cyberarmscontrolblog

International Agreement for Control of Cyber Weapons

Month: January, 2017

Netherlands Armed Forces Cyber Warfare Profile

Limited Responsibility

One peculiarity of Dutch cyber policy is that the Netherlands Armed Forces are not responsible for protection of private (commercial) networks, nor even for other public networks. Instead, the Armed Forces appear to be responsible for their own military networks. There also is no role in fighting cyber crime.

cyber-netherlands-001

Figure 1 – The Netherlands Armed Forces have a Defence Cyber Command responsible for deployment of both defense and offensive cyber weapons.

In general, the information technology infrastructure of the Netherlands is the responsibility of its owners.

Nevertheless, the Netherlands Armed Forces have three priorities in cyber:

  1. Increasing defensive capabilities;
  2. Making better use of cyber for intelligence, and collecting intelligence information on cyber threats;
  3. Developing offensive capabilities.

If “offensive capabilities” were going to be used, it appears it would be only in response to attacks against the Netherlands military itself. Again this is a peculiar notion because if there were a cyber attack against civilian facilities, then this would presumably merit no counter-response from the Netherlands military.

Cyber Warfare Scenarios

In the Dutch view, a purely cyber war is not likely. Instead, cyber will be used in conjunction with a “kinetic” war. Cyber is thought of as a “force multiplier” for kinetic force. Much effort appears to be focused on coordination within the broader landscape of NATO.

References

Paul Ducheine, Frans Osinga, Joseph Soeters (Eds.), Cyber Warfare: Critical Perspectives, Ministerie van Defensie, NL Arms, Netherlands Annual Review of Military Studies 2012,

Advertisements

Russian Negotiating Positions on Cyber Warfare

Difficulty in Controlling Cyber Weapons

One of the chief criticisms of an international treaty for the control of cyber weapons is that countries simply would not agree to it because there is a risk of lessening nation state power. After all, why would a nation-state agree to limit its own cyber weapons.

Since the Russian Federation is a powerful actor in the cyber realm, it may be useful to examine its national cyber security objectives and then extrapolate to estimate Russia’s positions in any proposed international negotiations.

russian-negotiation-positions-001

Figure 1 – Inference of Russian Negotiating Positions in connection with cyber warfare and related information operations.

Russian Priorities for International Agreements on Cyber

Much of Russia’s Information Security Doctrine (ДОКТРИНА информационной безопасности Российской Федерации) is defensive in nature. Consequently, the threat recognized by the Russian Federation is the same as in other countries, including those in the European Community and United States.

Financial Crimes and Privacy Cyber Crimes. All countries recognize that financial crimes or stealing of personal information on citizens by hackers are criminal acts. In the Russian Federation, these are recognized also as serious crimes. The practical result is that Russia will be open to negotiations on any international treaty that strengthens law enforcement of international cyber crimes involving theft of money or personal information.

Hacking and Attacks on Cyber Infrastructure. Like in other countries, hacking attacks that are aimed at harming cyber infrastructure are illegal in Russia. Recent reports indicate the Duma (the Russian Congress or Parliament) is considering strong prison sentences for anyone convicted of harming cyber infrastructure through hacking. Again, the practical result is that negotiations that aim to increase international cooperation to combat this type of hacking should be possible between Russia and other nations.

Extradition Treaties. There have been a number of cases in which Russian authorities have wanted a criminal hiding in the West to be handed over, and a number of cases in which criminals located in Russia have been targeted for arrest outside of Russia. For the time being, there is no automatic way to handle extradition. Some countries, such as Israel, simply refuse to extradite their own citizens. We can expect that Russia might be willing to engage in negotiations with a limited purpose of agreeing to extradition arrangements for cyber criminals that are located overseas and yet through their criminal actions inflict harm in Russia. In order to have reciprocity, Russia would need to agree to hand over Russian citizens when they are indicted abroad for cyber crimes.

The general problem with extradition is that each nation handing over its citizens must be confident that the type of justice the person will receive in the receiving country is comparable to the standards found in their own country. For the time being, many countries do not recognized the Russian legal system as having sufficient level of quality to provide credible guarantees. Nevertheless, it might be possible to engage in negotiations, providing there is discussion of a special type of legal protocol for cyber-crimes. This would be a potentially useful area for international legal scholarship and exchange of information. There are many problem, not the least of which is the rules for evidence required for conviction. Nevertheless, until there are such arrangements in place, any extraditions will be handled by nation states on a case-by-case basis.

Information Operations Targeting Russia. In the Russian way of thinking, there is a danger of information operations being conducted by foreign parties against Russia. These are divided into two classes: Class 1 are actions taken inside Russia by organizations that have some connection, usually funding, from non-Russian sources; Class 2 are information operations conducted outside of Russia, even aimed at citizens of other nations, that harm the image of Russia or otherwise sow discord.

Although the Universal Declaration of Human Rights (Всеобщая декларация прав человекаis generally used as a basis for arguing that it is the right of every individual to communicate (even criticize) freely, Russia can plausibly argue that Article 29 ¶2 places limits on communications that disturbs morality, the public order, or general welfare of a nation.  The concept of public order (ordre publique) is very broad in nature. The consequence is that Russia has a legal argument. In addition, Article 30 prohibits information and communication that has the effect of destruction of rights and freedoms.  As a consequence, Russia has an argument that their broad definition of information threats to Russian sovereignty and public order are legal.

To go even further, it would by extension and analogy be possible to reference the United Nations Charter Articles 41 & 42 which give each nation state an inherent right of self-defense. As such, any nation should be able to defend itself against information operations that are a threat to its sovereignty or public order. The counter-argument to this line of thinking is that when the UN Charter was written, these articles referred specifically to military (kinetic) threats. So since information operations are not kinetic threats, then these self-defense articles do not apply. The counter-counter-argument that can be made is that although these Articles definitely apply to kinetic military operations, the major powers involved in the Second World War (Вели́кая Оте́чественная война́) all were heavily involved in various types of information operations. Therefore, since information operations at the time of the signing of the UN Charter were considered to be an inherent aspect of warfare, we can infer that the United Nations Charter and its inherent right of self-defense for nation states as seen in Articles 41 & 42 are inclusive of information operations.

The implication is that although it might be possible to engage Russia in discussions regarding an international agreement regarding control of information operations, the likelihood of success would be minimal because there is a conflict between the danger of information operations, and the need for freedom of the press. In addition, Russian media channels such as RT and Sputnik might be criticized in Europe or the United States in the same way CNN or Voice of America (VOA) might be criticized in Russia.   So the consequences are that Russia would be required to place limitations on the content of RT and Sputnik and all of its foreign media operations in exchange for other nations to do the same. These are unrealistic expectations for either Russia or any other nation to agree to, therefore, we can assess there is a very small chance we will see any successful negotiations on the international control of information operations conducted by nation states or major media channels. An additional complication is that the Internet already provides free access to most of the world’s television channels. (See Free Internet TV.)

