Army, Air Force seek to go on offensive in cyber war

In an unusual act of candor, both the Army and Air Force in the past two months have issued solicitations asking the computer industry to provide technologies the services can use to wage offensive cyberattacks against enemy computer systems.

The Army's Communication and Electronics Command last month released an announcement asking the IT industry to present technologies that it could use to infiltrate enemy computer networks and communications systems. The military refers to such cyberattacks as "offensive information operations," or OIO.

The Army acknowledged in the announcement that it already has waged cyberattacks on enemy networks and communications platforms, but provided no details. But it wants to "leverage innovative technologies" to improve its cyberattacks "and prevent enemy forces from detecting and countering efforts directed against them," according to the announcement. "Technologies designed to interrupt these modern networks must use subtle, less obvious methodology that disguises the technique used, protecting the ability whenever possible to permit future use."

The Air Force also is seeking offensive cyber warfare capabilities, according to an announcement and a request for information released in April. The Air Force's 950th Electronic Systems Group said it is seeking industry help to define technologies and capabilities "associated with computer network attack." The technologies would be used to "disrupt, deny, degrade or deceive an adversary's information system," according to the request for information.

The Air Force wants technology that will help it map data and voice networks, provide it with access to those networks, conduct denial-of-service attacks on current and future network operating systems and network devices and engage in data manipulation on enemy networks.

The Air Force Electronic Systems Center declined to classify potential targets of the offensive cyber operations, such as nations, terrorists, rogue groups or individuals. "Specific capabilities or procedures cannot be discussed for security reasons," said Monica Morales, a spokeswoman for the Electronic Systems Center, the parent command of the 950th Electronic Systems Group.

The offensive cyberattack capabilities that the Army and Air Force want to develop match what Marine Gen. James Cartwright, commander of the Strategic Command, called for during a hearing of the House Armed Services Committee in March. He told the panel that if "we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests."

Bruce Schneir, a security consultant with BT Counterpane, endorsed the Army and Air Force efforts. "Our government would be negligent if it did not develop offensive information operations capabilities," he said.

But, Schneir added, since cyber space, unlike the physical battlefield, has connections to global networks that support commerce and communications, any offensive operations conducted by the United States must be fine-tuned to avoid disrupting computer systems that are not part of any enemy system that the military would target. That would be the cyber equivalent to collateral damage inflicted in a bombing campaign.

Steven Aftergood, director of the Project on Government Secrecy for the Federation of American Scientists, described the release of the Army and Air Force offensive cyberattack solicitations as significant, because the services have only released limited information on their cyberattack plans, operations or technologies. These solicitations are more detailed.

The Army expects industry to submit responses to the announcement by the end of June. The Air Force is scheduled to hold an industry day for its Network Warfare Operations Capabilities solicitation on June 14 in San Antonio.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    View
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    View
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    View
  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

    View
  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

    View
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    View
  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.

    View

When you download a report, your information may be shared with the underwriters of that document.