Why are we only playing defense when it comes to cyber threats?

1SG Private RallyPoint Member — Thu, 05 Jan 2017 13:15:30 -0500

It seems to me that when it comes to cyber intrusions, the USG limits itself to defensive, primarily passive means. Yet, in doctrine we should employ offensive and stability lines of effort as well.
Defensive efforts include the training we all know and love and firewalls.
Offensive should include attacking their networks at the source and interchanges.
Stability should include hardening our systems against intrusion.

It seems like our enemies get this more than we do, and watching Congressional hearing on the subject today doesn't fill me with confidence.
Infrastructure like the electrical grid, GPS systems, cellular network, and the internet itself are very vulnerable to determined disruption by state and non-state actors.
ISIS and others use systems that are equally vulnerable to communicate and recruit. Why not use our capabilities to remotely shut down these and other efforts? Are we that fearful of retaliation?
I think that we need to be prepared to play hardball, and so far we are playing kittenball.

Response by MSgt Danny Hope made Jan 5 at 2017 1:19 PM

MSgt Danny Hope — Thu, 05 Jan 2017 13:19:12 -0500

Because we haven't even begun to enter the fray

Response by SGT Private RallyPoint Member made Jan 5 at 2017 1:33 PM

SGT Private RallyPoint Member — Thu, 05 Jan 2017 13:33:20 -0500

The Army is playing defense. There are rumours other organizations within the USG that participate in offensive cyber operations.

Within the Army, cyber personnel support the mission of the Army "to fight and win our Nation's wars, by providing prompt, sustained, land dominance, across the full range of military operations and the spectrum of conflict, in support of combatant commanders."

As far as I know we have not officially declared war within the cyberspace domain. Until that happens we will remain defensive.

Response by CPT Arch Nissel made Jan 5 at 2017 1:34 PM

CPT Arch Nissel — Thu, 05 Jan 2017 13:34:47 -0500

What is being done on the offensive side you won't read about.

Response by SMSgt Thor Merich made Jan 5 at 2017 1:44 PM

SMSgt Thor Merich — Thu, 05 Jan 2017 13:44:21 -0500

We are employing offensive cyber. I believe we got caught hacking the Germans, the Israeli's and a few others over that last few years. Also, years ago, Iran's nuclear plants were hacked. There are some that say we had a hand in that. I don't know....

Response by Col Joseph Lenertz made Jan 5 at 2017 1:53 PM

Col Joseph Lenertz — Thu, 05 Jan 2017 13:53:21 -0500

Before we took down Iraq's vaunted French-designed and German-built IADs, we went to school on it. We made it look so easy people forgot what they said about how tough it would be. We are going to school on everybody's OCO right now and keeping our own cards close to the chest. Probably a smart move.

Response by Cpl Justin Goolsby made Jan 5 at 2017 2:01 PM

Cpl Justin Goolsby — Thu, 05 Jan 2017 14:01:36 -0500

I think one of the primary reasons is the dinosaurs that are currently still in office. When we have politicians that have no idea how a firearm works, who is surprised that they wouldn't understand how the internet or network security works.

From what I heard Podesta's password was "password" and here I am forced to make a new password every 30 days in a string of 20 characters with numbers, capitals, lowercase, special characters, and it must not match your last 15 passwords.

We've grown up in the fastest growing technological development in the past 30 years, and yet some of the people in office were elected before the 56k modem.

Yes, we absolutely should be preparing to play hardball. Cyber threats are just as harmful as the physical threats.

Response by MCPO Roger Collins made Jan 5 at 2017 2:09 PM

MCPO Roger Collins — Thu, 05 Jan 2017 14:09:20 -0500

We seem to be able to intuit who is hacking us and how, but can not react in the same way? Or maybe we are, if so STFU and do it without fanfare. Good question 1SG Jerry Healy.

Response by Maj Kevin "Mac" McLaughlin made Jan 5 at 2017 2:15 PM

Maj Kevin "Mac" McLaughlin — Thu, 05 Jan 2017 14:15:26 -0500

We do perform offensive cyber operations and we've been doing it for a long time. Details are and will always be classified.

Response by MSG Brad Sand made Jan 5 at 2017 2:32 PM

MSG Brad Sand — Thu, 05 Jan 2017 14:32:16 -0500

Also, why would we watch for 18 months and only say something when those in power lost?

