The United States' Cyber Warfare History
Total Page:16
File Type:pdf, Size:1020Kb
The United States’ Cyber Warfare History: Implications on Modern Cyber Operational Structures and Policymaking Omry Haizler This article will touch upon two main components of the United States’ cybersphere and cyber warfare. First, it will review three cyber incidents during different time periods, as the US infrastructure, mechanisms, and policies were gradually evolving. It will analyze the conceptual, operational, and legislative evolution that led to the current decision-maKing paradigm and institutional structure of the US cybersphere. Secondly, the paper will examine the procedures and policies of the Intelligence Community (IC), and the US cyber operational structure. It will review the missions and bacKground of the IC and its responsibilities before, during, and after a cyberattacK, and will touch upon the IC’s organizational architecture. The paper will also briefly review the current cyber threats in the United States and will elaborate on some of the fundamental strategies and policies that it uses to provide a suitable response. Lastly, it analyzes the cybersphere’s macro-level, addressing the data coordination of the IC’s agencies, as well as the federal, state, and private sector institutions during a cyber crisis. Keywords: Moonlight Maze, Morris Worm, Stuxnet, cyberattacks, United States intelligence community, cyber crisis, cyber threats, internet governance, cyber policy, cyber strategy Omry Haizler is a former IDF Officer and a Prime Minister’s Office operative. He holds an MPA from Columbia University’s School of International and Public Affairs (SIPA). He currently teaches at Columbia’s School of Continuing Education. Cyber, Intelligence, and Security | Volume 1 | No. 1 | January 2017 31 OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY 32 History of Cyber Warfare 7KHUHDUHWKUHHKLVWRULFDOVWDJHVRIWKHHYROXWLRQRIF\EHUZDUIDUH WKH UHDOL]DWLRQSKDVHGXULQJWKHHDUO\HUDRIWKHLQWHUQHW WKHWDNHRIISKDVH GXULQJWKHLQWHULPSHULRGRISUHDQGSRVWLQZKLFKDWWDFNVZHUHVWLOO PDLQO\RIDQLQIRUPDWLRQJDWKHULQJQDWXUHDQG WKHPRGHUQPLOLWDUL]DWLRQ SKDVHGXULQJZKLFKF\EHUZDUIDUHPD\FDXVHVLPLODUGDPDJHWR86VWUDWHJLF FDSDELOLWLHVDQGFULWLFDOLQIUDVWUXFWXUHDVDNLQHWLFDWWDFNRQDFRORVVDOOHYHO )LJXUHEHORZGHVFULEHVWKHVHVWDJHV 1 | Volume 1 | No. 1 | January 2017 2017 January | 1 No. | 1 Volume | Stages 5HDOL]DWLRQ 7DNHRII 0LOLWDUL]DWLRQ 