Armed Conflict Cybersecurity & Tech

The New Contours of Cyber Conflict

Paul Rosenzweig
Wednesday, February 27, 2019, 12:19 PM

An American military unit used offensive weapons against a target inside Russia. And nobody is noticing.

Let that sink in for a second. As the country (understandably) focuses on matters like Michael Cohen's testimony; the president's self-described friendship with a murderous dictator; and the House vote to negate the president's declaration of a national emergency (all notable issues to be sure), it seems as though something exceedingly significant has happened and ... just disappeared under the radar.

Published by The Lawfare Institute
in Cooperation With
Brookings

An American military unit used offensive weapons against a target inside Russia. And nobody is noticing.

Let that sink in for a second. As the country (understandably) focuses on matters like Michael Cohen's testimony; the president's self-described friendship with a murderous dictator; and the House vote to negate the president's declaration of a national emergency (all notable issues to be sure), it seems as though something exceedingly significant has happened and ... just disappeared under the radar.

To repeat: The Washington Post is reporting that U.S. Cyber Command conducted offensive cyber operations against the Internet Research Agency. The IRA is located in St. Petersburg, Russia and is a well-known proxy for Russian information operations. As the Post puts it:

The U.S. military blocked Internet access to an infamous Russian entity seeking to sow discord among Americans during the 2018 midterms, several U.S. officials said, a warning that the Kremlin’s operations against the United States are not cost-free.

The strike on the Internet Research Agency in St. Petersburg, a company underwritten by an oligarch close to President Vladi­mir Putin, was part of the first offensive cyber-campaign against Russia designed to thwart attempts to interfere with a U.S. election, the officials said.

In short, the United States used cyber weapons to take down a Russian state-approved cyber information operation. If the U.S. had done so using a missile (by, say, destroying the facility where the Internet Research Agency is located) it would have been an armed attack and potential a cause of a war-like response And yet, somehow, in doing it via cyber means, the United States has managed to avoid that implication; evaded public scrutiny (until now); and possibly set a new standard for "sub-warlike" cyber activity that begins the creation of new international norms of behavior in the domain.

The use of Cyber Command in an offensive way to counteract Russia's election interference is an event of incredible significance for a host of reasons. Nothing else on the world stage today (except, the prospect of war between India and Pakistan) is likely to have as significant and long-term an impact at global scale. Candidly, I'm not sure whether I think this is a good thing or a bad thing (at least in part because I don't have access to a classified account of what Russian activities justifed the initiation of countermeasures). But I am sure that it is another instance of crossing the Rubicon—and it is remarkable to me that it has gone so unremarked upon.


Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare