Part one of this series was mainly focused upon the bigger picture and large scale aspects of the Silent War. The efforts made by our government to task organize and bolster the manpower requirements of USCYBERCOM have not gone unnoticed. For those unfamiliar, the first segment in this series was to provide those with limited knowledge of this war with a broad overview of what assets are taking part in it and where. Military and defense specialists commonly brief their materials in a similar fashion: start with a 40,000 foot view of the entire battlefield and concept of operations, then begin to focus on the finer points of the operation. This method provides the audience with a baseline knowledge of the greater scheme of maneuver and overall goals (both political and military) of the entire operation. That being said, reading part one of this series is recommended prior to diving into this sequel.
As resources and manpower have begun to flood into the base at Fort Meade, few announcements have been made regarding their current development and overall strategy. One extremely relevant Press Release hit the airwaves on June 9th, 2020. The U.S. Cyber Command/NSA Election Security Group Public Affairs released information regarding their new creation: “The Cyber 9-Line.” They described it as “a template of questions that participating National Guard units use to quickly communicate a cyber incident to USCYBERCOM. The data provided enables USCYBERCOM’s Cyber National Mission Force to further diagnose a foreign attack and provide timely, unclassified feedback back to the unit, who shares with state and county governments to address the cyber incident.”
Many veterans of the Post 9/11 area are all too familiar with the concept of a “9-Line.” For the men and women on the ground fighting the Global War on Terror around the globe, knowing your 9-Line Casevac Request verbatim can mean the difference between life and death. To explain further; for a Medical Evacuation of a casualty to take place, information must be given to the unit (likely helicopter-borne assets) tasked with picking up the wounded individual(s). This information is organized into 9 separate radio transmissions (lines) that give the casevac rescue team proper insight into what to expect upon arrival. Ensuring the proper medical equipment and supplies are ready the second the casualty is loaded aboard the helicopter can make all the difference in the survival or expiration of that patient. A 9-line also provides the helicopter pilots and crew members with valuable information regarding the current situation on the ground. In a situation where the LZ (landing zone) is under concentrated fire, the pilots can make proper decisions regarding approach angle and altitude in order to avoid enemy fire. Reciting ones 9-lines quickly and accurately in a stressful scenario has proven to be invaluable on battlefields across the globe.
The Cyber 9-Line takes those same principles of requiring fast, organized, and accurate information gathered by sources near the location of the cyber incident, then responds by deploying a team of experts to the location in order to isolate the breach and minimize the damage. With much of the world being misled into believing Russian cyber attacks were conducted upon the Democratic National Committee in the midst of the 2016 election, the NSA and USCYBERCOM has made it their mission to accurately identify and prevent similar attempts. The world now knows (or should know) that the DNC hacks were NOT conducted by any Russian military unit or intelligence agency. The files delivered to Julian Assange were given to him by a DNC staffer by the name of Seth Rich. He was murdered on the streets of Washington, D.C. shortly thereafter. To this day, his murder has not been solved.
These known facts have been corroborated by a report from a group called Veteran Intelligence Professionals for Sanity. Led by Bill Binney (a legend in the Cyber Intelligence Community), this group successfully debunked claims that Russia was involved in hacking the DNC. Using data that explains the rate of which these thousands of files were uploaded onto an external hard drive, Binney’s group “dug deep and came up with verifiable evidence from metadata found in the record of the alleged Russian hack.” To further elaborate on their findings, the report states: “They found that the purported “hack” of the DNC by Guccifer 2.0 was not a hack, by Russia or anyone else. Rather it originated with a copy (onto an external storage device – a thumb drive, for example) by an insider. The data was leaked to implicate Russia.” Had a course of action, such as the Cyber 9-Line, been implemented and consulted immediately following this cyber incident, the truth regarding who was behind this leak would not have taken years to uncover.
On July 20th, 2020 the Association of the U.S. Army (AUSA) conducted a virtual event which included some very important remarks from General Paul Nakasone. Both the NSA and USCYBERCOM fall under the command of Gen. Nakasone and he has proven himself to be both well versed and extremely invested in the success of their mission. During this virtual event, the General explained, “Our number one goal, our number one objective at the National Security Agency and U.S. Cyber Command — a safe, secure and legitimate 2020 election.” The 2018 midterm elections provided the experts at Fort Meade with the building blocks to better prepare for the upcoming 2020 election. Gen. Nakasone added that another primary aim of this joint cyber coalition is to “know our adversaries better than they know themselves.” He elaborated further, “2018 was a really remarkable year because at that point we had well-trained and well-led forces at U.S. Cyber Command and NSA come together with the right authorities and policies and also match with this idea of having an organizational construct.”
Much like many workers in the civilian cyber security markets, staying ahead of competitors as well as malicious actors is absolutely paramount. Unfortunately for this type of work, those attempting to breach security networks dictate the evolution of programming and prevention by successfully breaking the security already in place. Being proactive and reactive to cyber incidents has to be the main priority; it is no small task. The Silent War Continues…