Response to Cyberattacks May Mean New Roles and Missions for Special Ops

SolarWinds. Colonial Pipeline. New York City’s subway. These are only some of the targets of cyberattacks on the U.S. government and private sector in recent months.

Although damage from these mostly unattributed cyberattacks — Russia and China are suspected — varies, private citizens have started feeling the impact in their daily lives, as shown by the gas shortage after the Colonial Pipeline cyberattack.

In light of these cyberattacks, the U.S. government is pondering a more aggressive strategy, even starting to give ransomware investigations the same attention as terrorism cases.

Meanwhile, NATO’s secretary-general said a cyberattack against a member could meet “the thresholds for triggering Article 5,” the alliance’s collective defense clause.

British navy Queen Elizabeth aircraft carrier Jens Stoltenberg — NATO Secretary-General Jens Stoltenberg visits Royal Navy aircraft carrier HMS Queen Elizabeth during exercise Steadfast Defender 21. (NATO)

In military parlance, the U.S. government must figure out how it can “threaten to impose unacceptable costs” by, with, and through persistent physical and virtual engagement.

Although the Geneva Conventions and Tallin Accords offer some guidance, they are by no means definite. There is also the issue of attribution. If Russia, for example, used a criminal group as proxy, the U.S. would have to verify Moscow’s role before responding.

That response also has to deal with questions of proportionality.

Would halting Moscow’s subway be a proportionate response to election interference? Would publishing the personal information of Chinese intelligence officers be a proportionate response to the theft of classified personal information of millions of U.S. government employees and troops?

The absence of rules of engagement or, at the very least, of red lines only enables adversaries to test the U.S.

Special Operations and Cyberwarfare

Army soldiers cyber computer — U.S. Army cyberspace operations specialists at the National Training Center at Fort Irwin in California, January 13, 2019. (Photo by Steven Stover/U.S. Army)

The Pentagon and the Intelligence Community have differing aims for cyber operations, and inside the military there are varying capabilities and goals — mainly those of U.S. Cyber Command and U.S. Special Operations Command — in that domain.

Those divides underline the absence of a broader cyber strategy.

The U.S. special operations community has been paying more attention to the cyber domain, which offers the community an opportunity to understand an adversary, find its weaknesses, and use them against it.

American commandos have already used these capabilities to fight ISIS. In the age of great-power competition with more sophisticated adversaries, like China and Russia, U.S. commandos deployed to study Chinese capabilities or to track Russian influence operations can also take advantage of those capabilities.

“Not only does SOF have an interest in more cyber, but they have made it known they plan on significantly increasing their investment in cyber- and electronic-warfare capabilities,” Herm Hasken, a partner and senior operations consultant at MarkPoint Technologies, told Insider.

For Special Operations Command and Joint Special Operations Command, that investment is reflected in the National Defense Authorization Act, an annual bill that funds defense and national security programs.

Air Force special operations South Korea — An instructor with Air Force Special Operations Command helps students during “call for fire” training at Kunsan Air Base in South Korea, August 29, 2012. (Photo by Senior Airman Jessica Hines/U.S. Air Force)

The special operations community’s push for more cyber powers suggests a desire for more expansive offensive roles. For example, special operations teams might find themselves placing sensors in Southeast Asia to provide insight on Chinese cyber capabilities and how to deter them.

But the special operations community should broaden how it uses that investment and where it is applied, according to Hasken, who has extensive special operations and intelligence-community experience — including time as chief cryptologist for Special Operations Command — as well as several combat deployments.

“Why not send special operations out with commercial, off-the-shelf tools that can help us understand what the environment is out there?” Hasken said.

“If I look at the SOF community, there are commandos deployed in 70 countries or more on any given day. That’s access in gray spaces we want to get into,” Hasken said, noting that more access yields more insight and that “insight equals decision dominance.”

In addition to offensive operations, the U.S. special operations community is flexible and can use cyber to gain an advantage against adversaries in more traditional missions.

For example, Special Operations Command’s Army Special Forces, Civil Affairs, and Psychological Operations units can use cyber operations to better understand the local populations they work with and to influence their views of the U.S. Information gathered through cyber operations can also be used to improve U.S. training of foreign partner forces.

Conversely, Cyber Command is more interested in knowing where an adversary’s communications networks are and how to take them out. In the absence of a broader U.S. cyber strategy, such a capability is wasted, as it’s reserved for combat operations.

A Strategic Danger at Home

Air Force cyberattack cyber-defense cyber — A cyber-defense supervisor launches cyberattacks during an exercise at the U.S. Air Forces in Europe Regional Training Center at Ramstein Air Base in Germany, March 8, 2019. (Photo by Master Sgt. Renae Pittman/U.S. Air Force)

Great-power competition doesn’t necessarily mean war, and those gray spaces where it takes place can also emerge at home, ensnaring critical infrastructure, private companies, and the public.

The U.S. Cybersecurity and Infrastructure Security Agency identifies 16 sectors as critical infrastructure — including communications, emergency services, healthcare, and nuclear energy — because of their role in how the country works and in private citizens’ lives.

Government and industry need to move beyond discussions and develop defenses for those sectors, Hasken told Insider.

Failing to defend them will have “devastating impacts” on the global economy and on Americans’ trust in their government “to execute any meaningful consequence management,” Hasken added.

“SolarWinds, Colonial Pipeline, and even the JBS Meat Packing cyberattacks are going to appear as mere pinpricks compared to attacks in the future if we do not get this right,” Hasken said.

Woman uses gas pump during fuel shortage sparked by colonial pipeline attack — A woman fills her car at a gas station in Annapolis, Maryland, after the Colonial Pipeline shutdown, on May 12, 2021. (Photo by Jim Watson /AFP via Getty Images)

As people give more devices more access to their daily lives — whether through online banking or internet-enabled appliances — cybersecurity takes on more importance for ordinary citizens, and demand for private-sector cybersecurity services is growing.

Companies like SMU — which is led by former special operations and intelligence professionals who specialize in individual online privacy and cyb e rsecurity — are becoming the go-to choice.

“There’s no longer a need to wait for the NSA or FBI or DHS to put out a bulletin warning individual citizens of the risks of cybercrime,” an expert at the Signature Manageme nt Unit, one of those firms, told Insider.

The increasing potential for cyber operations by a nation-state or a criminal group to affect the public has raised the stakes for those families and businesses, according to the SMU expert, who has joint special operations and intelligence experience and spoke anonymously to discuss the firm’s projects.

“While we invest a lot in national cyber and the cybersecurity infrastructure protection, this is not a replacement for individual responsibility,” the SMU expert said.