US Cybercom Cyber Command

History

2023

US Cybercom conducted 22 cyber operations in 17 countries in a year

In 2023, US Cybercom deployed its digital resources to conduct 22 special cyber operations in 17 countries around the world. This is stated in a report published on April 10, 2024.

According to the head of the Cyber ​ ​ Command, Lieutenant General Timothy Haugh, operations were carried out for various purposes. Among them are named countering hackers, deterring enemy cyber operations and extracting important information. In which countries the operations were carried out is not specified.

Unsplash

According to Howe, who also heads the US National Security Agency, about 90 samples of malicious code were obtained during the operations, which were then transferred to the US cybersecurity community. The head of Cyber ​ ​ Command believes that such results will help increase the security of "billions of Internet users around the world," as well as will "disrupt the military and intelligence operations of authoritarian regimes."

In addition, in 2023, for the first time in the history of Cyber ​ ​ Command, operations were carried out simultaneously in all geographical areas of the commands of the US Department of Defense. In general, as noted, cyberspace operations are becoming an increasingly important component of the national security strategy. In 2024, the number of such missions is expected to increase, as the United States prepares for the possible interference of a number of foreign countries in the presidential election. Howe said Cyber ​ ​ Command is actively preparing to defend against hacker attacks during the upcoming vote. According to the head of the Cyber ​ ​ Command, these measures include intelligence. At the same time, Howe declared the observance of civil liberties and privacy.^[1]

Appointment of a new manager

On May 23, 2023, it became known that President Joe Biden had chosen a new head of the National Security Agency (NSA) and the US Cyber US Cybercom. It will be Air Force Lieutenant General Timothy Haugh. Read more here.

Setting Up Your Own Intelligence Center

In early March 2023, US Cybercom announced the creation of its own intelligence center, after the department relied on other sources of information collection for many years.

The project is designed to strengthen data collection and expand the understanding of the US Cyber ​ US Cybercom about the capabilities of foreign countries in the ever-expanding cyber sphere. The agency will be formed on the basis of the Department of Homeland Security. At the same time, experts from Defense believe that the security problem in cyberspace is really relevant for Washington, but its solution is only an excuse for developing the concept of offensive operations in this area. According to analysts, the new agency should "cover the rear" of American troops in the cyber wars unleashed by them.

Cyber ​ ​ intelligence center will be created on the basis of the Pentagon

Brigadier General Matteo Martemucci, Director of Intelligence at CYBERCOM, spoke about the promising Cyber ​ ​ Intelligence Center in November 2022. Martemucci told the United States Armed Forces International Communications and Electronics Association that an in-depth analysis of the assets revealed the need for a main center that will analyze cyber expertise and exploits abroad. It will complement a list of well-established centers and methods for collecting intelligence with products that are in demand but still unavailable in the U.S., Martemucci said.

We know everything about the T-72 tank, right down to every nut and bolt in it, for the army! But we don't have that for networks, for the capabilities of all sources... We have great partners in the National Security Agency and they put a lot of emphasis on signal intelligence. That's a huge part of what we're learning. But across the spectrum, the command of the combat forces really needs intelligence from all sources. Unfortunately, we found that there is simply no fundamental level of cybersecurity, "said Candace Frost, head of the Joint Center for Intelligence Operations at CYBERCOM.

It is noted that the US cyber intelligence center will be mainly staffed by employees of the US Department of Defense Intelligence, which is engaged in the production, analysis and distribution of military intelligence for combat and information missions.^[2]

2022

Pentagon creates new military organization to combat cyber attacks

On December 19, 2022, the US Department of Defense raised the status of one of the structures within the country's Cyber ​ ​ Command (CYBERCOM), the main tasks of which are centralized cyber operations and the protection of military computer networks. Read more here.

Allocation of tens of millions of dollars for "international operations"

On December 23, 2022, the President USA Joe Biden (Joe Biden) signed the country's defense budget for fiscal 2023: the document provides for a record amount of $858 billion. Some of the funds will be directed to events in cyberspace, including the organization of offensive campaigns.

It is reported that under the adopted program, the US Cybercom (CYBERCOM), located on the territory of the Fort Mead military base in Maryland, is given higher powers. In particular, the structure will receive an additional $44 million for the implementation of "international operations." The document says that if the president confirms "an active, systematic and continuous wave of attacks in cyberspace by a foreign power" against the US government or the country's critical infrastructure, then Cyber ​ ​ Command can conduct retaliatory offensive operations (with appropriate permission).

