Why the Pentagon's declaration of 'cyberwar' is a mixed bag

At the end of February it was reported that the Pentagon had officially started an “aggressive cyberwar against IS”. Since then this story has gradually filtered through various different news outlets, and while it seems like an inevitable next step, it also feels like it could be a mixed blessing.

In fact, when Anonymous announced its plan to wage war on ISIS following the Paris attacks last year, opinion from the security industry was divided. Now this is an entirely different beast, but it does present a departure from the US government’s official stance and could potentially open the floodgates for more sophisticated forms of cyber warfare.

I spoke to a number of different security experts to see what they thought, and generally individuals were not sure if this move was good or bad. Carl Herberger, Vice President of Security Solutions at Radware, who was extremely negative about Anonymous’ equivalent pledge, lists the pros and cons as follows.

On the negative side, he says, this makes us realise just what a huge threat cyberwar is and how many of the luxuries that underpin our everyday lives are based on automation. Perhaps more significantly, he adds, if the US government is training legions of people in military grade cyberwarfare those skills will clearly trickle down into the general population. 

On the positive side, this move means there is no smoke and mirrors any more. The announcement demonstrates that this is a real and transparent threat and shows that the Pentagon is doing its best to provide protection. Herberger does agree however, that there is an element of covering its own backside. These threats are pretty serious, becoming more common, and it must be seen to be doing something.

It is “forecastable” that the military has gone from “over-defensive” to “over-offensive”, he suggests and now everyone has to react to this. “Nation states can’t put their heads in the ground anymore”.

Leo Taddeo, Chief Security Officer at Cryptzone agrees: “It’s hard to say whether using cyber warfare against ISIS will help more than hurt.” This move means the US military can now openly use cyber weapons to impede and even destroy the IT infrastructure ISIS uses to generate revenue, recruit, spread propaganda, and coordinate operations. However, “the question is how will the US contain the cyber tools and techniques it unleashes?”

“More importantly,” he argues “the US will likely lose its ability to argue that other nations should refrain from similar activity.”

“This further extends the boundaries of acceptable offensive actions in the cyber domain. While it may seem low-cost and low-risk, the boomerang effect has yet to be felt,” he adds.

Dan Holden, Director of ASERT at Arbor Networks suggests “while Anonymous’ threats and actions are cute, when America is bringing its forces to bear, the actions will be perhaps less visible but far more impactful.

“Cyber capability on all sides now isn’t surprising, it’s the de facto standard whether that be America and its allies, North Korea, or ISIS and other terrorist organizations. All have invested and will use cyber as a way to communicate, recruit, spy, or potentially disrupt where applicable.”

This point is seconded by Udi Mokady, President and CEO of CyberArk who says: “It is another type of weaponry.”

“Many players—both nation states and non-state actors are using cyber for offensive,” says Malcolm Harkins, Global Chief Information Security Officer at Cylance. “The difference is that some nation-states are using it against the private sector, whereas the US is not.”



Further reading:

Anonymous vs. ISIS: What does it really mean?

Why we can’t stick our heads in the sand about cyber terrorism

Paris attack: Will it take ‘cyber 911’ for people to see the risk?

Nov 5th analysis: What it would take to hack the White House


« Facebook's news censorship: Manipulative algorithms are nothing new


News Roundup: The "real" Satoshi, phone cancer, and Elon worship »


Do you think your smartphone is making you a workaholic?