While the private realm has been waging an admittedly less than successful war against the extremist Islamic State for some time now, it’s only been recently that the US government has publicly talked about cyberattacks against ISIS. But what does the cyber war against ISIS really entail?
An Ongoing Operation
At the forefront of the Department of Defense’s operations seem to be focused on social media. Encrypted messaging apps are used by the Islamic State to recruit and distribute propaganda, and with messages that aren’t captured or monitored, the US is looking first to establish back doors to apps with end-to-end encryption.
Operations launched out of Fort Meade, Maryland, began in early 2016 at the prompting of Defense Secretary Ash Carter. At this point, though, the DoD is being decidedly quiet on the details of their actions. Statements from officials have had the sentiment of trying a number of things to see what works and what doesn’t. This is not to say that there is not a plan in place, only that those behind the operation are being decidedly and perhaps necessarily tight-lipped about the planned attacks.
In addition to attempts to disrupt social media, other plans seem to focus on preventing the Islamic State from conducting financial transactions or setting up logistics. Though seemingly the lower priority (or perhaps just the less discussed one), it is here that DoD and partnering agencies may have the potential to do more. ISIS has proven incredibly adept from the onset with their use of technology to recruit and motivate. With other battles still circulating in the public sphere regarding the government’s access to encrypted technology, working in areas external to those apps may show more promise.
An Internal Battle
Some are left wondering if the cyber war is too little too late as Carter waited months before bending to the pressure to do more against the Islamic State’s virtual presence. Carter’s big concern, he claims, is that attacks might disrupt intelligence officers’ ability to find warning or indications of the group’s current activity.
There is also worry that attacks on the infrastructure that allows ISIS to distribute virtual information will also impact civilian networks and systems needed for critical operations in the nations targeted.
One of the more striking points to come from the announcement of this self-proclaimed aggressive attack is how unequipped the US seems to be to conduct offensive attacks on a technological level. Overseeing organization Cyber Command only began operations in 2010, and has been largely defensively focused up to this point. A more comprehensive team is underway with the Pentagon, but will not see full numbers until 2018. There is little talk of how operations are going to be approached prior to the completion of team building and training. Until then, the cyber war against the Islamic State is set to continue under the same unclear policies and practices with which it was launched. What good it does, if any, will likely not be known for some time to come.