Default to National Control. Since we can expect no international agreement to limit or control information operations, the only defensive solution is for nation states to take actions within their own territory to limit the supposedly corrosive influence of foreign information. This is the default position of the People’s Republic of China, and a number of other countries. Russia has not been as strict as China in this regard. The United States may be considering taking steps to limit the information operations of Islamic terrorist organizations such as ISIS (Daesh). This would represent a remarkable departure from a policy of almost 100% freedom of information.

Terrorist Propaganda.  Terrorist propaganda has been around for a long time, but the current debate is over control of ISIS (Daesh) propaganda that is being transmitted through various social media channels over the Internet. This may cause asyngnotic networks to emerge and trigger terrorist attacks. (See “The Cyber Intelligence Challenge of Asyngnotic Networks“.) The current trend is for nation states to consider censoring this information. Again, this will be done at the nation-state (default) level of control.

An additional argument that Russia might make in justifying these types of actions is found in Article 41 of the United Nations Charter. Here, the article specifically mentions “means of communications” as something that can be interrupted in order to maintain international peace and security.

Religious Dimension to Information Operations. There are arguments made that there should be no control over religious communications across borders, and that to limit these flows of information is to repress religious rights. The counter-argument is that there is no protection provided in any society for information of any type, even religious information, if it promotes hatred or racism, or incites violence. Therefore, “religious” communications from ISIS (Daesh) can be banned in all countries for public safety reasons. There is no “right” to transmit information that may cause people to become violent and endanger peace and security. No international agreement is needed to allow this type of censorship, as these rights of nation states already are written into treaties and agreements.

International Control of Cyber Espionage. Every nation spies, and every nation knows it. Espionage is information collection and analysis conducted by a nation state as a part of its national defense. Russia has a tradition of cooperating in sharing intelligence information under extremely limited circumstances, and when doing so is mutual, and the entire sharing operation is mutually beneficial. These agreements are made on a bilateral basis, and are not published or registered, so are beyond the scope of this analysis. Since every nation has an inherent right of self-defense, there will never be an international agreement to limit or control espionage, even that conducted via the Internet (“cyber espionage”).

Details of Russia’s Information Security Doctrine

By a Presidential Decree of December 5, 2016, Russia adopted a revised information security doctrine (ДОКТРИНА информационной безопасности Российской Федерации). What can we learn from this document that would anticipate Russian policy positions in international negotiations aimed at getting more cyber security for the world?

(Below is the original Russian. Above is not a translation, but instead is a gloss that summarizes the implications of the Russian doctrine. The pertinent Russian phrases have been underlined.)

II.7. Recognizes that information technology has developed into an international phenomena that is cross-border in nature.
(7. Информационные технологии приобрели глобальный трансграничный характер и стали неотъемлемой частью всех сфер деятельности личности, общества и государства.)

II.8(d). Suggests that the government of Russia desires to work at building an international political-legal framework that will help to stop use of information technology that harm stability and sovereignty. This is expressed as the desire for international agreements that will stop foreigners from using cyber to injure Russia’s “information space”.
((д) содействие формированию системы международной информационной безопасности, направленной на противодействие угрозам использования информационных технологий в целях нарушения стратегической стабильности, на укрепление равноправного стратегического партнерства в области информационной безопасности, а также на защиту суверенитета Российской Федерации в информационном пространстве.)

The Russian View of Cyber Threats

III.10. The international flow of information into Russia may help terrorists, extremists or other illegal activities. For example, under this way of thinking, the introduction of ISIS (Daesh) propaganda into muslim communities inside Russia is a serious cyber threat.
(Возможности трансграничного оборота информации все чаще используются для достижения геополитических, противоречащих международному праву военно-политических, а также террористических, экстремистских, криминальных и иных противоправных целей в ущерб международной безопасности и стратегической стабильности.)

III.10. There is a threat of information technology being introduced into Russia without having undergone adequate security testing, and without being integrated with the over-all national efforts at cyber security. (The United States does not have any such program.)
(При этом практика внедрения информационных технологий без увязки с обеспечением информационной безопасности существенно повышает вероятность проявления информационных угроз.)

III.12. Covert action by government secret organizations uses cyber for psychological warfare. In Russia, there is a view that human rights organizations (and others) may be secretly funded by foreign governments to weaken Russia. By “weaken” Russian doctrine means “destabilization of the political and social situation”.
(12. Расширяются масштабы использования специальными службами отдельных государств средств оказания информационно-психологического воздействия, направленного на дестабилизацию внутриполитической и социальной ситуации в различных регионах мира и приводящего к подрыву суверенитета и нарушению территориальной целостности других государств. В эту деятельность вовлекаются религиозные, этнические, правозащитные и иные организации, а также отдельные группы граждан, при этом широко используются возможности информационных технологий.)

III.13. Terrorist organizations use cyber to both sabotage Russia’s technical infrastructure, but also to distribute propaganda.
(Различные террористические и экстремистские организации широко используют механизмы информационного воздействия на индивидуальное, групповое и общественное сознание в целях нагнетания межнациональной и социальной напряженности, разжигания этнической и религиозной ненависти либо вражды, пропаганды экстремистской идеологии, а также привлечения к террористической деятельности новых сторонников. Такими организациями в противоправных целях активно создаются средства деструктивного воздействия на объекты критической информационной инфраструктуры.)

III.14. Hacking and computer crime targeting financial assets and private information.
(14. Возрастают масштабы компьютерной преступности, прежде всего в кредитно-финансовой сфере, увеличивается число преступлений, связанных с нарушением конституционных прав и свобод человека и гражданина, в том числе в части, касающейся неприкосновенности частной жизни, личной и семейной тайны, при обработке персональных данных с использованием информационных технологий.)

III.16. Governments of various nations use cyber to (a) attack Russian infrastructure; (b) conduct cyber espionage; (c) influence political and social stability.
(16. Состояние информационной безопасности в области государственной и общественной безопасности характеризуется постоянным повышением сложности, увеличением масштабов и ростом скоординированности компьютерных атак на объекты критической информационной инфраструктуры, усилением разведывательной деятельности иностранных государств в отношении Российской Федерации, а также нарастанием угроз применения информационных технологий в целях нанесения ущерба суверенитету, территориальной целостности, политической и социальной стабильности Российской Федерации.)

III.19. Internet governance is not equitable between nations. This is a threat because it makes it problematical for Russia to work at creating a system of international information security.
( 19. Состояние информационной безопасности в области стратегической стабильности и равноправного стратегического партнерства характеризуется стремлением отдельных государств использовать технологическое превосходство для доминирования в
информационном пространстве. Существующее в настоящее время распределение между странами ресурсов, необходимых для обеспечения безопасного и устойчивого
функционирования сети “Интернет”, не позволяет реализовать совместное справедливое, основанное на принципах доверия управление ими. Отсутствие международно-правовых норм, регулирующих межгосударственные отношения в информационном пространстве, а также механизмов и процедур их применения, учитывающих специфику информационных технологий, затрудняет формирование системы международной информационной безопасности, направленной на достижение стратегической стабильности и равноправного стратегического партнерства.)

