IN-DEPTH / IN-DEPTH
Attacking Empire: What will rampant US cyber army bring to the world?
Published: Jun 08, 2023 07:33 PM
Photo:VCG

Photo: VCG

Editor's Note:


It has been a decade since the PRISM scandal which enraged the world was exposed by Edward Snowden. Under the guise of so-called national interests, the US government and its related intelligence agencies utilize their technological and first-mover advantages to conduct cyber surveillance and attacks around the world. 

Relying on its hegemony in cyberspace, the US has used cyber capabilities as one of its tools in hybrid warfare. Just like other tools such as economic sanctions, terrorist activities, and military intervention, the US has used cyberwar to interfere in other countries' internal affairs and achieve its own political goals. To maintain its hegemony, the US has conducted "digital colonization" over other countries and committed various convert crimes, making itself a "surveillance empire," an "attacking empire," and a "bullying empire."

In the fourth installment of the series, we invited Tang Lan, director of the Center for Cyberspace Security and Governance Studies at the China Institutes of Contemporary International Relations, to reveal the crime of the US in turning cyberspace into the fifth battlefield, and how the US' militarization on the internet has led to the escalation of the global arms race in cyberspace, intensifying the confrontation between countries.

From the Persian Gulf War in 1991, the US has predicted that information technology would lead to a new revolution in military affairs, in which armed forces with advantages in information and cyber space could manipulate and even change the rules of war. Since then, the US has lifted the curtain of the militarization of cyberspace, with the continuing expansion of cyber force, upgrade of cyber weapons and more frequent and complex cyber operations. The belligerence of the US in cyberspace has led to the escalation of the global arms race in cyberspace, intensified confrontation between countries, and is jeopardizing the peace and stability of the global cyber world, adding more uncertainties to the world.

Future war on fifth battlefield 

Shortly after the Persian Gulf War, the US Air Force established an Information Operations Center (AFIOC) in 1993, and later recruited its first group of officers in 1995, who graduated from the US' National Defense University and received training in cyber operation command. 

Since then, its military personnel and military experts began to plan for the transformation of the army, and started active combat readiness for the fifth battlefield in aspects including theoretical innovation, strategies, operational roadmap, force structure, and weapon research and development.

Paul Nakasone, the head of US Cyber Command, has repeatedly stressed that strategic competition among major powers will fundamentally change the nature of war, and conflicts between major powers will firstly occur in cyberspace, and that the US military must improve its combat readiness and enhance its decisive advantage.

At around 2002, the US Air Force set up its cyber command. In 2008, under the persuasion of the US Air Force, which had been preaching that "if you can't control cyberspace, you can't control other areas of operations," other arms and the Pentagon reached a basic consensus on the formation of a joint cyber command. 

In 2009, the US Cyber Command was established as a Sub-Unified command under US Strategic Command on June 23 at the National Security Agency (NSA) headquarters, with the Director of the NSA as its commander.

All military services have also since set up corresponding cyber units, such as the 24th Air Force, the 10th Fleet, and the 9th Army Signal Command of the Army, which accept the unified command of the Cyber Command.

In late 2012, the US Department of Defense (DoD) proposed the establishment of a Cyber Mission Force (CMF), which would eventually be made up of 133 teams and built to 6,187 people when completed.

In May 2018, the US Cyber Command was officially elevated to the 10th unified combatant command.

In December 2022, the CMF was also officially elevated to a Sub-Unified command under the US Cyber Command, becoming a permanent military organization with 39 joint cyber teams, more than 2,000 active duty military personnel, and civilian personnel from the NSA and the Defense Intelligence Agency (DIA).

The establishment of the Cyber Command marks that the US has a command system and cyber force for cyberspace operations. In 2011, 2015, and 2018, the Pentagon successively issued several editions of a cyber strategy, through which the dominant idea was that cyberspace is a battlefield, and it is a domain that the US must control. It offered a clear strategic concept and realization path for the US military to gain advantage on the fifth battlefield.

'Fangs' that gradually appear

After more than 10 years of development, the US' cyber forces are well-trained, well-equipped, and advanced in concept, and their strength far exceeds that of other countries.

