The American military is recognizing that the cyber battlefield can be every bit as lethal as the traditional one. It can target systems from nuclear power plants to emergency responders — certainly, a threat to our way of life — as any device manufactured to kill soldiers, sailors, or marines, can bring down planes or sink ships. The question is whether we are doing enough, quickly enough, to counter the threat.
Fortunately, President Trump’s reluctance to accept that Russia used the internet to interfere in our democratic processes does not seem to have restrained a willingness by the Pentagon to tackle the threat of cyberwar. It now has funded a joint cyber command on the level of every other uniformed force.
Recently, that level was put on display when every NATO nation had an opportunity to try out their capacities in a real live-fire exercise — Operation Locked Shield, staged by the NATO Cooperative Cyber Defense Centre of Excellence, with its command center in the Baltic nation of Estonia. And while such exercises are held annually, this was the largest and most intricate ever mounted.
There were two teams. In the exercise, the Blue Team had to defend itself from the cyber attacks of the Red Team. The target was the fortified water plant supplying the fictitious Blue Team nation of a friendly ally, “Berylia,” which had been experiencing sharply deteriorating security.
The Red Team, based in a larger, hostile but equally fictitious neighboring nation, not unlike Russia, has been on the move against Berylia. Red Team was throwing all it had in its cyber arsenal into a supreme effort to penetrate, seize and freeze the operations of the water treatment facility, crippling the ability of Berylians to respond to any ensuing attack by hostile forces from land or air.
Merle Maigre, the director of the center, told me in a phone interview that there were 22 cyber warfare teams from 21 NATO nations participating and a team from NATO itself defending Berylia.
In July 2016, cyber was added as a fourth domain of warfare, joining land, sea and air, which had been the alliance’s focuses since its creation 69 years ago.
It was, as its organizers observed, “the largest and most complex international live-fire cyber defense exercise in the world.” It included some 4,000 virtualized systems and 2,500 total attacks over two intense days, mounted out of a sprawling control room in the Tallinn headquarters of the Cyber Defense Centre.
The choice for the real-life location of this NATO center was hardly by chance, for Estonia, in 2007, was itself the target of the largest offensive cyber-attack ever mounted against a NATO member. Apparently originating in neighboring Russia, this massive attack disabled the websites of the Estonian government, political parties, newspapers, banks and many of the country’s largest corporations — all but paralyzing the tiny Baltic nation that was, until it won independence in 1991, a republic of the Soviet Union.
Since its formation in 2008, the NATO cyber center has been housed in a red brick building, at the heart of a 19th-century Russian czarist military compound. Its goal has been to make sure that another cyber invasion like the lethal 2007 event can never happen again. Hence, Operation Locked Shields.
“The goal of this exercise is to test and train the defense side, and the Red Team is providing fire to make the defense stronger,” said Maigre. “What makes the exercise special is the focus on specialized systems, such as electricity, telecommunications, public utilities, which ultimately are all controlled by IT. But on top of that, we have married a strategic overlay, so within the Blue Teams there is also a layer of strategic decision makers — policy experts, legal experts, strategic communications experts.”
Acting together, the strategic thinkers and the technologists, determine the best defense, the best counter to the Red Team’s attackers — which include some of the best hackers in the NATO arsenal.
Indeed, hackers are not only the best offense but the best defense as well. One senior American air force officer, told me recently in a background briefing that some of American military’s most adroit and accomplished cyber warriors come from the domestic community of young, cyber hackers who can do things for the US that they can’t do, legally, anywhere else in the world.
The officer told a story about seeing a uniformed air force airman exiting a top-of-the-line Tesla at a roadside diner recently. When he approached the young man and asked him how he could afford that car on an airman’s salary, the officer smiled and admitted that he was just a reservist. His day job was a high-level planning role at Google.
This is the type of individual that needs to be encouraged to enter military programs that can lead to victory in an operation like Locked Shields, or more critically on a real-life cyber battlefield of the future.
“The competition is a forcing function that drives collaboration and information exchange,” explained Meghan Henderson, spokeswoman at US European Command. “We chose to partner with our Allies, specifically Estonia, Latvia, and Lithuania, in order to better exchange techniques and learn from one another.”
Cyber warfare, as Locked Shields suggests, is an endeavor that draws strength from the cooperation of nations. It is multi-dimensional and highly expensive as well. And the United States has suddenly begun ramping up the resources devoted to cyber warfare.
The Defense Department budget devoted to cyber operations has grown 83% from 2014 through 2019, an annual rate of 12.8% a year, Dennis Murphy, senior research analyst for Jane’s IHS Markit, told me in a phone interview. A Defense Department spokesman told me that this year, the first since sequestered spending has ended, US cyber defenses are budgeted at $8 billion. Jane’s also estimates that the cyber mission force will hit 6,200 by the end of September, up more than 1,000 in the past year. But this must be only a beginning. After all, there are some 1.3 million active duty American military troops.
The US continues to recognize the multiplicity of potential cyber threats. It must not waver in this commitment. After all, a deft terrorist with a high-end laptop and the sensibilities of a determined hacker can wreak equal or greater havoc as one with a bomb.