSA) has also infiltrated the servers in the headquarters of Huawei, China's largest telecommunications company and the largest telecommunications equipment maker in the world. The plan is to exploit Huawei's technology so that when the company sold equipment to other countries—including both allies and nations that avoid buying American products—the NSA could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations. [23]
In June 2019, Russia said that its electrical grid could be under cyber-attack by the United States. [24] The New York Times reported that American hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid. [25]
The Pentagon has had an information sharing arrangement, the Defense Industrial Base Cybersecurity and Information Assurance (DIBCIA) program, in place with some private defense contractors since 2007 [33] to which access was widened in 2012. [34] A number of other information sharing initiatives such as the Cyber Intelligence Sharing and Protection Act (CISPA) and Cybersecurity Information Sharing Act (CISA) have been proposed, but failed for various reasons including fears that they could be used to spy on the general public.
The United States Cyber Command (USCYBERCOM) is a United States Armed Forces Unified Combatant Command. USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: defend Department of Defense information networks and; prepare to conduct "full spectrum military cyberspace operations" to ensure US/Allied freedom of action in cyberspace and deny the same to adversaries. [35]
The Army Cyber Command (ARCYBER) is an Army component command for the U.S. Cyber Command. [36] ARCYBER has the following components:
New cyber authorities have been granted under National Security Presidential Memorandum (NSPM) 13; [40] persistent cyber engagements at Cyber command are the new norm for cyber operations. [41]
United States Marine Corps Forces Cyberspace Command is a functional formation of the United States Marine Corps to protect infrastructure from cyberwarfare. [42]
The Sixteenth Air Force (16 AF) is the United States Air Force component of United States Cyber Command (USCYBERCOM). [43] It has the following components:
The F-15 and C-130 systems are being hardened from cyber attack as of 2019. [44]
The Navy Cyber Forces (CYBERFOR) is the type of some commanders for the U.S. Navy's global cyber workforce. The headquarters is located at Joint Expeditionary Base Little Creek-Fort Story. CYBERFOR provides forces and equipment in cryptology/signals intelligence, cyber, electronic warfare, information operations, intelligence, networks, and space. In September 2013, the United States Naval Academy will offer undergraduate students the opportunity, to major in Cyber Operations for the United States. [45]
Fleet Cyber Command is an operating force of the United States Navy responsible for the Navy's cyber warfare programs. [46] Tenth Fleet is a force provider for Fleet Cyber Command. [47] The fleet components are:
This article has multiple issues. Please help
improve it or discuss these issues on the
talk page. (
Learn how and when to remove these template messages)
|
Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.
The United States Department of Defense recognizes the use of computers and the Internet to conduct warfare in cyberspace as a threat to national security, but also as a platform for attack. [1] [2]
The United States Cyber Command centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks. It is an armed forces Unified Combatant Command. A 2021 report by the International Institute for Strategic Studies placed the United States as the world's foremost cyber superpower, taking into account its cyber offense, defense, and intelligence capabilities. [3]
In September 2023, Department of Defense (DoD) published its latest Cyber Strategy, building upon the previous DoD Strategy for Operating in Cyberspace published in April 2015 and July 2011. [4] The DoD Cyber strategy focuses on building capabilities to protect, secure, and defend its own DoD networks, systems and information; defend the nation against cyber attacks; and support contingency plans. This includes being prepared to operate and continue to carry out missions in environments impacted by cyber attacks.
The DoD outlines three cyber missions:
In addition, the Cyber Strategy emphasizes the need to build bridges to the private sector, so that the best talent and technology the United States has to offer is at disposal to the DoD. [5]
1. Build and maintain ready forces and capabilities to conduct cyberspace operations;
2. Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions;
3. Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyber attacks of significant consequence;
4. Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages;
5. Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability.
—US Department of Defense Cyber Strategy, US DoD, April 2015.
The five pillars is the base of the Department of Defense's strategy for cyber warfare. The first pillar is to recognize that the new domain for warfare is cyberspace and that it is similar to the other elements in the battlespace. The key objectives of this pillar are to build up technical capabilities and accelerate research and development to provide the United States with a technological advantage. The second pillar is proactive defenses as opposed to passive defense. Two examples of passive defense are computer hygiene and firewalls. The balance of the attacks requires active defense using sensors to provide a rapid response to detect and stop a cyber attack on a computer network. This would provide military tactics to backtrace, hunt down and attack an enemy intruder. The third pillar is critical infrastructure protection (CIP) to ensure the protection of critical infrastructure by developing warning systems to anticipate threats. The fourth pillar is the use of collective defense which would provide the ability of early detection, and incorporate it into the cyber warfare defense structure. The goal of this pillar is to explore all options in the face of a conflict, and to minimize loss of life and destruction of property. The fifth pillar is building and maintaining international alliances and partnerships to deter shared threats, and to remain adaptive and flexible to build new alliances as required. This is focused on "priority regions, to include the Middle East, Asia-Pacific, and Europe". [5]
Shortly after his election, U.S. President Donald Trump pledged to deliver an extensive plan to improve U.S. cybersecurity within 90 days of his inauguration. [6] Three weeks after the designated 90-day mark, he signed an executive order that claimed to strengthen government networks. [7] [8] By the new executive order, federal-agency leaders are to be held responsible for breaches on their networks and federal agencies are to follow the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity in consolidating risk management practices. In addition, the federal departments were to examine cyber defense abilities of agencies within 90 days, focusing on "risk mitigation and acceptance choices" and evaluating needs for funding and sharing technology across departments. Experts in cybersecurity later claimed that the order was "not likely" to have a major impact. [9]
In September, President Trump signed the National Cyber Strategy- "the first fully articulated cyber strategy for the United States since 2003." [10] John Bolton, the National Security Advisor, claimed in September 2018 that the Trump administration's new "National Cyber Strategy" has replaced restrictions on the use of offensive cyber operations with a legal regime that enables the Defense Department and other relevant agencies to operate with a greater authority to penetrate foreign networks to deter hacks on U.S. systems. Describing the new strategy as an endeavor to "create powerful deterrence structures that persuade the adversary not to strike in the first place," Bolton added that decision-making for launching attacks will be moved down the chain of command from requiring the president's approval. [11]
The Defense Department, in its strategy document released in September 2018, further announced that it would "defend forward" U.S. networks by disrupting "malicious cyber activity at its source" and endeavor to "ensure there are consequences for irresponsible cyber behavior" by "preserving peace through strength." [12]
The National Cyber Strategy has also garnered criticisms that evaluating acts of cyberwarfare against the United States still remains ambiguous, as the current U.S. law does not specifically define what constitutes an illegal cyber act that transcends a justifiable computer activity. The legal status of most information security research in the United States is governed by 1986 Computer Fraud and Abuse Act, which was derided to be "poorly drafted and arbitrarily enforced" by enabling prosecution of useful information security research methods such as Nmap or Shodan. As even the needed services fall into prohibition, top-level information security experts find it challenging to improve the infrastructure of cyberdefense. [13]
In 2011, The White House published an "International Strategy for Cyberspace" that reserved the right to use military force in response to a cyberattack: [14] [15]
When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means – diplomatic, informational, military, and economic – as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests. In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.
