The united states’ cyber warfare history implications on

The United States’ Cyber Warfare History: Implications on Modern Cyber Operational Structures and Policymaking Omry Haizler

This article will touch upon two main components of the United States’ cybersphere and cyber warfare. First, it will review three cyber incidents during different time periods, as the US infrastructure, mechanisms, and policies were gradually evolving. It will analyze the conceptual, operational, and legislative evolution that led to the current decision-making paradigm and institutional structure of the US cybersphere. Secondly, the paper will examine the procedures and policies of the Intelligence Community (IC), and the US cyber operational structure. It will review the missions and background of the IC and its responsibilities before, during, and after a cyberattack, and will touch upon the IC’s organizational architecture. The paper will also briefly review the current cyber threats in the United States and will elaborate on some of the fundamental strategies and policies that it uses to provide a suitable response. Lastly, it analyzes the cybersphere’s macro-level, addressing the data coordination of the IC’s agencies, as well as the federal, state, and private sector institutions during a cyber crisis. Keywords: Moonlight Maze, Morris Worm, Stuxnet, cyberattacks, United States intelligence community, cyber crisis, cyber threats, internet governance, cyber policy, cyber strategy Omry Haizler is a former IDF Officer and a Prime Minister’s Office operative. He holds an MPA from Columbia University’s School of International and Public Affairs (SIPA). He currently teaches at Columbia’s School of Continuing Education. Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

31

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

32

History of Cyber Warfare 7KHUH DUH WKUHH KLVWRULFDO VWDJHV RI WKH HYROXWLRQ RI F\EHU ZDUIDUH WKH UHDOL]DWLRQ SKDVH GXULQJ WKH HDUO\ HUD RI WKH LQWHUQHW WKH WDNHRII SKDVH GXULQJ WKH LQWHULP SHULRG RI SUH DQG SRVW LQ ZKLFK DWWDFNV ZHUH VWLOO PDLQO\ RI DQ LQIRUPDWLRQ JDWKHULQJ QDWXUH DQG WKH PRGHUQ PLOLWDUL]DWLRQ SKDVH GXULQJ ZKLFK F\EHU ZDUIDUH PD\ FDXVH VLPLODU GDPDJH WR 86 VWUDWHJLF FDSDELOLWLHV DQG FULWLFDO LQIUDVWUXFWXUH DV D NLQHWLF DWWDFN RQ D FRORVVDO OHYHO )LJXUH EHORZ GHVFULEHV WKHVH VWDJHV 1 Stages

5HDOL]DWLRQ

7DNHRII

7LPHIUDPH

Attackers have advantage over GHIHQGHUV

± Attackers have advantage over GHIHQGHUV

'\QDPLFV :KR +DV &DSDELOLWLHV"

Adversaries

0DMRU ,QFLGHQWV

86 'RFWULQH

0LOLWDUL]DWLRQ

±SUHVHQW Attackers have advantage over GHIHQGHUV 8QLWHG 6WDWHV 5XVVLD 8QLWHG 6WDWHV DQG 8QLWHG 6WDWHV DQG IHZ &KLQD DQG PDQ\ PRUH 5XVVLD ZLWK PDQ\ other superpowers DFWRUV ZLWK VXEVWDQWLDO VPDOO DFWRUV FDSDELOLWLHV 1HR +DFNWLYLVWV espionage agents, +DFNWLYLVWV SDWULRW PDOZDUH QDWLRQDO +DFNHUV hackers, viruses, PLOLWDULHV VSLHV DQG ZRUPV DQG WKHLU SUR[LHV hacktivists (OLJLEOH 5HFHLYHU &XFNRRV (JJ Titan Rain, 6RODU 6XQULVH 0RUULV :RUP (VWRQLD 0RRQOLJKW 0D]H 'XWFK +DFNHUV *HRUJLD $OOLHG )RUFH 5RPH /DEV %XFNVKRW <DQNHH &KLQHVH 3DWULRW &LWLEDQN

6WX[QHW +DFNHUV ,QIRUPDWLRQ ZDUIDUH ,QIRUPDWLRQ &\EHU ZDUIDUH operations

Figure 1: Phases of Cyber Conflict History

Attacks as Catalyzers for Institutional Evolution (DFK RI WKH DERYH SHULRGV FKDUDFWHUL]HV D IXQGDPHQWDOO\ GLIIHUHQW GRFWULQH ERWK ZLWK UHVSHFW WR WHFKQRORJLFDO SURJUHVVLRQ DQG W\SH RI WKUHDWV DQG WR WKH DGPLQLVWUDWLRQ¶V F\EHU SROLFLHV DW HDFK JLYHQ WLPH &HUWDLQ SDVW DWWDFNV HPERGLHG IXWXUH F\EHU FKDOOHQJHV VHUYLQJ DV ZDUQLQJ VLJQV WR LQVWLWXWLRQV¶ YXOQHUDELOLWLHV DQG ODFN RI VHFXULW\ $V VRFLHW\¶V GHSHQGHQF\ RQ WHFKQRORJ\

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

LQFUHDVHG WKH SRVVLEOH UDPL¿FDWLRQV RI LQHI¿FLHQW VHFXULW\ LQ D VSHFL¿F EUHDFK DOVR LQFUHDVHG

1. Realization—the Morris Worm 7KLV F\EHU LQFLGHQW DFWHG DV WKH ¿UVW ZDNH XS FDOO WR WKH $PHULFDQ ,QWHOOLJHQFH &RPPXQLW\ ,& SROLF\PDNHUV DQG DFDGHPLFV :KLOH LW ZDV QRW WKH ¿UVW F\EHUDWWDFN RQ 86 FRPSXWHU V\VWHPV²WKH &XFNRR¶V (JJ KDFN LQYROYLQJ WKH 6RYLHW .*% ZDV WKH ¿UVW VLJQL¿FDQW F\EHU HVSLRQDJH DWWDFN²LW LV ZLGHO\ FRQVLGHUHG WKH ¿UVW ODUJH VFDOH DWWDFN ERWK LQ WHUPV RI WKH TXLFN SKDVH RI HYHQWV LWV VFDOH DQG LWV LPSOLFDWLRQV /DXQFKHG DV D SUDQN IURP D ODE DW &RUQHOO 8QLYHUVLW\ WKH 0RUULV :RUP ZDV GHVLJQHG WR LQIHFW DV PDQ\ PDFKLQHV DV SRVVLEOH ZLWKRXW EHLQJ GHWHFWHG WKH ZRUP FUDVKHG FRPSXWHUV²URXJKO\ SHUFHQW RI WKH LQWHUQHW LQ 2 7KH 86 *RYHUQPHQW $FFRXQWDELOLW\ 2I¿FH DVVHVVHG WKH GDPDJH DW ± LOOXVWUDWLQJ WKH GLI¿FXOW\ RI DVVHVVLQJ F\EHUDWWDFN GDPDJH D SUREOHP SUHYDOHQW HYHQ WRGD\ 3 Despite WKH VHYHUH UDPL¿FDWLRQV WKH LQFLGHQW SURYLGHG DQ LPSRUWDQW ZDUQLQJ WR WKH ,& KLJKOLJKWLQJ WKH SRWHQWLDO GDQJHUV RI KLJKO\ FRQQHFWHG FRPSXWHU QHWZRUNV DQG WKH QHHG IRU LQVWLWXWLRQDOL]HG GHIHQVLEOH FDSDELOLWLHV DQG VWUXFWXUHV LQ WKH F\EHUVSKHUH 7KH 0RUULV :RUP DFWHG DV D FDWDO\]HU IRU WKH ¿UVW VWHSV WRZDUGV D PRUH UHJXODWHG F\EHUVSDFH DQG OHG WR GUDPDWLF FKDQJHV ERWK FRQFHSWXDOO\ DQG RSHUDWLRQDOO\ Paradigm Shift $W WKH WLPH RI WKH LQFLGHQW WKH LQWHUQHW ZDV WDNLQJ LWV ¿UVW VXEVWDQWLDO VWHSV DQG ZDV FRQVLGHUHG D ³IULHQGO\ SODFH ´ ZKHUH HYHU\RQH NQRZV HYHU\RQH 7KH 0RUULV :RUP PDGH LW FOHDU WKDW VRPH SHRSOH LQ F\EHUVSDFH GLG QRW KDYH WKH EHVW LQWHUHVWV LQ PLQG WKH LQFLGHQW ZDV WKH ¿UVW WLPH ZKHUH F\EHU LQQRYDWLRQ VKLIWHG IURP IRFXVLQJ VROHO\ RQ LQWHUFRQQHFWLYLW\ WR VHFXULW\ FRQFHUQV Operations (VWDEOLVKHG DIWHU WKH 0RUULV :RUP LQFLGHQW E\ WKH 'HIHQVH $GYDQFHG 5HVHDUFK 3URMHFWV $JHQF\ '$53$ DW &DUQHJLH 0HOORQ 8QLYHUVLW\ WKH &RPSXWHU (PHUJHQF\ 5HVSRQVH 7HDP &(57 GHPRQVWUDWHG WKH VKLIW IURP DG KRF VROXWLRQV WR SURIHVVLRQDO WHDPV ZKLFK ZHUH WUDLQHG DQG HTXLSSHG WR FRRUGLQDWH HYHQWV DQG SURYLGH DVVHVVPHQWV DQG VROXWLRQV WR D JLYHQ F\EHUDWWDFN 4 Regulations $ORQJ ZLWK WKH FRQFHSWXDO VKLIW LQ F\EHUVHFXULW\ &RQJUHVV SDVVHG VHYHUDO ODZV LQ WKH \HDUV IROORZLQJ WKH 0RUULV :RUP LQFLGHQW LQFOXGLQJ