Escalation Levels in Cyber War

Cyber Readiness Levels

Cyber war may be thought of as a low-level type of conflict. In its initial stages, it does not have an offensive nature, but instead is focused more on intelligence collection.

Intelligence collection. There are two aspects: (1) the collection of specific pieces of information (data) that can be used later as an input into intelligence analysis; (2) collection of macro-information that helps to make a “cyber map” of the information space of the enemy. This would include understanding of (a) the major networks and components of the enemy cyber structure; and (b) the types of a characteristics of vulnerabilities of the enemy cyber structure.

cyber-conflict-intensity-001

Figure 1 – Levels of Readiness for Cyber War. Kinetic, Information and Cyber Operations stand in a general hierarchy leading to increased levels of violence.

Active Cyber Disruption. The second level of cyber operations is more aggressive and offensive in nature. At this level, cyber weapons are deployed for specific purposes of disruption.

Information Operations. Beyond cyber, any national defense campaign employs the use of propaganda, information operations, disinformation, or other tools, in order to shape the psychological environment both of the target country, but also of the national audience. Information operations involve the placement into the meme-space of alternative ideas, the objective of which is to compel public opinion to move in a way more favorable to the originator’s way of thinking. Propaganda and information operations are a well-known tool of statecraft.

Kinetic Operations. After the battleground has been prepared by cyber and information operations, the next level of actual military conflict. Killing people, destruction of property, and other arts of classical warfare. In all nations, this level of conflict is seen as being the “last resort”, an action taken when all other means fail in solving the national conflict.

cyber-attack-escalation-001

Figure 2 – Levels of Escalation of Cyber War. Prior to initiating cyber attacks, there are several precursor levels of escalation.

Levels of Escalation of Cyber War

There are at least five (5) levels of preparation before offensive cyber operations begin.

General Intelligence Collection. Cyber has emerged as a major tool of intelligence collection. Economic, military, and government intelligence can be collected through cyber in a way that is at least two orders of magnitude less expensive than any other means. The use of automation in particular can change the need for specific targeting (because web-bots can simply scan everything). In addition, collection can be asynchronous; that is, information can be collected for use later, even though when it is collected, there is no specific purpose to get it.

Targeted Intelligence Collection. More specific cyber intelligence is collected with there is a known target. Examples would be a specific person, or a specific facility (government, commercial, military). Cyber can either be a support for other means of technical intelligence TECHINT, or can itself be a tool, e.g., cyber could be used to support collection of MASINT (Measurement and Signature Intelligence), FISINT (Foreign Instrumentation Signals Intelligence). Targeted intelligence collection occurs when a tangible and known threat has been identified.

Cyber Target Preparation. Once cyber targets have been identified, a number of steps must be taken to perfect the attack. This means testing or simulating the attack on a mock-up copy of the target, and if necessary placing into the target cyber infrastructure (such as a server, control device, or other location) of malware that can be activated when needed. It is crucial that the cyber attack profile of each target be identified and verified prior to launching an attack.

Preparation of Disinformation. Planning and preparation for disinformation actions. This involves changing information, inserting information, destruction of information, or denial of access to information.

At this point preparations have been put in place. Malware is positioned, and relevant information has been collected analyzed.

Initiation of Cyber Attack. The active phase of the cyber attack begin. Keep in mind that in a nation-state confrontation, this refers to initiations of hundreds of targets at the same time.

Cyber Command and Control. Any successful cyber program must have some type of command and control structure to (1) control initiation of attacks; (2) monitor performance and effectiveness of attacks; (3) monitor the overall cyber conflict and be able to report on lethality (effectiveness) of attacks.

Russian Cyber War Doctrine

What is the Cyber War Doctrine of the Armed Forces of the Russian Federation? Examining The Military Doctrine of the Russian Federation, we can see a number of references to the information aspects of war. Below we examine the Russian Military Doctrine of 2010 and compare it to the updated version published in 2015.

Analysis of Russian Cyber War Doctrine

Much of Russian cyber military doctrine is similar to what we would find in the United States. For example, there is an emphasis on the role of information technology in command and control. There also is a specific emphasis placed on development of advanced weaponry using cyber. In addition, the Russian military is charged with protecting the information infrastructure of the Russian Federation.

But it appears that Russian military doctrine defines the cyber and information aspects of warfare in a considerably broader way than in the United States. Here are a few examples:

Information Actions Precede Combat Action.  Before being used, Kinetic force (traditional military action) is to be preceded by all other non-violent instruments of statecraft. Information operations (cyber operations), therefore, are viewed as a precursor to kinetic warfare.

russia-cyber-doctrine-001

Figure 1 –– Differents function of cyber in Russian military doctrine. The references refer to parts of the official Russian Military Doctrine published in 2015(*). These are translated below.

Protection of Russian Territory Includes Information Territory. Apart from protecting the physical territory of Russia, the concept of territory has been extended to include “cyber space” or “national cyber space”, and the military is specifically tasked with protecting all of the cyber space within the Russian Federation.

Cyber Weapons Are Viewed as Increased Threat. In the Russian view, the conventional (including nuclear) strength of the Russian military is such that it is less likely Russian will receive a conventional attack. Paradoxically, the Russians view this as increasing the risk that Russia will be attacked through communication and information technologies. It is a cyber version of guerilla warfare.

Very Broad Definition of Cyber Attack. The type of cyber incident considered by be an “attack” is very broad. It needs only to have an effect on political independence or sovereignty. Any attack against infrastructure also is included. This would cover denial-of-service, or malware. But if a cyber incident has a destabilizing effect on the “social” or “political” situation, then it also is considered to be an attack.

Spiritual and Patriotic Traditions Protected Against Cyber Attack. An information incident can be classed as a “subversive information activity” if it is “aimed at undermining” the opinions of young citizens towards “historical, spiritual and patriotic traditions”. This would mean, for example, that it is the duty of the Russian military to protect Russia against information that undermines Russian traditions.

The Non-Military Population Can be Used for Cyber Defense. The Russian military is empowered to work with non-military elements in Russia for the purpose of taking “information” measures for defense. This refers to the “army” of civilian hackers that work ostensibly outside of government control.

Cyber Attacks Are Authorized Anywhere. The Russian military is authorized to launch a cyber attack (defensive action) against the enemy anywhere in the “global information space”, e.g., not only within the territory of the enemy state.

Cyber Weapons “Indirect and Asymmetric” in Nature. Cyber weapons, and other means, are viewed as being potentially indirect and asymmetric in their utility. In this case, “asymmetric” means “low cost; high impact” or “low cost; high defensive cost”.

Information Operations. The Russian military is empowered to engage in information operations that are aimed at influencing public associations and political groups. The military is empowered to “neutralize” threats through political and non-military means. This is a very broad mandate.

Cyber Espionage is Doctrine. The use of information technology and “modern technical means” is authorized for assessment and forecasting. This is the classical function of foreign intelligence operations.

Control Over Internet to Protect Third Countries. The military is empowered to take steps to make it impossible for any force to use information and communications technologies to influence sovereignty and political independence not only of Russia, but of other states as well.

