The details of how the military works within the cyber world is often classified, much to the chagrin of researchers and the media. And when it comes to using cyber operations to fight counterterrorism, such classification is due to the low barrier of entry to enter the battlefield.

“The reason some of this is extremely classified … is because the hurdle to get into this environment isn’t that high. This isn’t nuclear war,” Marine Corps Brig. Gen. Len Anderson, deputy commander of Joint Task Force-Ares, U.S. Cyber Command’s effort to counter ISIS online, said Sept. 16 during an event at the Atlantic Council. “Anybody with a laptop in a café can suddenly be out there and in the same tactical environment.”

Ares’s first commander, Army Lt. Gen. Edward Cardon, told reporters in 2016 that the secrecy behind the effort was because any cyber event can be reverse engineered. He pointed to capture-the-flag tournaments in which teams are faced with the decision to patch or to turn vulnerabilities into weapons.

Anderson explained that anyone who is somewhat technically savvy, including those associated with ISIS, can jump in the battlefield. That’s why “we have to keep what we’re doing under fairly tight wraps,” he said.

Another problem is that hackers rely on the same commercial infrastructure available to nearly anyone in the world, which makes planning a disruption of those services particularly thorny.

“Infrastructure is a touchy one, right? Because then we find ourselves into the physical domain and where that’s located,” Anderson told Fifth Domain. This becomes an issue regarding the actual physical servers used by ISIS members around the globe. In some cases, those servers could be housed in a neutral country.

According to a Washington Post report from May 2017, the United States did not inform some third party nations where ISIS infrastructure was located as part of Operation Glowing Symphony in November 2016. The event was the largest offensive cyber operation to date that targeted ISIS’ infrastructure.

The decision frustrated those nations. Officials have tried to assuage concerns that they provide the proper notifications.

“In the defend forward construct, clearly, we want to work with like-minded, close partners. This year, this international outreach and partnering has been a key bellwether. It’s been a priority for us in the cyber policy shop,” Burke “Ed” Wilson, deputy assistant secretary of defense cyber policy, said at a June event hosted by Defense One. “We’ve been moving around with our close partners and dialoguing about the ways we can cooperate together, how do we advance that."

Anderson explained that the military sometimes wants to let ISIS know they are being watched.

But they have to determine the right laws and policy.

“Whether it’s cyber or kinetic, we’re still under the law of war, so we have to, one, determine where that is and if we find that out and we can’t hand that off to another intelligence agency or local law enforcement, then we’re at an ends until we can get our higher policy makers to come to some agreement at a higher government level to get after that problem,” he said.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In