Checkpoint Asia

Why the US Probably *Is* Planting Weapons Code in Russia’s Power Grid

The DoD calls it "Preparation of the Battlespace"

The way Cyber Command sees it triggering the code would be war and would require an order by the president, but simply planting the code is just what they do now 

Walrus has already started an engaging conversation on this subject. As someone deeply involved in the early development of DoD cyber operations, I wanted to add  my two cents from a different angle. I am not as horrified by this development as many here are. But I am very uneasy with the apparent involvement of Bonkers Bolton. That creature is as dangerous as a malfunctioning Dalek. I’m pretty sure he doesn’t understand these things. Even if he did, he wouldn’t care.

The U.S. is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir Putin, the New York Times reported, citing current and former government officials. While the U.S. has probed the Russian grid since at least 2012 and there’s no evidence it has turned off power, the Trump administration’s strategy has shifted more toward offense with the deployment of U.S. computer code inside the grid and other targets, the newspaper said. The effort has gotten far more aggressive over the past year, the Times quoted an unidentified senior intelligence official as saying.

The administration declined to disclose specifics, according to the report. However, National Security Adviser John Bolton said publicly on Tuesday that the U.S. is taking a broader view “to say to Russia, or anybody else that’s engaged in cyberoperations against us, ‘You will pay a price,”’ the Times said. (Bloomberg)

This is a far cry from our early attempts at preparing to conduct offensive cyber operations. I remember attending several briefings at one of these early organizations at the NSA. The control of offensive tools was as restrictive as the control of nuclear weapons.

It was obvious these things scared the crap out of DoD and NSA back then. It’s equally obvious DoD and now CYBERCOM have learned to stop worrying and love the “Cyber-Bomb.” Our use of the Stuxnet worm to sabotage Iranian centrifuges was proof of our growing comfort with these things.

However, Stuxnet was used against Iran. We’re comfortable with raining all kinds of death and destruction throughout the Middle East. Now we’re taking actions to disrupt Russia’s power grid. That’s playing with raining death and destruction upon a nuclear capable peer competitor.

Hacking the grid is one thing. We’ve all done that for many years. That’s just part of the intelligence preparation of the battlespace (IPB). Implanting weapons to disable the Russian grid is a leap beyond that. Seems CYBERCOM has embraced the concept of operational preparation of the battlespace (OPB), a concept widely practiced in JSOC and in other parts of the special operations community. MG Michael Repass, a former 10th Group Commander, wrote a paper in 2003 describing these things.

“Advanced Force Operations consists of US SecDef-approved military operations such as clandestine operations. It is logically part of Operational Preparation of the Battlespace (OPB), which follows the Intelligence Preparation of the Battlespace, a concept well-known in U.S. and NATO doctrine, OPB is seldom used outside of SOF channels. OPB is defined by the U.S. Special Operations Command as “Non-intelligence activities conducted prior to D-Day, H-Hour, in likely or potential areas of employment, to train and prepare for follow-on military operations.”

I don’t think this was ever official policy, but OPB was widely viewed as a powerful tool to break the CIA’s stranglehold on covert action, at least on the operational level. Given that CYBERCOM is a unified combatant command finally gaining independence from NSA and the IC in general, this embrace of OPB is a natural progression. What else CYBERCOM copies from JSOC’s authorities and tactics, techniques and procedures (TTP) will be interesting.

It could also be quite dangerous. Cyber operations are here to stay. They are becoming more effective for reconnaissance and attribution, for disrupting a target’s networks and infrastructure and for perception management. The inhibitions against engaging in these operations are relaxing.

An interesting point in the NYT story is that it appears Trump has not been briefed on this stuff. Perhaps CYBERCOM and DoD don’t consider this level of OPB rising to the level of Presidential decision making. Pulling the trigger on grid disruption certainly should. Why wouldn’t they brief the President? Is it to keep him in the dark out of a lack of trust? That’s disheartening. Now with the story published all over the world, DoD should feel impelled to fully brief the President.

The best outcome would be Trump pushing for negotiations with Russia, China and maybe others to develop a de-escalation/non-proliferation treaty on cyber operations with the same vigor and earnestness that we once approached nuclear weapons.

Source: Sic Semper Tyrannis