CYBER WARFARE PART III - 
PROCEDURES IF THE U.S. IS ATTACKED
      by layman Irene Baron  

The politically correct term for ‘cyber warfare’ is ‘cyber conflict.’ 

Osama Bin Laden predicted 90% of their future terrorist efforts would involve cyberspace. Since Australia, Inda and Egypt have been attacked in the past, we know all nations are at risk from terrorist cells or nations. https://pdfs.semanticscholar.org/a47e/e7b4c1d73e65a887167f071b0cff4204cfe5.pdf p.6 

See the lines of attack in the image to the left. Watch cyber-attacks in the USA in real-time. Attackers are after data in major servers in Seattle and other data storage areas. Click on this link to see attacks in real-time:   https://www.extremetech.com/extreme/185125-how-to-watch-hacking-and-cyberwarfare-between-the-usa-and-china-in-real-time 

There have been changes in every aspect of the digital medium. The U.S. Cyber Command now directs procedures to be followed in case of a cyberattack on the infrastructure of the United States. That command is located at Fort Meade in Maryland and is one of 11 Unified Commands of the Department of Defense.  General Paul Miki Nakasone is a four-star general in the United States Army who currently serves as the Commander of United States Cyber Command. He concurrently serves as the Director of the National Security Agency and as Chief of the Central Security Service. He is pictured to the left.

The U.S. Cyber Command was created in 2009 at the National Security Agency (NSA). In 2018 it was changed to full and independent command. It directs, synchronizes, and coordinates cyberspace planning and operations in defense of the U.S. and its interests.  The current commander is General Paul M. Nakasone, USA. 

Until June 2020, the cyber conflict that happened globally was considered minor. It wasn’t until the infrastructure of Australia was attacked, allegedly by China, that the public woke up to the possibilities of their country’s government and industries coming to a stop.  

If all the data/intelligence of a government department or industry is wiped clean, without duplicate data saved elsewhere, that department or industry would have a difficult time reproducing the material stolen. The cloud in which many save their data has been proven to be breached. Satellites have been breached and destroyed. The data has to be saved and protected where there is no outside link to it. 

CYBER CONFLICT 

The United States military commanders now fight in five areas: air, cyber, land, sea, and space. Cyber was added in 2011 and is the only man-made. It is not a physical domain. The question arises, is there a kill switch for the internet? Can it be turned off? If the U.S. infrastructure is undergoing a cyber-attack, the 2010 law states the President has the option to turn it off. Some say it can’t be done. 

EGYPT & INDIA TURNED OFF THE INTERNET 

In 2011, the Egyptian government ordered the four national internet service providers to turn off the “Domain Name System” and alter the server protocols. That prevented all internet traffic into and out of the country. India has also stopped and started the flow of the internet to its people.  How many internet servers are in the United States? 

Currently, there are 2665 internet service providers in the USA. There are 882 Digital Subscriber Line providers which use telephone lines to pass data. 

Does the U.S. Cyber Command have action plans to shut it down in case of an all-out cyber conflict? 

CYBER CONFLICT CHAIN OF COMMAND 

1. The chain of command begins with the Secretary of Defense, Dr. Mark Esper seen to the left. 
Pursuant to Title 10, U.S.C., section 164, and subject to the direction of the President, the Commander, USSTRATCOM performs duties under the authority, direction, and control of the Secretary of Defense and is directly responsible to the Secretary for the preparedness of the command to carry out missions assigned to the command. As a sub-unified command under the authority, direction, and control of the Commander, USSTRATCOM, USCYBERCOM is responsible to the Secretary of Defense through the Commander, USSTRATCOM. 

2. The Deputy Secretary of Defense is David Norquist.  
In accordance with Title 10, U.S.C., section 132, the Deputy Secretary of Defense performs such duties and exercises powers prescribed by the Secretary of Defense. The Deputy Secretary of Defense will act for and exercise the powers of the Secretary of Defense when the Secretary is disabled or the office is vacant. 

3. The Director of National Intelligence is John Ratcliff. 
The Intelligence Reform and Terrorism Prevention Act of 2004 established the Director of National Intelligence to act as the head of the Intelligence Community, principal advisor to the President and the National Security Council on intelligence matters pertaining to national security, and to oversee and direct the implementation of the National Intelligence Program. Pursuant to Title 50, U.S.C., section 403, subject to the authority, direction, and control of the President, the Director of National Intelligence coordinates national intelligence priorities and facilitates information sharing across the Intelligence Community. 