Excerpts from Russian Cyber Military Doctrine

(The operative terms are underlined.)

Part I §5. The Military Doctrine reflects the commitment of the Russian Federation to taking military measures for the protection of its national interests and the interests of its allies only after political, diplomatic, legal, economic, informational and other non-violent instruments have been exhausted. (В Военной доктрине отражена приверженность Российской Федерации к использованию для защиты национальных интересов страны и интересов ее союзников военных мер только после исчерпания возможностей применения политических, дипломатических, правовых, экономических, информационных и других инструментов ненасильственного характера.)

Part II §11. There is a tendency towards shifting the military risks and military threats to the information space and the internal sphere of the Russian Federation. At the same time, despite the fact that unleashing of a large-scale war against the Russian Federation becomes less probable, in a number of areas the military risks encountered by the Russian Federation are increasing. (Наметилась тенденция смещения военных опасностей и военных угроз в информационное пространство и внутреннюю сферу Российской Федерации. При этом, несмотря на снижение вероятности развязывания против Российской Федерации крупномасштабной войны, на ряде направлений военные опасности для Российской Федерации усиливаются.)

The main external military risks are:
Part II §12(k)(l) use of information and communication technologies for the military-political purposes to take actions which run counter to international law, being aimed against sovereignty, political independence, territorial integrity of states and posing threat to the international peace, security, global and regional stability; (использование информационных и коммуникационных технологий в военно-политических целях для осуществления действий, противоречащих международному праву, направленных против суверенитета, политической независимости, территориальной целостности государств и представляющих угрозу международному миру, безопасности, глобальной и региональной стабильности;)

13. The main internal military risks are:
Part II §13(a) activities aimed at changing by force the constitutional system of the Russian Federation; destabilizing domestic political and social situation in the country; disrupting the functioning of state administration bodies, important state and military facilities, and information infrastructure of the Russian Federation; (деятельность, направленная на насильственное изменение конституционного строя Российской Федерации, дестабилизацию внутриполитической и социальной ситуации в стране, дезорганизацию функционирования органов государственной власти, важных государственных, военных объектов и информационной инфраструктуры Российской Федерации;)

Part II §13(c) subversive information activities against the population, especially young citizens of the State, aimed at undermining historical, spiritual and patriotic traditions related to the defense of the Motherland; (деятельность по информационному воздействию на население, в первую очередь на молодых граждан страны, имеющая целью подрыв исторических, духовных и патриотических традиций в области защиты Отечества;)

Characteristic features and specifics of current military conflicts are:
Part II §15(a) integrated employment of military force and political, economic, informational or other non-military measures implemented with a wide use of the protest potential of the population and of special operations forces; (комплексное применение военной силы, политических, экономических, информационных и иных мер невоенного характера, реализуемых с широким использованием протестного потенциала населения и сил специальных операций)

Part II §15(b) massive use of weapons and military equipment systems, high-precision and hypersonic weapons, means of electronic warfare, weapons based on new physical principles that are comparable to nuclear weapons in terms of effectiveness, information and control systems, as well as drones and autonomous marine vehicles, guided robotic weapons and military equipment; (массированное применение систем вооружения и военной техники, высокоточного, гиперзвукового оружия, средств радиоэлектронной борьбы, оружия на новых физических принципах, сопоставимого по эффективности с ядерным оружием, информационно-управляющих систем, а также беспилотных летательных и автономных морских аппаратов, управляемых роботизированных образцов вооружения и военной техники)

Part II §15(c) exerting simultaneous pressure on the enemy throughout the enemy’s territory in the global information space, airspace and outer space, on land and sea; (воздействие на противника на всю глубину его территории одновременно в глобальном информационном пространстве, в воздушно-космическом пространстве, на суше и море)

Part II §15(f) enhanced centralization and computerization of command and control of troops and weapons as a result of transition from a strictly vertical system of command and control to global networked computerized systems of command and control of troops (forces) and weapons; (усиление централизации и автоматизации управления войсками и оружием в результате перехода от строго вертикальной системы управления к глобальным сетевым автоматизированным системам управления войсками (силами) и оружием)

Part II §15(i) use of indirect and asymmetric methods of operations; (применение непрямых и асимметричных способов действий)

Part II §15(j) employment of political forces and public associations financed and guided from abroad. (использование финансируемых и управляемых извне политических сил, общественных движений)

Part III §21(a) to assess and forecast the development of the military and political situation at global and regional levels, as well as the state of interstate relations in the military-political field with the use of modern technical means and information technologies; (оценка и прогнозирование развития военно-политической обстановки на глобальном и региональном уровне, а также состояния межгосударственных отношений в военно-политической сфере с использованием современных технических средств и информационных технологий)

Part III §21(b) to neutralize potential military risks and military threats through political, diplomatic and other non-military means; (нейтрализация возможных военных опасностей и военных угроз политическими, дипломатическими и иными невоенными средствами)

Part III §21(s) to create conditions to reduce the risk of using information and communications technologies for the military-political purposes to undertake actions running counter to international law, directed against sovereignty, political independence or territorial integrity of states or threatening international peace and security, and global and regional stability. (создание условий, обеспечивающих снижение риска использования информационных и коммуникационных технологий в военно-политических целях для осуществления действий, противоречащих международному праву, направленных против суверенитета, политической независимости, территориальной целостности государств и представляющих угрозу международному миру, безопасности, глобальной и региональной стабильности)

Part III §35(b) to provide for a more effective and secure functioning of public administration and military governance system and to ensure communication between federal government agencies, bodies of the constituent entities of the Russian Federation and other government authorities in addressing defense and security tasks; (повышение эффективности и безопасности функционирования системы государственного и военного управления, обеспечение информационного взаимодействия между федеральными органами исполнительной власти, органами исполнительной власти субъектов Российской Федерации, иными государственными органами при решении задач в области обороны и безопасности)

Part III §35(j) to improve the system of information security of the Armed Forces, other troops and bodies; (совершенствование системы информационной безопасности Вооруженных Сил, других войск и органов)

Part III §39(d) ensuring the reliable functioning of the command and control system of the Armed Forces, other troops and bodies in peacetime, under the conditions of an imminent threat of aggression and in wartime; (обеспечения надежного функционирования системы управления Вооруженными Силами, другими войсками и органами в мирное время, в период непосредственной угрозы агрессии и в военное время)

Part III §39(h) formation of territorial troops to provide protection and defense of military, state and special facilities, critical infrastructure, including transport, communications and energy, as well as potentially hazardous sites; (формирования территориальных войск для охраны и обороны военных, государственных и специальных объектов, объектов, обеспечивающих жизнедеятельность населения, функционирование транспорта, коммуникаций и связи, объектов энергетики, а также объектов, представляющих повышенную опасность для жизни и здоровья людей;)

Part III §39(l) ensuring effective information security of the Armed Forces, other troops and bodies; (эффективного обеспечения информационной безопасности Вооруженных Сил, других войск и органов)

Part III §46(c) to enhance capacity and means of information warfare; (развитие сил и средств информационного противоборства) Note: The word “противоборства” does not mean strictly “warfare”, but instead means “confrontation” which could be thought of as a level of violence short of full-scale warfare.

