22 juillet 2020 | International, C4ISR

The new ways the military is fighting against information warfare tactics

One of the clearest examples of how the military wants to defeat adversaries using information warfare is by publicly disclosing what those enemies have been doing and what capabilities they have.

Information warfare can be abstract, combining cyber, intelligence, electronic warfare, information operations, psychological operations or military deception as a way to influence the information environment or change the way an adversary think.

“At our level, the most important thing we can do is to be able to expose what an adversary is doing that we consider to be malign activity, in a way that allows that to be put in the information environment so that now more scrutiny can be applied to it,” Lt. Gen. Timothy Haugh, commander 16th Air Force, the Air Force's newly established information warfare organization, told reporters during a media round table in late February.

One of the first ways the Department of Defense has sought to test this is through U.S. Cyber Command's posting of malware samples to the public resource VirusTotal. Malware samples discovered in the course of operations by the Cyber National Mission Force are posted to the site to inform network owners. It also helps antivirus organizations of the strains build patches against that code and helps identify the enemies' tools being used in ongoing campaigns.

Haugh, who most recently led the Cyber National Mission Force, explained how these cyber teams, conducting what Cyber Command calls hunt forward operations, were able to expose Russian tactics.

U.S. military teams deploy to other nations to help them defend against malign cyber activity inside their networks. “Those defensive teams then were able to identify tools that were on networks and publicly disclose them, [and] industry later attributed to being Russian tools,” he said. “That was a means for us to use our unique authorities outside the United States to be able to then identify adversary activity and publicly disclose it.”

Officials have said this approach changes the calculus of adversaries while also taking their tools off the battlefield.

“Disclosure is more than just revealing adversary intent and capabilities. From a cyberspace perspective, disclosure is cost imposing as it removes adversary weapons from the ‘battlefield' and forces them to expend resources to create new weapons,” Col. Brian Russell, the commander of II Marine Expeditionary Force Information Group, told C4ISRNET in June. “Disclosure forces the adversary to ask: ‘How were those capabilities discovered?' It causes them to investigate the cause of the disclosure, forcing them to spend time on something other than attacking us. If I can plant a seed of doubt (messaging) that the disclosure might have been caused by someone working on the inside, it makes them question the system's very nature, perhaps spending more time and resources to fix the system.”

The NSA has demonstrated a similar tactic when it created its cybersecurity directorate in late 2019. The entity was formed in part, due to the fact that adversaries were using cyberspace to achieve strategic objectives below the threshold of armed conflict. Now, the directorate uses its intelligence and cyber expertise to issue advisories to the network owners of cybersecurity threats so they can take the necessary steps to defend themselves.

One recent advisory had direct bearing on a nation state's malicious activity, according to a senior intelligence official. In late May, the agency issued an advisory regarding a vulnerability in Exim mail transfer agent, which was being widely exploited by a potent entity of Russia's military intelligence arm the GRU called Sandworm.

“Quickly thereafter, we saw five cybersecurity companies jumped on it and really used that to deepen and expand and publish information about the GRU's infrastructure that they use to conduct their cyberattacks and further information as well,” the official told reporters in early July. “That was terrific because we felt that that had a direct impact on a major nation state in terms of exposing their infrastructure ... and we saw significant patch rates go up on a vulnerability that we knew they were using. That's the kind of thing that we're looking for.”

The military has had to think differently to combat for how adversaries are operating.

“A central challenge today is that our adversaries compete below the threshold of armed conflict, without triggering the hostilities for which DoD has traditionally prepared,” Gen. Paul Nakasone, commander of Cyber Command, wrote in prepared testimony before the House Armed Services Committee in early March. “That short-of-war competition features cyber and information operations employed by nations in ways that bypass America's conventional military strengths.”

These disclosures or efforts to call out malign behavior have also taken the forms of media interviews and press releases.

For example, Gen. Jay Raymond, the head of U.S. Space Command and the commandant of Space Force, said in a February interview in which he detailed what he deemed unacceptable behavior by Russia in space, a surprising charge given how tight lipped the U.S. government typically is about its satellites.

“We view this behavior as unusual and disturbing,” he said of Russian satellites creeping up to American ones. “It has the potential to create a dangerous situation in space.”

Or consider that leaders from Africa Command on July 15 issued a press release detailing the activities of the Wagner Group, a Russian security company, as acting on behalf of the Russian state to undermine the security situation in Libya.

“U.S. Africa Command (AFRICOM) has clear evidence that Russian employed, state-sponsored Wagner Group laid landmines and improvised explosive devices (IEDs) in and around Tripoli, further violating the United Nations arms embargo and endangering the lives of innocent Libyans,” the release said. “Verified photographic evidence shows indiscriminately placed booby-traps and minefields around the outskirts of Tripoli down to Sirte since mid-June. These weapons are assessed to have been introduced into Libya by the Wagner Group.”

Moreover, Africa Command's director of operations called out Russia, noting that country's leaders have the power to stop the Wagner Group, but not the will.