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

33

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

34

WKH (OHFWURQLF &RPPXQLFDWLRQV 3ULYDF\ $FW RI DQG WKH &RPSXWHU 6HFXULW\ $FW RI WR HQVXUH SULYDF\ LQ F\EHU GRPDLQV WKURXJK OHJDO SURWHFWLRQV 5 $GGLWLRQDOO\ 5REHUW 7DSSDQ 0RUULV ZKR FUHDWHG WKH 0RUULV :RUP ZDV WKH ¿UVW SHUVRQ WR EH FRQYLFWHG XQGHU WKH QHZ &RPSXWHU )UDXG DQG $EXVH $FW RI

2. Takeoff—The Moonlight Maze ,Q 86 RI¿FLDOV DFFLGHQWDOO\ GLVFRYHUHG D SDWWHUQ RI VXVWDLQHG SURELQJ RI WKH 3HQWDJRQ¶V FRPSXWHU V\VWHPV SULYDWH XQLYHUVLWLHV 1$6$ (QHUJ\ 'HSDUWPHQW DQG UHVHDUFK ODEV 6RRQ WKH\ OHDUQHG WKDW WKH SURELQJ KDG RFFXUUHG FRQWLQXDOO\ IRU QHDUO\ WZR \HDUV 7KRXVDQGV RI XQFODVVL¿HG \HW VHQVLWLYH GRFXPHQWV UHODWLQJ WR WHFKQRORJLHV ZLWK PLOLWDU\ DSSOLFDWLRQV KDG EHHQ H[DPLQHG RU VWROHQ LQFOXGLQJ PDSV RI PLOLWDU\ LQVWDOODWLRQV WURRS FRQ¿JXUDWLRQV DQG PLOLWDU\ KDUGZDUH GHVLJQV 7 $OWKRXJK WKH 'HIHQVH 'HSDUWPHQW WUDFHG WKH WUDLO EDFN WR D PDLQIUDPH FRPSXWHU LQ WKH IRUPHU 6RYLHW 8QLRQ WKH VSRQVRU RI WKH DWWDFNV UHPDLQV XQNQRZQ 5XVVLD GHQLHG DQ\ LQYROYHPHQW DQG WKH VXVSLFLRQV KDYH QHYHU EHHQ FRQFOXVLYHO\ SURYHQ 0RRQOLJKW 0D]H LV ZLGHO\ FRQVLGHUHG WKH ¿UVW ODUJH VFDOH F\EHUHVSLRQDJH DWWDFN E\ D ZHOO IXQGHG DQG ZHOO RUJDQL]HG VWDWH DFWRU 7KH DWWDFN ZDV ZHOO SODQQHG DV WKH DWWDFNHUV OHIW ³EDFNGRRUV´ WR HQDEOH KDFNHUV WR SHQHWUDWH WKH V\VWHP DW GLIIHUHQW WLPHV OHIW IHZ WUDFHV DQG FRQWLQXHG IRU D ORQJ WLPH ZLWKRXW GHWHFWLRQ 9 0RRQOLJKW 0D]H KLJKOLJKWHG WKH LQFUHDVLQJ UROH RI VWDWH DXWKRULWLHV LQ JHQHUDWLQJ VSRQVRULQJ RU DW OHDVW SDVVLYHO\ WROHUDWLQJ VRSKLVWLFDWHG DQG IDU UHDFKLQJ HVSLRQDJH LQFLGHQWV 0RUHRYHU LW VWUHVVHG WKH YXOQHUDELOLWLHV RI WKH LQIRVSKHUH LQ ZKLFK DGYHUVDULHV FRXOG QRW RQO\ FDXVH GLVUXSWLRQ RI VHUYLFH EXW DOVR FRXOG H[SORLW VHQVLWLYH LQIRUPDWLRQ ,W HPSKDVL]HG WKH FUXFLDO QHHG IRU ¿UHZDOOV DQG HQFU\SWLRQV DQG DERYH DOO WKH GLI¿FXOWLHV RI LGHQWLI\LQJ DQG DWWULEXWLQJ DQ DWWDFN WR D VSHFL¿F DGYHUVDU\ 0RRQOLJKW 0D]H ZDV DQ LPSRUWDQW SURJUHVVLRQ LQ F\EHU ZDUIDUH DQG F\EHUVHFXULW\ GXH WR LWV LPSOLFDWLRQV RQ IXWXUH FRQÀLFWV 10 ,W SRLQWHG RXW WKH IXWXUH VKLIW LQ WKH PRGHUQ EDWWOH¿HOG IURP D NLQHWLF ZDU²LQ ZKLFK HQHPLHV KDYH QDPHV DQG SK\VLFDO ORFDWLRQV DQG LQ ZKLFK DWWDFNV FDQ EH ZLWQHVVHG DQG DVVHVVHG²LQWR DQ DV\PPHWULFDO ZDUIDUH ZLWK RIIHQVLYH F\EHU RSHUDWLRQV ZKHUH DWWDFNV PLJKW EH LQYLVLEOH DGYHUVDULHV DUH XQNQRZQ DQG GDPDJH LV KDUG WR TXDQWLI\ 7KH LQFLGHQW OHG WR GUDPDWLF VKLIWV LQ WKH 86 DGPLQLVWUDWLRQ¶V DSSURDFK WR F\EHUVHFXULW\

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Paradigm Shift: 7KH DZDUHQHVV RI WHUURULVW WKUHDWV DQG VXSSRUW RI FRXQWHUWHUURULVP LQLWLDWLYHV SRVW DPRQJ SROLF\PDNHUV ZHUH OLPLWHG 7KH 0RRQOLJKW 0D]H LQFLGHQW FDXVHG D UHWKLQNLQJ RI WKH 86 F\EHU GHIHQVH VWUDWHJ\ F\EHU ZDUIDUH DWWULEXWLRQ F\EHU GHWHUUHQFH DQG WKH FXUUHQW GHIHQVH RI VHQVLWLYH QRQ HQFU\SWHG QHWZRUNV VXFK DV 1,3(5QHW 1RQ 6HFXUH ,QWHUQHW 3URWRFRO 5RXWHU 1HWZRUN WKH 3HQWDJRQ¶V QRQ FODVVL¿HG QHWZRUN )RU WKH ¿UVW WLPH SROLWLFDO DQG FRQVWLWXWLRQDO TXHVWLRQV ZHUH UDLVHG DERXW VHFXULW\ SULYDF\ DQG QRWLRQV RI DFWLYH PRQLWRULQJ DQG SRVVLEOH H[SRVXUH WR WUDQVQDWLRQDO WKUHDWV 11 0RRQOLJKW 0D]H FDXVHG WKH 86 DJHQFLHV DQG JRYHUQPHQW WR UHDOL]H WKDW FOHDU SROLFLHV DQG VWUDWHJLHV ZHUH QHHGHG IRU DV\PPHWULF ZDUIDUH WKH ¿HOG RI IXWXUH LQWHOOLJHQFH JDWKHULQJ DQG HVSLRQDJH DQG WKH WHFKQRORJLFDO LPSOLFDWLRQV WKH\ HQWDLO Legislative Acts 7KH 3UHVLGHQWLDO 'HFLVLRQ 'LUHFWLYH 3'' UHJDUGLQJ FULWLFDO LQIUDVWUXFWXUH SURWHFWLRQ ZDV LQ SDUW WKH UHVXOW RI 0RRQOLJKW 0D]H 7KLV ZDV D VHPLQDO SROLF\ GRFXPHQW VHWWLQJ IRUWK UROHV UHVSRQVLELOLWLHV DQG REMHFWLYHV IRU SURWHFWLQJ WKH QDWLRQ¶V XWLOLW\ WUDQVSRUWDWLRQ ¿QDQFLDO DQG RWKHU HVVHQWLDO LQIUDVWUXFWXUH 12 7KH 3'' OHG WR WZR VLJQL¿FDQW VWUDWHJLF LPSOLFDWLRQV 2QH ZDV WKH FUHDWLRQ RI WKH 1DWLRQDO ,QFLGHQW 3URWHFWLRQ &HQWHU 1,3& DQ LQWHU DJHQF\ ERG\ ZLWK WKH SRZHU WR VDIHJXDUG WKH QDWLRQ¶V FLYLOLDQ DQG JRYHUQPHQWDO FULWLFDO LQIUDVWUXFWXUH IURP FRPSXWHU EDVHG DWWDFNV 13 The VHFRQG ZDV WKH FUHDWLRQ RI WKH -RLQW 7DVN )RUFH &RPSXWHU 1HWZRUN 'HIHQVH -7) &1' D ERG\ HQWUXVWHG ZLWK WDNLQJ WKH OHDG LQ FRRUGLQDWLQJ D UHVSRQVH WR QDWLRQDO F\EHUDWWDFNV DQG FHQWUDOL]LQJ WKH GHIHQVH RI PLOLWDU\ QHWZRUNV 14 Operational /HG E\ WKH 'HSDUWPHQW RI 'HIHQVH 'R' LQFLGHQW UHVSRQVH PHFKDQLVPV ZHUH EXLOW DQG UHSRUWLQJ LQVWLWXWLRQV ZHUH HVWDEOLVKHG 0LOLWDU\ UHSRUWV ZRXOG EH KDQGOHG DW WKH ORFDO OHYHO WKURXJK 1HWZRUN 2SHUDWLRQV DQG 6HFXULW\ &HQWHUV 126&V XQGHU WKH 'HIHQVH ,QIRUPDWLRQ 6\VWHPV $JHQF\ ',6$ +DQGOHG DV FRPPDQG DQG FRQWURO PHFKDQLVPV UHJLRQDO &(57V DUH DW WKH IURQWOLQH RI DVVHVVLQJ LPSDFW RQ DQ LQGLYLGXDO DQG UHJLRQDO OHYHO -7) &RPSXWHU 1HWZRUN 2SHUDWLRQV &12 DQG WKH ',6$ *OREDO 1HWZRUN 2SHUDWLRQV DQG 6HFXULW\ &HQWHU *126& DUH DGGLWLRQDO IDFWRUV WKDW H[SHGLWH FKDQQHOLQJ RI LQIRUPDWLRQ

