The US, for the first time, has declared cyber-war on the Islamic State. This is not only the first declaration against that particular target but the first public declaration of cyber-warfare against any target.
Ashton Carter, US Secretary of Defence told press in a speech earlier this month, "I have given Cyber Command really its first wartime assignment." The Cyber Command, created in 2009, oversees both defensive and now offensive operations for the US Department of Defence will now “bring the fight to ISIS (Islamic State) in Syria and Iraq."
In practical terms, this “means interrupting their ability to command and control their forces, interrupting their ability to plot including against us here and anywhere else against our friends and allies around the world, interrupting their finances, their ability to dominate the population on territory they have tried to establish this nasty ideology."
Despite this being the first official announcement of offensive cyber operations against a hostile force in the Middle East, the US' hand in cyber-warfare is well known, especially in this region.
As far back as 2010, the Stuxnet worm was wreaking havoc on Iranian nuclear infrastructure. Purported to be designed by the US and Israeli intelligence services, the worm destroyed thousands of uranium enriching centrifuges, and collected intelligence on the workings of Iranian critical national infrastructure.
On a domestic level, the US' signals intelligence body, the National Security Agency have been well known to use intrusion technology, as was revealed by the Snowden revelations.
While the Islamic state have yet to show serious capability in this area, which many in the cyber-security and defence communities fear, the group have been remarkably effective in employing cyber-space to recruit, organise and spread propaganda.
Jarno Limnéll, professor of cyber-security at Finland's Aalto University and veteran of the Finnish army told SCMagazineUK.com that the cyber-capability of the Islamic state is worryingly effective. But, added Limnéll, this public declaration might open the door to much more than merely taking the fight to the Islamic State
This decision, says Limnéll, legitimises the use of such capability globally, “especially Russia (which) has been testing the boundaries of cyber battlefield during last years, and now U.S.´s decision will make (it) easier (for) Russia to even expand their cyber activities with less political risk. When the threshold of using offensive cyber capabilities is intentionally lowered, it is not a positive development in the interconnected world."
Ewan Lawson a Royal United Services Institute fellow and cyber-warfare expert dissents from Limnéll's position, telling SC that escalation is already a moot point: “looking at the range of targets that Russia or its proxies have been attacking of late. You could argue that only by declaring a position that suggests it too is prepared to take action can the US get Russia to consider the consequence and to start to think about norms of behaviour.”
Rather, the significance of this announcement is “a move to put Cybercom on the same footing as the geographic commands and to do that it needs to be fighting someone in its own right rather than in support of the geographics.”