Part III §46(d) to improve the quality of the means of information exchange on the basis of up-to-date technologies and international standards, as well as a single information field of the Armed Forces, other troops and bodies as part of the Russian Federation’s information space; (качественное совершенствование средств информационного обмена на основе использования современных технологий и международных стандартов, а также единого информационного пространства Вооруженных Сил, других войск и органов как части информационного пространства Российской Федерации;)

Part III §46(f) to develop new types of high-precision weapons and means of counteracting them, aerospace defense assets, communication systems, reconnaissance and command systems, radio jamming systems, complexes of unmanned aerial vehicles, robotic strike complexes, modern transport aviation and individual protection systems for military personnel; (создание новых образцов высокоточного оружия и средств борьбы с ним, средств воздушно-космической обороны, систем связи, разведки и управления, радиоэлектронной борьбы, комплексов беспилотных летательных аппаратов, роботизированных ударных комплексов, современной транспортной авиации, систем индивидуальной защиты военнослужащих;)

Part III §46(g) to create basic information management systems and integrate them with the systems of command and control of weapons and the computerized systems of command and control bodies at the strategic, operational-strategic, operational, operational-tactical and tactical levels. (создание базовых информационно-управляющих систем и их интеграция с системами управления оружием и комплексами средств автоматизации органов управления стратегического, оперативно-стратегического, оперативного, оперативно-тактического и тактического масштаба)

Part III §55(f) to develop a dialogue with interested states on national approaches to confronting military risks and military threats brought about by the extensive use of information and communications technologies for military and political purposes; (развитие диалога с заинтересованными государствами о национальных подходах к противодействию военным опасностям и военным угрозам, возникающим в связи с масштабным использованием информационных и коммуникационных технологий в военно-политических целях)

Russian Cyber Military Terminology

информация инструмент –– “information instruments”.  This is a general term that applies to any use of information to further nation state objectives, including military objectives. 

информационное пространство –– “information space”. The Russian defines the nation as having an information space. This is the entire cyber infrastructure of Russia, including government, commercial, military and private networks and information processing systems. In this sense, Russians believe it is important to protect this “information space” as much as it is important to protect physical land mass.

информационная инфраструктура –– “information infrastructure”. This refers also to the entire country, but is more specific than “information space” because it focuses on the specific technical details of the computing and telecommunications network.

деятельность по информационному –– “information activities”. This refers to communication of information, such as through publications, the media, social media or other means that can have a negative effect on Russia. These are considered to be subversive.

комплексное применение –– “integrated employment”. Here this refers to the integration of military force with information (cyber) activities by the population.

информационно-управляющих систем –– “information and control system”.  This refers to the cyber components of military weapons. It encompasses everything from general command and control to artificial intelligence or other technologies that enable more intelligence weapons.

глобальное информационное пространство –– “global information space”. This refers to the World Wide Web, and everything connected to it. The doctrine calls for identification of activities on the enemy throughout the world’s cyber infrastructure and then attacking these points, even if they are outside of the national territory of the enemy country.

информационное противоборство –– “information confrontation”. A cyber conflict that fall short of full-scale military warfare.

информационные технологии –– “information technology”. Used the same as in the United States.

невоенные средства –– “non-military means”. Cyber weapons and information operations are viewed as being a type of military action without using kinetic force.

информационная безопасность –– “information security”. Generally the same as the term “cyber security”. It refers to protection of information systems and other infrastructure from hackers.

информационная война –– “information warfare”. Cyber and information operations conducted by the Armed Forces.

обмен информацией –– “information exchange”. Refers to communication within the military.

Russian Military Doctrine Published in 2010

By comparing the 2010 version with the 2015 version above, it is possible to see the giant advance in cyber strategy made by the Russian Federation.

Part I §4. Use of informational instruments for the protection of the national interest.

Part II §9(c). The informational infrastructure of the Russian Federation is a vulnerability because it might be disrupted.

Part II §12(d). Information warfare is an essential component of military conflict.

Part II §13(d). Information warfare should be used prior to kinetic military force so as to shaping international public opinion.

Part III §19(a). Information technology should be used to assess international relations [between countries] and for prediction of political events. (This is a reference to classical intelligence; thus the use of cyber tools to collect intelligence.)

Part III §30(j). Cyber is to be used to provide information support to the armed forces. (This is the same as US doctrine.)

*Part III §41 (c). The armed forces are to develop resources for information warfare.

Part III §41(d). The Russian Federation has an “information space” and the Armed Forces are to have a “single information field” within that space. Cyber is to be improved within those spaces so that information exchange is easier and more efficient. (The concept of a “single information field” for a country is an interesting one. It goes against the idea of the Internet being a global and essentially transnational technical system for movement of information.)

Part III §41(f). Cyber should be used to support “new models of high-precision weapons”.

Part III §41(g). The armed forces will develop information systems that will be integrated for command and control, including automating some functions. This will be done at the “strategic, operational-strategic, operational, operational-tactical, and tactical levels”. (This refers to communication and information exchange within the armed forces.)

Analysis of 2010 Russian Military Doctrine

Much of the Russian doctrine is focused on the use of information technology for improving command and control of the Armed Forces. This includes Part III §30(j), Part III §41(d), Part III §41(f) and Part III §41(g).

Other parts of the doctrine define cyber war as a tool or one method (among many) of protecting the national interest. These include Part I §4, Part II §12(d), and Part III §41 (c).

There is an interesting notion of a national “information space” and the fear that it might be a target for attack by enemies. Part II §9(c), and Part III §41(d).

The final part of the doctrine covers the offensive use of cyber weapons (or information tools) as an extension of state power. First, they should be used to shape international public opinion. Part II §13(d). This is the classic use of propaganda or “public diplomacy” in international relations. Second, they should be used to collect intelligence. Part III §19(a).

The doctrine does not clearly spell out the offensive use of cyber weapons. In Part III §41(f) there is mention of “new models of high-precision weapons”. In generally understood language, this would mean items such as precision guided munitions. It would be possible, however, to define a “new model” weapon as being a cyber weapon. But it is doubtful this is the meaning. In Part III §41(c) there is a call for resources for information warfare, but this is not defined. So possibly cyber weapons could be included under this section.

In any case, the essence of the Russian doctrine is clear. Cyber weapons, or information operations, are to be used in place of kinetic military force preceding a conflict, and hopefully to avoid a further escalation of a conflict. If the conflict deepens, then cyber weapons will continue to be used to support the Armed Forces.

Notes

(*) It was published December 25, 2014.

Cyber War is an Extension of Cultural War

 

The Cyber War we are seeing today is an extension of a deeper cultural war. The only difference is that it is being conducted with different tools, and yet it should have a considerably larger effect today because the means of communication have been so magnified.