US Cybercom allocated a budget for "international operations"

The Act also directs the Secretary of Defense to annually inform Congress of the relationship between Cyber Command and the National Security Agency (NSA). The document provides for the creation of the post of Assistant Secretary for Cyber ​ ​ Policy at the Pentagon - the administration previously objected to this initiative. In general, the cyberspace security section "is intended for Congress to have information about cybersecurity and counterintelligence operations" when they relate directly to Congress itself.

The defense budget for fiscal 2023 involves the allocation of $317.3 billion for operation and maintenance, $138.6 billion for research and development, $30.5 billion for activities in the field of nuclear energy, $161.3 billion for military purchases, etc.^[3]

US Cybercom for the first time revealed the details of its work on the cyber defense of Ukraine

On November 28, 2022, the US Cybercom, located on the territory of the Fort Mead military base in Maryland, first revealed the details of a special operation to ensure the protection of Ukraine in cyberspace.

It is said that the program, agreed with the Ukrainian government, operated between December 2021 and March 2022 as part of a broader effort to increase the cyber resilience of critical national networks. In particular, cybersecurity specialists of the US Navy and the US Marine Corps identified suspicious activity in the IT infrastructure of Ukraine, and also helped to eliminate any potential threats. Ukrainian experts in the field of information security were involved in this cyber operation.

US Cybercom reveals details of work on cyber defense of Ukraine

It is reported that the American group, among other things, provided remote analytical and consulting support using innovative methods and advanced technologies. In addition, measures were organized to network protect critical Ukrainian networks. US cyber specialists worked closely with the Ukrainian side, helped analyze the attacks and shared the information received at the interdepartmental level.

It is said that the US Cybercom regularly conducts operations in the network space. In addition to countering attacks, during such events, information is collected about the tactics, methods, capabilities and tools of opponents in cyberspace. This, it is claimed, allows the United States, as well as its allies and partners, "to stop malicious cyber activity before it reaches friendly networks and causes harm." And although at present the US Cybercom group has ceased activities directly in Ukraine, it continues to support this country.^[4]

US Army recruits information security specialists

In May 2022, it became known about the decision of the US Army to focus on using the powers of the cybersecurity service of the country's armed forces to attract talented specialists in the field of information security. The defense sector faces a problem when specialists do not want to work for it, preferring a career in a private technology company.

Secretary Christine Wormouth told lawmakers on the House Appropriations Committee that the Army is exploring ways to use the powers Congress gave the Defense Department in 2016 to be more flexible in compensating and hiring talented cybersecurity professionals. Wormouth said the Army still faces competition in its search for cyber experts.

The US Army rushed to recruit information security specialists. Those do not want to work for defense

Шаблон:Quote 'One of our problems, frankly, is competing with the private sector,' she said. Everyone is looking for IT professionals, and in the private sector they are obviously well paid. Therefore, I want us to study this issue. Despite expanded hiring powers, Defense Department officials have failed to improve the recruitment and hiring of technicians. This is partly due to the lack of supporting infrastructure for the Cybersecurity Specialist Service. Others argue that additional flexibility is still not enough for the Pentagon to gain the talent it needs to compete, as the nature of defense activity becomes increasingly dependent on cyberspace.

According to Wormouth and General James McConville, Chief of Staff of the Ground Forces, the Army faces a shortage of personnel but is successful in identifying talent or training them in its ranks.

{{quote 'Among various organizations such as the Army Cybersecurity Center of Excellence at Fort Gordon in Georgia and the Army Software Factory in Texas, the service finds, frankly, cybersecurity and coding specialists throughout the army in places, where you did not expect, trains these people and gives us the opportunity to really have army soldiers on the tactical line, which can encode and develop applications for us, "Wormuth said. }} Шаблон:Quote 'The information sphere is incredibly important. Forces that can dominate the information space, I think, will have an advantage in future conflicts, so cybernetic space is very important here, "she said. {{quote 'And while the US has recently avoided major cyber attacks on its critical infrastructure, I think this can be expected in the future, "Wormouth said. So we think a lot about how we can fix vulnerabilities, whether at our suppliers or on our own networks, to make sure we're not vulnerable to cyber attacks^[5] }}

2021: US Cybercom places its specialists in Macedonia, Montenegro and Ukraine

US Cybercom has deployed its specialists in Macedonia, Montenegro and Ukraine. This became known on February 5, 2021.

Nikolai Murashov, deputy director of the National Coordination Center for Computer Incidents, spoke about the plans of American intelligence.

