Cyber threats put U.S. national security at risk. The widespread impact of cyber conflict ranges from damage to critical infrastructure to the disruption of military operations. As cyber warfare becomes more sophisticated, the military relies on innovative techniques and collaborative approaches to protect national security.
To learn more, check out the infographic below, created by Augusta University Online’s Master of Science (MS) in Information Security Management program.
The U.S. is one of the largest targets for cyberattacks. In 2023, a total of 46% of global ransomware attacks targeted the U.S., according to Reuters.
As Gen. Glen D. VanHerck, Air Force commander, United States Northern Command (USNORTHCOM) and North American Aerospace Defense Command (NORAD), puts it, “I would tell you that we’re under attack every day in the cyber domain and the information space.”
The top threats to national security include cyber espionage and sabotage. U.S. cybersecurity focuses on threats such as advanced persistent threats (APTs). These are adversaries that conduct ongoing attacks meant to disrupt networks, steal data and infiltrate military or government organizations.
Cyber espionage from enemy actors also represents a top priority. Attackers use cyberattacks to spy on the U.S. military and government. Spyware, phishing attacks and other types of attacks can breach secure networks and put sensitive information at risk.
U.S. cybersecurity monitors for cyber sabotage, in which attackers use cyber sabotage to disrupt or weaken targets. For example, malware can corrupt networks and weaken national security.
Cyber psychological warfare is a persistent threat. Cyberattacks that spread disinformation and propaganda can have a significant impact on national security, influencing the outcome of elections and eroding trust in the media.
Cyberattacks take many forms, from phishing attacks designed to steal personal identifying information (PIN) to malicious software that infects computers. In the cyber warfare arena, the most common types of attacks include malware, ransomware and distributed denial of service (DDoS) attacks.
Attackers use malware to gain access to secure networks and information. Spyware, for example, can monitor activity and steal sensitive data. Ransomware focuses on extorting money from victims. By encrypting confidential data and holding it for ransom, attackers can disrupt operations and fund future attacks. DDoS attacks disrupt networks by overwhelming them with fake requests. This can block access or disrupt systems.
Armed conflict can look very different from cyber conflict. Cyberattackers can be state actors, cyber mercenaries or other malicious groups.
For example, government-sponsored cyberattacks have grown more sophisticated. China, Iran, North Korea and Russia are capable of large-scale cyber war, as is the U.S.
Cyber mercenaries, such as hacker groups, that sell their services represent another form of attacker. These mercenaries, driven by profit, may also sell spyware to state actors.
Twenty-first century terrorist organizations engage in cyber terrorism to incite fear and harm national security. Hackers seeking to effect social change can also play a role in cyber warfare. For example, in 2022, several hacktivist organizations declared war against Russia after its invasion of Ukraine.
Cyber conflict puts the country at risk. Even attacks that aren’t directly targeted at the government can have major national security implications. For example, attacks targeting critical infrastructure can cause disruptions. If an electrical or a power grid goes down, it can cause both physical and economic damage.
Data breaches can also compromise classified information. These attacks can disrupt military operations and expose the country to future attacks. Finally, military sabotage represents another form of attack. Cyberattacks that target military operations or infrastructure can affect military readiness.
Cyber operations have grown increasingly sophisticated in the past two decades. Around the world, government organizations have faced significant disruption due to cyberattacks.
How has cyber warfare changed in the 21st century? This cyber warfare timeline shows the evolving threat.
In the U.S., persistent attacks have targeted the Pentagon, the defense industrial base (DIB) and other U.S. Department of Defense (DOD) targets. From 2015 to 2021, the Defense Department reported more than 12,000 cyber incidents.
U.S. cyber operations take defensive and offensive approaches to protecting national security. The U.S. national cybersecurity team emphasizes readiness and defense.
U.S. Cyber Command, part of the Defense Department, coordinates cyberspace operations. The cyber military organization includes the U.S. Army Cyber Command, U.S. Fleet Cyber Command and U.S. Marine Corps Forces Cyberspace Command. The National Security Agency (NSA) operates a cybersecurity division tasked with preventing threats to national security systems. The Cybersecurity and Infrastructure Security Agency (CISA; part of the DHS) protects federal networks and coordinates critical infrastructure security.
In recent years, the U.S. has undertaken defensive cyberspace operations (DCO) and offensive cyberspace operations (OCO).
Defensive operations protect U.S. networks and systems. They also monitor threats and conduct vulnerability assessments. Offensive operations target hostile organizations, collect intelligence and disrupt operations.
In 2023, the Defense Department’s cyber strategy prioritized defensive operations to protect the DOD Information Network. The military also uses cyber operations to protect the DIB, which develops and manufactures defense technologies.
While most OCO missions are highly classified, two examples show the reach of military cyber operations. In 2010, Operation Olympic Games significantly hampered Iran’s nuclear program. In a targeted cyberattack, the Stuxnet computer worm destroyed nearly 1,000 uranium enrichment centrifuges at an Iranian nuclear fuel processing facility. The U.S. hasn’t officially claimed responsibility.
Then, in 2016, Operation Glowing Symphony targeted the Islamic State group. In the “most complex offensive cyberspace operation USCYBERCOM has conducted to date,” the Defense Department infiltrated the terrorist organization’s networks, significantly disrupting its operations.
Cybersecurity professionals in the military use cutting-edge techniques to fight cyber conflicts. Maintaining security requires sophisticated tools and coordinated efforts. As events such as the Colonial Pipeline attack reveal, the nation’s security depends on cybersecurity.
Sources
American Bar Association, “Cyber Conflict: From Apathy to Action”
A10, “Top Cyber War Techniques and Technologies”
Center for Strategic and International Studies, Significant Cyber Incidents
Council on Foreign Relations, Titan Rain
Cyber Magazine, “How Does the Military Protect Itself From Hackers?”
Cybersecurity and Infrastructure Security Agency, Nation-State Cyber Actors
Cybersecurity and Infrastructure Security Agency, “The Attack On Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years”
National Security Agency, Preventing And Eradicating Cyber Threats
National Security Archive, USCYBERCOM After Action Assessments of Operation Glowing Symphony
NPR, “How the U.S. Hacked ISIS”
Reuters, “Alliance of 40 Countries to Vow Not to Pay Ransom to Cybercriminals, US Says”
U.S. Cyber Command
U.S. Department of Defense, “Cyber Command, NSA Successes Point Way to Future”
U.S. Department of Defense, “Emerging Threats Are Shaping Future of Homeland Defense”
U.S. Department of Defense, 2023 Cyber Strategy of the Department of Defense
U.S. Government Accountability Office, DOD Cybersecurity: Enhanced Attention Needed to Ensure Cyber Incidents Are Appropriately Reported ad Shared
