The question of why the Internet still works in the Islamic State’s stronghold of Raqqa, Syria, came up during the House Armed Services Committee hearing on the military’s cyber operations yesterday, and the answer was less than reassuring. At issue are concerns that President Barack Obama’s bloated and politicized National Security Council is micromanaging the military — including its cyber force — to the mission’s detriment.
Rep. Martha McSally, a retired fighter pilot, posed the question to the assistant secretary of defense for homeland defense and global security, Thomas Atkin: “We have known cells in Raqqa that are directing training, that are directing operations very specifically targeting against Americans,” McSally said. “Why is the Internet not shut down in Raqqa?”
Atkin noted that he would give a more detailed answer during the closed-door hearing in the afternoon, but answered in general terms. “Certainly going after specific nodes to hamper and stop the use of the Internet by ISIS is important, but we also have to respect the rights of citizens to have access to the Internet,” he said. “So it’s a careful balance, even in Raqqa.”
McSally began her questioning by asking why it took so long for the United States military to start cyber operations against ISIS. The operations started only a few months ago, she noted, while the Islamic State declared their caliphate two years ago.
Atkin said that cyber operations started a little more than a few months ago, but couldn’t give an exact time frame.
Later on in the hearing, House Armed Services Committee Chairman Mac Thornberry expressed his concern regarding Atkin’s answer about protecting the rights of citizens in Raqqa. “I understand the concept of proportionality,” he said, “but are you arguing that the citizens of Raqqa have some sort of inherent right to access the Internet that you all have to try to weigh?”
“Taking out the Internet” isn’t a straightforward operation, Atkin replied. The Islamic State and other guerrilla/terrorist forces often rely on civilian infrastructure, so shutting down their Internet service provider also cuts off legitimate civilian users in a wide area. “How that effect occurs has greater impact than just against the adversary and we have to weigh that into all our operations,” he said, “whether that’s a kinetic or a cyber operation.”
After some additional back and forth — ending with an awkward silence from the administration witnesses — Thornberry reserved further questions for the classified hearing. “Okay, well, we’ll talk more about it,” he said, “but, again, I am not yet reassured.”
The administration’s position is that cyber operations must follow the same laws of war as physical combat, and that cyber attacks require the same kind of review as kinetic strikes. That includes such considerations as collateral damage — e.g. in shutting down the terrorists’ Internet access, do you take it out for innocent civilians as well? — and proportionality — is the damage to civilians excessive for the military gain?
“Our operations in cyberspace are subject to the same rules as every operation, so we’re constrained by the laws of armed conflict and other limitations,” said Lt. Gen. Kevin McLaughlin, deputy commander of CYBERCOM. “We feel like we have the authorities and flexibility we need.”
Thornberry noted that all too often in the air war, “by the time you get permission to do it, the target is gone… I have personally talked to pilots who have had that happen.” He said, “I’m concerned, I guess, that we are developing the same multi-layered bureaucracy, decision-making process, when it comes to cyber.”
Republicans aren’t the only ones worried that the White House is hamstringing the military’s ability to fight wars efficiently.
“What if any role does the NSC play in your cyber operations?” asked the committee’s senior Democrat, Rep. Adam Smith. “This is a subject that’s come up in our hearings(:) the increasing role of the NSC over the top of, in some cases, the Department of Defense.”
“We keep them advised of the operations we have ongoing through the interagency process,” said Atkin. “When necessary we coordinate and get the president’s permission to conduct operations when his permission is inquired.”
“We may want to pursue that a little further,” broke in Thornberry.
One way to streamline the bureaucratic process would be to make Cyber Command a stand-alone combatant command (COCOM), rather than a subordinate unit of Strategic Command as it is today. Thornberry and Smith both advocate this reorganization and included it in their draft of the National Defense Authorization Act for 2017, although the Senate doesn’t include similar language.
Thornberry and Smith want to see CYBERCOM stand on its own as a combatant command, which Atkin says is still in the development stage.
Rep. Smith asked what the holdup is.
“Our biggest challenges are going to be resources,” said Atkin.
Here is the entire House Armed Services Committee hearing on military cyber ops. McSally’s question comes one hour and ten minutes in.