Under the pretext of protecting the elections by the infrastructures of allies for February 2021, American cyber units are unfolding around the world. According to official data from military departments, American cyber teams have deployed their specialists in Montenegro, Macedonia, Ukraine, Murashov said.

He noted that the United States recognizes that these units have the strength and means to carry out cyber attacks, they "will be used in practice against any IT infrastructure from which, in their opinion, threats emanate" ^[6]

2020: US Army sets up headquarters for Cyber Command

In early September 2020, it became known that Fortitude Hall, located at Fort Gordon near Augusta, Georgia, has become the headquarters of the US Army Cyber ​ ​ Command. Fort Gordon also sheltered the Army Signal Corps, Cyber Center of Excellence, and other programs focused on network security, allowing the command to collaborate with mission partners.

It is known that the US Army for many years planned to transfer its cyber specialists to the central headquarters.

We really consolidated all of our cyber forces in Georgia, "confirmed James McPherson, a civilian cybersecurity officer. - This is amazing news for all employees who support the cybersecurity of the Army.

US Army forms headquarters for Cyber ​ ​ Command

The Army created Cyber Command in 2010, and construction of Fortitude Hall began a few years later, in 2016. According to the army, the construction of a high-tech and highly secure facility was somewhat delayed due to the coronavirus pandemic. Overall, the Army plans to deploy 1,200 soldiers, civilians and contractors to Fortitude Hall, and some have already enlisted at Fortitude Hall. The headquarters is expected to be fully staffed until September 2021. The Army says moving the command headquarters to a single campus will allow service members and civilians to settle with families in the same location.

Having established its headquarters in southern Georgia, the command found itself in the state's "cybercoridor," where state and local officials invested heavily in cyber education and cybersecurity programs. Army commanders also plan to provide outreach at nearby schools and colleges to ensure an influx of future cyber specialists, both military and civilian.^[7]

2019: North Korea accused of cyber attacks on financial sector

On November 12, 2019, it became known that the US Department of Defense accused cybercriminals working for the North Korean government of cyber attacks on the financial sector, including the SWIFT network, in order to enrich themselves.

Cyber ​ ​ Command USA (CYBERCOM) has published VirusTotal seven samples harmful ON used in the current malicious cyber operation against. financial sector

These malware samples are used to generate money and malicious activity, including remote access, signaling and execution of malicious commands, reports. Cybercom

Cybercom does not specify who was the victims of the malicious campaign, or what its scale is.

For its part FBI , it also identified malware and connected it with North Korea. The bureau issued a notice describing compromise indicators (IOCs) coinciding with IOCs of past North Korean campaigns hackers and previously analyzed the South Korean INFORMATION SECURITY by Alyac.

The FBI notification provides information about Trojans for Remote Access (RAT), command line tools and web shells that allow you to remotely access victims' computers, download and upload files, and execute arbitrary code. Whether CYBERCOM and FBI notifications are related is still unknown.

According to Symantec specialist Vikram Thakur, the malicious samples downloaded by CYBERCOM are "custom-made, complex and well-written." Among the samples are backdoor builders, backdoor loaders, and the backdoors themselves.

Some RATs may include a microphone on the infected device and record audio. Backdoors allow you to steal accounts, data intercept keystrokes on the keyboard, view history, browser download additional malicious modules and control the reverse web shell to establish a connection between an infected computer server and attackers.

Some backdoors bear similarities to malware used by North Korean government hackers for years. For example, one of the samples is a variant of the CHEESETRAY backdoor, which was previously used by the North Koreans in attacks on the SWIFT network. A number of samples have similar features to the ROCKEYE backdoor, whose code was borrowed from ROGUEEYE, which was used by cybercriminals in cyberattacks in order to obtain financial gain^[8].

2018

Pentagon allows cyber warfare to attack first

In June 2018, it became known about giving the cyber command of the armed forces USA the right to carry out hacker attacks in order to prevent impending cyber attacks. The newspaper learned about this The New York Times (NYT) from the new strategy of the division.

According to the publication, the Pentagon has given Cyber ​ ​ Command the authority to carry out daily hacker raids on foreign networks to prevent cyber attacks. Until recently, the department adhered to a more defensive position, fighting against already deployed cyber attacks on American networks. At the same time, cyber attacks were quite rare in the United States, NYT points out.