4. The Under Secretary of Defense is Joseph D. Kernan.   
The Under Secretary of Defense for Policy Title 10, U.S.C., and current DOD directives establish the Under Secretaries of Defense as the principal staff assistants and advisors to the Secretary of Defense regarding matters related to their respective functional areas. Within these areas, the Under Secretaries exercise policy and oversight functions, and in discharging their responsibilities, the Under Secretaries may issue instructions and directive memoranda that implement policy approved by the Secretary. 

Other departments involved in the decision making include: 

5.   The Director of National Intelligence 
6.   The Under Secretary of Defense for Policy 
7.   The Under Secretary of Defense for Intelligence 
8.   The Under Secretary of Defense for Acquisition, Technology & Logistics 
9.   The Assistant Secretary of Defense for Homeland Defense 
10.  The Chief Information Officer 
11.  The Chairman of the Joint Chiefs of Staff 
12.  The Secretaries of the Military Departments 
13,  The Chiefs of Staff of the Services 
14,  The Combatant Commanders and specifically, the Commanders of the U.S. Strategic Command and the U.S. Northern Command 
15,  The Director of Defense Information Agency 

Notice how many departments involved in making one decision. As a layman, it looks confusing. The President makes the final ‘pull the plug’ decision. How he reaches that decision seems garbled to me. It seemed garbled to Major Christian P. Helms in his report the Air Command and Staff College. He wrote that there were …   

“Inadequate Authorities Aside from advocating for resources and manning, various authorities required to conduct effective cyber operations are neither consolidated nor clearly delineated to USCYBERCOM. Lacking clear guidance and authorities is a result of fragmented roles and missions among a spectrum of U.S. government organizations all in the CYBER arena. 

As an example, compare the differences in Title 18 and Title 10 authorities then contrast the same given a notional combined Title 18, Title 10 cyber operation. Title 18 U.S. Code is the legal foundation for federal law enforcement and criminal investigation typically inherent to FBI activities. Title 10 U.S. Code is the legal establishment of the U.S. Armed Forces, its organization, actions, and roles. USCYBERCOM is fundamentally a Title 10 organization. The Posse Comitatus Act of 1878 strictly forbids Title 10 forces from generally engaging in Title 18 actions. With this understanding, place these constraints of a cyber-offensive operations team within a notional example of CYBERCOM attempting to trace and neutralize a Russian computer hacker actively attacking U.S. infrastructure. 

How does the nation defend against a Russian citizen visiting Arizona on a tourist visa attacking the Pentagon’s cyberinfrastructure using a host internet router in Germany?” 

A CYBERCOM soldier at a counter-offensive computer terminal has no authority to hit the proverbial enter button to forcibly stop such an attack. Such is the state of 21st century cyber activities. The compartmented nature of America’s legal framework is well suited to handle 19th and 20th century foreign and domestic issues. 21st-century information flow and physical hardware locations will quickly allow the nation’s enemies to conduct “lawfare” against the United States effectively using the nation’s laws against itself.” 

In other words, there is no good line of command. Decisions will be lost in the department mire. We will lose a cyber conflict due to the very long chain of command. Word would never get to the President to stop the internet. "

Irene Baron said that basically, that’s what happened on 9/11. Other than a few people knowing what to do, it would have taken hours follow the correct chain of command to stop the hijacked airplanes. One of the problems of 9/11 was that only a few people knew what the chain of command was.

Will a cyber attack leave us in the same situation as 9/11 did? 

WHO HAS OVERSIGHT OVER THESE AGENCIES? 

The resourcing, planning, programming, budgeting and oversight for U.S. Cyber Command’s missions is fragmented within the Defense Department, the executive branch as a whole, and within Congress. Section 932 of the National Defense Authorization Act (NDAA) for Fiscal Year 2014 requires the Secretary of Defense to appoint a Senate-confirmed official from the Office of the Under Secretary of Defense for Policy (USD(P) ) to act as the principal cyber advisor to the Secretary. 

WHAT ARE THE PRIORITIES FOR THE U.S. CYBER COMMAND? 

The priorities for the U.S. Cyber Command should be, according to answers by Vice Admiral Michael S. Rogers, USN Nominee for Commander, United States Cyber Command. Rogers is now retired. Prior to his appointment and during his Senate hearing, he discussed the position.

"USCYBERCOM is helping to accomplish something that our military has never done before. With the Services, allies, and a host of partners, it is putting in place foundational systems and processes for organizing, training, equipping, and operating military cyber capabilities to meet cyber threats. 

USCYBERCOM and the Services are building a world-class, professional, and highly capable force in readiness to conduct full-spectrum cyberspace operations. Its Cyber Mission Force is already engaged in operations and accomplishing high-value missions. It is no longer an idea on a set of briefing slides; its personnel are flesh-and-blood Soldiers, Marines, Sailors, Airmen, and Coast Guardsmen, arranged in military units. That progress is transforming potential capability into a reliable source of options for our decision-makers to employ in defending our nation. 