7LPHIUDPH ± ±SUHVHQW Attackers have Attackers have Attackers have '\QDPLFV advantage over advantage over advantage over GHIHQGHUV GHIHQGHUV GHIHQGHUV 8QLWHG6WDWHV5XVVLD 8QLWHG6WDWHVDQG :KR+DV 8QLWHG6WDWHVDQGIHZ &KLQDDQGPDQ\PRUH 5XVVLDZLWKPDQ\ &DSDELOLWLHV" other superpowers DFWRUVZLWKVXEVWDQWLDO VPDOODFWRUV FDSDELOLWLHV Cyber, Intelligence, and Security Security and Intelligence, Cyber, 1HR+DFNWLYLVWV espionage agents, +DFNWLYLVWVSDWULRW PDOZDUHQDWLRQDO Adversaries +DFNHUV hackers, viruses, PLOLWDULHVVSLHV DQGZRUPV DQGWKHLUSUR[LHV hacktivists (OLJLEOH5HFHLYHU &XFNRRV(JJ Titan Rain, 6RODU6XQULVH 0RUULV:RUP (VWRQLD 0DMRU 0RRQOLJKW0D]H 'XWFK+DFNHUV *HRUJLD ,QFLGHQWV $OOLHG)RUFH 5RPH/DEV %XFNVKRW<DQNHH &KLQHVH3DWULRW &LWLEDQN 6WX[QHW +DFNHUV ,QIRUPDWLRQZDUIDUH ,QIRUPDWLRQ &\EHUZDUIDUH 86'RFWULQH operations Figure 1: Phases of Cyber Con!ict History Attacks as Catalyzers for Institutional Evolution (DFKRIWKHDERYHSHULRGVFKDUDFWHUL]HVDIXQGDPHQWDOO\GLIIHUHQWGRFWULQH ERWKZLWKUHVSHFWWRWHFKQRORJLFDOSURJUHVVLRQDQGW\SHRIWKUHDWVDQGWR WKHDGPLQLVWUDWLRQ¶VF\EHUSROLFLHVDWHDFKJLYHQWLPH&HUWDLQSDVWDWWDFNV HPERGLHGIXWXUHF\EHUFKDOOHQJHVVHUYLQJDVZDUQLQJVLJQVWRLQVWLWXWLRQV¶ YXOQHUDELOLWLHVDQGODFNRIVHFXULW\$VVRFLHW\¶VGHSHQGHQF\RQWHFKQRORJ\ OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY 33 LQFUHDVHGWKHSRVVLEOHUDPL¿FDWLRQVRILQHI¿FLHQWVHFXULW\LQDVSHFL¿F EUHDFKDOVRLQFUHDVHG 1. Realization—the Morris Worm 7KLVF\EHULQFLGHQWDFWHGDVWKH¿UVWZDNHXSFDOOWRWKH$PHULFDQ,QWHOOLJHQFH &RPPXQLW\ ,& SROLF\PDNHUVDQGDFDGHPLFV:KLOHLWZDVQRWWKH¿UVW F\EHUDWWDFNRQ86FRPSXWHUV\VWHPV²WKH&XFNRR¶V(JJKDFNLQYROYLQJ WKH6RYLHW.*%ZDVWKH¿UVWVLJQL¿FDQWF\EHUHVSLRQDJHDWWDFN²LWLVZLGHO\ FRQVLGHUHGWKH¿UVWODUJHVFDOHDWWDFNERWKLQWHUPVRIWKHTXLFNSKDVHRI 2017 January | 1 No. | 1 Volume | HYHQWVLWVVFDOHDQGLWVLPSOLFDWLRQV/DXQFKHGDVDSUDQNIURPDODEDW&RUQHOO 8QLYHUVLW\WKH0RUULV:RUPZDVGHVLJQHGWRLQIHFWDVPDQ\PDFKLQHVDV SRVVLEOHZLWKRXWEHLQJGHWHFWHGWKHZRUPFUDVKHGFRPSXWHUV²URXJKO\ SHUFHQWRIWKHLQWHUQHWLQ 27KH86*RYHUQPHQW$FFRXQWDELOLW\ 2I¿FHDVVHVVHGWKHGDPDJHDW±LOOXVWUDWLQJWKHGLI¿FXOW\ RIDVVHVVLQJF\EHUDWWDFNGDPDJHDSUREOHPSUHYDOHQWHYHQWRGD\ 3 Despite WKHVHYHUHUDPL¿FDWLRQVWKHLQFLGHQWSURYLGHGDQLPSRUWDQWZDUQLQJWRWKH Cyber, Intelligence, and Security Security and Intelligence, Cyber, ,&KLJKOLJKWLQJWKHSRWHQWLDOGDQJHUVRIKLJKO\FRQQHFWHGFRPSXWHUQHWZRUNV DQGWKHQHHGIRULQVWLWXWLRQDOL]HGGHIHQVLEOHFDSDELOLWLHVDQGVWUXFWXUHVLQ WKHF\EHUVSKHUH 7KH0RUULV:RUPDFWHGDVDFDWDO\]HUIRUWKH¿UVWVWHSVWRZDUGVDPRUH