OPINION — “We are one of the most wired modern militaries in the world. At a minimum, our own need to defend our systems to prevent cyber disruption to our own forces is going to play a large part in our war-fighting abilities.”
That was Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang, speaking at the Center for a New American Security (CNAS) on Sept. 13, in a discussion focused on the recently released Summary of the 2023 Cyber Strategy of the Department of Defense (DoD).
Asked if the U.S. would ever fight a war again without a significant cyber component, Eoyang replied, “I doubt it.”
The hour-long CNAS session, that also included opening remarks by Eoyang’s boss, Assistant Secretary of Defense for Space Policy Dr. John Plumb, provided a handful of new insights into cyber’s expanding role in both the daily grey-zone battles against adversary nations and in the open war taking place in Ukraine, after Russia’s full-scale invasion in February 2022.
Plumb gave a brief history of the expanding role of cyber within DoD, along with some new information about recent cooperation between private industry and DoD in relation to the Russian war in Ukraine.
It was 2010, Plumb said, when DoD “was most concerned with the prospect of what senior leaders termed a ‘Cyber Pearl Harbor’ — a massive hack that would dismantle the U.S. power grid, transportation system, financial networks, and government.”
However, there was no such attack. Instead, the first real threat came in 2015, with Beijing stealing secrets in massive cyber breaches that included stealing as many as 22 million records from the U.S. Office of Personnel Management; stealing the blueprints for DoD’s cutting-edge F-35 aircraft, and then announcing breakthrough pharmaceuticals, and even innovations in agriculture after cyber breaches.
In 2016, there was what Plumb called “a coordinated cyber operation to influence the 2016 U.S. presidential election [and] it was abundantly clear to even the casual observer, that we needed to do more to protect our nation.”
In 2018, DoD elevated Cyber Command (CYBERCOM) to a unified combatant command with new authorities and a strategy known as “Defend Forward,” which called for disrupting malicious cyber activity before it could affect the U.S. homeland. Success in protecting the 2018 midterm elections, Plumb said, led to new operations abroad, and helped allies and partners by sharing threat information.
Called “Hunt Forward,” these units worked side-by-side with local nationals to track down the source of malicious cyber activity and at the same time, build “capacity and resilience, not just for our own country but for others,” Plumb said.
Looking for a way to get ahead of the week in cyber and tech? Sign up for the Cyber Initiatives Group Sunday newsletter to get up to speed fast on the biggest cyber and tech stories. And then check out what experts had to say at the CIG’s Fall Summit about China’s Rising Influence Operations and what it means for U.S. National Security.
Russia’s illegal invasion of Ukraine proved the concept.
“Ukraine was one of our first partners for Hunt Forward operations,” said Plumb. “Ukraine credited a Hunt Forward on their rail networks on keeping the trains operating during the initial phase of the invasion – allowing nearly one million civilians to escape to safety and critical supplies to be delivered to the war zone.”
The U.S. private sector also stepped up in several ways to support Ukraine. Ways that were not predicted, according to Plumb.
Even before Russia’s 2022 invasion, teams from Amazon Web Services (AWS) worked with the Kyiv government to help transfer Ukrainian state databases to cloud storage outside of the country, enabling continuity of government functions. AWS teams have continued to work with Ukrainian officials to help keep government services operating.
Mykhailo Fedorov, Ukraine’s Minister of Digital Transformation, said that AWS, “literally saved our digital infrastructure, [by enabling] state registries and critical databases to migrate to the AWS cloud,” when he awarded the group the Ukraine Peace Prize in July 2022.
Google also played a role when it restricted access to certain features of its maps and blocked access to several YouTube channels run by Russian state media.
In the early hours of February 24, 2022, user-generated information on Google Maps showed unexpected traffic behavior at the Russian-Ukrainian border, characteristic for a military unit readying for an attack.
After some time, Google temporarily turned off global access to traffic data in Ukraine, a decision taken in consideration of the safety and evacuation of Ukrainian citizens seeking refuge from the invaders.