3. Militarization—Stuxnet 7KH 6WX[QHW DWWDFN LV FRQVLGHUHG RQH RI WKH PRVW VRSKLVWLFDWHG PDOZDUH DWWDFNV SXEOLFO\ UHFRUGHG $OWKRXJK XQYHUL¿HG PDQ\ H[SHUWV DUJXH WKDW RQO\

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

35

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

36

D QDWLRQ VWDWH FRXOG KDYH FUHDWHG DQG ODXQFKHG WKH DWWDFN DQG PDQ\ PHGLD RXWOHWV VXJJHVWHG LW ZDV D MRLQW ,VUDHOL $PHULFDQ RSHUDWLRQ 15 &RQVLGHUHG DV RQH PRVW LPSDFWIXO F\EHUDWWDFNV LQYROYLQJ VRYHUHLJQ FRXQWULHV WKH PDOZDUH GDPDJHG ,UDQ¶V FHQWULIXJHV DQG GHOD\HG LWV XUDQLXP HQULFKPHQW HIIRUWV 2QFH LQVLGH WKH QHWZRUN LW XVHG D YDULHW\ RI PHFKDQLVPV WR SURSDJDWH WR RWKHU PDFKLQHV ZLWKLQ WKDW QHWZRUN DQG JDLQ SULYLOHJHV DV VRRQ DV LW KDG LQIHFWHG WKRVH PDFKLQHV 7KHVH PHFKDQLVPV LQFOXGHG ERWK NQRZQ DQG SDWFKHG YXOQHUDELOLWLHV DV ZHOO DV IRXU YXOQHUDELOLWLHV WKDW ZHUH XQNQRZQ DQG XQSDWFKHG ZKHQ WKH ZRUP ZDV UHOHDVHG DND ³]HUR GD\´ H[SORLWV :KLOH WKH LQWHUQDWLRQDO FRPPXQLW\ UHPDLQV XQVXUH RI WKH VRXUFH DQG H[DFW SXUSRVH RI WKH YLUXV WKH LQFLGHQW UDLVHG DZDUHQHVV RI QHWZRUNV¶ YXOQHUDELOLWLHV 17 ,GHQWL¿HG LQ 6WX[QHW¶V LPSDFW DQG XQFOHDU RULJLQ KLJKOLJKW WKH GLI¿FXOW\ LQ QRWLFLQJ DQ DWWDFN DQG VXJJHVW WKDW DW D QDWLRQ OHYHO LW LV LPSRVVLEOH WR IXOO\ GHIHQG DOO YLWDO UHVRXUFHV 7KHUHIRUH LW EHFDPH FUXFLDO WR XQGHUVWDQG WKH G\QDPLFV RI EDWWOH OLNH VLWXDWLRQV LQ PRGHUQ DJH F\EHU ZDUIDUH LQ ZKLFK HYHQ D FRORVVDO DWWDFN GRHV QRW QHFHVVDULO\ KDYH DQ DWWULEXWHG DWWDFNHU RU D WUDFH RI DQ\ DWWDFN DW DOO 7KLV PHDQV WKDW LQ PRGHUQ QRQ NLQHWLF EDWWOH ¿HOGV SROLF\PDNHUV UHDOL]H WKH HIIHFW RI DQ DWWDFN IURP GHQLDO RI VHUYLFH WR WKH GHVWUXFWLRQ RI D QDWLRQ¶V FULWLFDO LQIUDVWUXFWXUHV ZLWKRXW KDYLQJ D VPRNLQJ JXQ RU DQ\ OHJDO RU SROLWLFDO WRRO WR ¿JKW ZLWK 7KLV SKHQRPHQRQ UHTXLUHV OHJLVODWRUV DQG DXWKRULWLHV WR VWDUW IRUPXODWLQJ UHVSRQVH RSWLRQV DQG GHWDLOHG SURWRFROV QRZ UDWKHU WKDQ WU\LQJ WR GHYHORS DG KRF RSWLRQV ODWHU GXULQJ D FULVLV 7KH F\EHU ZDUIDUH RI SRVW VKLIWHG WKH FRXQWHUDWWDFN DSSURDFK IURP an operational level19 WR D VWUDWHJLF GLSORPDWLF RQH ZKHUH SROLF\ LQWHUQDWLRQDO ODZV LQWHUQHW JRYHUQDQFH DQG DJUHHPHQWV SOD\ D VLJQL¿FDQW SDUW LQ WKH RYHUO\ EUHDFKHG F\EHU HQYLURQPHQW 7KUHH VXEVWDQWLDO LQWHUQHW JRYHUQDQFH DJUHHPHQWV DQG FROODERUDWLYH HIIRUWV KDYH WDNHQ SODFH RQ D PXOWLQDWLRQDO OHYHO D 7KH 8QLWHG 6WDWHV &KLQD &\EHU $JUHHPHQW 7KLV DJUHHPHQW HQVXUHV WKDW QHLWKHU JRYHUQPHQW ³ZLOO FRQGXFW RU NQRZLQJO\ VXSSRUW F\EHU HQDEOHG WKHIW RI LQWHOOHFWXDO SURSHUW\ LQFOXGLQJ WUDGH VHFUHWV RU RWKHU FRQ¿GHQWLDO EXVLQHVV LQIRUPDWLRQ IRU FRPPHUFLDO DGYDQWDJH ´20 :KLOH LW LV RQO\ D EDVLF DJUHHPHQW WKDW GRHV QRW HQVXUH D VDIH F\EHU HQYLURQPHQW EHWZHHQ WKH WZR VWDWHV LWV LPSRUWDQFH VWHPV IURP WKH DELOLW\ WR EXLOG XSRQ LW LQ IXWXUH \HDUV DQG DFW DV D JHVWXUH RI JRRGZLOO

