What defense leaders (are now willing to) tell us about offensive cyber ops The Defense Department as well as the individual services have slowly but surely provided details regarding their offensive efforts in cyberspace, most notably the fight against the Islamic State group in Iraq and Syria. Former Secretary of Defense Ash Carter trotted out his assignment to Cyber Command to start generating offensive effects against the organization. His deputy, Bob Work, who continues to serve as the acting deputy secrecy of defense, went as far to say DoD is dropping “cyber bombs” on ISIS. The effort, dubbed Joint Task Force-Ares, was stood up by Adm. Michael Rogers, the commander of Cyber Command, “to coordinate cyberspace operations against ISIS,” he said in written testimony to Congress. “JTF-Ares’ mission is to provide unity of command and effort for USCYBERCOM and coalition forces working to counter ISIS in cyberspace. The JTF model has helped USCYBERCOM to direct operations in support of USCENTCOM operations, and marks an evolution in the command-and-control structure in response to urgent operational needs.” “The Task Force has brought cyber out of the shadows and successfully demonstrated the value and capabilities of cyberspace operations to the Joint Force when integrated as part of broader coordinated military effort,” Lt. Gen. Paul Nakasone, the commander of Army Cyber Command and JTF-Ares, wrote in congressional testimony this week. “The department has been open in terms of our actions against ISIS in cyberspace. We have Joint Task Force-Ares of which I command stood up to take on ISIS in a manner that Vice Adm. Lytle recently described,” he told members of the Senate Armed Service’s subcommittee on cybersecurity, referencing comments made earlier in the hearing by Vice Adm. Marshall Lytle III, director for command, control, communications and computers/cyber and chief information officer on the Joint Staff, who said offensive capabilities can include those that deny adversary access to manage adversary systems, to cause havoc among adversary’s systems or “cause kinetic effects on the other end of the wire.” “We are rapidly establishing relevant operational capability in support of the warfighter. We have experienced tremendous growth in operational capability over the past year as we have fully supported the delivery of operational cyberspace effects under Joint Task Force-Ares, a USCYBERCOM led effort designed to support C-ISIS efforts in U.S. Central Command (USCENTCOM),” Maj. Gen. Lori Reynolds, commander of Marine Corps Forces Cyberspace Command, wrote in congressional testimony this week. “I think what we are learning is the importance of being able to counter a message, being able to attack a brand – in this case attack the brand of ISIS – and then the other thing is how do we do this with the speed and accuracy that is able to get at an adversary that six months ago was moving uncontested in cyberspace? I think we have learned those things over the past six months and I think that we as a department have done that much better,” Nakasone added. Rogers also explained how the force is learning as it’s doing. He told members of the House Armed Services Subcommittee on Emerging Threats that a few years ago one of the fundamental concepts was that they would always deploy forward in full teams. “One of the things we found with practical experience is we can actually deploy in smaller sub elements, use reach back capability, the power of data analytics, we don’t necessarily have to deploy everyone,” he said. “We can actually work in a much more tailored focus way optimized for the particular network challenge that we’re working. We’re actually working through some things using this on the Pacific at the moment.” “We have been very public and acknowledged the fact that we’re using cyber offensively against ISIS not just because we want ISIS to know that we’re contesting them but because quite frankly we also think it’s in our best interest for others to have a level of awareness that we are investing in capability and we are employing it – within a legal, law of armed conflict framework, not indiscriminately,” he added.