The US Enters a New Era of Offensive Cyber Operations
Until now, the United States’ cyber warfare policy has been one of defense, with a few noteworthy exceptions. Indeed, President Obama’s 2012 Presidential Policy Directive 20 (PPD-20) required a complex and lengthy interagency legal process before approval of any offensive cyber operation.
That has changed. In August 2018, President Trump rescinded PPD-20 and enacted a new policy that allows agencies to make the determination on which cyber operations to pursue and the authority to pursue them.
Offensive Cyber Operations Have Bipartisan Support
These days, there is very little that Democrats and Republicans can agree on. However, punishing bad actors with America’s significant arsenal of cyberweapons has received support from both sides of the aisle. The 2018 policy drew praise from both House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Senate Intelligence Committee Vice Chair Mark Warner (D-VA).
As a result, the U.S. has entered a new era of cyber warfare that requires neither the approval nor knowledge of Congress or the President.
US Cyberattacks on Russia
According to a recent report by New York Times writers David E. Sanger and Nicole Perlroth, U.S. cyber infiltrators have broken into and set up “cyber bombs” deep inside Russia’s power grid and electrical plants. The mere press of a button could significantly disrupt Russian’s ability to communicate and coordinate in the event of a shooting war.
In addition, U.S. cyber operations retaliated against the Russian “troll factory” known as the Internet Research Agency (IRA) during the 2018 midterm elections. The attack crippled online operations and took them offline during the election.
The message to Russia? The United States is no longer playing defense only. According to Vox, special counsel Robert Mueller indicted 13 individuals and three companies connected to the IRA, including 12 of the agency’s employees.
US Cyberattacks on Iran
After Iran recently shot down a $240 million surveillance drone, the U.S. performed a cyberattack against Iranian military computers used to control rocket and missile launches. However, the cyber offensive had been planned in the weeks leading up to the loss of the drone and was not a direct retaliation for the drone’s destruction.
The extent of the damage to Iranian computers is unknown and both Iran and the U.S. have not commented publicly on the attack.
In 2010, Iran’s nuclear program was the target of a devastating cyberattack that took control of centrifuge controls in facilities across the country, causing thousands of machines to break. Known as the Stuxnet virus, the attackers, primarily from the U.S. and Israel, allegedly blasted AC/DC’s song “Thunderstruck” at maximum volume on multiple workstations.
US Cyberattacks on China
Former National Security Agency (NSA) head General Keith Alexander declared in 2012 that the cybertheft of U.S. intellectual property, mostly by China, amounted to “the largest transfer of wealth in world history.”
China and North Korea have very robust cyber offensive capabilities and routinely target both public and private entities in the United States. Until now, the U.S. was content with bringing indictments and criminal charges against certain known cybercriminals in China.
Offense, Not Defense, Is a Different US Tactic in Cyberspace
Currently, in China, the U.S. is likely engaging in a similar campaign to our Russian attacks — planting the seeds for deep disruption in the event of a larger conflict.
Like space, the digital realm is the newest front in the competition between nations. Operations in cyberspace have a role in the ongoing game of economic, military and diplomatic one-upmanship. One of the reasons that the previous administration hesitated to utilize our nation’s full range of offensive cyber capabilities was a fear that these tools could be used against us in the future.
Given our adversaries’ devastating capabilities, it seems now that the United States is growing more risk-averse and fully prepared to bring to bear the full might of America’s cyber arsenal.