The Cold War and the Culture War

Jessica C. E. Gienow-Hecht(*) has produced an interesting essay that shows the connection between international geo-politics and culture. She argues that the Cold War (in Europe) can be seen in part as a conflict between the cultures of the United States and Europe. The common understanding was that “Americans have no culture”, in comparison to the “High Culture” of Europe. At best, America was a weak shadow of high culture. This followed the views of Joseph Goebbels propaganda which said that “Americans are money-hungry barbarians with no cultural life of their own.” (Quoted by Gienow-Hecht, p. 407) Here, we suppose, one is referencing the masters of classical music, such as Mozart, and the development of sophisticated cultural icons such as ballet, opera, orchestra music, Greco-Roman architecture, the theatre, and classical style painting. Americans, on the other hand, were viewed as having none of that. They were seen as being unsophisticated and “without culture”. As the Cold War developed, the East (Soviet Union) invested in culture as a way to sway minds towards their way of thinking.

stages-of-cyber-war-001

Figure 1 – Technology and national information strategy has changed the balance of power between Russia (Soviet Union) and the United States. In the immediate post-war period, the USSR developed a leading-edge strategy. This was followed by similar actions by the United States. The rise of international data communications through undersea cables and satellites, followed by the Internet set the stage for a revolution in the USA that was not followed in the USSR. The rise of social media has added another layer of complexity. The USA does not have coherent national information strategy for either offense or defense.

In this sense, “information warfare” is simply another aspect of a wider cultural warfare. The idea is that if people admire one culture over the other, then eventually they will vote that way also. Much investment was made in the arts by both sides. According to Gienow-Hecht, from 1945 until the collapse of the Soviet Union, “[b]oth superpowers deliberately employed psychological warfare and cultural infiltration to weaken the opponent and its client states on the other side of the Iron Curtain.” (p. 400, para. 2) Russia exported artistic tours by the Bolshoi Theater, and the USA set up various Amerika Hauser in Germany. Here are a few other aspects of this struggle.

Sowjetische Militar Administration in Deutschland (SMAD). This was operated by the Soviet military. It worked on the assumption that all culture was ideological. SMAD propagated the narrative that the Soviets were Abendlandkultur (saviors of occidental cuture) (p. 402). Sponsored discussions and seminars on German culture, and included artists, writers, sculptors, painters and others to participate. Also worked to denounce non-traditional culture that was leaking in from the United States. This included abstract expressionism and surrealism, which were tied with capitalism and fascism. These ideas were magnified by ideas that the Soviet Union stood for peace, but the North Atlantic Treaty Organization (NATO) stood for imperialism, militarism and war.

Deutsche Theater. Located in the Soviet sector of occupied Germany. Offered numerous productions of classical European art. Invitations sent out on regular basis to bring over western cultural icons for cultural exchange, which in this context means to convince them of the superiority of the Eastern model of society.

All-Union Society for Cultural Relations with Foreign Countries (VOKS) (Всесоюзное общество культурной связи с заграницей). Soviet organization to promote Russia’s “classical tradition”. Jazz was condemned. Shostakovich was praised.

Deutschlandsender (radio). Operated in the German Democratic Republic from 1948-1971. Continued to promote “classical” art, in comparison with “corrosive” western art.

Universum Film Aktiengesellschaft (UFA) later Deutsche Film AG (DEFA). Built theaters and created content for propaganda purposes.

UNESCO. The Soviet Union joined in 1950 and started a program for a “new world information order“, which implied more government control over the press.(**) This interesting debate also developed the concept of “information imperialism”.

GDR Peace Council. East German operation to invite over western intellectuals so as to influence their way of thinking about the East-West conflict.

Ministry of Cinematography (Soviet Union) (Государственный комитет по кинематографии СССР). Creation of films to glorify life under communism. See for example the masterpiece Seventeen Moments of Spring (Семнадцать мгновений весны), which glorifies the work of a Soviet spy working in Nazi Germany.

The American Response

Campaign of Truth. The United States seemed slow to respond. Things started to take shape in the 1950s (half of a decade later). The Americans created a “Campaign of Truth” during the Korean War. This was to advertise the difference between the United States and Soviet Union. It was used particularly during the Korean War, which Kim Il-Sung was operating as a lackey for the Soviet Union. The budget for the State Department increased from $20 to $115 million for information activities.

anniversary__anti_morale_front

Figure 2 – Propaganda cartoon issued by Campaign of Truth during Korean conflict. It shows Kim Il-Sung sitting on a pile of skulls. Date of original June 25, 1951. Issued by the United States Army, 8th Division Korea, Psychological Warfare Section. A full collection is available at the Albert Brauer Psychological Warfare Propaganda Leaflets Collection at the Institute for Regional Studies, North Dakota State University Libraries.

United States Information Agency (USIA). Set up to arrange information programs and cultural exchanges to teach Europeans about American society. Encouraged the “export” of US culture.

Fulbright Program. Facilitates the exchange of researchers, and to “internationalize” scientific research. (See also here under the auspices of the U.S. Department of State Bureau of Educational and Cultural Affairs.)

Radio Free Europe, Radio Liberty, and Voice of America. All radio stations. Set up to broadcast pro-western messages.

There was further funding of American cultural exports. These were set up through the Ford Foundation or Rockefeller Foundation. The Central Intelligence Agency (CIA) sponsored the translation of many American classic novels.

Congress for Cultural Freedom (CCF). A covert CIA program to operate in the cultural realm including conferences, music concerts, and operation of various publications including the magazine “Encounter”.

The Effects on European Culture

It appears that although there remained, and remains today, an image of the United States as not representing so-called “high culture”, the protest and rebellious side of American culture got through. These undercurrents perhaps were at least in part responsible for protests against government power in Europe, particularly in Eastern Europe. It set the stage for the Helsinki Accords (Helsinki Final Act)  to have a strong effect in stimulating cultural protest that eventually were at least partially responsible for bringing down the Soviet Union. (See the Accords Part VII. Respect for human rights and fundamental freedoms, including the freedom of thought, conscience, religion or belief.)

Analysis

The Information and Cultural Cyber War of Today

In Figure 1, we have divided the post-war period into four periods.  The figure illustrates that in the immediate post-war period (1945-1950), the Soviet Union and United States were engaged in a battle for the “hearts and minds” of Europe. There was a sense that part of national strategy was to convince citizens in Europe of the superiority of either the communist or capitalist system. Each side had fears. If Germany was “lost” to the West, then Russia might eventually face the re-emergence of a strong competing power. If Germany (and other parts of Europe, e.g., Italy, Greece) were lost to the East, then it would be a security threat to the United States.

During this Cold War, the two sides competed using the traditional media (print, radio, and film, then later television). The East argued that American culture was crude and that the “East” was preserving the High Culture of Europe. The signing of the Helsinki Accords started a process of rebellion, but the seeds of rebellion had been sewn by the disruptive nature of American culture.

The Soviet Union never caught up with the information revolution made possible by the development of international satellite data communications, the integrated circuit and computers. (See the Essay by Gus W. Weiss “The Farewell Dossier“.)  So what has happened is that global data communications and later the Internet enabled the rise of giant multinational enterprises that can operate in an integrated manner across international borders, almost with no concern for the nation state. In addition, the social media applications hosted on the Internet have created the potential for the sudden emergence of powerful social forces, as we have seen in the Arab Spring. These also can operate in a trans-national mode.

