Back to news

January 10, 2020 | International, C4ISR, Security

How tensions with Iran could test a new cyber strategy

Mark Pomerleau

In 2018, the Department of Defense began following a new philosophy for cyber operations to better protect U.S. networks and infrastructure.

Known as “defend forward,” the approach allows U.S. cyber forces to be active in foreign network outside the United States to either act against adversaries or warn allies of impending cyber activity that they've observed on foreign networks.

After the U.S. military killed an Iranian general in a Jan. 2 drone strike and after national security experts said they expect Iran might take some retaliatory action through cyber operations, the specter of increased cyber attacks against U.S. networks puts Cyber Command and its new approach front and center.

“This Iran situation today is a big test of the ‘defend forward' approach of this administration,” James Miller, senior fellow at Johns Hopkins Applied Physics Laboratory and former undersecretary of defense for policy, said at a Jan. 7 event hosted by the Council on Foreign Relations. “Will [Cyber Command] take preventative action? Will they do it in a way that our allies and partners support and that can be explained to the public?”

While Iran fired several missiles Jan. 7 at a base in Iraq where U.S. troops lived as an initial response to the drone strike, many national security experts expect Iran could continue cyber actions as further retaliation for the strike. Iran could also ratchet up its cyber operations in the United States following the collapse of portions of the 2015 nuclear deal between the United States, Iran and five other nations to curb Iran's nuclear weapons capability in return for sanctions relief.

Over the past 12 months, the White House and Congress streamlined many of the authorities used to conduct cyber operations to help cyber forces to get ahead of threats in networks around the world. One such provision in last year's annual defense policy bill provides the Pentagon with the authority to act in foreign networks if Iran, among other named nations, is conducting active, systematic and ongoing campaigns of attacks against the U.S. government or people.

Cyber Command declined to comment on what, if anything, they were doing differently since the drone strike.

Some experts, however, have expressed caution when assessing how well this defend forward approach has worked thus far given it is still relatively new.

“The jury is very much still out here,” Ben Buchanan, assistant professor and senor faculty fellow at Georgetown University, said at the same event. “We don't have a lot of data, there's been a lot of hand-wringing ... about these authorities and about how Cyber Command may or may not be using them. I just don't think we've seen enough to judge whether or not ... [it is] meaningfully changing adversary behavior.”

Others have also expressed reservations about how effective Iran can even be in cyberspace toward U.S. networks.

“Iran is a capable cyber actor, Iran is a wiling cyber actor. That means Iran will conduct cyberattacks,” said Jacquelyn Schneider, Hoover fellow at the Hoover Institution at Stanford University. “It's not like they have this capability and they've been deterred in the past and maybe now they're going to turn it on. I think they've been trying this entire time.”

Complicating matters further could be other actors trying to take advantage of U.S.-Iran imbroglio for their own interests.

Priscilla Moriuchi, senior principal researcher and head of nation-state research at threat intelligence firm Recorded Future, said over the past several months, there have been reports of Russian state-affiliated actors hijacking Iranian cyber infrastructure to conduct operations masquerading as Iranians.

“That creates its own uncertainty,” she said at the same event. “Another level of potential what we call inadvertent escalation if a country perceives that they are attacked by Iran but in reality, it” wasn't.

https://www.fifthdomain.com/dod/2020/01/09/how-tensions-with-iran-could-test-a-new-cyber-strategy/

