Pentagon unleashes Fort Meade cyberwarriors on Islamic State

Defense Secretary Ashton B. Carter, shown here at Fort Meade last year, described the outlines of a hacking campaign against the self-declared Islamic State Monday.
Defense Secretary Ashton B. Carter, shown here at Fort Meade last year, described the outlines of a hacking campaign against the self-declared Islamic State Monday. (Chip Somodevilla / Getty Images)

The Defense Department has called on military hackers at Fort Meade to disrupt the operations of the self-declared Islamic State, a move that adds cyberweapons to the bombs and missiles the United States has been using to batter the terror group.

Defense Secretary Ashton B. Carter described the outlines of the hacking campaign Monday.


"This is something that is new in this war," he told reporters at the Pentagon. "It's an important new capability and it's an important use of our Cyber Command and the reason Cyber Command was established in the first place."

Carter's comments were a striking shift in the way the government talks about its ability to launch cyberattacks against its enemies. And for the six-year-old Cyber Command at Fort Meade, the campaign marks a kind of coming of age: Before now, the government had not publicly acknowledged carrying out such offensive cyberoperations and kept many of the command's abilities secret.


Carter said the effort is aimed at knocking out the Islamic State's communications infrastructure, to make it more difficult for its fighters to coordinate their efforts and potentially to drive them to use systems that are easier for America to detect and monitor.

One technique involves overloading computer networks so they no longer function — a common type of attack known as denial of service.

Elements of the campaign remain under wraps. Asked whether the Defense Department would send out daily lists of cyberattacks against the Islamic State — as it does with airstrikes — Carter said it was unlikely.

"The methods we're using are new; some of them will be surprising," he said. "Some of them are applicable to other challenges."


Officials have been reluctant to discuss cyberattacks, saying such talk could alert adversaries and help them defend themselves. Gen. Joseph Dunford, the chairman of the Joint Chiefs of Staff, told reporters that remains an issue in the campaign against the Islamic State.

"We don't want them to have information that will allow them adapt over time," he said. "We want them to be surprised when we conduct cyberoperations."

Carter said the cyberoffensive was an important part of the broader campaign against the Islamic State, in which the United States is applying its air power and military know-how to help the Iraqi government and Kurdish forces that are doing the bulk of the fighting on the ground.

Carter said Monday that U.S.-backed forces had captured Shaddadi, a strategically important town linking the Islamic State's power centers in Iraq with those in Syria.

As the focus shifts to capturing the Iraqi city of Mosul, Carter said, cyberattacks will be an important part of the strategy.

"We're accelerating this just as we're accelerating everything else," he said.

Trey Herr, a cyberweapons researcher at George Washington University, said it's unlikely the Defense Department needs to use its most sophisticated cybercapabilities against the Islamic State. Because the group is widely hated, he said, it's a more appealing target for testing out a new kind of warfare than another nation would be.

"There's more at stake when we talk about our larger relationship with the Chinese government," he said.

For months it has appeared that the Islamic State has had the upper hand in the online battlefield.

The group has made effective use of social media networks to spread propaganda and recruit sympathizers.

Hackers associated with the group have had some high-profile successes, such as commandeering the Twitter account of U.S. Central Command, which is leading the campaign in Iraq and Syria, and even defacing the website of a small television station on Maryland's Eastern Shore.

So while the discussion of the campaign is unusual, Herr said, it's an opportunity for the government to show the lengths it is going to in battling Islamic State fighters.

"The U.S. would like to be able to lay claim to having some sort of operational effectiveness against them," Herr said.

The defense secretary visited U.S. Cyber Command headquarters at Fort Meade in January and exhorted troops there to come up with ways to attack the Islamic State.

The Pentagon established Cyber Command in 2009 as a center for the military's computer warfare efforts. Officials are working to train some 6,000 new warriors organized into 133 teams — an effort not scheduled to be complete until 2018 — and build a command center on a secure campus that is also home to the National Security Agency.

Twenty-seven teams are to be dedicated to carrying out attacks.

Training troops to fight in cyberspace has proved to be a major undertaking: By one estimate, it takes 18 months and costs $200,000 to train a single service member to even a basic level.

Dunford said that the campaign against the Islamic State should be an opportunity for the young command to develop a set of tools that will be useful in future conflicts.

Cyber Command has close ties to the NSA. Both are commanded by Adm. Michael S. Rogers, and some Cyber Command troops occupy offices at Fort Meade adjacent to those used by NSA teams.

But the future of the relationship is in question. Eric Stride, who works for cybersecurity company root9B and serves as a cyberwarfare officer in the Air Force Reserve, said the two organizations use similar tools, but they have different missions.

The NSA's "objective is to gather foreign intelligence," Stride said. Cyber Command uses "the same skill sets," he said, "but their intent on the offensive side is to provide cyber options to combatant commanders."

In Iraq and Syria, the Defense Department is already facing questions about whether hacking Islamic State computers to take them offline could impede intelligence gathering efforts.

Dunford called that a "fair and good question."

"Each and every time we conduct an operation, that's one of the variables we consider," he said.

Some officials advocate breaking the two operations apart. Others argue that Cyber Command is not ready to stand completely alone and still needs the help of the NSA, which has much longer experience with breaking into the computers of America's enemies and rivals.

At a hearing in the House of Representatives last week, Carter said he wanted to maintain the close relationship as the military struggles to find enough troops with the right skills.

"It's a people issue, and finding good people is critical," he said. "Having NSA next to Cybercom means that they can interchange talent and draw on one another."


Recommended on Baltimore Sun