Cyber operations were given their first big real-world test in November 2016, during the Department of Defense’s largest cyber operation to date. Now newly released documents reveal that U.S. Cyber Command proposed passing some targets to coalition partners — information typically held closely.
The documents, released as part of a Freedom of Information Act request from the National Security Archive at George Washington University, are a series of internal briefings and lessons from Operation Glowing Symphony. The operation was part of the larger counter-ISIS operations — Joint Task Force-Ares — but specifically targeted ISIS’s media and online operations, taking out infrastructure and preventing ISIS members from communicating and posting propaganda.
“As a [course of action] for dynamically deconflicting and engaging aim points of opportunity, the [cyber mission force] proposed passing aim point information to allied partners to take for action,” an after-action observation of Operation Glowing Symphony prepared by Cyber Command’s operations directorate stated.
Typically, cyber capabilities and targets are some of the most closely guarded secrets given the types of resources needed to gain access to targets’ networks. However, officials have indicated in the past that, sometimes, effects were easier achieved if given to coalition partners because they might not have as restrictive domestic authorities for using such capabilities. Moreover, they may also possess better access in some cases.
For years, the military operated under what the military, many members of Congress and national security experts considered restrictive authorities and polices. U.S. officials have detailed instances where domestic authorities and processes may have slowed down operations. The former commander of the joint task force in charge of the anti-ISIS operations described an instance in which they were trying to use non-kinetic capabilities to take out ISIS command posts. While the overall operation was successful, the planning and coordination took weeks. Other officials noted that foreign partners provide unique access or unique capabilities and operate off of different authorities that compliment those of the military.
Those authorities and processes have been streamlined by the executive branch and Congress in recent years.
The documents recommend that Cyber Command establish a memorandum of understanding with allied partners to codify the relationship for deconfliction operations.
This becomes important as other nations have developed advanced offensive cyber capabilities for intelligence and military purposes. The Australians, for example, have detailed the various offensive cyber operations they undertook as part of the global anti-ISIS coalition.
The documents also point to how in 2016 coordination with the interagency — which typically includes intelligence agencies that are also operating in cyberspace for espionage rather than disrupting networks — was too immature to execute operational deconfliction.
The observations, however, point out that recommendations to develop an operational deconfliction script and process had been implemented.
Separate from the after-action review, a 30-day assessment of the operation noted that while the joint interagency coordination process is fairly mature, it has not been flexed to synchronize the speed, scope and scale of Operation Glowing Symphony. It went on to say that those processes were “taxed” and matured.
A 120-day assessment pointed out that deconfliction processes at the time placed unnecessary restrictions on combatant commands’ ability to coordinate cyber operations. If targets had been validated and vetted, the partially redacted portion of the 120-assessment stated, the combatant command should not be prevented from requesting support from Cyber Command.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.