AILSA CHANG, HOST:
Government documents released this week crack open the first cyber offensive the U.S. government has ever acknowledged launching. It hacked ISIS networks back in 2016. U.S. Cyber Command took ISIS drives and servers offline, making it harder for the terrorist group to spread its propaganda. And along the way, the government was able to collect all sorts of intelligence. These documents not only show what U.S. Cyber Command did, but also the challenges it faced in carrying it all out. George Washington University's National Security Archive filed a Freedom of Information request for these documents and then made them public.
I spoke with the archive's cybersecurity fellow Michael Martelle.
MICHAEL MARTELLE: We learned from the documents that U.S. Cyber Command internally considered this the most complex offensive operation that had been undertaken up to that point, and that brought with it a bunch of challenges that came out of that scale and...
CHANG: Like what kind of challenges?
MARTELLE: So there are a lot of buzzwords that come from this - things like deconfliction, coordination. What this means is making sure that we're not stepping on each other's toes, right? There are...
CHANG: You mean with other agencies within the U.S. government.
MARTELLE: With other agencies but also with other countries, right? And so that means that, for example, if U.S. Cyber Command operators want to take out a server, that another intelligence agency isn't relying on that server for surveillance and that by taking out that server, you then, you know, disable an intelligence-collecting operation by someone else.
CHANG: What's interesting is these documents also show that other actors out there may have suspected the U.S. was trying to hack into ISIS networks. And they just kind of hovered around, kind of spying to learn what methods the U.S. was using in order to mimic those methods, perhaps.
MARTELLE: It sure looks that way. It's important to remember that conflict in cyberspace is rarely a two-player game. There are lots of other people sort of orbiting around the edges, watching what you're doing, especially when you're operating on networks that you don't own. And this is something that's raised a little bit of concern and raised some risk when the U.S. is looking to adopt a more forward presence in cyberspace. This exposes U.S. operations to observation by other actors.
CHANG: It opens up new vulnerabilities when the U.S. is trying to launch offensive cyberattacks.
MARTELLE: Potentially, yeah.
CHANG: You got these documents because your organization filed a Freedom of Information Act request. You did not have to fight for years in court to get these documents eventually. What do you think that tells us? Why do you think the government complied relatively easily in this case...
MARTELLE: Sure.
CHANG: ...To give you these documents?
MARTELLE: I think - and this is just my theory. I think there's some benefit to them to start having these conversations out in the open. I think they want to demonstrate, to a certain extent, their utility to national security in what they can do. There is a potential for - a strong potential for these sorts of operations, despite their covert nature, having a huge impact in how the United States secures itself. And because of that, we need to be having fairly public conversations about fairly covert capabilities. And being able to discuss these issues over declassified documents like this is valuable to everyone, whether you're a member of the public or whether you're a covert operator.
CHANG: Michael Martelle is a fellow at George Washington University's National Security Archive.
Thank you very much for dropping by today.
MARTELLE: Thank you.
(SOUNDBITE OF DAN THE AUTOMATOR'S "FULL STAR") Transcript provided by NPR, Copyright NPR.