Response by SSG Johnnie Vaughn made Jan 5 at 2017 2:36 PM

SSG Johnnie Vaughn — Thu, 05 Jan 2017 14:36:11 -0500

Watching ANY Congressional hearing rarely inspires confidence...

Response by SFC Dante Alanis made Jan 5 at 2017 5:22 PM

SFC Dante Alanis — Thu, 05 Jan 2017 17:22:23 -0500

This administration has been fearful. We'll see if the next is more proactive. Consider though, each time we retaliate we give up information on our capabilities and sources.

Response by PO1 William "Chip" Nagel made Jan 5 at 2017 5:47 PM

PO1 William "Chip" Nagel — Thu, 05 Jan 2017 17:47:44 -0500

Defense? Stuxnet sounds pretty Offensive although no one really knows who did it, US, Israel maybe both. Traditionally we are strictly "Defensive" and never the "Aggressor" but Unless you are working for NSA, CIA, 10th Fleet (I Probably Shouldn't Have Said that. LOL) You don't know what we are doing and if you do and release it on this Forum you are going to be in a Heap of Trouble as I would have been when I was in the Field. But a Good Start to a Debate!

Response by SPC David S. made Jan 5 at 2017 6:02 PM

SPC David S. — Thu, 05 Jan 2017 18:02:12 -0500

I think this is in part due to lack of age diversity in the higher ranks as well by nature of cyber threat design and implementation of such cyber assets this falls into the wheelhouse of more clandestine services. Jumping air gaps and compromising infrastructure if done correctly should not be traceable or detected until such assets are dialed up. Its also important to understand as well the current treaty in place and this not only shapes our cyber warfare capabilities but as well how it can be exploited. One portion that deals with international cooperation presents opportunities to exploit this agreement. For example Russian security services investigating democracy activists in the US could ask for the FBI's help in uncovering the contents of individual Yahoo Mail or Hotmail accounts, or even conduct live wiretaps on their behalf even if such individuals are not under investigation by US authorities. There's no dual criminality within the mutual assistance provisions. There is as well a section that deals with the dissemination of xenophobic language which clearly violates the 1st Amendment. I only mention this as we have clearly defined treaties on such things as nuclear arms yet cyber warfare is currently something done covertly without any real measures to enforce culpability. One example of this lack of enforcement can bee seen with the latest claims of Russian's hacking and the deportation of alleged Russian intelligence officers.

Response by Lt Col Private RallyPoint Member made Jan 5 at 2017 9:00 PM

Lt Col Private RallyPoint Member — Thu, 05 Jan 2017 21:00:32 -0500

Cyber is a touchy subject. It really shouldn't be discussed in a forum like this because the nature of what it is. After Snowden leaked some of this capability which is allegedly portrayed in the movie, I imagine it is safe guarded in high level Special Access Programs. Any hints of our capability would be unwise to speculate on.

Response by PO3 John Wagner made Jan 5 at 2017 10:16 PM

PO3 John Wagner — Thu, 05 Jan 2017 22:16:08 -0500

I'm sure we do however. I am also sure we don't discuss it in the readers digest.

Response by SPC(P) Private RallyPoint Member made Jan 6 at 2017 10:48 AM

SPC(P) Private RallyPoint Member — Fri, 06 Jan 2017 10:48:05 -0500

1SG Private RallyPoint Member I agree the best defense is a good offense, however as CPT Arch Nissel said what is being done offensively are things you won't hear about.

Response by LT Brad McInnis made Nov 27 at 2017 12:05 PM

LT Brad McInnis — Mon, 27 Nov 2017 12:05:21 -0500

I had a very smart sailor that worked in my shop. He played offense on his spare time for the Government. From his garage... (he was seconded to one of the alphabet agencies for contract work every so often).

Response by CPT Private RallyPoint Member made Nov 27 at 2017 2:14 PM

CPT Private RallyPoint Member — Mon, 27 Nov 2017 14:14:46 -0500

The short answer is: we (DoD) do conduct offensive cyber operations. Like others have said, the approving authority for those type of operations resides at very high levels. Unlike kinetic attacks, they are not advertised or shown in the media.