U.S. Cyber Command’s flagship operation against Islamic State faced a number of early snags, including problems with interagency coordination and difficulties gaining timely authorization to launch cyberattacks on targets, newly declassified documents revealed.
The heavily redacted documents, published Tuesday, January 21 by the National Security Archive at George Washington University following a Freedom of Information Act request, say that an intervention by the Obama-era National Security Council which delayed the operation’s rollout negatively impacted its effectiveness, though no further detail is given.
Operation Glowing Symphony was executed by CYBERCOM’s Joint Task Force-Ares, formed in 2016 with the intent to disrupt ISIS’s capabilities and activities in cyberspace. The documents include operational reviews up to 120 days following Glowing Symphony’s November 2016 approval, at the height of the Coalition’s fight against ISIS in Iraq and Syria.
The Washington Post has previously reported that the NSC initially delayed execution of Operation Glowing Symphony due to objections raised by the FBI and CIA, which opposed the operation’s proposed authorization to attack ISIS networks based in some 35 countries without informing the local governments first.
Other U.S. agencies feared such cyberattacks could jeopardize their cooperation with international law enforcement on counter-terrorism work.
Officials told the Washington Post in 2017 that “at a very basic level,” Glowing Symphony aimed to remove ISIS media content from the internet – considered a key tool for the group’s global recruitment.
Commanded by General Paul Nakasone, Task Force-Ares was initially conceptualized to develop malware to destroy ISIS networks, computers and mobile phones, according to 2016 CYBERCOM documents.
The operation also aimed to disrupt ISIS’s abilities to plan and carry out attacks across the world and disrupt its battlefield capabilities in Iraq and Syria.
Task Force Ares was intended to support Operation Inherent Resolve, the U.S.-led Coalition’s military mission against ISIS in Iraq and Syria, though it did not fall under the command of CJTF-OIR or U.S. Central Command.
The experiences of Operation Glowing Symphony, considered CYBERCOM’s “most complex offensive cyberspace operation” to date at the time, have informed the U.S.’s planning and execution of other cyber operations, including its response to Russian activity during the 2016 U.S. presidential election.
Glowing Symphony may have also supported the Coalition’s kinetic action. General Stephen Townsend, commander of CJTF-OIR during key battles against ISIS, revealed in May 2018 that a joint operation involving U.S. cyber capabilities helped to locate and destroy an ISIS command post in the middle Euphrates river valley after the Battle for Raqqa.
Townsend noted at the time that the operation was a success against ISIS, a non-state actor, but said it took too long to have been executed against a near-peer competitor like Russia or China.
“We are going to have to do better,” Townsend said at the time.
Learning from Task Force Ares
Joint Task Force-Ares has served as something of a model for subsequent offensive U.S. cyber operations, inspiring the use of a task force in response to Russia’s interference in the 2016 election.
Among Glowing Symphony’s earliest problems was lack of sufficient storage for all the data collected from ISIS networks, the latest documents reveal, “an indication of the operation’s scope relative to USCYBERCOM’s capacity at the time,” the archive’s report reads.
JTF-Ares also faced hurdles gaining targeting authorization that may have hampered operations in the field.
In addition to normal targeting approval procedures, JTF-Ares was saddled with another vetting and deconfliction process even after gaining the green light from combatant command.
At the time, CYBERCOM was actively coordinating with CJTF-OIR and CENTCOM to synchronize attacks against ISIS during the pivotal Battle of Mosul.
“The Operation forced the maturation of processes related to target validation, operational deconfliction, and inter-agency coordination. It also revealed shortcoming’s in data exploitation capabilities,” the report reads.
While the CYBERCOM assessments conclude Glowing Symphony was successful, it is difficult to measure its impact on ISIS’s activities without further declassifications.
Researchers have measured a decrease in ISIS’s English-language online activity following the operation’s approval in November 2016, but the decline also coincides with an increase in Coalition airstrikes and advances on the battlefield against the group.
While Glowing Symphony’s tasks were assessed to have “imposed time and resource costs” on ISIS, the redacted reports do not reveal whether the operation achieved its wider intended effect.