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

E 7KH 8QLWHG 1DWLRQV¶ :RUOG 6XPPLW RQ WKH ,QIRUPDWLRQ 6RFLHW\ SURFHVV :6,6 7KLV VXPPLW UHQHZHG WKH ,QWHUQHW *RYHUQDQFH )RUXP ,*) D YHQXH ZKHUH PHPEHU VWDWHV FLYLO VRFLHW\ DQG WKH SULYDWH VHFWRU GHEDWH LQWHUQHW SROLF\ F\EHUVHFXULW\ VXUYHLOODQFH LQWHOOHFWXDO SURSHUW\ DQG FRS\ULJKW 1DWLRQV KDYH VWUHQJWKHQHG GLSORPDWLF RSHQ FKDQQHOV UHJDUGLQJ F\EHU SROLF\ UHLWHUDWLQJ WKHLU FRPPLWPHQW WR EULGJH WKH GLJLWDO GLYLGH DQG LPSURYH DFFHVV WR LQIRUPDWLRQ DQG FRPPXQLFDWLRQV WHFKQRORJLHV ,&7V E\ UHFRJQL]LQJ WKH :6,6 GRFXPHQW 21 F 7KH 6DIH +DUERU $JUHHPHQW 7KLV DJUHHPHQW ZDV VLJQHG EHWZHHQ WKH 86 'HSDUWPHQW RI &RPPHUFH DQG WKH (XURSHDQ 8QLRQ DQG UHJXODWHV WKH ZD\ WKDW 86 FRPSDQLHV FDQ H[SRUW DQG KDQGOH WKH SHUVRQDO GDWD RI (XURSHDQ FLWL]HQV IRU WKH ¿UVW WLPH 22

US Cybersphere Operational Structure 'XH WR WKH FRPSOH[LW\ RI FRRUGLQDWLRQ IUDJPHQWHG UHVSRQVLELOLWLHV DQG RYHUODSSLQJ RYHUVLJKW WKH PXOWL IDFHWHG F\EHUVSDFH LV VDWXUDWHG ZLWK PLOLWDU\ WKLQN WDQNV DFDGHPLD SULYDWH VHFWRU DQG JRYHUQPHQW LQVWLWXWLRQV EUDQFKHV DQG RI¿FHV $W WKH QDWLRQDO OHYHO LV WKH ,QWHOOLJHQFH &RPPXQLW\ ZKLFK KDV ERWK GHIHQVLYH DQG RIIHQVLYH FDSDELOLWLHV DQG KDV WKH XOWLPDWH UHVSRQVLELOLW\ LQ DGGUHVVLQJ DQG PRQLWRULQJ PRGHUQ F\EHU ZDUIDUH :KHWKHU LW LV DQ DWWDFN DJDLQVW PLOLWDU\ RU JRYHUQPHQW RI¿FHV RU D VLJQL¿FDQW DWWDFN DJDLQVW D SULYDWH LQVWLWXWLRQ RU FULWLFDO LQIUDVWUXFWXUH WKH ,& KROGV WKH RSHUDWLRQDO UHVSRQVLELOLW\ IRU DOO DVSHFWV RI WKH 8QLWHG 6WDWHV¶ F\EHUVSKHUH (VWDEOLVKHG LQ WKH ,& LV D IHGHUDWLRQ RI VHYHQWHHQ 86 JRYHUQPHQW DJHQFLHV WKDW ZRUN VHSDUDWHO\ DQG WRJHWKHU WR FRQGXFW LQWHOOLJHQFH DFWLYLWLHV 23 0HPEHU RUJDQL]DWLRQV LQFOXGH LQWHOOLJHQFH DJHQFLHV PLOLWDU\ LQWHOOLJHQFH FLYLOLDQ LQWHOOLJHQFH DQG DQDO\VLV RI¿FHV ZLWKLQ IHGHUDO H[HFXWLYH GHSDUWPHQWV DOO KHDGHG E\ WKH GLUHFWRU RI 1DWLRQDO ,QWHOOLJHQFH ZKR UHSRUWV GLUHFWO\ WR WKH SUHVLGHQW 24 :KLOH PRVW RI WKH DVVRFLDWHG DJHQFLHV DUH RI¿FHV RU EXUHDXV ZLWKLQ IHGHUDO H[HFXWLYH GHSDUWPHQWV QLQH RI WKHP RSHUDWH XQGHU WKH 'HSDUWPHQW RI 'HIHQVH DQG WRJHWKHU VSHQG SHUFHQW RI WKH WRWDO 86 LQWHOOLJHQFH IXQGV 7UDGLWLRQDO LQWHOOLJHQFH JDWKHULQJ UHOLHV RQ D FRXQWHUWHUURULVP¶V LQWHOOLJHQFH F\FOH ZKLFK LQFOXGHV KXPDQ LQWHOOLJHQFH +80,17 VLJQDOV LQWHOOLJHQFH 6,*,17 LPDJHU\ LQWHOOLJHQFH ,0,17 DQG PHDVXUHPHQW DQG VLJQDWXUH LQWHOOLJHQFH 0$6,17 :KLOH DOO GLVFLSOLQHV DUH VWLOO QHHGHG WR IRUP DQ LQFOXVLYH LQWHOOLJHQFH DVVHVVPHQW F\EHU DQG FU\SWRORJ\ FDSDELOLWLHV KDYH

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

37

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

38

JDLQHG PRUH UHFRJQLWLRQ DV WKH QHHG IRU LQYHVWPHQW LQ KXPDQ FDSLWDO DQG UHVRXUFHV ULVHV DQG DV WKH ZRUOG¶V UHOLDQFH RQ WHFKQRORJ\ LQFUHDVHV 7KH ,& IRFXVHV RQ WKUHH DVSHFWV RI PDLQWDLQLQJ F\EHUVHFXULW\ RUJDQL]DWLRQ GHWHFWLRQ DQG GHWHUUHQFH 9DULRXV RUJDQL]DWLRQV ZLWKLQ WKH ,& SXUVXH GLIIHUHQW WDVNV 25 7KH 2I¿FH RI WKH 'LUHFWRU RI 1DWLRQDO ,QWHOOLJHQFH 2'1, KHDGV D WDVN IRUFH FRRUGLQDWLQJ HIIRUWV WR LGHQWLI\ VRXUFHV RI IXWXUH F\EHUDWWDFNV 7KH 'HSDUWPHQW RI +RPHODQG 6HFXULW\ '+6 OHDGV WKH SURWHFWLRQ RI JRYHUQPHQW FRPSXWHU V\VWHPV 7KH 'R' GHYLVHV VWUDWHJLHV IRU SRWHQWLDO F\EHU FRXQWHUDWWDFNV 7KH 1DWLRQDO 6HFXULW\ $JHQF\ 16$ PRQLWRUV GHWHFWV UHSRUWV DQG UHVSRQGV WR F\EHU WKUHDWV 7KH )HGHUDO %XUHDX RI ,QYHVWLJDWLRQ )%, OHDGV QDWLRQDO HIIRUWV WR LQYHVWLJDWH DQG SURVHFXWH F\EHUFULPHV 0DQ\ RWKHU F\EHU RUJDQL]DWLRQV RXWVLGH WKH ,&¶V XPEUHOOD DGGUHVV F\EHU WKUHDWV WKH PRVW SURPLQHQW RI ZKLFK LV WKH 86 &\EHU &RPPDQG 86&<%(5&20 'XULQJ D FULVLV WKH ,& DVVHVVHV LQWHOOLJHQFH ZLWKLQ LWV VHYHQWHHQ DJHQFLHV DQG WKHQ IRUPXODWHV RYHUDOO LQWHOOLJHQFH UHFRPPHQGDWLRQV E\ WKH 2'1, ,Q -DPHV &ODSSHU WKH GLUHFWRU RI 1DWLRQDO ,QWHOOLJHQFH ZKR RYHUVHHV WKH ,& DQG LV UHVSRQVLEOH IRU WKH FRPSOH[ FRRUGLQDWLRQ EHWZHHQ DOO WKH DUPV RI WKH ,& UHOHDVHG D ULVN DVVHVVPHQW LQ ZKLFK F\EHU WKUHDWV WRS WKH OLVW RI JOREDO WKUHDWV 26 DKHDG RI SK\VLFDO WHUURULVP IRU WKH ¿UVW WLPH VLQFH WKH DWWDFNV RI 6HSWHPEHU $OWKRXJK F\EHUDWWDFNV DJDLQVW WKH 8QLWHG 6WDWHV DUH constant and on the rise,27 &ODSSHU UHIHUUHG WR WKH SRVVLELOLW\ RI D ³F\EHU $UPDJHGGRQ´ DND ³F\EHU 3HDUO +DUERU ´ RU ³F\EHU ´ DV FXUUHQWO\ UHPRWH 5DWKHU WKDQ D ³F\EHU $UPDJHGGRQ´ VFHQDULR WKDW GHELOLWDWHV WKH HQWLUH 86 LQIUDVWUXFWXUH WKH ,& SUHGLFWV D GLIIHUHQW FKDOOHQJH ,W IRUHVHHV DQ RQJRLQJ VHULHV RI ORZ WR PRGHUDWH OHYHO F\EHUDWWDFNV IURP D YDULHW\ RI VRXUFHV RYHU WLPH ZKLFK ZLOO LPSRVH FXPXODWLYH FRVWV RQ 86 HFRQRPLF FRPSHWLWLYHQHVV DQG QDWLRQDO VHFXULW\ 29 7KH JOREDO SUROLIHUDWLRQ RI PDOLFLRXV FRGH LQFUHDVHV WKH ULVN WR $PHULFDQ QHWZRUNV VHQVLWLYH LQIUDVWUXFWXUH DQG GDWD :KLOH D GLVUXSWLYH RU GHVWUXFWLYH F\EHU RSHUDWLRQ DJDLQVW D SULYDWH FRUSRUDWLRQ DQ LQGXVWULDO FRQWURO V\VWHP RU D GHIHQVH V\VWHP UHTXLUHV D SRWHQWLDO DGYHUVDU\ WR KDYH D VLJQL¿FDQW OHYHO RI H[SHUWLVH WR H[HFXWH LW LW GRHV QRW QHFHVVLWDWH VWDWH OHYHO ¿QDQFLDO DELOLWLHV RU ZRUOG FODVV RSHUDWLRQDO WDOHQW $ JLYHQ DFWRU ZKHWKHU D QDWLRQ VWDWH RU D QRQ VWDWH JURXS FDQ SXUFKDVH PDOZDUH VS\ZDUH ]HUR GD\V DQG RWKHU FDSDELOLWLHV RQ WKH EODFN PDUNHW DQG FDQ SD\ H[SHUWV WR VHDUFK IRU YXOQHUDELOLWLHV DQG GHYHORS H[SORLWV ,Q D JOREDO HQYLURQPHQW EULPPLQJ ZLWK DGYHUVDULHV DV ZHOO DV D ODFN RI LQWHUQDWLRQDO F\EHU ODZV DQG