—International Strategy for Cyberspace, The White House, 2011
In 2013, the Defense Science Board, an independent advisory committee to the U.S. Secretary of Defense, went further, stating that "The cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War," [16] and recommending, in response to the "most extreme case" (described as a "catastrophic full spectrum cyber attack"), that "Nuclear weapons would remain the ultimate response and anchor the deterrence ladder." [17]
In June 2010, Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyber-worm 'Stuxnet', said to be the most advanced piece of malware ever discovered and significantly increased the profile of cyberwarfare. [18] [19] It destroyed perhaps over 1,000 nuclear centrifuges and, according to a Business Insider article, "[set] Tehran's atomic program back by at least two years." [20]
Despite a lack of official confirmation, Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, made a public statement, in which he said, "we're glad they [the Iranians] are having trouble with their centrifuge machine and that we—the US and its allies—are doing everything we can to make sure that we complicate matters for them", offering "winking acknowledgement" of US involvement in Stuxnet. [21]
In 2013, Edward Snowden, a former systems administrator for the Central Intelligence Agency (CIA) and a counterintelligence trainer at the Defense Intelligence Agency (DIA), revealed that the United States government had hacked into Chinese mobile phone companies to collect text messages and had spied on Tsinghua University, one of China's biggest research institutions, as well as home to one of China's six major backbone networks, the China Education and Research Network (CERNET), from where internet data from millions of Chinese citizens could be mined. He said U.S. spy agencies have been watching China and Hong Kong for years. [22]
According to classified documents provided by Edward Snowden, the National Security Agency (NSA) has also infiltrated the servers in the headquarters of Huawei, China's largest telecommunications company and the largest telecommunications equipment maker in the world. The plan is to exploit Huawei's technology so that when the company sold equipment to other countries—including both allies and nations that avoid buying American products—the NSA could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations. [23]
In June 2019, Russia said that its electrical grid could be under cyber-attack by the United States. [24] The New York Times reported that American hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid. [25]
The Pentagon has had an information sharing arrangement, the Defense Industrial Base Cybersecurity and Information Assurance (DIBCIA) program, in place with some private defense contractors since 2007 [33] to which access was widened in 2012. [34] A number of other information sharing initiatives such as the Cyber Intelligence Sharing and Protection Act (CISPA) and Cybersecurity Information Sharing Act (CISA) have been proposed, but failed for various reasons including fears that they could be used to spy on the general public.
The United States Cyber Command (USCYBERCOM) is a United States Armed Forces Unified Combatant Command. USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: defend Department of Defense information networks and; prepare to conduct "full spectrum military cyberspace operations" to ensure US/Allied freedom of action in cyberspace and deny the same to adversaries. [35]
The Army Cyber Command (ARCYBER) is an Army component command for the U.S. Cyber Command. [36] ARCYBER has the following components:
New cyber authorities have been granted under National Security Presidential Memorandum (NSPM) 13; [40] persistent cyber engagements at Cyber command are the new norm for cyber operations. [41]
United States Marine Corps Forces Cyberspace Command is a functional formation of the United States Marine Corps to protect infrastructure from cyberwarfare. [42]
The Sixteenth Air Force (16 AF) is the United States Air Force component of United States Cyber Command (USCYBERCOM). [43] It has the following components:
The F-15 and C-130 systems are being hardened from cyber attack as of 2019. [44]
The Navy Cyber Forces (CYBERFOR) is the type of some commanders for the U.S. Navy's global cyber workforce. The headquarters is located at Joint Expeditionary Base Little Creek-Fort Story. CYBERFOR provides forces and equipment in cryptology/signals intelligence, cyber, electronic warfare, information operations, intelligence, networks, and space. In September 2013, the United States Naval Academy will offer undergraduate students the opportunity, to major in Cyber Operations for the United States. [45]
Fleet Cyber Command is an operating force of the United States Navy responsible for the Navy's cyber warfare programs. [46] Tenth Fleet is a force provider for Fleet Cyber Command. [47] The fleet components are: