Skip to content

Offensive Cyber Operations: A Double-Edged Sword

By Darshan Vijaykumar

As stated by the Department of Defense in 2018, “American prosperity, liberty, and security depend upon open and reliable access to information.” The Department of Defense stressed the importance of this statement in their 2018 Summary of Cyber Strategy. This document is important because it provides an overview of how the United States is going to use offensive cyber operations (OCOs). The 2018 summary marks a shift from cyber retaliation to cyber persistence because before the year 2018, the United States mainly relied upon defensive cyber operations and retaliatory strikes. In the aforementioned 2018 Cyber Strategy Summary, the Department of Defense laid out that OCOs differ from defensive cyber operations because offensive cyber operations “disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.” While there are examples of U.S. OCOs occurring between 2018, the 2018 DoD statement is the first formal statement the U.S. has released that acknowledges and details the United States’ use of OCOs but in a world rampant with cyber attacks, it begs the question as to whether the benefits of the U.S’s use of OCOs outweigh the harms. 

In the current status quo, the U.S.’ use of offensive cyber operations is a double-edged sword. On one hand, offensive cyber operations are a necessary evil; however, on the other hand, it seems that there is currently not enough information and regulations set in place to ensure that OCOs will not escalate tensions. 

Before the U.S. began implementing offensive cyber operations in 2018, the American economy was suffering great losses as a result of foreign cyber theft. According to CNBC in 2015, cybercrime resulted in a $100 billion annual loss to the U.S. economy, and as many as 508,000 lost jobs. One aspect of cybercrime is the theft of intellectual property. Intellectual property can make up as much as 80% of a company’s value. U.S companies have lost over $556 billion in cyber theft from foreign actors in the years of 2015-2018. It is evident that in a world without offensive cyber operations, these companies will continue to get hacked. While there is still uncertainty regarding the ability of OCO’s to deescalate tensions, the only way to stop the losses suffered by private companies is by having the U.S hack back against foreign actors that target our businesses. 

Apart from the economic benefit of offensive cyber operations, OCOs lead to a decrease in violence and the use of conventional warfare. Cyberattacks diminish rather than accentuate political violence by making it easier for states, groups, and individuals to engage in two kinds of aggression that do not rise to the level of war: cyber-sabotage and espionage. Weaponized computer code and computer-based sabotage operations make it possible to carry out highly targeted attacks on an adversary’s technical systems without directly and physically harming human operators and managers. Furthermore, traditional forms of warfare can not achieve the same feat because a majority of the time traditional warfare puts U.S soldiers in dangerous situations, and leads to many civilian lives being lost. Thus, OCOs limit the number of casualties and are much more refined than traditional forms of warfare.   

Furthermore, OCOs decrease the number of conventional warfare tactics that are used. Cyber warfare makes conventional warfare systems that employ computers and electronics operationally less effective. Bruce Sussman further elaborates upon how OCOs are revolutionizing warfare when he writes regarding a situation in which Iran shoots down an American drone and states “Shooting this drone down, a physical act, was expected by many to lead to a physical military attack by the United States but this was not the case. Instead, U.S Cyber Command disabled Iranian computers that launched missiles and rockets. In other words, an act of physical warfare led to an act of cyber warfare in response.” While this example does not necessarily prove that all acts of traditional warfare will be met with cyber-attacks, the very fact that this form of retaliation is a possibility is important. Thus, OCOs on balance decrease the number of casualties by giving the U.S the ability to retaliate in ways that do not escalate tensions. 

Regardless of the benefits provided regarding OCOs, it is important to understand the current limitations to this form of warfare. The overall concern should be that there is a great deal of ambiguity concerning OCOs both in the laws and the operations themselves. The vagueness of international laws regarding OCOs creates disagreements on the acceptance of cyber attacks and their motives. There is no Geneva Convention for cybersecurity. In late 2016, U.S. Cyber Command operators wiped Islamic State propaganda material off a server located in Germany. The German government was only notified after the operation, causing much frustration. While the U.S. Cyber Command’s reported action may have violated Germany’s sovereignty, it didn’t explicitly violate the memorandum set in place by international law. This reveals an uneasy situation within cyber cooperation: allies do not agree on the appropriate procedures and boundaries for offensive cyber operations. Until the international laws are set in stone, there is no guarantee that American OCOs will be able to maintain the trust and confidence of their allies. 

Apart from international law, OCOs themselves have the ability to create ambiguity and confusion. Cyber operations can target military computers, and more specifically OCOs can threaten the stability of nuclear deterrence, but the outcome from cyber engagement might not be crippling to a country’s nuclear capabilities. Regardless, OCOs create confusion as to whether a country will be able to use its nuclear arsenal as OCOs can target the military computers that are necessary to activate nuclear weapons. When a country isn’t sure if they still have control over their nuclear weapons, they could act in paranoia and in ways that are detrimental to the safety of millions of lives. 

With this new type of warfare being developed around the world, interpretations and perspectives are so diverse yet are so crucial. Confusion will not only occur in enemies but will also occur between allies. However, it seems that the U.S does not have much of a choice because if the U.S does not implement OCOs then it will continue to suffer great losses both economically and politically. Although the arbitrary international laws pose an important problem and need to be agreed upon, this form of warfare seems like a necessity to protect the well-being of American citizens and the economy.