The United States’ cyber capabilities have had their share of news coverage recently, but even before the recently leaked story on U.S. cyber operations against the Islamic State (ISIS), it was no secret that cyber tools have been engaged in the fight. President Obama announced in April 2016 that “Our cyber operations are disrupting [ISIS’s] command-and-control and communications.” But beyond a handful of other officials who have hinted or spoken in general terms, there has been very little specificity about what precisely those cyber operations might be. That opens the door to an important question: based on the information available in the public sphere, what would cyber operations against ISIS look like?
Online Information Operations
Without getting into the muddy waters of trying to define “cyber,” “cyber weapon,” or “cyber incidents” it is fairly safe to say that in the United States, information operations and counter-messaging are different from what most experts consider “cybersecurity,” but they are still a key part of the US strategy to counter ISIS online. It is clear that ISIS is engaged in an online information warfare campaign to recruit fighters and raise its profile, while the U.S. is working to “counter the messaging and diminish the influence of international terrorist organizations.” The Global Engagement Center, an interagency body housed within the State Department, coordinates with “credible voices to deliver messages that resonate with at-risk populations” to try to undermine the message and recruiting capacity of extremist groups like ISIS. Additionally, other actors (including Twitter itself) are working hard to limit ISIS’s ability to use social media as a recruiting platform. While not precisely “cyber,” internet-enabled capabilities are clearly at play in the information space.
The United States is certainly engaged in cyber efforts to defend domestic networks from ISIS’s army of hackers. Admiral Mike Rogers, head of Cyber Command, warned last year that ISIS may target critical infrastructure systems (which would not be without precedent in the international arena). But, while there is growing coordination among ISIS’s hacking groups, industry analysts have concluded that “these hacking groups still operate unofficially and remain poorly organized and are likely underfunded.” A strong defense is always important, but particularly given ISIS’s limited cyber capacity, offensive tools are available as well.
Offensive Cyber Operations
To better understand the array of cyber options available against ISIS, observers can turn to a small handful of somewhat more informative comments from government officials. As early as last year, then-Secretary of Defense Ash Carter mentioned tools to “to cause them to lose confidence in their networks, to overload their network so that they can’t function.” This sounds like what is typically known as a denial of service (DoS) attack, which may appear to be a bit of an anemic strike; typically, this just brings down a website or server temporarily. However, on the ground, the consequences of website outages can be very real. In addition to inhibiting communication between members of the organization, this could also bring down media platforms critical to recruiting.
Recent disclosures suggest that the NSA may have more precise mechanisms for taking down websites. According to recent reports, Operation Global Symphony allowed the Pentagon to deny ISIS access to its own propaganda outlets and delete content that could be used for recruiting. Researchers indicate that “the ISIS brand is contracting,” and with it, “ISIS’ international recruitment rate has collapsed.” Branding matters, and it is not difficult to imagine how U.S. offensive cyber tools may have helped break down ISIS’s capacity for propaganda.
There is a fine line between espionage and cyber attack, but whether or not it is considered offensive cybersecurity, odds are good that the United States is using hacking tools to spy on ISIS’s activities. Information recently leaked provides a lot of room for speculation about what these activities might look like: monitoring money transfers, gaining remote access to individual computers or mobile devices, or secretly accessing the microphone on a smart television. Such intelligence could provide a great deal of decision advantage to those involved in operations to counter ISIS.
What Does This All Mean?
With these (and all) leaked stories of cybersecurity tools and capabilities, it is important to keep in mind that knowledge of them comes from sources like Wikileaks and Shadow Brokers. The public does not have official confirmation that the U.S. government is using these tools or that they are used to collect on ISIS specifically. Given that important caveat, decision makers inside and outside of government should nonetheless take note of the range of operations available to combat ISIS. Unpacking and analyzing different types of activities gives greater insight into the potential effects, outcomes, and consequences of each.