In the early stages, social media grew rapidly. Then in response, countries started to take actions to protect their citizens from this giant phenomena. In China, a “Great Internet Firewall” has been set up and government censorship and control of communications is a legal and expected part of life. Similar actions have been taken in Russia, but in a more subtle manner.

At the same time, the Internet has made governments, individuals and organizations of all types vulnerable to hacking.  A giant struggle is going on between countries in this arena. [This blog argues there is a need for a cyber arms limitation treaty.]

But at the heart of the matter is the underlying culture of the Internet and today’s social media. This has spilled out from America to cover the entire earth, and now it is up to adversaries of the USA to develop defensive strategies to “protect” against this threat to their culture. In most cases, it represents a potential threat to their political culture.

But as of this time, no clear strategy has emerged for the United States, which still sees Cyber war as merely a part of computer security, and not as part of a broader competition for the hearts and minds of citizens all around the world.

 

References

(*) See Jessica C. E. Geinow-Hecht, Culture and the Cold War in Europe, The Cambridge History of the Cold War, Vol. I., Melvyn P. Leffler and Odd Arne Westad, Editors, Cambridge University Press, 2010, pp. 419. This blog entry draws heavily upon the professor’s work. In particular the list of programs established by each side. The professor, in her chapter, does not cover any aspect of the Internet or events after the fall of the Soviet Union.

(**) See Carrier Buchanan, Revisiting the UNESCO debate on a New World Information and Communication Order: Has the NWICO been achieved by other means?, Telematics and Informatics, Vol. 32, Issue 2, May 2015, pp. 391-399.

The US is Losing the Cyber War Race (II)

The United States has Squandered its Cyber and Information Power

The United States has lost its edge in Cyber. But at on time is had a substantial edge.

In brief, the United States built up a substantial amount of informational power during the Cold War, and used that power first in Europe. This was done in conjunction with the Marshall Plan, which funneled billions of dollars into Europe. As the Second World War concluded, Europeans were living on less than 1,500 calories per day, and aid from the United States was essential to get the economies of Europe to revive.  Otherwise, people would starve to death. The British could not feed the people under their control in occupied Germany.  There already was an emergence of competition between the East and the West, between the United States and Russia, between “unbridled” capitalism and communism.

The struggle was intense; the shape of the power-war system in Europe had not yet emerged. Economic development and recovery through the Marshall Plan, and the careful issue of revival of Germany, was not settled, but soon was, and not entirely to French liking.

cyberarms-info-pwr-3-001

Figure 1 –– Since the end of the Cold War, US information power as exercised in support of national strategy has declined, but Russia had dramatically improved, leaving the US at a disadvantage.

Psychological and Economic Warfare

The East and West engaged in psychological and economic warfare.

It is difficult to know the true extent to which the communist leadership in Russia truly believed that revolution was imminent in the West, that soon the devastation of war and the frustration of the common man would overwhelm the political systems of the West, resulting in a revolutionary overthrow of the capitalist yoke around the necks of those countries destroyed by the horrible nature of the war just past. But in Washington, there was genuine fear that Europe was not stable, and could be indoctrinated by communist propaganda.

In particular, there was a significant communist movement in Greece, and in Italy, and probably elsewhere. But it was in the Italian election that information operations by the United States had one of their most memorable victories.

US Information Warfare in Italy — A Success Story

The 1948 Election in Italy was a training ground for some of the most famous spies of the post-war period, including James Jesus Angleton, who went on to become the head of counter-intelligence for the Central Intelligence Agency (CIA). Without going into extensive description (there is good documentation available), we can distill the tools of information operations in the election. These included the following:

Strategic Objective. The Government of the United States (GOUSA) decided at the highest levels to oppose a pending victory by the communist party in the Italian election, and this decision was taken as part of a larger and more or less coherent strategy to rebuild Europe and keep it in the Western orbit (so it would not become hostile in the future).

Messaging. The distillation of a clear message that communism was inimical to Catholicism and Christianity. Since Italy was overwhelmingly Catholic, this was a powerful message. This was the major message, but there were sub-messages, such as questions of human freedom under communism, and the superior economic vitality of the West (a more difficult message to get across given the state of the economy in Europe).

Media — Cinema. Movies were created and then to aid their distribution, information operatives traveled through various towns and villages in Italy with portable movie projectors, and then arranged a viewing of these movies in town squares. (Not many Italian villages had cinemas.) Keep in mind that at the time there was no television as a popular or common medium.

Media — Radio. Similar messages were sent through the radio, a widely used media at the time.

Media — Print. A number of flyers, pamphlets and other publications were financed, written and distributed through a number of channels. Financing operations were hidden. A common tool in election propaganda at the time, posters were used widely throughout Italy. Newspapers friendly to the Western cause also were financed, and influenced through a variety of means. Again, financing was kept secret. These were covert operations.

Media — The Pulpit. Although these days the pulpit is not thought of as being an influential source of public persuasion and communication, in Italy it was. In the West, the Church always has exerted a powerful influence on public opinion. In Italy, the Pope of the Holy Roman Catholic Church took a strong stance against communism because of its atheistic underpinnings. The Pope also threatened to excommunicate any person who supported the communists. This had a huge effect because it meant that a person would not be able to get married in the Church, or even be buried with Church Services.

Personal Messaging. The GOUSA also put in place a massive letter-writing campaign from Italian-Americans to their relatives in Italy. The messaging was the same: To vote into power a communist government in Italy would undermine Christianity and Western Civilization.

The Result in Italy perhaps was predictable. The communists lost, and a “Christian Democratic” Party was put in place, and has remained in place for most of the post-war period. It was a decisive victory by the GOUSA in changing the election outcome in a European country.

Analysis

There is no need here to go into a discussion of the morality of one government taking action so as to effect the election in another country. That is another discussion. In the case of Italy, we need see these very effective information operations as being part of an overall strategic plan to rebuild Europe in a mold that would not be anathema to the United States and its values of liberal democracy, individuality, religious liberty, freedom, and of course capitalism.

What is important to note is that these information operations did not take place in isolation, but instead were an integral part of national strategy for the United States. There were a number of dimensions in this strategy including (1) military (prevention of further advances of the Red Army or Russian influence); (2) economic (keeping in place an effective capitalist economic system, and bringing Germany into the fold); (3) political (ensuring that a general philosophy of liberal democracy would become the standard in Europe, in contrast to the “dictatorship of the proletariat” which in practice meant the rule by an unelected clique of communist officials that eventually became a gerontocracy in the Soviet Union and remains so in some of the surviving communist nations such as Cuba and Mozambique, also straining under the weight of despotic senior citizens); (4) geo-strategic (preserving Italy as an important part of the Western world, due much in part to its geographic location, but also due to its historical significance as the site of the Western Roman Church.) (The greater church of the Byzantine Empire in Occupied Constantinople (now called “Istanbul”) long before had fallen to the invading Arabs, the original “crusaders”.)