UHJXODWHGF\EHUVSDFHDQGOHGWRGUDPDWLFFKDQJHVERWKFRQFHSWXDOO\DQG RSHUDWLRQDOO\ Paradigm Shift $WWKHWLPHRIWKHLQFLGHQWWKHLQWHUQHWZDVWDNLQJLWV ¿UVWVXEVWDQWLDOVWHSVDQGZDVFRQVLGHUHGD³IULHQGO\SODFH´ZKHUHHYHU\RQH NQRZVHYHU\RQH7KH0RUULV:RUPPDGHLWFOHDUWKDWVRPHSHRSOHLQ F\EHUVSDFHGLGQRWKDYHWKHEHVWLQWHUHVWVLQPLQGWKHLQFLGHQWZDVWKH¿UVW WLPHZKHUHF\EHULQQRYDWLRQVKLIWHGIURPIRFXVLQJVROHO\RQLQWHUFRQQHFWLYLW\ WRVHFXULW\FRQFHUQV Operations (VWDEOLVKHGDIWHUWKH0RUULV:RUPLQFLGHQWE\WKH'HIHQVH $GYDQFHG5HVHDUFK3URMHFWV$JHQF\ '$53$ DW&DUQHJLH0HOORQ8QLYHUVLW\ WKH&RPSXWHU(PHUJHQF\5HVSRQVH7HDP &(57 GHPRQVWUDWHGWKHVKLIW IURPDGKRFVROXWLRQVWRSURIHVVLRQDOWHDPVZKLFKZHUHWUDLQHGDQGHTXLSSHG WRFRRUGLQDWHHYHQWVDQGSURYLGHDVVHVVPHQWVDQGVROXWLRQVWRDJLYHQ F\EHUDWWDFN 4 Regulations $ORQJZLWKWKHFRQFHSWXDOVKLIWLQF\EHUVHFXULW\&RQJUHVV SDVVHGVHYHUDOODZVLQWKH\HDUVIROORZLQJWKH0RUULV:RUPLQFLGHQWLQFOXGLQJ OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY 34 WKH(OHFWURQLF&RPPXQLFDWLRQV3ULYDF\$FWRIDQGWKH&RPSXWHU 6HFXULW\$FWRIWRHQVXUHSULYDF\LQF\EHUGRPDLQVWKURXJKOHJDO SURWHFWLRQV 5$GGLWLRQDOO\5REHUW7DSSDQ0RUULVZKRFUHDWHGWKH0RUULV :RUPZDVWKH¿UVWSHUVRQWREHFRQYLFWHGXQGHUWKHQHZ&RPSXWHU)UDXG DQG$EXVH$FWRI 2. Takeo!—The Moonlight Maze ,Q86RI¿FLDOVDFFLGHQWDOO\GLVFRYHUHGDSDWWHUQRIVXVWDLQHGSURELQJ | Volume 1 | No. 1 | January 2017 2017 January | 1 No. | 1 Volume | RIWKH3HQWDJRQ¶VFRPSXWHUV\VWHPVSULYDWHXQLYHUVLWLHV1$6$(QHUJ\ 'HSDUWPHQWDQGUHVHDUFKODEV6RRQWKH\OHDUQHGWKDWWKHSURELQJKDG RFFXUUHGFRQWLQXDOO\IRUQHDUO\WZR\HDUV7KRXVDQGVRIXQFODVVL¿HG\HW VHQVLWLYHGRFXPHQWVUHODWLQJWRWHFKQRORJLHVZLWKPLOLWDU\DSSOLFDWLRQVKDG EHHQH[DPLQHGRUVWROHQLQFOXGLQJPDSVRIPLOLWDU\LQVWDOODWLRQVWURRS FRQ¿JXUDWLRQVDQGPLOLWDU\KDUGZDUHGHVLJQV 7$OWKRXJKWKH'HIHQVH 'HSDUWPHQWWUDFHGWKHWUDLOEDFNWRDPDLQIUDPHFRPSXWHULQWKHIRUPHU 6RYLHW8QLRQWKHVSRQVRURIWKHDWWDFNVUHPDLQVXQNQRZQ5XVVLDGHQLHG Cyber, Intelligence, and Security Security and Intelligence, Cyber, DQ\LQYROYHPHQWDQGWKHVXVSLFLRQVKDYHQHYHUEHHQFRQFOXVLYHO\SURYHQ 0RRQOLJKW0D]HLVZLGHO\FRQVLGHUHGWKH¿UVWODUJHVFDOHF\EHUHVSLRQDJH DWWDFNE\DZHOOIXQGHGDQGZHOORUJDQL]HGVWDWHDFWRU7KHDWWDFNZDVZHOO SODQQHGDVWKHDWWDFNHUVOHIW³EDFNGRRUV´WRHQDEOHKDFNHUVWRSHQHWUDWH WKHV\VWHPDWGLIIHUHQWWLPHVOHIWIHZWUDFHVDQGFRQWLQXHGIRUDORQJWLPH ZLWKRXWGHWHFWLRQ 90RRQOLJKW0D]HKLJKOLJKWHGWKHLQFUHDVLQJUROHRI VWDWHDXWKRULWLHVLQJHQHUDWLQJVSRQVRULQJRUDWOHDVWSDVVLYHO\WROHUDWLQJ VRSKLVWLFDWHGDQGIDUUHDFKLQJHVSLRQDJHLQFLGHQWV0RUHRYHULWVWUHVVHG