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

clear regulations, these threats have created a dangerous and uncontrolled PDUNHW ZKLFK VHUYHV PXOWLSOH DFWRUV ZLWKLQ WKH LQWHUQDWLRQDO V\VWHP 30 Despite the increase in F\EHU DFWLYLW\ E\ non state actors, top 86 intelligence RI¿FLDOV still EHOLHYH that state actors are the greatest threat in F\EHUVSDFH to 86 interests The ,& LGHQWL¿HV several potential actors who PD\ cause a F\EHU crisis, including nation states with KLJKO\ sophisticated F\EHU SURJUDPV, such as Russia or &KLQD 31 nations with lesser technical FDSDELOLWLHV, EXW SRVVLEO\ PRUH disruptive intent, such as ,UDQ or 1RUWK Korea non state actors with DFFHVVLELOLW\ to VLJQL¿FDQW resources and PRWLYDWLRQ to create F\EHU chaos and SUR¿W PRWLYDWHG FULPLQDOV and LGHRORJLFDOO\ PRWLYDWHG hackers or H[WUHPLVWV The various SRVVLEOH targets include: D 7KH 3ULYDWH VHFWRU 7KLV VHFWRU LV LGHQWL¿HG QRW RQO\ DV D YLFWLP RI F\EHUDWWDFNV EXW DOVR DV D SDUWLFLSDQW LQ LQYHVWLJDWLRQV DQG DWWULEXWLRQ *LYHQ WKH LPSRUWDQFH RI ¿QDQFLDO LQVWLWXWLRQV H J *ROGPDQ 6DFKV WR WKH HFRQRP\ LQ WKHLU GHSHQGHQF\ RQ WHFKQRORJ\ WKLV VHFWRU LV DQ LPSRUWDQW ¿HOG WR GHIHQG LQ FDVH RI D VHULRXV DWWDFN 32 E &ULWLFDO LQIUDVWUXFWXUH 7KH FULWLFDO LQIUDVWUXFWXUH²WKH SK\VLFDO DQG YLUWXDO DVVHWV V\VWHPV DQG QHWZRUNV YLWDO WR QDWLRQDO DQG HFRQRPLF VHFXULW\ KHDOWK DQG VDIHW\²LV YXOQHUDEOH WR F\EHUDWWDFNV E\ IRUHLJQ JRYHUQPHQWV FULPLQDO HQWLWLHV DQG ORQH DFWRUV $ ODUJH VFDOH DWWDFN FRXOG WHPSRUDULO\ KDOW WKH VXSSO\ RI ZDWHU HOHFWULFLW\ DQG JDV KLQGHU WUDQVSRUWDWLRQ DQG FRPPXQLFDWLRQV DQG FULSSOH ¿QDQFLDO LQVWLWXWLRQV 33 F *RYHUQPHQW 3HQHWUDWLQJ WKH 86 QDWLRQDO GHFLVLRQ PDNLQJ DSSDUDWXV DQG ,QWHOOLJHQFH &RPPXQLW\ ZLOO UHPDLQ SULPDU\ REMHFWLYHV IRU IRUHLJQ LQWHOOLJHQFH HQWLWLHV $GGLWLRQDOO\ WKH WDUJHWLQJ RI QDWLRQDO VHFXULW\ LQIRUPDWLRQ DQG SURSULHWDU\ LQIRUPDWLRQ IURP 86 UHVHDUFK LQVWLWXWLRQV GHDOLQJ ZLWK GHIHQVH HQHUJ\ ¿QDQFH GXDO XVH WHFKQRORJ\ DQG RWKHU DUHDV ZLOO EH D SHUVLVWHQW WKUHDW WR 86 LQWHUHVWV 34 G 0LOLWDU\ DQG JRYHUQPHQW DJHQFLHV 7KHVH DUH WKH IURQW OLQH RI ERWK GHIHQVH DQG RIIHQVH DV LWV LQIUDVWUXFWXUH PXVW GHIHQG WKH HQWLUH QDWLRQ DV ZHOO DV LWV RZQ UHVRXUFHV LQ FDVH RI D IXOO VFDOH F\EHU FRQÀLFW ,& DVVXPHV WKDW LQ D F\EHU FULVLV WKLV ³FRQWDFW OLQH´ ZLOO EH DWWDFNHG DQG GDPDJHG

The Intelligence Community Policies 7KH ,& FRQGXFWV D YDULHW\ RI LQWHOOLJHQFH RSHUDWLRQV RQ D GDLO\ EDVLV 7KH 8QLWHG 6WDWHV LV XQGHU FRQVWDQW F\EHUDWWDFN IURP ERWK VWDWH DQG QRQ VWDWH

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

39

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

40

DFWRUV 2Q WKH QDWLRQDO LQWHOOLJHQFH OHYHO EHLQJ XQGHU F\EHUDWWDFN PHDQV QRW RQO\ D GHIHQVLYH HIIRUW EXW DOVR GHVLJQLQJ YDULRXV RSHUDWLRQDO RSWLRQV IRU UHWDOLDWLRQ *LYHQ LWV VL]H WKH ,& LQWHUDFWV DQG FROODERUDWHV ZLWK DJHQFLHV RQ WKH RSHUDWLRQDO OHYHO PLOLWDU\ 'R' '+6 DQG WKH VWDWH DQG IHGHUDO OHYHO SULYDWH VHFWRU RQ D ODUJH VFDOH 'HSDUWPHQW RI 6WDWH :KLWH +RXVH 7KH ,&¶V VWUDWHJLF SUHSDUDWLRQ JRDOV35 include: D %XLOGLQJ DQG PDLQWDLQLQJ UHDG\ IRUFHV DQG FDSDELOLWLHV WR FRQGXFW F\EHUVSDFH RSHUDWLRQV E 'HIHQGLQJ LWV RZQ LQIRUPDWLRQ QHWZRUN VHFXULQJ GDWD DQG PLWLJDWLQJ ULVNV WR PLVVLRQV F 3UHSDULQJ WR GHIHQG 86 KRPHODQG DQG 86 YLWDO LQWHUHVWV DJDLQVW GLVUXSWLYH RU GHVWUXFWLYH F\EHUDWWDFNV RI VLJQL¿FDQW FRQVHTXHQFH G %XLOGLQJ DQG PDLQWDLQLQJ YLDEOH F\EHU RSWLRQV DQG SODQQLQJ WR XVH WKRVH RSWLRQV WR FRQWURO FRQÀLFW HVFDODWLRQ DQG WR DFWLYHO\ H[WUDFW LQIRUPDWLRQ WR SUHSDUH ³WDUJHW EDQNV´ H %XLOGLQJ DQG PDLQWDLQLQJ UREXVW LQWHUQDWLRQDO DOOLDQFHV DQG SDUWQHUVKLSV WR GHWHU VKDUHG WKUHDWV DQG LQFUHDVH LQWHUQDWLRQDO VHFXULW\ DQG VWDELOLW\ D

