Abstract
In 2015, the Director of National Intelligence began his discussion of global threats during his testimony to the Senate Armed Services Committee stating that “[Cyber] attacks against us are increasing in frequency, scale, sophistication and severity of impact.” In the past, rhetoric around cyber security has focused on defensive measures – strengthening US systems to prevent cyber-attacks from disclosing sensitive information or causing service outages for critical infrastructure. More recently, intelligence, national security, and military leaders have discussed the need for offensive cyber abilities in order to understand and deter the operations of our adversaries.
Advancements in cyber capabilities are outpacing understanding of the risks and implications of cyber conflicts. This chapter explores the technology behind sophisticated offensive cyber-attacks and the role of the intelligence community (IC) in collecting zero-day errors and writing code in order to develop the US cyber-arsenal. This will be investigated using a case-study framework focused on events of covert operations to collect information or damage infrastructure that were allegedly carried out by state actors. Using information about the cyber tools used today, predictions about the future of cyber sabotage and espionage will be presented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bencsáth, B., Buttyán, L. and Félegyházi M. (2012). Pék, G. sKyWIper (aka Flame aka Flamer): A complex malware for targeted attacks. CrySyS Lab, [online]. Version 1.05. Available at: https://www.crysys.hu/skywiper/skywiper.pdf. Accessed 23 Apr 2016.
Center for Strategic and International Studies (CSIS). (2008). Securing Cyberspace for the 44th President, [online]. Washington DC: Center for Strategic and International Studies. Available at: https://www.nitrd.gov/cybersecurity/documents/081208_securingcyberspace_44.ppd. Accessed 31 March 2017.
Chien, E. (2010). Stuxnet: A Breakthrough [Blog]. Symantec security response. Available at: https://www.symantec.com/connect/blogs/stuxnet-breakthrough. Accessed 18 Apr 2016.
Clapper, J. (2016). Worldwide treat assessment of the US intelligence community. Washington, DC: Office of the Director of National Intelligence.
Falliere, N., Murchu, L. and Chien, E. (2011). W32.Stuxnet Dossier. Symantec Security Response. Version 1.4. p 1–68.
Herrera-Flanigan, J. (2011). Mission 4: Safeguarding and Securing Cyberspace. Nextgov, [online]. Available at: http://www.nextgov.com/cybersecurity/cybersecurity-report/2011/02/mission-4-safeguarding-and-securing-cyberspace/54283/ Accessed 31 March 2017.
Kaspersky Lab. (2012). Kaspersky Lab and ITU Research Reveals New Advanced Cyber Threat, [online]. Woburn, MA: Kaspersky Lab. Available at: http://usa.kaspersky.com/about-us/press-center/press-releases/2012/kaspersky-lab-and-itu-research-reveals-new-advanced-cyber-threa. Accessed 23 Apr 2016.
Kennedy, R. (2008). Of knowledge and power: The complexities of National Intelligence. Connecticut: Greenwood Publishing Group.
Kim, S., Park, J., Lee, K., You, I., & Yim, K. (2012). A brief survey of rootkit techniques in malicious codes. Journal of Internet Services and Information Security, 3(4), 134–147.
Lee, D. (2012). Flame: Massive cyber-attack discovered, researchers say. BBC News, [online]. Avaliable at: http://www.bbc.com/news/technology-18238326. Accessed 10 Mar 2016.
Lynn, W. (2010). Defending a new domain: The Pentagon’s Cyberstrategy. Foreign Affairs, [online]. 89(5). Available at: https://www.foreignaffairs.com/articles/united-states/2010-09-01/defending-new-domain?gp=66687%3A31ac65264-c9a4440. Accessed 26 Feb 2016.
Mick, J. (2010). USB stick led to worst cyber attack on US military; Russia suspected. Daily Tech, [online]. Available at: http://www.dailytech.com/USB+Stick+Led+to+Worst+Cyber+Attack+on+US+Military+Russia+Suspected/article19458.htm. Accessed 18 Apr 2016.
Miller, C. (2007). The legitimate vulnerability market: Inside the secretive world of 0-day exploit sales. Independent Security Evaluators, [online]. Available at: http://www.econinfosec.org/archive/weis2007/papers/29.pdf. Accessed 12 Mar 2016.
Mooney, C. (2017). New Obama report warns of changing ‘Threat environment’ for the electricity grid. The Washington Post, [online]. Avaliable at: https://www.washingtonpost.com/news/energy-environment/wp/2017/01/06/new-obama-report-warns-of-changing-threat-environment-for-the-electricity-grid/?utm_term=.52382d1dc2c1. Accessed 09 Oct 2017.
