Inside Cyber Warfare - Jeffrey Carr [161]
Today, when the threat of cyber conflict among nations is a reality, signaling is just as important if not more so because of the global connectivity of the Internet and its links to nations’ critical infrastructure assets. This chapter presents one type of signaling: the use of covert counter cyber strikes. The use of such measures would be an element of the US active defense strategy in cyberspace, carried out either by the United States directly or third parties on its behalf, and subject to the international laws relating to the recourse to the use of force and the laws of armed conflict where applicable. While the language used by the Department of Defense in discussing its cyber strategy focuses on the defensive aspect of the overall strategy, the notion of active defense involves offensive measures.[216] Active defense measures, however, use offensive means in order to defend against and neutralize a threat. The purpose of using a cyber counterattack is to stop a specific, immediate, or ongoing cyber threat rather than retaliate with a strategic purpose. It is offensive action for a defensive purpose.[217]
This chapter will examine the use of counter cyber strikes as a model for the United States’ operations in cyberspace. This model is one approach that would allow the United States to wage an asymmetric fight that spans the global commons while abiding by the rules of international law. It provides the United States an option for dealing with the critical issue of nonstate actors and state proxies engaging in cyber conflict against the United States. This model is not the exclusive one that has been offered, nor should it be the only one considered by the United States. Others have been offered that could shed light on effective methods for the United States to defend against cyber attacks, including a model that looks at deterrence, a nuclear weapons model of mutually assured destruction, as well as the model of strategic air power.[218] To date, however, not enough attention or writing has focused on the use of direct or indirect counter cyber strikes as an element of active cyber defense.
In 2008, in the testimony by the then-Director of National Intelligence J. Michael McConnell before the Senate Select Committee on Intelligence, McConnell underscored the need for the United States “to take proactive measures to detect and prevent [cyber] intrusions from whatever source, as they happen, and before they can do significant damage.” His testimony highlighted the inadequacy of hardening assets and utilizing passive defenses alone as defensive strategies for the United States. The inadequacy of passive defenses suggests that the national debate over cyber security must necessarily include considering attack options for defensive purposes. In other words, if passive defense is insufficient to ensuring security, an approach to eliminate or degrade an adversary’s ability to successfully prosecute an attack may be warranted. The use of covert action within an active defense framework may increase the success of neutralizing the threat, maintaining deniability while at the same time complying with international norms of self-defense.
Precedent exists for the United States’ active defense, as it incorporated such methods to deter its adversaries’ aggressive actions during the Cold War. In the 1970s, while the United States initially showed restraint in developing anti-satellite weaponry, it quickly moved to a more offensive posture when the Soviet Union attacked three US satellites in 1975. The Soviets’ aggressive acts led President Ford to sign the National Security Decision Memorandum No. 345, directing the Department of Defense (DoD) to develop an operational anti-satellite capability allowing for US-based counterattacks against both private and government-sponsored aggressors.[219] As the Cold War ended and new threats emerged from nonstate actors, the United States adopted