E

F

G

,&¶V SROLF\ RI F\EHUDWWDFN UHVSRQVH LV DV IROORZV ,GHQWLI\LQJ DWWDFNV $V SDUW RI WKH PRGHUQ F\EHU EDWWOH¿HOG VRSKLVWLFDWHG DWWDFNHUV ZLOO DWWHPSW WR FRQFHDO WKH DWWDFN -XVW DV LQ D FRQYHQWLRQDO FRQÀLFW LQWHOOLJHQFH LV QHHGHG WR SUHSDUH WKH EDWWOH JURXQG DQG DFFXUDWHO\ DVVHVV WKH SUREDELOLW\ RI VXFFHVV DQG XWLOLW\ IRU DQ\ NLQG RI RSHUDWLRQ ,QIRUPLQJ $OWKRXJK WKH ,& KDV VLJQL¿FDQW RIIHQVLYH DELOLWLHV LWV PDLQ UROH LV WR DVVHVV LQIRUP DQG UHSRUW 7KH ,& PXVW LQIRUP WKH RSHUDWLRQDO DUPV LW FROODERUDWHV ZLWK DQG WKH 6WDWH 'HSDUWPHQW 7KDW LV XQGHU DWWDFN WKH ,&¶V VXFFHVV LV PHDVXUHG E\ WKH SUHFDXWLRQV LW JDYH SULRU WR WKH DWWDFN DQG E\ LWV UHVSRQVLYHQHVV FRPPXQLFDWLRQ DQG JXLGDQFH GXULQJ WKH DWWDFN 3URYLGLQJ options: The ,& PXVW provide a set RI options to decision PDNHUV and HQDEOH strategic ÀH[LELOLW\ E\ providing YDOXDEOH LQIRUPDWLRQ The ,& DGPLQLVWHUV guidance during attack and provides strategic operational and political OHHZD\ with its UHFRPPHQGDWLRQV and intelligence DVVHVVPHQW 'DPDJH $VVHVVPHQW: 8QOLNH the conventional EDWWOH¿HOG, a F\EHUDWWDFN PD\ EH hard to detect at WLPHV, even LI it is a large scale attack The ,& PXVW assess the GDPDJH caused so that it can provide SROLF\PDNHUV with the DELOLW\ to retaliate in a PHDVXUDEOH PDQQHU This does not QHFHVVDULO\ require operational HIIRUWV during an attack, EXW rather DVVHVVPHQW,

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

coordination, and LQIRUPDWLRQ sharing with other RI¿FHV so that there is an HI¿FLHQW ÀRZ RI LQIRUPDWLRQ

Multidimensional Cyber Response 7KH ,&¶V UROH RYHUODSV LQ PDQ\ ZD\V ZLWK GLIIHUHQW LQVWLWXWLRQV JRYHUQPHQWDO GHSDUWPHQWV DQG PLOLWDU\ XQLWV PDQ\ RI ZKLFK LV RXW RI LWV MXULVGLFWLRQ :KLOH LW GRHV QRW VLQJXODUO\ KDYH UHVSRQVLELOLW\ IRU F\EHU UHVSRQVH DW WKH QDWLRQDO RU VWDWH OHYHO WKH ,& GHPDQGV D FRPSOH[ FKDLQ RI LQIRUPDWLRQ ÀRZ DQG KLHUDUFK\ 2WKHU LQVWLWXWLRQV WKDW SURYLGH F\EHU UHVSRQVHV DUH D 'HSDUWPHQW RI +RPHODQG 6HFXULW\ $V SDUW RI LWV UROH WR SURWHFW WKH 8QLWHG 6WDWHV¶ WHUULWRULHV DQG UHVSRQG WR WHUURULVW DWWDFNV PDQ PDGH DFFLGHQWV DQG QDWXUDO GLVDVWHUV WKH '+6 LV LQ FKDUJH RI &RDVW *XDUG ,QWHOOLJHQFH &*, DQG WKH 2I¿FH RI ,QWHOOLJHQFH DQG $QDO\VLV , $ 7KH ODWWHU LV UHVSRQVLEOH IRU PDQDJLQJ WKH FROOHFWLRQ DQDO\VLV DQG IXVLRQ RI LQWHOOLJHQFH 7KH 2I¿FH RI , $ GLVVHPLQDWHV LQWHOOLJHQFH WKURXJKRXW WKH '+6 DQG WR WKH RWKHU PHPEHUV RI WKH ,& FRPPXQLW\ DQG LV WKH ¿UVW UHVSRQGHU DW WKH VWDWH ORFDO DQG WULEDO OHYHOV 37 7KH 2'1, LV UHVSRQVLEOH IRU DQ HI¿FLHQW LQIRUPDWLRQ ÀRZ EHWZHHQ WKH UHVW RI WKH LQWHOOLJHQFH FRPPXQLW\ DQG WKH '+6 LQ RUGHU WR FUHDWH V\QHUJ\ RI LQIRUPDWLRQ GXULQJ D F\EHUDWWDFN E 'HSDUWPHQW RI 'HIHQVH 'R' &RQVLGHUHG WKH IRFDO SRLQW IRU WKH LQWHOOLJHQFH FRPPXQLW\¶V RSHUDWLRQDO VRXUFH DQG OHDGLQJ QLQH RI LWV DJHQFLHV LQFOXGLQJ WKH 16$ WKH 'R' LV WKH 2'1,¶V PDLQ VRXUFH RI F\EHU LQWHOOLJHQFH $V VXFK WKH 'LUHFWRU RI 1DWLRQDO ,QWHOOLJHQFH '1, RIWHQ UHSRUWV WR GHFLVLRQ PDNHUV DQG WKH :KLWH +RXVH EDVHG RQ WKH LQWHOOLJHQFH UHFHLYHG IURP WKH 'R' ,Q DGGLWLRQ WKH 16$ DQG &<%(5&20 OHG E\ $GPLUDO 0LFKDHO 5RJHUV DQG WKH '1, ZRUN FORVHO\ WRJHWKHU GXULQJ DQ DWWDFN ,W LV QHFHVVDU\ WKDW WKH RSHUDWLRQDO GDWD VWUHDP EH SURFHVVHG WKURXJK WKH 2'1, DQG UHFHLYHG DV SROLF\ UHFRPPHQGDWLRQV DW WKH IHGHUDO OHYHO F 6WDWH 'HSDUWPHQW 7KH JRYHUQPHQW LV GHSHQGHQW RQ WKH ,& GXULQJ D F\EHU FULVLV 8QOLNH LQ FRQYHQWLRQDO FRQÀLFWV LW LV VDIH WR DVVXPH WKDW GHFLVLRQ PDNHUV RIWHQ GR QRW NQRZ ZKDW KDV KDSSHQHG DQG GR QRW NQRZ WKH RULJLQ RI DQ DWWDFN LQ D F\EHU FULVLV VFHQDULR ,W LV XS WR WKH ,& WR SURYLGH DQ LQWHOOLJHQFH DVVHVVPHQW LQ D WLPHO\ PDQQHU DQG WR SDVV RQ WKH GDWD 6PDOO FHQWHUV WKDW DUH WUXVWHG WR HYDOXDWH DQG FRRUGLQDWH VHUYH DV OLDLVRQV EHWZHHQ VWDWH LQVWLWXWLRQV DQG WKH F\EHU LQWHOOLJHQFH ¿HOG VXFK DV WKH 1DWLRQDO &\EHUVHFXULW\ DQG &RPPXQLFDWLRQV ,QWHJUDWLRQ &HQWHU

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

41

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

42

1&&,& WKH 8QLWHG 6WDWHV &RPSXWHU (PHUJHQF\ 5HDGLQHVV 7HDP 86 &(57 DQG WKH &\EHU 7KUHDW ,QWHOOLJHQFH ,QWHJUDWLRQ &HQWHU &7,,& 6WDWLRQHG LQ WKH 2I¿FH RI WKH 'LUHFWRU RI 1DWLRQDO ,QWHOOLJHQFH WKH ODWWHU ZLOO PLUURU WKH HIIRUWV DQG DVVHVVPHQWV IRU FRXQWHUWHUURULVP LQIRUPDWLRQ VKDULQJ GXULQJ F\EHUDWWDFNV G 3ULYDWH 6HFWRU ,QIUDVWUXFWXUH F\EHU EUHDFKHV DQG DWWDFNV KDYH EHHQ GH¿QHG DV WKH QXPEHU RQH WKUHDW RI WKH 8QLWHG 6WDWHV LQ E\ WKH '1, 7KH ,QIRUPDWLRQ 6KDULQJ DQG $QDO\VLV &HQWHU ,6$& LV WKH PDLQ DFWRU LQ RYHUVHHLQJ SULYDWH VHFWRU F\EHU WKUHDWV DV ,6$& DVVLVWV IHGHUDO DQG ORFDO JRYHUQPHQWV ZLWK LQIRUPDWLRQ SHUWDLQLQJ WR F\EHU WKUHDWV 3ULYDWH VHFWRU F\EHU FULVHV PD\ DIIHFW QDWLRQDO LQWHUHVWV H J WKH 6RQ\ LQFLGHQW DQG WKXV LQ FROODERUDWLRQ ZLWK '+6 'HSDUWPHQW RI 6WDWH DQG WKH )%, WKH SULYDWH VHFWRU GHPDQGV WKDW DQ RSHUDWLRQDO LQWHOOLJHQFH DSSURDFK EH WDNHQ DW WKH QDWLRQDO OHYHO

