Since its creation in 2009, US Cyber Command has focused its efforts mostly on sophisticated cyber-actors on the world stage, states like Iran, Russia, and North Korea. It acts mostly in the new realm of cyber-conflict, in which states can take digital shots at one another without getting too worried about starting a real shooting war.
But now, the American war on ISIS is blurring the lines between digital and kinetic conflict, opening a new cyber-front in the physical world: For the first time in its short history, the US military’s Cyber Command will now run its own aggressive operations as part of the War on Terror, and even augment regular, lethal military strikes with cyber capabilities.
The announcement came as President Obama prepared to discuss the war on ISIS in Hanover, Germany earlier this week, where he met with world leaders and laid out this new cyber initiative, among others. Deputy Secretary of Defense Robert O. Work has the key quote encapsulating the effort: “We are dropping cyberbombs… We have never done that before.”
If it could, Anonymous would be the most beloved group in the world by now. What we’re talking about here is functionally very different; from diverting ISIS’ troop payment transfers to sending its fighters fake military coordinates, this is cyber as a technical use of military force.
According to Brigham Young professor of law Eric Jensen, there have been basically three major, publicly known cyber-attacks that probably constitute a use of force under international law: Stuxnet, a devastating 2012 attack on the Saudi Aramco oil company, and a recent, rather terrifying attack on Swedish air traffic control.
It is possible that this particular cyber-campaign won’t affect that total number of attacks, since ISIS is not a legitimate state. Still, if “cyber bombs” do prove useful against ISIS, we can expect the strategy to continue against real states, as the US rolls out these capabilities to complement attacks in other theaters.