Sixteenth Air Force, at the request of C4ISRNET, provided a vignette of such behavior from Russia in the form of how it covered up the explosion of a radioactive rocket, dubbed Skyfall.

According to the service, Russia took extreme steps to curb monitoring of the site where the explosion took place and sought to conceal the true nature of the explosion potentially hindering surrounding civilian populations from receiving adequate medical treatment and guidance.

With new forces integrated under a single commander, using unique authorities to collect intelligence and authorities to disclose, 16th Air Force is now better postured to expose this type of malign activity, which previously the U.S. government just didn't do.

Top Pentagon leaders have explained that the dynamic information warfare space requires a new way of thinking.

“We've got to think differently. We've got to be proactive and not reactive with messaging,” Lt. Gen. Lori Reynolds, the Marine Corps' deputy commandant for information, told C4ISRNET in an interview in March. “We have been very risk averse with regard to the information that we have. You can't deter anybody if you're the only one who knows that you have a capability.”

https://www.c4isrnet.com/information-warfare/2020/07/20/the-new-ways-the-military-is-fighting-against-information-warfare-tactics/

Sur le même sujet

  • Army navigation drill to incorporate new sensors in coming years

    17 octobre 2024 | International, Terrestre

    Army navigation drill to incorporate new sensors in coming years

    The service plans to field and army of new sensors to cut through the fog of war.

  • L'impact du Coronavirus pour l'Europe

    23 avril 2020 | International, Aérospatial

    L'impact du Coronavirus pour l'Europe

    Au-delà du plan sanitaire, la crise du Coronavirus impacte l'ensemble des projets des Etats et vient questionner l'Europe. L'Europe questionnée. Le Sénat, à travers la commission des affaires étrangères et de la défense et des sénateurs Hélène Conway-Mouret et Ronan Le Gleut, a présenté les impacts de la crise du coronavirus sur l'Europe, sous l'angle de la défense et de la sécurité. Et le constat semble sans appel : la coopération entre les Etats européens doit être renforcée. « Le bilan de la coopération européenne est pour le moment nuancé : des coopérations bilatérales ont permis des transferts de patients du Grand Est vers des pays frontaliers [...] mais le Conseil européen du 26 mats a donné le spectacle d'Etats membres divisés, incapables de répondre rapidement à l'urgence de la situation », rapporte les deux sénateurs, en rappelant par ailleurs que des mécanismes existants permettraient une coopération accrue, à l'instar de l'article 222 du TFUE qui met en avant le principe de solidarité. Surveiller le contexte international. Cette nécessité de coopération est à analyser à la lumière du contexte international précédent la crise et renforcé par l'événement sanitaire qui touche actuellement le monde. « La crise risque en effet d'accentuer les évolutions stratégiques en cours : l'effritement de l'Europe, le désengagement américain et l'affirmation de puissance de certains Etats qui ne manqueront pas de s'emparer de la faiblesse de l'Europe pour faire avancer leurs propres intérêts », expliquent les deux sénateurs. En effet, on ne manquera pas de noter que si la crise touche violemment la grande majorité des Etats du monde, certains restent épargner, à l'instar de la Corée du Nord qui profite de l'occasion pour démontrer ses capacités militaires et mener des essais de missiles. De même, certains Etats profitent de l'absentéisme de réponse européenne pour nouer des liens précieux avec des pays du vieux continent en leur apportant une aide cruciale face à la crise. « Plusieurs acteurs et observateurs estiment aujourd'hui que la Chine et la Russie utilisent la crise sanitaire pour faire avancer leurs intérêts et renforcer leur influence. [...] Le déploiement de militaires russes en Italie, dans les zones les plus touchées par l'épidémie (Bergame) suscite des interrogations », rapportent les deux sénateurs. Rester présent en OPEX. Une autre préoccupation liée à la crise sanitaire actuelle réside dans la gestion des opérations extérieures. Une préoccupation qui touche d'autant plus la France, qui est aux premières loges au niveau européen. L'Europe « ne doit pas se détourner du reste du monde car la pandémie, si elle mobilise les esprits, ne fait pas disparaître les autres crises, et risque même de les aggraver », soulignent les auteurs. Une attention particulière doit être donnée à l'Afrique, qui souffre déjà d'importants déséquilibres économiques et d'inégalités sociales majeures, souvent à la racine des conflits qui sévissent actuellement sur le continent. Or cette situation pourrait se trouver largement accentuée par la crise du coronavirus, touchant massivement les économies des pays à travers le monde. Une accentuation des problèmes économiques et sociaux en Afrique pourrait aboutir à des désaccords internes pouvant mener à des affrontements. Retour à la case départ ? https://air-cosmos.com/article/limpact-du-coronavirus-pour-leurope-22957

  • US Space Force sorts through industry ideas to boost satellite sensors

    5 juin 2024 | International, C4ISR

    US Space Force sorts through industry ideas to boost satellite sensors

    Space Systems Command is sifting through an influx of ideas from companies to determine how they might shape future space domain awareness requirements.

Toutes les nouvelles