a survey of us cyberspace military thought and capability system

Posted by lipsius at 2020-04-04

Number of words in this paper: 2196

Reading time: 7 minutes

The U.S. military has actively used technological innovation in the field of industrial network security to promote the construction of military capabilities in cyberspace. The theory and capabilities of cyberspace operations have been continuously improved, forming a relatively complete cyberspace operation system with attack, defense, monitoring and support capabilities, and taking the lead in the world.


The US military's "strategic deterrence, active defense and retroactive counter system" Trinity operation thought is maturing day by day

According to the strategies, reports and regulations issued by the U.S. government and military in recent years, the U.S. military mainly pursues the operational ideology of "strategic deterrence, active defense and retroactive countermeasures" in cyberspace. At present, the US military is promoting the concept and thought of cyberspace operations to be more specific and operational.

1. Implement deterrence strategy at the national level

The U.S. military stressed that through the construction of a strong cyber military force, it would form a deterrent to major global adversaries, so as to curb cyber attacks against the United States. The White House, the Department of homeland security, the Department of defense and other departments of the United States have issued cyber security strategies, policies, and regulations, which have clearly announced the deterrence strategy. In August 2017, U.S. President Donald Trump announced that the cyber command will be upgraded to the tenth independent joint operations command of the U.S. military, aiming to strengthen the institutional functions of implementing the strategic deterrence strategy in cyberspace. On May 17, 2018, network command officials of the U.S. Department of Defense said that all 133 network task forces under the U.S. network command have achieved full operational capabilities. On September 20, 2018, the United States released a new national network strategy, which takes "seeking peace with strength" as one of the main pillars and uses various economic and military means to deter.

2. Promote active defense mechanism at the military level

The idea of active defense in cyberspace has become a system. In October 2017, the active Cyber Defense Determination Act of the United States entered the legislative process, which will provide legal basis for tracking investigation and retroactivity against attackers. On September 18, 2018, the U.S. Department of Defense issued a new version of "cyber strategy", emphasizing "building more lethal military forces through cyberspace, accelerating the capacity-building of cyber operations and combating malicious cyber operations; the Department of defense will respond to daily malicious cyber activities through" defense forward ". On June 8, 2018, the U.S. military issued the joint doctrine of cyberspace operations, emphasizing that the effect should be realized in cyberspace first, and then the effect should be introduced into the physical field according to the demand. Through the cascade effect produced under careful control, the activities in cyberspace will realize the freedom of activities in the physical field.

3. Strengthen intelligence and attribution counterattack at the tactical level

Trump administration's latest "national network strategy" specially emphasizes the intelligence capability of the United States in cyberspace, and puts forward "intelligence leading, ensuring that the intelligence department is in the leading position in the world in the use of all source network intelligence". According to the 2018 edition of the US Department of Defense's cyber strategy, in response to crises and conflicts, the Department of defense will conduct cyber space operations to gather intelligence and prepare cyber military capabilities. In addition, on December 18, 2017, Trump's first national security strategy report stressed that "invest resources to support and enhance the ability to achieve attribution of cyber attacks and ensure the ability to respond quickly". Since 2018, major policy documents of the United States have emphasized the importance of traceability ability building, which is the main basis for the implementation of counter measures by the United States military.


The four in one network combat capability system of "attack, defense, monitoring and support" of the US Army is becoming more and more complete

The U.S. cyberspace command and the national security agency are the "double hat" operation mechanism. The U.S. cyberspace capabilities are closely related to the capabilities of government security agencies, intelligence agencies and military enterprises. Through continuous construction and evolution, the U.S. military has formed a cyberspace combat system with comprehensive integration, situational awareness, active defense and countervailing capabilities.

1. All round network attack capability

The equation organization attack tool set of NSA and vault 7 of CIA reflect the attack ability of US Army on Internet to some extent. From the perspective of leaked data, NSA has mastered a large number of unknown security vulnerabilities (0days), developed a very mature engineering framework for attack utilization, and has the ability of all-round penetration and control covering a variety of operating systems and applications from the bottom to the top. The CIA network weapon library includes team mode attack platform, embedded attack tool, window attack tool, mobile app attack tool, Trojan remote control tool, IOS / Android system attack tool, etc. it has the comprehensive invasion ability to mobile communication equipment, the remote control ability to Internet of things equipment, the cross platform attack ability to computer operating system, and the physical isolation network The ability of covert access and anti traceability of security detection. In addition, in recent years, the U.S. Army's battlefield network warfare capability has been continuously improved. Under the guidance of the concept of CEMA, the U.S. Army is constantly committed to the integration of cyber and electromagnetic warfare. In April 2017, the U.S. Army issued the "fm3-12 cyberspace and electronic warfare operations" field doctrine to provide tactics and procedures for coordinating and integrating army cyberspace and electronic warfare operations.

2. Multi level network defense capability

The main network of the U.S. Army has long relied on a series of security solutions represented by the "Einstein plan", and through the use of advanced defense technology and equipment such as dynamic defense, deformation network, etc., to protect the network space infrastructure and information system security of national defense and the federal government, and improve its ability to defend against cyberspace security threats. In particular, DARPA continues to promote innovation in cyber defense capabilities through new programs, such as the recently launched chase (cyber hunting at Scale) project aims to research and develop automatic tools, detect and identify new attack methods, collect associated data, realize automatic analysis and mining, help security analysts find advanced attacks hidden in massive data, generate and distribute protection measures, evaluate infrastructure, etc.

3. Global network monitoring capability

The U.S. network intelligence mainly comes from the U.S. sensors deployed secretly in the world, the signal intelligence of intelligence agencies such as the national security agency, and the multi-source intelligence of other agencies. American Internet enterprises and telecommunication companies are important intelligence partners of the US military, and the US carries out in-depth information cooperation and data sharing among departments and allies. The United States has vigorously developed information association screening, video screening and other big data analysis and processing technologies, which can use keywords, voice and image features to automatically analyze and screen valuable information from the intercepted massive information, and integrate high-value information. Such as "prism" plan, "Echelon" system, etc.

4. Comprehensive support capacity

The joint doctrine of the latest joint publication jp3-12, cyberspace operations, emphasizes that "cyberspace capabilities are included in the joint force commander's plan and are synchronized with other military operations.". In order to improve the integrated capability of cyberspace operations, the US military has developed a number of operational support projects. Typical are:

(1) The "network aircraft carrier" (unified platform) will provide a command and control and combat management visualization capability for the U.S. network task force, which can achieve the overall command and coordination of defensive network operations, offensive network operations and network ISR operations.

(2) Plan x develops technologies that fully perceive and understand cyberspace, and supports operations visualization, mission planning, and operations control in cyberwarfare.

(3) Supercomputing projects. On May 11, 2017, a national security administration project called "Windsor green" was exposed, which aims to study the powerful decryption ability of using supercomputers to crack online encryption software.

Cyberspace Security Civil Military Integration Innovation Center

As the first military civilian integration development platform of Cyberspace Security in China, the center focuses on the field of cyberspace national defense security, explores the establishment of an innovative development mode of military civilian integration for the construction of cyberspace national defense security equipment, and is committed to building a private think tank in the field of Cyberspace Security for the development of military equipment.