WKHYXOQHUDELOLWLHVRIWKHLQIRVSKHUHLQZKLFKDGYHUVDULHVFRXOGQRWRQO\ FDXVHGLVUXSWLRQRIVHUYLFHEXWDOVRFRXOGH[SORLWVHQVLWLYHLQIRUPDWLRQ ,WHPSKDVL]HGWKHFUXFLDOQHHGIRU¿UHZDOOVDQGHQFU\SWLRQVDQGDERYH DOOWKHGLI¿FXOWLHVRILGHQWLI\LQJDQGDWWULEXWLQJDQDWWDFNWRDVSHFL¿F DGYHUVDU\0RRQOLJKW0D]HZDVDQLPSRUWDQWSURJUHVVLRQLQF\EHUZDUIDUH DQGF\EHUVHFXULW\GXHWRLWVLPSOLFDWLRQVRQIXWXUHFRQÀLFWV 10 ,WSRLQWHG RXWWKHIXWXUHVKLIWLQWKHPRGHUQEDWWOH¿HOGIURPDNLQHWLFZDU²LQZKLFK HQHPLHVKDYHQDPHVDQGSK\VLFDOORFDWLRQVDQGLQZKLFKDWWDFNVFDQEH ZLWQHVVHGDQGDVVHVVHG²LQWRDQDV\PPHWULFDOZDUIDUHZLWKRIIHQVLYHF\EHU RSHUDWLRQVZKHUHDWWDFNVPLJKWEHLQYLVLEOHDGYHUVDULHVDUHXQNQRZQDQG GDPDJHLVKDUGWRTXDQWLI\7KHLQFLGHQWOHGWRGUDPDWLFVKLIWVLQWKH86 DGPLQLVWUDWLRQ¶VDSSURDFKWRF\EHUVHFXULW\ OMRY HAIZLER | THE UNITED STATES’ CYBER WARFARE HISTORY 35 Paradigm Shift: 7KHDZDUHQHVVRIWHUURULVWWKUHDWVDQGVXSSRUWRI FRXQWHUWHUURULVPLQLWLDWLYHVSRVWDPRQJSROLF\PDNHUVZHUHOLPLWHG 7KH0RRQOLJKW0D]HLQFLGHQWFDXVHGDUHWKLQNLQJRIWKH86F\EHUGHIHQVH VWUDWHJ\F\EHUZDUIDUHDWWULEXWLRQF\EHUGHWHUUHQFHDQGWKHFXUUHQWGHIHQVH RIVHQVLWLYHQRQHQFU\SWHGQHWZRUNVVXFKDV1,3(5QHW 1RQ6HFXUH,QWHUQHW 3URWRFRO5RXWHU1HWZRUNWKH3HQWDJRQ¶VQRQFODVVL¿HGQHWZRUN )RUWKH ¿UVWWLPHSROLWLFDODQGFRQVWLWXWLRQDOTXHVWLRQVZHUHUDLVHGDERXWVHFXULW\ SULYDF\DQGQRWLRQVRIDFWLYHPRQLWRULQJDQGSRVVLEOHH[SRVXUHWRWUDQVQDWLRQDO WKUHDWV 11 0RRQOLJKW0D]HFDXVHGWKH86DJHQFLHVDQGJRYHUQPHQWWRUHDOL]H 2017 January | 1 No. | 1 Volume | WKDWFOHDUSROLFLHVDQGVWUDWHJLHVZHUHQHHGHGIRUDV\PPHWULFZDUIDUHWKH ¿HOGRIIXWXUHLQWHOOLJHQFHJDWKHULQJDQGHVSLRQDJHDQGWKHWHFKQRORJLFDO LPSOLFDWLRQVWKH\HQWDLO Legislative Acts 7KH3UHVLGHQWLDO'HFLVLRQ'LUHFWLYH 3'' UHJDUGLQJFULWLFDOLQIUDVWUXFWXUHSURWHFWLRQZDVLQSDUWWKHUHVXOWRI0RRQOLJKW 0D]H7KLVZDVDVHPLQDOSROLF\GRFXPHQWVHWWLQJIRUWKUROHVUHVSRQVLELOLWLHV DQGREMHFWLYHVIRUSURWHFWLQJWKHQDWLRQ¶VXWLOLW\WUDQVSRUWDWLRQ¿QDQFLDODQG Security and Intelligence, Cyber, RWKHUHVVHQWLDOLQIUDVWUXFWXUH 12 7KH3''OHGWRWZRVLJQL¿FDQWVWUDWHJLF LPSOLFDWLRQV2QHZDVWKHFUHDWLRQRIWKH1DWLRQDO,QFLGHQW3URWHFWLRQ&HQWHU 1,3& DQLQWHUDJHQF\ERG\ZLWKWKHSRZHUWRVDIHJXDUGWKHQDWLRQ¶VFLYLOLDQ DQGJRYHUQPHQWDOFULWLFDOLQIUDVWUXFWXUHIURPFRPSXWHUEDVHGDWWDFNV 13 The VHFRQGZDVWKHFUHDWLRQRIWKH-RLQW7DVN)RUFH&RPSXWHU1HWZRUN'HIHQVH -7)&1' DERG\HQWUXVWHGZLWKWDNLQJWKHOHDGLQFRRUGLQDWLQJDUHVSRQVH WRQDWLRQDOF\EHUDWWDFNVDQGFHQWUDOL]LQJWKHGHIHQVHRIPLOLWDU\QHWZRUNV 14 Operational /HGE\WKH'HSDUWPHQWRI'HIHQVH 'R' LQFLGHQWUHVSRQVH PHFKDQLVPVZHUHEXLOWDQGUHSRUWLQJLQVWLWXWLRQVZHUHHVWDEOLVKHG0LOLWDU\