Find out how private sector businesses are investing and innovating in Ukraine at The Cipher Brief’s Kyiv Economic and Security Forum. Dates for the 2024 forum will be announced shortly. Find out more at TCBKyivForum.com
On the other hand, Ukrainians on February 28, 2022, were encouraged to write fake reviews on Google maps of Russian shops/cafes/restaurants that told the truth about Moscow’s Ukraine invasion to combat Kremlin propaganda at home. In this case, Google quickly acted to cut the false “reviews” saying, “Due to a recent increase in contributed content on Google Maps related to the war in Ukraine, we’ve put additional protections in place to monitor and prevent content that violates our policies for Maps.”
Elon Musk’s Starlink communications satellite company donated thousands of terminals to Ukraine at the beginning of the war, and its service helped enable command and control of Ukrainian forces on the battlefield. Starlink initially funded the service, but were later paid by the DoD. Starlink also controversially cut use of its services when Ukraine was planning offensive action against Russian forces in Crimea.
Microsoft and Mandiant have provided cyber defense support to Ukraine as well.
Microsoft offered a week-by-week account of Russia’s cyberattacks and listed some of the most dangerous pieces of malware being used. The company uncovered and tracked malware and offered a variety of ways to defend against it and eradicate it. Microsoft, for example, alerted the Ukraine government to the existence of malware in many systems that if activated, would render the infected computer system inoperable.
In November 2022, Microsoft said it had spent more than $400 million helping Ukraine since the war began and would spend another $100 million in 2023.
Microsoft’s Tom Burt, corporate vice president for customer security and trust, in an April 2022 blog, described one example that showed Russia’s cyberattacks were correlated with its kinetic military operations. “While Russian forces besieged the city of Mariupol,” Burt wrote, “Ukrainians began receiving an email from a Russian actor masquerading as a Mariupol resident, falsely accusing Ukraine’s government of ‘abandoning’ Ukrainian citizens.”
Mandiant, another cybersecurity and intelligence company, has provided free cyber defense support to Ukraine, sharing information about threats to their networks and setting up special cyber defense teams that provide direct support to Ukrainian network defenders.
As Plumb put it, “The remarkable and innovative measures taken by the private sector have had a direct impact on the course of the war in Ukraine in ways that we are only beginning to fully understand. But what has become abundantly clear to the United States is that cyber resilience is the best cyber defense, and that extends to our allies and partners, including industry. Being resilient in cyber requires all of us.”
Deputy Assistant Secretary Eoyang also made some interesting comments during her question-and-answer session at CNAS.
One concerned the appropriate use of cyber in a potential future war where China or Russia is able to turn out the lights and close off water supplies across the U.S.
Eoyang said the U.S. position was, “The deliberate imposition of harm on civilians, say trying to leave an entire city of civilians in the dark — that is something that does not meet our principles of military necessity or proportionality.” She added, “The idea that it [cyber] is for the purpose of civilian harm or for the idea of sowing chaos, we would consider that an anathema,” adding, “There has been less talk about what are the [cyber] obligations within armed conflict itself.”
When asked why Russia has not used any openly destructive cyber capabilities against the U.S., Eoyang replied, “President Biden was very clear with the Russians about how he would view an attack on U.S. infrastructure via cyber. And he made that message clear to them that it is in Russia’s interest not to have the United States or NATO join the fight – disruption to U.S. critical infrastructure could for them, be a grave miscalculation and really raise escalation costs hardening views here. And depending on what it is, we might have to respond.”
One other of her answers to a question about hiring enough qualified cyber professionals is worth repeating.
“We are very good at the Department of Defense in training people to understand adversary tactics, techniques and procedures,” Eoyang told the CNAS audience. She added, “The other thing we have in the Department of Defense is a mission that nobody else does.”
She then explained that in the private sector world, if your computer is hacked you have to either report it or find a patch, you cannot turn around and hack the person or persons back because hacking is a crime.
However, Eoyang pointed out, “But we as the Department of Defense have authorization to hack back, like we are one of the few in the U.S. Government really that can actually engage in that kind of offensive cyber activity and so for a lot of people who would like to be engaging in that [hacking] we are the place where you can do that.”
She added, “I mean it’s the coolest part of my job,” a remark that should generate at least a handful of new recruits at a time when they are very much needed.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