In 2021, the British International Institute for Strategic Studies (IISS) assessed 15 countries' cyber capabilities in seven categories, including (1) strategy and doctrine, (2) governance, command and control, (3) core cyber-intelligence capability, (4) cyber empowerment and dependence, (5) cyber security and resilience, (6) global leadership in cyberspace affairs, and (7) offensive cyber capability. The study found that "the US retains a clear superiority over all other countries in terms of its information and communications technology empowerment," and that "the US capability for offensive cyber operations is probably more developed than that of any other country, although its full potential remains largely undemonstrated."

The US has created many "perfect weapons." In 2010, the secret Operation Olympic Games was exposed by the media, in which the "Stuxnet" computer worm was embedded into computer controllers that directed the operation of the centrifuges at Natanz uranium enrichment facility in Iran. The virus caused the centrifuge to go out of control and even get completely paralyzed, demonstrating the incredibly destructive nature of cyber weapons.

Abundant technical and human resources provide the US with a natural advantage in developing cyber weapons. The US' Cyber Commander is also the Director of the NSA. The latter's powerful network penetration and monitoring capabilities provide unparalleled advantages for cyber military operations. Coupled with the continuous increase in the US' investment in cyber warfare - 90 percent of the military's network project expenditure is used to develop cyber weapons and equipment, the country has built the world's most advanced and complex cyber weapon arsenal, covering both soft and hard damage weapons, which can wipe out all kinds of equipment, data and information around the world.

To adapt to the rapid development of AI technology, the Defense Advanced Research Projects Agency (DARPA) of the DoD has also developed an autonomous network attack system based on AI processing chips, which can independently learn the network environment and generate specific malicious codes.

The US cyber force has extended its tentacles to the rest of the world. The country divides cyber warfare into strategic cyber warfare and tactical cyber warfare. The former mainly targets the opponent's key infrastructure and important systems, while the latter focuses on offensive and defensive confrontations at the battlefield and campaign levels. US cyber operations are not limited to the battlefield and military targets - winning or losing a battle, but focus on the world, on important facilities and systems that are related to the national economies and people's livelihoods of all countries.

In 2011, the DoD issued the Strategy for Operating in Cyberspace (public version) which proposed that combat targets should not be divided into military and civilian purposes, and that "computer-induced failures of power grids, transportation networks, or financial systems could cause massive physical damage and economic disruption. DoD operations - both at home and abroad - are dependent on this critical infrastructure."

Judging from various revelations by Snowden and WikiLeaks, the US cyber force has long been lurking in key parts of cyberspace, preparing for activating codes when necessary to destroy opponents' main social functions and disturb the public so as to gain strategic initiative.

The huge power outage in Venezuela in 2019 is an example of the US' intention to exchange the least cost (avoiding a hot war) for the greatest benefit (influencing the behavior of the government of the target country, or even overthrowing the authority).

Take the fight to the enemy

The initial mission of the US Cyber Command was to protect the security of the US Department of Defense's information systems, defending the US against large-scale cyberattacks, and ultimately integrate cyber warfare capabilities with traditional combat methods. However, as the situation of cyber space confrontation has changed, the US' perception of cyber threats has also changed. 

Currently, the US government believes that the country's cyber enemies are more inclined to engage in long-term behavior such as intellectual property theft, election interference, and attacks on critical infrastructure, which do not reach the threshold of armed attacks but seriously harm US security and interests. The US government believes that it urgently needs a new approach to improve security and stability.

In March 2018, the US Cyber Command released a new "command vision" entitled "Achieve and Maintain Cyberspace Superiority," noting that the cyberspace in which the agency was established has changed. "We have learned we must stop attacks before they penetrate our cyber defenses or impair our military forces; and through persistent, integrated operations, we can influence adversary behavior and introduce uncertainty into their calculations," the document stated.  

The US Department of Defense's "Cyber Strategy" released that same year, begins with a "defend forward" approach that shifts the focus outward to stop threats before they reach their targets.