On the same subject

  • Counter-drone startup Epirus raises $70M, plans to hire 100 people

    December 18, 2020 | International, Aerospace

    Counter-drone startup Epirus raises $70M, plans to hire 100 people

    By: Joe Gould WASHINGTON ― Epirus, a venture-backed startup offering a counter-drone capability, announced Thursday it raised $70 million to speed its technology to market. The round was led by San Francisco, California-based Bedrock Capital, and brings the 2-year-old company's total capital raised to roughly $80 million. The news comes six months after Epirus inked a strategic supplier agreement with Northrop Grumman to provide exclusive access to Epirus' software-defined electromagnetic pulse system Leonidas. Since then, the firm has doubled in size and plans to add 100 jobs in 2021. “We're aggressively hiring and expanding our footprint on the East and West coasts,” Epirus CEO Leigh Madden told Defense News. He added that the firm is shifting its headquarters from the Hawthorne, California, office to its newer offices in Tysons Corner, Virginia. Alongside Bedrock and several other investment firms, L3Harris Technologies is investing in Epirus. Epirus developed a SmartPower power-management technology that underpins its counter-unmanned aircraft system, and the company plans to partner with L3Harris to create greater power efficiencies within some of its existing systems. The technology, which allows the system to deliver a high-power output with a relatively low-power input, has a range of applications across other radio frequency systems, Madden said. (The company's systems involve a combination of high-power microwave technology and, for enhanced targeting, artificial intelligence.) The new funding, “enables us to rapidly build out our counter-UAS system,” Madden said. “We'll be bringing the Leonidas system to market as well as advancing the capabilities of our SmartPower technology ― and working with government customers and partners to expand the application of that technology.” Beyond Bedrock and L3Harris, the new Series B funding came from Piedmont Capital Investments, 8VC, Fathom VC and Greenspring Associates. In 2019, Epirus closed $17 million in Series A funding, which was led by 8VC. (Series A is meant to help a company progress to the development stage, and Series B is meant to help a company market or expand its existing market footprint.) Geoff Lewis of Bedrock Capital said in a statement that investors are “confident Epirus has the capacity to integrate its technology into top tier counter-UAS systems and lead the way in developing new and compelling directed energy applications.” “Epirus counters the weak assumption baked into standard VC models that the economic and cultural gaps of defense-focused investments are too wide to overcome,” Lewis said. https://www.defensenews.com/2020/12/17/counter-drone-startup-epirus-raises-70m-plans-to-hire-100-people/

  • Cyber Command’s measure of success? Outcomes

    July 14, 2020 | International, C4ISR, Security

    Cyber Command’s measure of success? Outcomes

    Mark Pomerleau A U.S. Cyber Command official said that when they examine whether any given operation or even when a strategy has been successful, they're not looking at metrics, but rather outcomes. “It's really about: have we enabled the collective defense of the nation,” Maj. Gen. John Morrison, Cyber Command's outgoing chief of staff, told C4ISRNET in a July interview. Roughly two years ago, Cyber Command and the Department of Defense started a paradigm shift for cyber policy and operations. The 2018 DoD cyber strategy tasked Cyber Command to “defend forward,” which is best described as operators working on foreign networks to prevent attacks before they happen. The way Cyber Command meets those goals is through persistent engagement, which means challenging adversary activities wherever they operate. Part of the need for a change was that adversaries were achieving their objectives but doing so below the threshold of armed conflict – in the so-called gray zone – through cyberspace. DoD wanted to stop that from happening through more assertive cyberspace action. Some in the academic community have wanted to see some way in which the command can measure the success of these new approaches. But Morrison explained that these outcomes, or intended effects during operations, could be enabling other partners – foreign or other agencies within the U.S. government – to take action in defense of the nation. For example, he said that when Cyber Command teams encounter malware they haven't seen before, they share it with partners in government, such as FBI or DHS, which can lead to the greater national collective defense. He also noted that building partnerships enables a sense of collective defense in cyberspace and can help significantly in the future against sophisticated adversaries. Morrison will be replaced at Cyber Command by Maj. Gen. David Isaacson. It is unclear where Morrison is headed next. The need for flexibility As Cyber Command has gained more authorities in recent years, it has been able to conduct significantly more operations and different types of operations as well, Morrison said. Throughout these missions, leaders have learned they must be flexible, be it in tactics, structure of teams, or the capabilities they need or develop. “We have thinking adversaries that we go against every single day. That drives us to change how we operate,” Morrison said. “You change your tactics, techniques and procedures but that's also going to drive changes in how we train and what we train ... It drives how we do capability development and development of capabilities and the employment of those capabilities, which again ties back to training at a much faster pace in this space.” Morrison noted that this includes how teams are organized. He explained the way defensive cyber protection teams were first envisioned when they were created in 2012-2013 is not at all how they fight now. To keep up with dynamic adversaries, Cyber Command is keeping closer watch on readiness metrics developed by the command for its cyber teams. This is a framework that details standards for how teams are equipped, manned and supplied. Cyber protection teams were detailed first and now Cyber Command has readiness metrics for combat mission teams, the offensive teams that support combatant commands, and intelligence/support teams. Officials are still working through metrics for what are called national teams that are charged with defending the nation. The command also needs to improve the way it feeds operational requirements into capabilities cyber warriors can use, Morrison said. This includes improving acquisition practices for both of the programs of record Cyber Command is executing through its Joint Cyber Warfighting Architecture — which guides capability development priorities and includes the Unified Platform and Persistent Cyber Training Environment — and the more rapidly developed tools needed on the fly. “That's where you've got the ability inside the command now to rapidly produce that capability through a variety of means and get it into the hands of our operators as quick as possible,” he said. In fact, the Army has begun to embed tool developers and coders alongside operators through the Rapid Cyber Development Network to more quickly meet urgent needs. This allows them in almost in near real time to develop or change tools to meet requirements. “How do we do capability development in a much smoother fashion than we sometimes do today where we're able to rapidly assess, prioritize, resource operational requirements to produce a capability that we can then get back into the hands of our operators as quickly as possible,” Morrison said. From these capabilities that are developed for shorter term needs, he said the key will be deciding if they want to move them into a program of record. Will it be a longer term capability, will it adjust tactics, techniques and procedures or training? “We've got to work those pieces,” he explained. On the longer term, program of record capabilities, he noted officials still want the iterative development associated with more software-centric systems as opposed to more traditional military hardware. Integration with combatant commands Cyber is much more ingrained in military planning and operations than it was in years prior, Morrison said, however, work remains. There is now a closer link between the combatant commands and Cyber Command elements that plan, coordinate, synchronize and conduct cyber operations on their behalf, Morrison said, noting that they are still maturing. These include the Joint Force Headquarters-Cybers‚ which are commanded by each of the service cyber component commanders, and plan, synchronize and conduct operations for combatant commands they're assigned to, and new entities being created called cyber operations-integrated planning elements. These are forward extensions of the Joint Force Headquarters resident within the combatant commands to better coordinate cyber planning with other operations for the combatant commander. These entities all enable a greater central connective tissue from a Cyber Command perspective as they can feed from the theater level back to the command providing a global cyberspace picture. “You have to take not only a regional view of anything that you're doing, but, when you can bring the power of a global enterprise behind it, that's a pretty powerful capability for our nation,” Morrison said. “We are in the process of building every one of our CO-IPEs but I definitely think that we are heading in the right direction, especially as [the CO-IPEs] get built and they integrate closer and closer with their supported combatant commands.” https://www.c4isrnet.com/cyber/2020/07/10/cyber-commands-measure-of-success-outcomes/