Future progress in doing so, of course, will depend on our ability to field sufficient trained, certified, and ready forces with the right tools and networks to fulfill the growing cyber requirements of national leaders and joint military commanders. If confirmed, my highest priority will be continuing and expanding this progress toward making USCYBERCOM capable of protecting our nation's freedom of maneuver in cyberspace. 

The ease with which nation-states, terrorists, and criminals, are able to penetrate corporations and government organizations to steal information suggests that the prospects for cyber defense, using current techniques at least, are poor. 

Nonetheless, Cyber Command has been assigned the mission of defending the homeland, which at least implies that a defensive mission is practical and achievable. It may be possible to build resilience into critical infrastructure to recover from an attack, through back-up systems and redundant control systems that are less automated or electronically connected, but the government so far has not emphasized resilience over defense for our most critical infrastructure." 

WILL U.S. CYBER COMMAND PREVENT CYBER-ATTACKS? 

When asked, “On a sustained basis in a conflict with a very capable nation-state, should we expect U.S. Cyber Command to be able to prevent cyber-attacks from reaching their targets or causing great damage,” Rogers answered: 

"The U. S. possesses superior military might across all warfighting domains, cyberspace included. In truth, however, there has been no large scale cyber conflict yet in history, and the state of strategy and execution of cyber warfare is evolving as we speak. Our decision to collocate key intelligence operations and cyberspace capability serves as a force multiplier if properly authorized and supported by policy, resources, and willpower. 

Our force construct is such that it provides the United States the flexibility to engage, both offensively and defensively, in specific areas of hostility or on a transnational basis. We are building or further developing our international partnerships and relationships for mutual support and recognition of norms of behavior. We know there are other nation-states who have the equal or near-equal capability to ours; we have to be sure that we have the capabilities, processes, authorities, and, where appropriate, delegation and pre-approvals in place to prevent and respond to malicious activity. In a conflict where the risk to our systems, information, and critical infrastructure was in play, that the U. S. would need to optimize our ability to see, block, and maneuver against attackers in a streamlined and efficient fashion. 

We still have significant work to do to build out our forces and capabilities. However, given the circumstances, yes, I believe it is realistic to expect that U. S. CYBERCOM could effectively engage the adversary to prevent attacks and severe damage." 

SUMMARY 

There are too many procedures to follow if the U.S. infrastructure is attacked in cyber warfare. As Helm wrote, “… there is no good line of command. Decisions will be lost in the department mire. We will lose a cyber conflict due to the very long chain of command. Word would never get to the President to stop the internet.” 

It could take over 24-hours to follow written procedures to stop the cyberattack. There should be one overseer/decision-maker who has emergency procedure links in place with numerous successful test runs completed. The reaction decision must be made quickly before all infrastructure data is lost to the digital invader. 

This may already have been addressed by our government. If so, GREAT. If not, the Secretary of Defense, Dr. Mark Esper, had better get busy! 

REFERENCES: 

Anthony, Sebastian. Extreme Tech. “How to watch hacking, and cyberwarfare between the USA and China, in real-time.” 25 June 2014. 
https://www.extremetech.com/extreme/185125-how-to-watch-hacking-and-cyberwarfare-between-the-usa-and-china-in-real-time 

Dombrowski, Peter and Demchak, Chris C. (2014) "Cyber War, Cybered Conflict, and the Maritime Domain," Naval War College Review: Vol. 67: No. 2, Article 7. Available at: 
https://digital-commons.usnwc.edu/nwc-review/vol67/iss2/7. Accessed 29 June 2020. 

Helms, Christian P. Major. AIR COMMAND AND STAFF COLLEGE, AIR UNIVERSITY,  The Digital GCC: USCYBERCOM As a Combatant Command https://apps.dtic.mil/dtic/tr/fulltext/u2/1012758.pdf 

Schneider, Barry R. Grinter, Lawrence E. Battlefield of the Future – 21st Century Warfare Issues.Air War College Studies in National Security No.3. Air University. Maxwell Air Force Base. 

United States Cyber Command. https://en.wikipedia.org/wiki/United_States_Cyber_Command accessed 29 June 2020 

Villason, Luis. BBC Science Focus Magazine. “Is it possible to turn off the internet worldwide?” https://www.sciencefocus.com/science/is-it-possible-to-turn-off-the-internet-worldwide/ accessed 29 June 2020 

A fun video from a journal about cyber spying: https://issuu.com/email1710/docs/eye_spy_issue_112_december_2017

 

Writer Irene Baron was named the Top International Female Writer of the Year 2020 by the International Association of Top Professionals (IAOTP)