C4ISRNET recently published an interesting and useful four-part series exploring what U.S. Cyber Command will need to operate on its own, separate from the National Security Agency. (Part I is here and provides links to the other parts in the series.)
Unfortunately, the reporting suggests at least one significant misunderstanding about the nature of cyber weapons and warfare. To wit, the director of government cyber solutions at a major defense contractor is quoted as saying “If you’re using the same platform that’s vulnerability to the enemy following you back, that path in cyberspace, you’re jeopardizing your intelligence sources if you’re using the same platform to conduct an attack. . . . With intelligence, you typically don’t want to get caught—it's espionage. Well, if I’m going to use a cyber exploit, and I’ve got the rules of engagement to do it, the thinking is: Heck, I’m at war. Getting caught isn’t part of the equation.” The C4ISRNET summary is “attribution is not a big deal in a warfare scenario.”
This sentiment is valid as far as it goes—a destructive act by U.S. military forces is intended to be noticed by the adversary and “not getting caught” doing something destructive in cyberspace is indeed not particularly of concern. But this sentiment ignores a very important aspect of offensive cyber operations—that of gaining and maintaining access to the target in question before the operation does its destructive deed.
A cyber weapon is unlike a kinetic weapon in that a target requires much less advance preparation if it is to be hit with a kinetic weapon. Access paths to the target for a given cyber weapon must be established in advance, and such access paths must be maintained and concealed until the weapon is used. If it is not concealed, the adversary may well eliminate that path and thus negate the weapon’s effectiveness against the target until another access path is found. So – for many cyber weapons – getting caught DOES matter, not at the point of “detonation”, that is, when the weapon does its destructive thing, but at the point of insertion and any time thereafter.
For that reason, the vaunted skills of the NSA in operating stealthily will continue to have value for Cyber Command, and if and when NSA and Cyber Command separate, it will still be important for Cyber Command to have access to those skills.