  • Defense Department Looking Beyond 5G

    December 8, 2020 | International, C4ISR

    Defense Department Looking Beyond 5G

    12/7/2020 By Jon Harper The Pentagon continues to pump additional funding into 5G technologies that have military and commercial applications. But it is also eyeing 6G and other next-generation communications capabilities. The term 5G refers to the oncoming fifth generation of wireless networks that will yield a major improvement in data speed, volume and latency over today's fourth-gen networks, known as 4G. In October, the Defense Department announced $600 million in awards for 5G test bed and experimentation activities at five U.S. military test sites. The work will be expanded to seven additional sites next year. “These activities represent the largest full scale 5G tests for dual-use applications anywhere in the world,” Acting Undersecretary of Defense for Research and Engineering Michael Kratsios told reporters. Commercial partners on the sites will include AT&T, Ericsson, Federated Research, Nokia and the Scientific Research Corporation. “This testing experimentation will not only dramatically improve our warfighting capabilities, it will also bring new uses and opportunities for this technology to the private sector,” Kratsios said. “These sandboxing activities at military bases harness the department's unique authorities to pursue bold innovations and game changing technologies.” Nations that master advanced communication technologies will enjoy long-term economic and military advantages, he added. Initial use cases for 5G envisioned by the Pentagon include integrating augmented reality and virtual reality into mission planning and training; developing “smart” warehouses to enhance logistics operations; and dynamic electromagnetic spectrum sharing in congested and contested environments. Starting in 2021, there will be an emphasis on the security aspects of 5G as well as innovations in next-gen capabilities such as 6G and 7G, Joseph Evans, the Defense Department's principal director for 5G, told reporters. Broad agency announcements on those topics are slated to be released in the January 2021 timeframe, Evans said. Elsa Kania, an adjunct senior fellow with the Technology and National Security Program at the Center for a New American Security, suggested the Pentagon might be getting ahead of itself. “I will be a little bit skeptical of talk of 6G when 5G is still at a nascent stage in so many fronts and we have yet to explore or exploit the full potential of 5G,” she said during a panel discussion. “I'm sure we will hear much more about 6G in the years to come, but I think for the time being, keeping the focus on how to ensure that 5G itself is secure and reliable” is a better approach. https://www.nationaldefensemagazine.org/articles/2020/12/7/defense-department-looking-beyond-5g

All news