Conclusions 7KH KLVWRU\ RI F\EHU ZDUIDUH SRVHV PDQ\ OHVVRQV DQG PD\ LQGLFDWH WKH SURJUHVVLRQ DQG GLUHFWLRQ RI WKH F\EHUVSKHUH DV ZHOO DV WKH FRPSUHKHQVLYH DWWHQWLRQ UHTXLUHG E\ WKH ¿HOG DW DOO OHYHOV &\EHU ZDUIDUH¶V QDWXUDO HYROXWLRQ LV DQ LPSRUWDQW WRRO WR DVVHVV PLVWDNHV DQG SURMHFW WKH IXWXUH RI WKH LQIRVSKHUH SULYDF\ UHJXODWLRQV F\EHU HVSLRQDJH DQG F\EHUVHFXULW\ QHHGV 3ROLF\PDNHUV DUH DGGUHVVLQJ WKH F\EHUVSKHUH WRGD\ PRUH VHULRXVO\ WKDQ HYHU EHIRUH DQG LQVWLWXWLRQV DW DOO OHYHOV DUH GLUHFWLQJ VXEVWDQWLDO UHVRXUFHV WR DGGUHVV F\EHU WKUHDWV ,QWHOOLJHQFH DJHQFLHV FRQVWDQWO\ DUH SHUIHFWLQJ WKHLU GHIHQVLYH DQG RIIHQVLYH F\EHU FDSDELOLWLHV 3ULYDWH LQVWLWXWLRQV HVSHFLDOO\ LQ WKH ¿HOGV RI PHGLFLQH ¿QDQFH FULWLFDO LQIUDVWUXFWXUH DQG HQHUJ\ LQ DGGLWLRQ WR GDWD GULYHQ FRUSRUDWLRQV DOORFDWH PRUH UHVRXUFHV DQG KXPDQ SRZHU WR GDWD SURWHFWLRQ DQG F\EHUVHFXULW\ WKDQ HYHU EHIRUH /DVWO\ WKH $PHULFDQ JRYHUQPHQW LV DZDUH RI WKH ULVNV WR LWV RZQ QHWZRUNV DQG ZKLOH EUHDFKHV DUH PRUH FRPPRQ WKDQ HYHU LQYHVWPHQWV WR QXUWXUH D PRUH GHIHQVLEOH F\EHU VSDFH DUH DW DQ DOO WLPH SHDN 7KHUH DUH VHYHUDO IXQGDPHQWDO SROLF\ UHDOL]DWLRQV DW WKH LQWHUQDWLRQDO OHYHO 0RVW SROLF\PDNHUV DQG OHJLVODWRUV GR QRW KDYH D FRPSUHKHQVLYH FDSDFLW\ WR DGGUHVV LQWHUQDWLRQDO F\EHUDWWDFNV )RU H[DPSOH WKHUH LV QRW DQ DOO LQFOXVLYH GH¿QLWLRQ IRU ³DFWV RI ZDU´ LQ WKH QRQ NLQHWLF VSKHUH DQG WKH H[LVWLQJ GH¿QLWLRQV DUH XQFOHDU DQG QRW VKDUHG DQG DJUHHG XSRQ DW WKH LQWHUQDWLRQDO

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

OHYHO 0RUHRYHU UHWDOLDWLRQ PHFKDQLVPV IRU D ¿QDQFLDO F\EHU FULVLV DUH QRW LQ SODFH SUHYHQWLQJ QDWLRQ VWDWHV IURP DWWULEXWLQJ ODUJH VFDOH DWWDFNV WR VSHFL¿F DWWDFNHUV DQG DOORZLQJ RWKHU DFWRUV WR DYRLG DFFRXQWDELOLW\ ,QWHUQDWLRQDO FROODERUDWLRQ DW DOO OHYHOV HVSHFLDOO\ LQ WKH ¿QDQFLDO GLSORPDWLF DQG WKH MXGLFLDU\ IURQWV DUH LQ QHHG DV D ODFN RI FROODERUDWLRQ PD\ SUHYHQW D VWDEOH IRXQGDWLRQ XSRQ ZKLFK DFFRXQWDELOLW\ PHFKDQLVPV FDQ EH IRUPHG 'HVSLWH WKH JURZLQJ PXOWLVHFWRU LQYHVWPHQWV LQ F\EHUVHFXULW\ PRUH VRSKLVWLFDWHG DWWDFNV KDYH WDNHQ SODFH LQ WKH ODVW WKUHH \HDUV WKDQ SUHYLRXVO\ 7KHUHIRUH LW DSSHDUV WKDW RQO\ PXOWLQDWLRQDO VXEVWDQWLDO DQG ELQGLQJ F\EHU DJUHHPHQWV DQG SURJUHVVLYH LQWHUQHW JRYHUQDQFH OHJLVODWLRQ ZLOO DOORZ IRU D VXEVWDQWLDOO\ VDIHU F\EHUVSKHUH 2Q WKH VHFXULW\ IURQW WKH ,& IRUPV QDUUDWLYH DQG RSHUDWLRQDO UHFRPPHQGDWLRQV WR SROLF\PDNHUV GXH WR LWV FRRUGLQDWLRQ DELOLW\ DQG YDVW MXULVGLFWLRQ 7KH ELJJHVW FKDOOHQJH GXULQJ D F\EHUDWWDFN LV WR LGHQWLI\ DQG FRQQHFW WKH GLIIHUHQW GRWV IRU JHQHUDWLQJ D UHVSRQVLEOH DQG PHDVXUDEOH UHVSRQVH :LWKRXW D ERG\ OLNH WKH ,& WKH DEXQGDQFH RI GDWD ZRXOG JHW ORVW LQ D PD]H RI LQIRUPDWLRQ -XVW OLNH LQ D NLQHWLF EDWWOH¿HOG WKH GHIHQVH OLQH ZLOO HYHQWXDOO\ EH SHQHWUDWHG JLYHQ D SHUVLVWHQW DWWDFNHU 8QOLNH WKH FODVVLF EDWWOH¿HOG KRZHYHU D JLYHQ F\EHUDWWDFN PD\ QRW EH VHHQ DWWULEXWLRQ PD\ QRW EH SODXVLEOH DQG WKH LPSDFW PD\ QRW EH QRWLFHDEOH &\EHU WHUURULVP PD\ EHFRPH D JURZLQJ FRQFHUQ ZLWK WLPH DQG PD\ UHTXLUH JUHDWHU LQWHUQDWLRQDO LQWHOOLJHQFH FROODERUDWLRQV WKDQ HYHU ,QWHUQDO QDWLRQDO LQWHOOLJHQFH VHFXULW\ DJHQFLHV PD\ EH IRUFHG WR FKDQJH GLVFLSOLQHV DQG VKLIW WKHLU VWUDWHJLF DWWHQWLRQ ,W LV WKXV SODXVLEOH WR SURMHFW WKDW LQ WKH IXWXUH QXFOHDU ZHDSRQV ZLOO QR ORQJHU EH WKH XOWLPDWH DQG JUHDWHVW WKUHDW

Notes -DVRQ +HDOH\ HG $ )LHUFH 'RPDLQ &RQÀLFW LQ &\EHUVSDFH WR 9LHQQD 9$ &\EHU &RQÀLFW 6WXGLHV $VVRFLDWLRQ 7HG (LVHQEHUJ HW DO “7KH &RUQHOO &RPPLVVLRQ 2Q 0RUULV DQG WKH :RUP ´ Communications of the ACM QR ± KWWS SRUWDO DFP RUJ FLWDWLRQ FIP"LG 'XULQJ WKH 0RUULV DSSHDO SURFHVV WKH 86 &RXUW RI $SSHDOV HVWLPDWHG WKH FRVW RI UHPRYLQJ WKH YLUXV IURP HDFK LQVWDOODWLRQ ZDV LQ WKH UDQJH RI ± 3RVVLEO\ EDVHG RQ WKHVH QXPEHUV +DUYDUG VSRNHVPDQ &OLIIRUG 6WROO HVWLPDWHG WKH WRWDO HFRQRPLF LPSDFW ZDV EHWZHHQ WR (LVHQEHUJ HW DO ³7KH &RUQHOO &RPPLVVLRQ 2Q 0RUULV DQG WKH :RUP ´

