Army, Air Force seek to go on offensive in cyber war

In an unusual act of candor, both the Army and Air Force in the past two months have issued solicitations asking the computer industry to provide technologies the services can use to wage offensive cyberattacks against enemy computer systems.

The Army's Communication and Electronics Command last month released an announcement asking the IT industry to present technologies that it could use to infiltrate enemy computer networks and communications systems. The military refers to such cyberattacks as "offensive information operations," or OIO.

The Army acknowledged in the announcement that it already has waged cyberattacks on enemy networks and communications platforms, but provided no details. But it wants to "leverage innovative technologies" to improve its cyberattacks "and prevent enemy forces from detecting and countering efforts directed against them," according to the announcement. "Technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use."

The Air Force also is seeking offensive cyber warfare capabilities, according to an announcement and a request for information released in April. The Air Force's 950th Electronic Systems Group said it is seeking industry help to define technologies and capabilities "associated with computer network attack." The technologies would be used to "disrupt, deny, degrade or deceive an adversary's information system," according to the request for information.

The Air Force wants technology that will help it map data and voice networks, provide it with access to those networks, conduct denial-of-service attacks on current and future network operating systems and network devices and engage in data manipulation on enemy networks.

The Air Force Electronic Systems Center declined to classify potential targets of the offensive cyber operations, such as nations, terrorists, rogue groups or individuals. "Specific capabilities or procedures cannot be discussed for security reasons," said Monica Morales, a spokeswoman for the Electronic Systems Center, the parent command of the 950th Electronic Systems Group.

The offensive cyberattack capabilities that the Army and Air Force want to develop match what Marine Gen. James Cartwright, commander of the Strategic Command, called for during a hearing of the House Armed Services Committee in March. He told the panel that if "we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests."

Bruce Schneir, a security consultant with BT Counterpane, endorsed the Army and Air Force efforts. "Our government would be negligent if it did not develop offensive information operations capabilities," he said.

But, Schneir added, since cyber space, unlike the physical battlefield, has connections to global networks that support commerce and communications, any offensive operations conducted by the United States must be fine-tuned to avoid disrupting computer systems that are not part of any enemy system that the military would target. That would be the cyber equivalent to collateral damage inflicted in a bombing campaign.

Steven Aftergood, director of the Project on Government Secrecy for the Federation of American Scientists, described the release of the Army and Air Force offensive cyberattack solicitations as significant, because the services have only released limited information on their cyberattack plans, operations or technologies. These solicitations are more detailed.

The Army expects industry to submit responses to the announcement by the end of June. The Air Force is scheduled to hold an industry day for its Network Warfare Operations Capabilities solicitation on June 14 in San Antonio.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.