Washington has expanded the powers of Cyber ​ ​ Command in the implementation of hacker attacks

The United States, in particular, resorted to attacking methods in the fight against the Islamic State terrorist organization (banned in Russia) and its recruiters. However, the results of such Cyber ​ ​ Command steps at best "were ambiguous."

It is noted that the United States came to a more aggressive strategy after more than 10 years of fighting terrorism, when the Pentagon realized that it was better to confront terrorists inside their space.

At the same time, the publication states that there was no official discussion in the White House regarding the change in the principles of the US military hackers.

A change in strategy, in which the US cyber military intends to force opponents to redirect their resources to defense and reduce the number of attacks, "may increase the risk of conflict with other states that sponsor groups of hacker attackers." Among the opponents in cyberspace, the United States includes China, the DPRK and Russia.

At the same time, it is not very clear how carefully the US administration weighed the risks in case the attack is carried out during a secret operation. Another problem is that often for preventive measures it will be necessary to use the networks of Washington's allied countries, the source reports.^[9]

New Authority and New Manager

In early May 2018, US Cybercom, part of the Pentagon, received a new chapter and new powers, which indicates the growing importance of digital wars with hackers. General Paul Nakasone took over the leadership of the unit.

At the same time, the unit cyber security Pentagon received the new status of an independent "command unit" and thus for the first time stood on the same board with nine other US combat units. This change indicates that "cyber attacks they are recognized as full-fledged hostilities," said Deputy Secretary of Defense Patrick Shanahan.

Paul Nakasone

Shanahan unveiled the newest integrated cyber center at Fort Meade's fortified military campus, which cost more than $500 million to prepare. The cyber center will begin work in August 2018, and its workers will be able to monitor and coordinate responses to various cyber threats.

Paul Nakasone also became director of the National Security Agency, which deals with electronic surveillance and protects state-level computer networks from hacking. Under the bilateral agreement, the director of the National Security Agency will also oversee a cybersecurity team that includes military units trained to both defend against and initiate cyberattacks.

The US Cybercom conducted operations against Islamist terrorists, but its leaders believe that they are not yet ready to engage in cyber war with major countries such as Russia or China. The reason, officials said, is that the United States, which relies heavily on computer and communications networks, is more vulnerable than its adversaries.^[10]

2017: US cyber warfare status upgraded

The administration of US President Donald Trump has raised the status of US Cyber ​ ​ Command in the military hierarchy. Prior to that, it was subordinate to the Strategic Command of the US Armed Forces, which also controls nuclear weapons, missile defense and space forces.

By decision of the Trump Kiberkomandovaniye, it was removed from the control of the Strategic Command and put in the departmental hierarchy at the same level as him and with eight more US combat commands. Thus, the number of combat commands was brought to ten. Six of them are regional - they plan and conduct military operations in different regions of the world. Four more are functional, that is, they differ in their type of activity - these are the Strategic and Transport Commands, as well as the Cyber ​ ​ Command and the Special Operations Command.

In an official statement, Trump stressed that the new status of Cyber ​ ​ Command should strengthen US operational activities in cyberspace and benefit national security. In particular, it will now be easier to manage cyber operations in which the time factor is important. In addition, critical cyber operations will receive adequate funding. The decision to separate cyber warfare into a separate combat command was "long-awaited," Trump notes The Verge^[11].

2016: When the US will initiate offensive cyber operations

The RAND Strategic Research Center ("Research and Development"), which has a long-standing "analytical" communication with the intelligence community USA , released in early 2016 a report^[12] promising "non-military" strategies for forcing competitors and opponents USA^[13]

The main strategies of coercion are three:

• Financial and economic sanctions
• Support for opposition acting in a "non-violent" way
• Offensive cyber operations.

The report deals in great detail with offensive cyber operations.

Several abstracts from the RAND Corporation's new "Enforcement Strategy" are:

is becoming harder, more expensive and riskier for the United States to use military force to confront the many international security threats that will emerge in the coming years. Despite the fact that in some cases there can be no alternative to military force, US policy needs more non-military options, from which non-military methods of coercion, deterrence, weakening and punishment of those countries that threaten the peace, security and interests of the United States can be chosen. "

"The globalization of trade, investment, finance, information and energy give the United States promising enforcement options, especially with regard to adversaries who depend on access to such markets and systems.

Ending access to global interbank systems can lead to serious damage [to adversaries] and painful economic consequences.

Key countries with leading banks should participate in financial sanctions.

Supporting democratic opposition can be very dangerous [for hostile regimes] and be a very effective way to get things done.