Munro, K. (2012). Deconstructing flame: The limitations of traditional defences. Computer Fraud & Security, 2012(10), 8–11.
National Commission for the Review of the Research and Development Programs of the United States Intelligence Community (NCRRDP). (2013). Special Topic White Paper: The IC’s Role within US Cyber R&D [online]. Washington D.C. Available at: https://fas.org/irp/eprint/ncrdic-cyber.pdf . Accessed 31 March 2017.
Paganini, P. (2012). Flame and stuxnet, the union is strength. security affairs. [online]. Avaliable at: http://securityaffairs.co/wordpress/6373/intelligence/flame-and-stuxnet-the-union-is-strength. html. Accessed 15 Apr 2016.
Park, R. (2015). Guide to Zero-Day Exploits [Blog]. Symantec security response. Available at: https://www.symantec.com/connect/blogs/guide-zero-day-exploits. Accessed 01 Apr 2017.
Rid, T. (2013). Cyber war will not take place. New York: Oxford University Press Inc.
Rosenbach, E. and Peritz, A. (2009). Cyber security and the intelligence community. Memorandum. Confrontation or Collaboration? Congress and the Intelligence Community. Belfer Center for Science and International Affairs. Harvard Kennedy school.
Sahadi, J. (2013). What the NSA costs Taxpayers. CNNMoney, [online]. Available at: http://money.cnn.com/2013/06/07/news/economy/nsa-surveillance-cost/. Accessed 01 May 2016.
Sanger, D. (2012). Obama order Sped up wave of cyberattacks against Iran. The New York Times, [online]. Available at: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html. Accessed 18 Apr 2016.
Sanger, D. (2016). US cyberattacks target ISIS in a new line of combat. The New York Times, [online]. Available at: https://www.nytimes.com/2016/04/25/us/politics/us-directs-cyberweapons-at-isis-for-first-time.html?_r=0. Accessed 31 March 2017.
Schneier, B. (2010). The story behind the Stuxnet virus. Forbes, [online]. Available at: https://www.forbes.com/2010/10/06/iran-nuclear-computer-technology-security-stuxnet-worm.html. Accessed 15 Apr 2016.
Schonberg, M. (2013). Defining the DOD Rode in National Cybersecuity. MSS. United States Army War College.
Tehan, R. (2017). Cybersecurity: Critical infrastructure authoritative reports and resources. Congressional Research Service [online]. Report No. R44410. Available at: https://fas.org/sgp/crs/misc/R44410.pdf. Accessed 31 May 2017.
US China Economic and Security Review Commission. (2008). Report to Congress of the US – China Economic and Security Review Commission, [online]. 110th Congress, 2nd session. Washington D.C.: USCC.. Available at: https://www.uscc.gov/sites/default/files/annual_reports/2008-Report-to-Congress-_0.pdf. Accessed 31 March 2017.
Volz, D. and Hosenball, M. (2016). Concerned with cyber threat, Obama seeks big increase in funding. Reuters, [online]. Available at: http://www.reuters.com/article/us-obama-budget-cyber-idUSKCN0VI0R1 Accessed 05 Apr 2016.
White House. (2003). The National Strategy to Secure Cyberspace [online]. Washington, DC. Available at: https://www.us-cert.gov/sites/default/files/publications/cyberspace_strategy.pdf. Accessed 31 March 2017.
Wolf, K. (2015). Wassenaar arrangement 2013 plenary agreements implementation: Intrusion and surveillance items. Federal Register, [online]. Available at: https://www.federalregister.gov/documents/2015/05/20/2015-11642/wassenaar-arrangement-2013-plenary-agreements-implementation-intrusion-and-surveillance-items. Accessed 15 Apr 2016.
Zetter, K. (2007). Simulated cyberattacks shows hackers blasting away at the power grid. Wired, [online]. Available at: http://www.wired.come/2007/09/simulated-cyber/. Accessed 25 Apr 2016.
Zetter, K. (2012). Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers. Wired, [online]. Avaliable at: https://www.wired.com/2012/05/flame. Accessed 02 Feb 2018.
Zetter, K. (2014). Countdown to zero day: Stuxnet and the launch of the world’s first digital weapon. New York: Crown Publishing Group.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Mahvi, A.J. (2018). Strategic Offensive Cyber Operations: Capabilities, Limitations, and Role of the Intelligence Community. In: Kosal, M. (eds) Technology and the Intelligence Community. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-75232-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-75232-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75231-0
Online ISBN: 978-3-319-75232-7
eBook Packages: Political Science and International StudiesPolitical Science and International Studies (R0)