The 2016 U.S. Presidential election was surrounded by concerns that the Russians were somehow subverting democracy by exploring all of their options in cyberspace. Well, in 2020, the U.S. Cyber Command – tasked with carrying out initiatives of the U.S. armed forces in cyberspace – is going to have a few surprises ready for any potential adversary, whether a rogue hacker group or a sophisticated nation-state. The U.S. Cyber Command has stated clearly that it will be ready for much more aggressive operations around the 2020 election, including potential offensive cyber strikes carried out against adversaries and a much more aggressive stance of persistent engagement.
The new strategic doctrine of persistent engagement
The key this new strategic mindset is a policy known as “persistent engagement.” What persistent engagement means in practical terms is that the U.S. Cyber Command, led by Army Gen. Paul M. Nakasone, is going to be much more proactive, rather than just reactive. As the U.S. Cyber Command explains it, as the result of persistent engagement, cyberspace will be an arena with “no sanctuary” for adversaries and military operations will have “no operational pause.” The result will be a much more offensive cyber posture that is “coordinated, extensive and aggressive.” Much better coordination will occur with partners, such as the National Security Agency, with any cyber mission linked to persistent engagement.
If need be, says the U.S. Cyber Command, it will be able to carry out steps that are just below the level of armed military conflict. That should be a huge wakeup call to potential U.S. adversaries that are thinking about disrupting the 2020 U.S. presidential election or exploring weaknesses in critical infrastructure. Persistent engagement means that any action will be met swiftly with a counter-action.
If adversaries are spotted interfering with elections on social media, for example, the U.S. Cyber Command has a number of tools at its disposal to neutralize those operations. During the 2018 Midterm elections, for example, the U.S Cyber Command carried out offensive cyber strikes against Russia’s Internet Research Agency (IRA). In 2016, the IRA allegedly carried out massive “Russian bot” operations against American democracy during the presidential election. To make that impossible in 2018, the U.S. Cyber Command launched the equivalent of a massive DDOS (distributed denial of service) attack against the Internet Research Agency, throwing it offline.
All of this happened, of course, outside of the public arena. At the same time as Moscow and Washington might have been involved in a deadly game of cyber cat-and-mouse, the people of Moscow and Washington peacefully went about their private sector business, oblivious to the fact that the national defense cyber commands of both nations were engaged in acts of near-war.
The shift from a defensive to an offensive cyber posture
Importantly, thanks to changes introduced in the 2019 National Defense Authorization Act, the U.S. Cyber Command is now permitted to conduct operations outside of Department of Defense networks. Thus, if an intruder from North Korea is spotted within Department of Defense networks, the U.S. Cyber Command will be allowed to follow that intruder back to their home network – or possibly even carry out offensive cyber strikes against that rival network responsible for the cyber threat.
But, hopefully, enemy assailants will never get inside U.S. computer networks. That’s because an important adjunct to the cyber strategy of “persistent engagement” is the strategy of “defend forward.” What this means is that the U.S. will be able to coordinate actions with its allies far from the U.S. homeland, such that the U.S. is able to engage its adversaries outside of U.S.-controlled computer networks. Instead of enemies bringing the fight to the United States, the United States will bring the fight to its enemies by carrying out cyber operations abroad.
As proof of concept that this long-term strategy will actually work, the U.S. Cyber Command recently carried out a June 2019 military exercise known as “Cyber Flag 2019” that involved partners, both foreign and domestic. In addition to involving U.S. intelligence services, for example, Cyber Flag 2019 also involved members of the UK foreign military services and other intelligence groups. It was all part of asserting its new role as a unified combatant command.
US Cyber Command in action: Iran and the Persian Gulf
Where things get dangerous, though, is when cyber conflict and offensive cyber activities take place alongside potential kinetic conflict. Put another way, it’s one thing to carry out cyber strikes against a rogue nation when the two nations are separated by a continent or an ocean – but another thing entirely when the military units of both countries are already in a very offensive head-to-head posture. One small spark might ignite the tinderbox.
Case in point: in 2019, the military standoff in the Persian Gulf between the United States and Iran looked like it could quickly escalate into all-out war. Iran threatened to cut off the West’s oil supply by shutting down the Strait of Hormuz and shooting down Western surveillance drones, while the United States threatened to bomb Iran out of existence. Against this backdrop, the New York Times and other mainstream media outlets reported that the U.S. Cyber Command carried out a very daring cyber strike, which was designed to paralyze the Iranian military unit (the Islamic Revolutionary Guard Corps) blamed for attacking foreign oil tankers in the Persian Gulf. The Iranian cyber strike was successful – at least judged by the inability of the Iranians to escalate matters even further. Instead of military strikes and missile launches, the Trump Administration was able to use cyber strikes against Iranian computer systems.
That hints at the enormous promise of offensive cyber operations – they might be used to defuse a deadly military situation, or to avert armed conflict altogether. By using a policy of persistent engagement, it might be possible to engage with adversaries before they can do any real harm. And by signaling that the U.S. is ready to take offensive action, the White House is basically telling any would be adversaries that a very bad fate awaits them.
The future of warfare
By all accounts, the future of warfare will meld together both traditional military conflict and modern cyber conflict. In recognition of this fact, the 2019 National Defense Authorization Act actually defines U.S. cyberspace operations as “traditional military activity.” This is more than just a semantic nuance about operations, intelligence or planning – it implies that President Trump and the White House no longer needs to declare publicly what it is doing in cyberspace. That means offensive cyber strikes will not be announced in advance by intelligence officials, and enemies of the United States could wake up to find their computer networks or databases destroyed if they take any action to harm the U.S. in cyberspace. It remains to be seen if other nation-states such as Russia and China follow the U.S. lead in this new, modern phase of warfare.