KELLY MCEVERS, HOST:
From the Pentagon this week came word that more than 200 additional U.S. troops are headed to Iraq. They'll join the upcoming fight to take back the city of Mosul from the Islamic State. And as that battle unfolds on the ground, a parallel war against ISIS is unfolding online. NPR's Mary Louise Kelly reports the U.S. is stepping up cyber attacks against ISIS even as the rules for cyber warfare are still being written.
MARY LOUISE KELLY, BYLINE: Let's start with one day last spring. Ash Carter had driven out to the headquarters of U.S. Cyber Command. It was his first troop event in the U.S. as the new secretary of defense. Wearing a dark suit, red tie, American flag pin on his lapel, Carter faced a sea of men and women in uniform and admitted it's a challenge figuring out where their cyber skill sets fit in the traditional armed services.
(SOUNDBITE OF ARCHIVED RECORDING)
ASH CARTER: They are trying to figure out how to welcome this new breed of warrior to their ranks. What's the right way to do that? How do you fit in?
KELLY: This new breed of warrior, Carter went on, will be expected to fight just as hard as their colleagues on the conventional battlefield.
(SOUNDBITE OF ARCHIVED RECORDING)
CARTER: We regard you as on the front lines in the same way that last week I was in Afghanistan, and we have people on the front lines there.
KELLY: In the 13 months since Carter gave that speech, the cyber campaign against ISIS has taken off. U.S. officials describe to us an escalation in activities, from using cyber to geo-locate a particular ISIS leader to hacking into and then surveilling a particular computer. That is despite big, outstanding questions about how cyber operations should work, including who's in charge.
SUSAN HENNESSEY: The chain of command is clear on paper. It's much more difficult to understand in practice.
KELLY: That's Susan Hennessey, who, until a few months ago, was a lawyer at the Nation Security Agency. She describes, quote, "an invisible war of lawyers arguing over what counts as a cyber operation." And when does it become electronic warfare like jamming an enemy radar?
HENNESSEY: So you'd see defense department attorneys. You'd see attorneys on the National Security Council staff. You might see attorneys on the State Department staff or other parts of executive agencies saying, wait a minute; I don't think that is electronic warfare. And so you're going to see a lot of individuals really all working to define this space and understanding who's in charge based on a given activity.
KELLY: Is it fair to say that we're still figuring out the rules for cyber warfare even as the U.S. engages in it?
HENNESSEY: I think that's certainly true.
KELLY: Here's an alternate view. Michael Sulmeyer served until last year as director of plans and operations for cyber policy at the Pentagon. He believes the cyber chain of command is fairly straightforward, but he says other key questions are in play, such as how to weigh the risk of collateral damage. For example, do you target a cellular network that ISIS leaders are using to communicate if doctors at a local hospital are using it, too? And Sulmeyer says, consider this. Do established military standards for self-defense supply?
MICHAEL SULMEYER: If you're a tactical unit deployed out front and forward, what happens if you start taking incoming fire? When can you fire back? How that plays out in cyberspace is something that I don't think has been very publicly discussed.
KELLY: Sulmeyer, now at Harvard's Belfer Center, is in the midst of writing about what cyber rules of engagement should look like in the future. The Pentagon now officially recognizes cyberspace as the fifth domain of warfare after land, sea, air and space. Sulmeyer says that along with the urgency of the campaign against ISIS is prompting military planners to think creatively both about how to govern and how to weaponize the cyber battlefield. Mary Louise Kelly, NPR News, Washington.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.