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

43

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

44 0LFKDHO 5XVWDG DQG 'LDQH '¶$QJHOR ³7KH 3DWK RI ,QWHUQHW /DZ $Q $QQRWDWHG *XLGH WR /HJDO /DQGPDUNV ´ LQ Duke Law & Technology Review HG %HDWULFH +DKQ 'XUKDP 'XNH 8QLYHUVLW\ 6FKRRO RI /DZ 8QLWHG 6WDWHV Y 0RUULV G &LU XSKROGLQJ WKH FRQYLFWLRQ RI D FRPSXWHU VFLHQFH JUDGXDWH VWXGHQW XQGHU WKH &RPSXWHU )UDXG DQG $EXVH $FW 7 Hearing before Committee on Governmental Affairs, US Senate 0DUFK WHVWLPRQ\ RI -DPHV $GDPV &KLHI ([HFXWLYH 2I¿FHU ,QIUDVWUXFWXUH 'HIHQVH ,QF $GDP (ONXV ³0RRQOLJKW 0D]H´ LQ $ )LHUFH 'RPDLQ &RQÀLFW LQ &\EHUVSDFH WR 5\DQ 5LFKDUG *HOLQDV ³&\EHUGHWHUUHQFH DQG WKH 3UREOHP RI $WWULEXWLRQ,´ PDVWHU¶V WKHVLV *HRUJHWRZQ 8QLYHUVLW\ KWWS SDSHU VHHEXJ RUJ SDSHUV $37 $37B&\EHU&ULPLQDOB&DPSDJLQ KLVWRULFDO JHOLQDV5\DQ SGI 0DUFLD 0F*RZDQ ³ <HDUV $IWHU 3UHVLGHQWLDO 'HFLVLRQ 'LUHFWLYH´ 33' ´ Booz Allen 0D\ KWWS ZZZ ERR]DOOHQ FRP FRQWHQW ERR]DOOHQ HQB86 PHGLD FHQWHU FRPSDQ\ QHZV \HDUV DIWHU SGG EORJ SRVW KWPO ³0RRQOLJKW 0D]H ´ Frontline 3%6 $SULO ZZZ SEV RUJ ZJEK SDJHV IURQWOLQH VKRZV F\EHUZDU ZDUQLQJV 2I¿FH RI WKH 3UHVV 6HFUHWDU\ ³)DFW 6KHHW 3URWHFWLQJ $PHULFD¶V &ULWLFDO ,QIUDVWUXFWXUHV 3'' ´ 0D\ KWWS IDV RUJ LUS RIIGRFV SGG KWP ,ELG ,ELG .LP =HWWHU &RXQWGRZQ WR =HUR 'D\ 6WX[QHW DQG WKH ODXQFK RI WKH ZRUOG¶V ¿UVW digital weapon 1HZ <RUN &URZQ 3XEOLVKLQJ 5DOSK /DQJQHU ³6WX[QHW¶V 6HFUHW 7ZLQ 7KH UHDO SURJUDP WR VDERWDJH ,UDQ¶V QXFOHDU IDFLOLWLHV ZDV IDU PRUH VRSKLVWLFDWHG WKDQ DQ\RQH UHDOL]HG ´ Foreign Policy 1RYHPEHU KWWS IRUHLJQSROLF\ FRP VWX[QHWV VHFUHW WZLQ ,ELG ,UYLQJ /DFKRZ ³7KH 6WX[QHW HQLJPD ,PSOLFDWLRQV IRU WKH IXWXUH RI F\EHUVHFXULW\ ´ Georgetown Journal of International Affairs Special Issue: Cybersecurity ± )RU H[DPSOH FUHDWLQJ PRUH LQVWLWXWLRQV WKDW PRQLWRU FRRUGLQDWH UHJXODWH DVVHVV GHIHQG DQG DWWDFN $GDP 6HJDO ³7KH 7RS )LYH &\EHU 3ROLF\ 'HYHORSPHQWV RI 8QLWHG 6WDWHV &KLQD &\EHU $JUHHPHQW ´ Council on Foreign Relations -DQXDU\ KWWS EORJV FIU RUJ F\EHU WRS XV FKLQD F\EHU DJUHHPHQW *XHVW %ORJJHU ³7KH 7RS )LYH &\EHU 3ROLF\ 'HYHORSPHQWV RI 7KH :6,6 5HYLHZ ´ Net Politics EORJ &RXQFLO RQ )RUHLJQ 5HODWLRQV 'HFHPEHU KWWS EORJV FIU RUJ F\EHU WKH WRS ¿YH F\EHU SROLF\ LVVXHV RI WKH ZVLV UHYLHZ )HGHUDO 7UDGH &RPPLVVLRQ ³86 (8 6DIH +DUERU )UDPHZRUN ´ -XO\ KWWSV ZZZ IWF JRY WLSV DGYLFH EXVLQHVV FHQWHU SULYDF\ DQG VHFXULW\ X V HX VDIH KDUERU IUDPHZRUN

OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY

Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017

45 ([HFXWLYH 2UGHU 1R 8QLWHG 6WDWHV ,QWHOOLJHQFH $FWLYLWLHV 'HFHPEHU &HQWUDO ,QWHOOLJHQFH $JHQF\ KWWSV ZZZ FLD JRY DERXW FLD HR KWPO ³7KH 2UJDQL]DWLRQDO $UUDQJHPHQWV IRU WKH ,QWHOOLJHQFH &RPPXQLW\ ´ Federation of American Scientists )HEUXDU\ KWWS IDV RUJ LUS RIIGRFV LQW KWPO (ULF 5RVHQEDFK DQG $NL - 3HULW] ³&\EHU 6HFXULW\ DQG WKH ,QWHOOLJHQFH &RPPXQLW\ ´ LQ Confrontation or Collaboration? Congress and the Intelligence Community HG (ULF 5RVHQEDFK +DUYDUG .HQQHG\ 6FKRRO %HOIHU &HQWHU IRU 6FLHQFH DQG ,QWHUQDWLRQDO $IIDLUV Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community, Senate Armed Security Committee )HEUXDU\ VWDWHPHQW RI -DPHV 5 &ODSSHU 'LUHFWRU RI 1DWLRQDO ,QWHOOLJHQFH KWWS ZZZ GQL JRY ¿OHV GRFXPHQWV 8QFODVVL¿HGB B$7$B6)5B B6$6&B ),1$/ SGI ³1RUVH ,QWHOOLJHQFH 3ODWIRUP ´ 1RUVH KWWS PDS QRUVHFRUS FRP .ULVWHQ (LFKHQVHKU ³&\EHUVHFXULW\ LQ WKH ,QWHOOLJHQFH &RPPXQLW\¶V :RUOGZLGH 7KUHDW $VVHVVPHQW ´ JustSecurity 0DUFK KWWSV ZZZ MXVWVHFXULW\ RUJ F\EHUVHFXULW\ X V LQWHOOLJHQFH FRPPXQLW\V ZRUOGZLGH WKUHDW DVVHVVPHQW ,ELG 'HSDUWPHQW RI 'HIHQVH ³7KH 'R' &\EHU 6WUDWHJ\ ´ $SULO KWWS ZZZ GHIHQVH JRY 3RUWDOV IHDWXUHV BF\EHU VWUDWHJ\ )LQDOB B 'R'B&\EHUB 6WUDWHJ\BIRUBZHE SGI 0DUN 3RPHUOHDX ³,& OHDGHUV )XWXUH F\EHU DWWDFNV ZLOO GR UHDO GDPDJH ´ Defense Systems 6HSWHPEHU KWWSV GHIHQVHV\VWHPV FRP DUWLFOHV LF OHDGHUV PDS RXW QDWLRQ VWDWH F\EHU WKUHDWV DVS[ ,ELG $QGUHZ 0HROD ³&\EHU DWWDFNV DJDLQVW RXU FULWLFDO LQIUDVWUXFWXUH DUH OLNHO\ WR LQFUHDVH ´ Business Insider 0D\ KWWS ZZZ EXVLQHVVLQVLGHU FRP F\EHU DWWDFNV DJDLQVW RXU FULWLFDO LQIUDVWUXFWXUH DUH OLNHO\ WR LQFUHDVH ,ELG ,ELG $DURQ %UDQWO\ ³'H¿QLQJ WKH UROH RI LQWHOOLJHQFH LQ F\EHU ´ LQ Understanding the Intelligence Cycle ed 0DUN 3K\WKLDQ /RQGRQ DQG 1HZ <RUN (QJODQG 5RXWOHGJH ,ELG 5LFKDUG %HMWOLFK ³:KDW DUH WKH SURVSHFWV IRU WKH &\EHU 7KUHDW ,QWHOOLJHQFH ,QWHJUDWLRQ &HQWHU"´ Brookings )HEUXDU\ KWWS ZZZ EURRNLQJV HGX EORJV WHFKWDQN SRVWV F\EHU VHFXULW\ FHQWHU EHMOLFK