Nakasone's goal is to transform the cyber army from a "reactive force" to a "persistent force," capable of engaging with enemies who threaten American interests in cyberspace at any time. This new paradigm places unprecedented emphasis on pre-emptive action, allowing the cyber force to strike first if it perceives a threat. 

From then on, the scope of the US' cyber operations was no longer limited to the US military network, let alone the domestic network facilities, information systems and data. It could carry out cyberattacks on any target around the world in the name of safeguarding national security.

To ensure the implementation of this concept, former US president Donald Trump signed a classified order known as the National Security Presidential Memorandum 13 in August 2019, authorizing Cyber Command to conduct offensive cyber operations abroad without specific presidential approval. 

The US' National Defense Authorization Act for fiscal years 2019 and 2021 both provide greater discretion for the US military to conduct cyber operations, including lowering the approval threshold for such actions, equating them with conventional combat operations, and relaxing procurement rules for the US Cyber Command.

So far, the US Cyber Mission Force (CMF) has conducted nearly 40 "hunt forward" operations and thousands of remote network operations worldwide under the guise of election security and anti-ransomware actions. They actively assist other countries in discovering potential hostile cyber activities, identifying network vulnerabilities and malicious software, uncovering attackers' intentions and methods before they reach the US and prevent them.

The "hunt forward" operation is mostly concentrated in Europe and the Asia-Pacific region, with a clear purpose. In 2018, Cyber Command informed the outside world of its first public overseas cyber operation: Cutting off the network connection of the Russian Internet Research Agency in St. Petersburg, during the US' 2018 midterm elections. After that operation, the US military decided that this paradigm worked well enough to extend the working group on Russia and establish a similar working group on China.

Graphic: GT

Graphic: GT

Absolutely safe is nothing safe

The US has always pursued "absolute freedom" and "absolute security" in cyberspace, ensuring the freedom of action for its military while depriving its perceived enemies of freedom of action. In order to ensure the strategic advantage of the US military, the country tries its best to attack and seize the initiative. In fact, the unrestrained development of the US military's cyber power has brought about bad results.

The most obvious consequence is the spread of cyber weapons and their dangers. So far, the aftermath of the Stuxnet virus continues, and its related viruses Duqu, Flame, and Gauss, as well as various mutations, are still endangering industrial control systems worldwide.

In May 2017, the hacker group Equation Group affiliated with the US' National Security Agency developed an exploit and leaked "Eternal Blue" which was adapted into the "WannaCry" ransomware, causing a sweeping global impact and resulting in a loss of $4 billion in just a few days.

Under the new paradigm, the US cyber force is pursuing an unlimited expansion of its operational scope, with a more pronounced emphasis on indiscriminate targeting of attack objectives. Their actions are also more proactive and aggressive. Some scholars believed that this trend will affect global strategic stability and may cause friction between the US and its allies.

The US often compares its dependence on information and communication technology to living in a glass house, believing that its enemies will exploit this dependence to develop an asymmetric advantage, leading to a "cyber Pearl Harbor" attack. This self-centered thinking, and victim-based and hypothetical enemy scenarios have provided the best excuse for the US to lead the world in building a cyber force and engaging in a cyber arms race.

But as Joseph Nye said, the US is the best at throwing stones, but it also lives in the most fragile of glass houses. Since the end of 2020, the US has experienced a series of major cybersecurity incidents, such as the SolarWinds Supply-Chain Attack that caused multiple government departments and large-scale enterprise to shut down. And the Colonial Pipeline, the largest US refined products pipeline operator, was hit by a cyber-blackmail attack that forced it to shut down its supply network to states along the US east coast.

The interconnected nature of cyberspace has led to the militarization and arms race in the field of network, which not only endangers human peace and security, but also deeply affects the national security of each country and even the personal interests of every individual. 

As the threshold for the use of force on the internet is progressively lowered, the boundaries between peacetime and wartime, and between military and civilian use are becoming more blurred, to some extent, the possibility of cyber friction and conflict, or even accidental fire between countries has increased, and the task of maintaining security and peace in international cyberspace has become more difficult.