Social media and global media help internal processes [in hostile countries] and their external supporters.

Offensive cyber operations are also a high-impact option, but also a high-risk option.

A skillful and purposeful combination of these methods can disrupt the functioning and confidence of states and markets, and thus have a high coercive value [for hostile regimes].

Given its vulnerabilities, the United States of America may need to raise its own sensitivity thresholds in the event of a cyber war.

In addition to these tools P2C the United States could develop the ability to use energy supplies as a coercive force.

Russia, Iran and other less resilient states than China are more attractive targets for coercion.

The United States must hone its ability to control financial assets and flows, and isolate recalcitrant states and banks that engage in economic relations with hostile countries.

The US Department of State and the intelligence community must improve their methods to support non-violent democratic opposition forces in hostile and repressive states and assess the risks and benefits of using these methods.

More generally, the US government should prepare for the use of P2C (Power to Coerce) in the same format as for warfare, including in terms of analyzing options, assessing needs and opportunities... and plan for joint action with allies.

While the United States has the means to destroy enemy forces before they can destroy U.S. forces, such operations could require deep and extensive attacks on enemy territory, posing a significant risk of escalation in at least the case of China and Russia.

The following state governance tools may be used for coercion:

• economic sanctions,
• punitive political measures,
• cyber operations,
• covert intelligence operations,
• military assistance,
• propaganda,
• restriction or manipulation of trade,
• prohibition of movement of goods and movement of people,
• support for political opposition

These tools have in common potential the task of changing policy, breaking the will or weakening [the opponent's] ability to hold on to power.

Globalization increases opportunities for coercion, as most countries, including China, Russia and Iran, increasingly depend on world markets, resources, and information.

The global economy, financial networks, distribution systems, infrastructure, information domains, hydrocarbon markets, transportation, travel, consumer demand, ideas, institutions as well as other functions offer leverage options against all even "hermetic" states such as North Korea.

The United States either owns or controls the share of leadership in most important institutions, including those that regulate the global economy.

China, Russia, and Iran are increasingly relying on the global interbank network, increasingly dependent on cyberspace, with domestic opposition, including social media and global media, playing an increasingly important role in these countries.

Therefore, in all three directions, the United States, due to its central role, can subject these countries to coercion.

The forms and uses of American coercive power are more effective than any of the adversaries for four reasons:

• because of its central position in global peace systems, the United States is superior in isolating countries and causing damage.
• The United States today has the best intelligence capabilities.
• The United States has an unmatched political capacity to secure international support from other countries, non-governmental and international organizations that could be critical to the success of the P2C.
• the US economy is balanced and sustainable (unlike Russia and Iran, which are largely dependent on fossil fuel production, and China, which is largely dependent on manufacturing exports).... "

2015: Approval of an offensive cyber war strategy

US authorities will carry out cyber attacks on military computing networks and the military infrastructure of their opponents in regions where the United States has its own interests. The decision on the use of cyber attacks will be made by the President of the United States and the Secretary of Defense. For example, they can instruct to disable the enemy's command and control networks and deprive the enemy of the ability to use weapons, the New York Times reported in the spring of 2015, citing a 33-page document describing the new US cyberspace strategy.

The US Cyber ​ ​ Command, created in 2010, will be responsible for cyber operations. According to the initial plan for the formation of the structure, by 2016, US Cybercom should employ about 6.2 thousand people. In 2015, the staff was half staffed, and about a thousand employees were hired in 2014. US Cybercom is the structure of the US Department of Defense.

The last time the US cyber security strategy was updated in 2011, it was previously exclusively defensive.

The new strategy was announced by US Secretary of Defense Ashton Carter during a speech at Stanford University.

Carter named the four that pose the greatest states threat to the United States in cyberspace - these are, and China Russia Iran North Korea. Carter claimed that the Department of Defense was a victim of Russian hackers, just like the White House and the State Department.

2006-2010

The first US attempt to create a cyber command dates back to November 2006. It was a temporary structure under the US Air Force. In its current form, Cyber ​ ​ Command began to form in June 2009, and started working in May 2010. This is the first military formation in the United States related to cybersecurity - before that, such units existed only in special services.

The army reacted quite violently to the emergence of cyber command. Part of the military believed that cybersecurity issues should not be related to the armed forces at all. Another part proposed to allocate cybersecurity forces to a separate branch of the military - along with the naval and air fleet and the ground army. Following the example of the United States, China, South Korea, Russia and other countries took up the creation of cyber warfare.

Notes