On June 21, 2013, the Chairman of the Joint Chiefs of Staff, Gen. Martin Dempsey, issued a classified order authorizing the military to conduct an operation in cyberspace. That the order came down through the military chain of command, from President Barack Obama to Secretary of Defense Chuck Hagel and then to Dempsey, seems beyond doubt. The question is, did the military actually launch a cyber attack on a computer network -- which would be one of the few in documented history -- as a result of the order?
That's the intriguing possibility raised by an Air Force document released earlier this month that contains a single, veiled reference to a "execute order," or a command to initiate military operations. One sentence in the 15-page document, which is filled with military jargon, states that command and control procedures governing the Air Force's offensive and defensive operations in cyberspace "are addressed in a classified CJCS Execute Order (title classified) issued on 21 Jun 13." (The acronym refers to the chairman of the Joint Chiefs.) The existence of the document was first disclosed by Steven Aftergood of the Federation of American Scientists.
An execute order is the equivalent of a green light for battle. But the document says nothing about whether this particular order was followed by any further instructions or if it precipitated a cyber strike by the Air Force. And it says nothing about what the target might be. The United States used a cyber weapon to disable centrifuges inside an Iranian nuclear plant between 2007 and 2010. If the Air Force order pertains to an actual attack, it would be one of the few documented instances of the military doing battle on a computer network.
But former military intelligence officers, including two with first-hand experience conducting offensive operations on computer networks, urged caution, saying that the document could could be a kind of "standing order" and indicate that the Air Force is gearing up for a possible cyber attack, but not that it has necessarily conducted one. The Army, for instance, has for several years had a standing execute order that describes the duties and responsibilities of all aspects of cyber operations within the Army's own computer networks, but it didn't direct forces to carry out a specific operation, like an attack, said one former official.
An order to strike a computer network would also come from the commander of U.S. Cyber Command, who oversees cyber war and defense for all branches of the armed forces, the formers officials said. The current commander, Gen. Keith Alexander, is expected to step down soon and would be replaced by Adm. Michael Rogers, whose nomination is pending in the Senate. If there had been an attack, it would likely be spelled out in another document, called an "operational order," from the cyber commander, one former official said.
Of course, such an order might exist. The Air Force document makes no mention of one. If Alexander did issue it to Air Force cyber forces, it would probably have been pursuant to the execute order given by Dempsey in June.
The Air Force didn't provide a comment for this article in time for publication.
Even if there was no cyber attack, the document further shows how Obama and his top military advisers have been laying out plans for the military to conduct operations in cyberspace and offers a rare glimpse into the bureaucratic workings of America's growing cyber force. It shows that, just as in conventional operations, rules and regulations, chains of command, and official hierarchies govern nearly every move the military makes.
The military's cyber war plans and the measures it takes to protect government networks are among the most highly classified secrets in the in the military. Senior officials have publicly declared cyberspace a "fifth domain" of operations where the armed forces must be ready to use force -- just as they are on land, in the air, at sea, and in space. And U.S. military and intelligence officials say the threat of cyber attacks from American adversaries, including China, Russia, and Iran, is growing.
The Air Force in particular has some of the most technologically savvy and experienced groups of cyber warriors in the armed forces. In an interview with Foreign Policy last July, Lt. Gen. Michael Basla, the Air Force's chief of information dominance and its chief information officer, said that Obama had begun to lay out lines of authority for conducting cyberspace operations.
Those rules are spelled out in a classified presidential directive that Obama issued in October 2012, but was never published. Revealed last year by the former NSA contractor Edward Snowden, the directive makes clear that only the president can authorize the military to conduct cyber attacks, with the exception that the secretary of defense may give the order in the event of a national emergency, such as an imminent attack on a U.S. power grid or piece of critical infrastructure that could result in loss of life or significant damage to the economy. It also instructs the military to identify potential targets and be prepared to strike at them on the president's order.
The directive went out eight months before the Air Force execute order, suggesting that the latter could be an effort to codify the procedures for conducting a cyber strike should the president ever call for it.
"An execute order like this could describe a specific operation, but it could also be an order to implement a broad-based policy," like the president's directive, one of the former military intelligence officials said.
William Belcher / U.S. Air Force