Going through the latest DoD Cyber Strategy for 2018 it should be clearly noted that several key new developments are continuing to take place which are worth discussing in the broader context of real-time cyber threat intelligence cyber attack attribution and cyber attack prevention mechanism which today are taking place primarily courtesy of the U.S DoD the NSA and the U.S Cyber Command.
In this post I’ll discuss a newly emerged trend which is called “forward defense” where U.S based cyber warriors will actually bother to proactively respond to and prevent current and emerging cyber attacks by scouting foreign networks including foreign influence and information operation campaigns that also includes the use of botnets and cyber espionage type of campaigns to further protect U.S critical infrastructure from current and emerging cyber threats.
While the majority of the cyber threat intelligence work in the U.S is done by the commercial sector the U.S Cyber Command continues to actively apply basic U.S DoD military methodology including near real-time information sharing initiatives for the purpose of demonstrating the key operational capability in the context of targeting the online infrastructure that also includes to actively respond to information warfare including foreign influence operations.
Key summary points to consider:
- Information Warfare is making its way into the White House official Cyberspace strategy document – I’ve already discussed this unique trend in a related article which you can check out here – which undoubtedly sets a unique precedent where we have the White House directly interfering with basic military concepts such as for instance information warfare and information operations that also includes the use of foreign influence operations which further empowers the U.S DoD and the NSA with unique capabilities to respond to these type of campaigns possibly directly interfering with Russia’s information warfare concepts which believe it or not in another world are directly copied from publicly accessible U.S DoD and NSA publicly accessible papers throughout the years. In terms of information warfare operations that also includes foreign influence operations this is a dangerous game to play which may inevitably lead to actually catching some high-profile information warfare operations or eventually KGB or Russia’s FSB operators which goes far beyond the usual duties of the U.S Cyber Command the U.S DoD and the NSA in general which has to do with far more high-profile cyber threats that also includes cyber warfare campaigns and possible direct threats against U.S critical infrastructure
- Foreign influence operations – it still remains unclear as to the extend of this basic misconception which basically relies on the use of social media or the so called rogue and bogus content farms which are pretty similar to high-profile and relevant cybercrime-friendly blackhat SEO (search engine optimization) campaigns in the context of traffic acquisition and traffic hijacking which basically has nothing to do with Russia’s active measures in Cyberspace which is a dangerous word to play with in particular in the context of having the U.S Cyber Command the U.S DoD and the NSA hunt down and track down foreign influence operations. It should be also clearly noted that a direct response should be issues on a systematic and persistent basis which basically represents the U.S Cyber Command and the U.S DoD including the NSA’s basic principles and mode of operation where the virtual assets of a specific foreign influence operator can either can directly exposed or shut down or actually a direct DoS (Denial of Service) launched against them which shouldn’t be surprising in the broader context of fighting cybercrime and responding to cyber warfare incidents and campaigns online
- Sock puppetry and foreign influence operations – yet another dangerous word which should be used with caution remains the use of “sock puppets” which are basically foreign influence operators positioned by the U.S Cyber Command the U.S DoD and the NSA as a possible National Security risk which should be properly monitored and actions taken against it in one form or another in particular a direct attempt to expose the operator behind the rogue and bogus content farm including to actually attempt to launch a DoS (Denial of Service) attacks against their infrastructure