For months now, U.S. government hackers have been setting their sights on the Islamic State terror group, intent on wiping the self-declared caliphate from cyberspace much like U.S. and coalition aircraft have sought to wipe it from the face of the earth. Yet, some of those helping to lead the virtual charge admit it is not yet clear just how effective the cyber efforts have been.
Reinforcing the concerns is a sense, from both military and intelligence officials, that Islamic State may well prove to be as resilient and adaptable in the virtual battle space as it has been on the physical battlefield, if not more so.
Extent of success: uncertain
“It’s working well,” U.S. Director of National Intelligence James Clapper told an audience Wednesday during a speech in Washington, adding, “It’s kind of a work in progress.”
“I think we’re learning from this experience, having a real live operation,” he said. “As we progress further we’ll be able to make a more definitive assessment.”
U.S. officials have, so far, been careful in talking publicly about what U.S. cyber operations against Islamic State entail, though Defense Secretary Ash Carter said in late February a top priority would be “to interrupt, disrupt ISIL's command and control.”
Other goals have included overloading Islamic State cyber networks to the point where they can no longer function.
No complete assessment yet
While refusing to divulge much about the methods being employed, initial indications are that the efforts are having some impact that extends to the battlefield.
“It creates a lot of confusion on their part,” a U.S. official told VOA on condition of anonymity. “Their capabilities are degraded because of it.”
The degree to which those capabilities are degraded is the more difficult question to answer.
According to a senior military official familiar with cyber operations against Islamic State, it is still too early to know for sure. The official said the United States is still in the process of assessing the relationship between Islamic State’s computer networks and the group’s movement and execution on the battlefield, adding a more complete understanding will come as the number of cyber operations grows.
Some U.S. officials also see cyber operations against Islamic State as a “test case,” for learning how to strike the right balance between exploiting vulnerabilities to gain intelligence and attacking those vulnerabilities in order to shut down operations.
Yet another challenge is the breadth of Islamic State’s cyber operations. Beyond command-and-control of its operations, the terror group has relied on cyberspace to help govern its shrinking, self-declared caliphate, to spread its propaganda and to recruit new followers.
Islamic State has strong cyber operations
“ISIL is by far the most capable, most sophisticated user of the cyber domain,” National Intelligence Director James Clapper warned. “Our challenge there is the increasing turn towards encryption, which is making it much more difficult from a content standpoint to understand and have insight into their plotting.”
There are also concerns that even as Islamic State’s physical holdings in Iraq and Syria shrink, and as its conventional fighting force is degraded, that the group is still finding ways to build its cyber arsenal.
“There are some very intelligent bad actors who are cooperating with ISIL,” cautioned Congressman James Langevin (D-RI), the ranking member of the Emerging Threats and Capabilities subcommittee.
“It’s only a matter of time, I believe, before that gap is bridged and you do see the worst weapons in the hands of bad actors like ISIL,” he said.
In the view of some current and former U.S. officials, the group’s ever-evolving use of the internet and cyber technology makes the need for immediate success on the cyber battlefield all the more crucial.
“We here in cyber are at that inflection point,” said Maj. Gen. Christopher Weggeman, director of plans and policy at U.S. Cyber Command.
“We have to prove ourselves a capable adversary that has due diligence and the proper controls and mechanisms in place, and that we are as good as we say we are,” he said.
Turning to a more conventional military analogy, he explained, “We need to bomb and sink the boat.”
Not only would that eat away at Islamic State’s narrative of invincibility, but it could also serve as deterrence, for Islamic State and others.
“Really it’s about affecting the mind of the adversary,” said Charles Snyder, a senior advisor for cyber policy at the Defense Department, “making him perceive that the juice isn’t worth the squeeze.”