Later Developments

We started the discussion with Italy, but in Europe, information operations remained an essential element of GOUSA strategy during the Cold War period. The best known example was the development of Radio Free Europe (RFE), and Voice of America which was financed and operated specifically for the purpose of providing pro-US messages to various populations, and in their own language. The tools mentioned above were supplemented in other cultural spheres. One example is in the development of various cultural, academic and scientific exchange programs. Money also was given for the translation of a number of books. Similar programs were put in place in other parts of the world, but with weaker resolution.

Erosion of US Information Power

We argue here that the United States has lost its edge in information power, now known as Cyber power. There are two reasons for this, and they are somewhat inter-related: First, there has been a dramatic change in the technologies of communication; Second, national strategists, such as there are any, no longer have considered information operations to be essential element of national power.

Technology change. The first major change was the growth in speed and capacity of international telecommunications. Apart from the growth of the world’s giant undersea cable infrastructure, primarily used for transmission of telephone voice and telegraphic (including Telex) communications, a major advancement is symbolized by the live television broadcast of the speech of by Pope Paul VI at the United Nations General Assembly October 4, 1965. After that, in both voice, video and data, satellite communications radically reduced the cost of international communications and vastly increased the capacity (bandwidth) for moving information. Upon that infrastructure has been laid the Internet and World Wide Web, which has further increased the utility of international communications dramatically reduced its costs.

National strategy. If national information strategies in the United States had kept up with changes in the technologies of international communications, then we would be living in a different world. There is, however, no indication that information strategy is integrated in national strategy in the same close and purposeful way as it was in the immediate post-war period and in the early stages of the Cold War. Instead, the national leadership of the United States has allowed these important tools of national strategy to atrophy, and the informational aspect of national planning it seems no longer is at the table. Or at most it may be given some lip service. Funding for the United States Information Agency was discontinued. Funding for Voice of America has been lacklustre. But even more serious is that these important assets have been laid to waste through non-use in a coherent international strategy. The United States does not have a coherent and integrated information strategy. 

The only exception in the USA might be the military. In that domain, the role of real-time communications including real-time intelligence is considered to be an essential infrastructure of war-fighting capability. In addition, there are many indications that US intelligence has developed some capability for collection of important information through the Internet. (We do not know how well it is analyzed, but there are indications much is collected.) But the military and intelligence domains are merely specific applications of a national information strategy. They may not be considered to be part of an integrated national strategy used for active promotion of national objectives. (In future blog entries, we will examine the strategy of the National Security Agency (NSA), and we will conclude that it has a mission, but there is no active and integrated information strategy for the United States, at least not yet.)

Instead, the GOUSA has gone down the slippery path of privatization and reliance on market forces to guide the development of the world’s information structure. This has led to the rapid penetration of media around the world, including both the emergence of international television news channels, as well as the rise of the World Wide Web and social media. (Facebook is the world’s largest carrier of email service.)

Summary

The United States developed many of the operational concepts that tied information strategy to both national and military strategy. This was effective during the early stages of the Cold War. But at the same time, national competitors, particularly the Union of Soviet Socialist Republics (USSR) developed aggressive overseas information strategies. After the fall of the Soviet Union and the formation of the Russian Federation, these policies have continued and even strengthened with the development of the Russia Today television channel, followed by Sputnik News, and with the continued use of a number of channels and means to influence international public opinion.

So at this time, the US has allowed its tools to go to waste, and perhaps even forgotten how to use them as part of a coherent information strategy, while its strategic competitors have made the investment in both money and time to build up formidable national capabilities. In contrast to the United States, these strategic competitors are fully capable of creating content as part of a national strategy.

The United States is Losing the Cyber War Race (I)

Part I

Much of the original thinking about Cyber War was developed in the United States. But America has fallen behind. Russian cyberwar doctrine is more comprehensive, more integrated, has more powerful weapons, and is more up to date.

Cyber Warfare must be seen as part of a larger strategy of “Information Warfare”, known in Russia as “Информационная война“. Information warfare is a very broad subject, and includes a number of actions outside of the cyber domain. (Derkachenko writes that “information warfare” as a term is being changed to the term “information operations”,   but the term “cyberwar” is becoming more popular. The United States does not have a regular television show on information warfare, but Russia does. Dimitri Taran runs a very comprehensive show on Channel 1 TV Crimea.

Much Russian writing about Cyber Warfare and Information Warfare draws upon a number of different examples and case studies of conflicts that had, in the Russian view, an important information content. Information warfare is seen to be a type of Twilight Zone somewhere between a Cold War and a “Hot” War. “Thus, by its nature information warfare it occupies a position between the “cold” war . . .  and actual combat with the participation of the armed forces.” See Svargaman, Что такое информационная война? who describes the so-called “next-generation” information warfare as including:  Substitution — Information warfare can take the place of traditional military action, or as Svargaman writes “contactless destruction” [“бесконтактного поражения”]. Use of TV as Weapon — Television channels can be used to manipulate public opinion either by highlighting or obscuring crucial events. The Russian view is that information warfare has limited power, but should be thought of as complementing and enhancing “traditional methods of warfare”. [“информационная война имеет свои границы возможностей . . . дополняет  и усиливает традиционные средства ведения войны”]

In the Russian view, the state (the government) has a strong role to play in management of information on a national basis. According to Pocheptsov, this includes tactical mass mind control, agenda-setting (information management), and strategic  management of mass consciousness. [“Тактическое управление массовым сознанием; Управление информационной повесткой дня; Стратегическое управление массовым сознанием”]  One can just imagine what would happen in the United States if the President asked for budget authority to conduct information operations so as to accomplish “mind control” or “strategic management mass consciousness”. Pocheptsov sees films and other cultural exports of the United States as being a type of “sociological propaganda” [Социологическая пропаганда], and even fine arts are seen as a type of information warfare. The Cold War is seen as a “war of mass culture” with abstract expressionism pitted against socialist realism.  ” [“холодная война оказалась войной массовых культур, например, абстрактный экспрессионизм против социалистического реализма”]

This viewpoint is generally more comprehensive (larger in scope) that views in the United States.

Cyber War in Crimea and Ukraine

This blog is not intended to take a position on the situation in the Ukraine and Crimea. The Crimea has been controlled by different powers through history: Greece, then Rome, then the Byzantine Empire, the Empire of Trebizond, control by Venetian Republic. Catherine the Great in 1783 got the Crimea from the Ottoman Empire, which had occupied Constantinople. In 1921 it was a Soviet Socialist Republic, and became a state of Russia from 1945-54, then the Ukrainian SSR from 1954-1991. (Khruschev transferred the Crimea to the Ukraine.) After 1991 it was slightly separate from the Ukraine as  the “Autonomous Republic of Crimea with Sevastopol City. Now it has been annexed by The Russian Federation. Most of the people who live in the Crimea are ethnic Russians (61%) and speak Russian and many are inter-married with families living in Russia proper. Nevertheless, Russian actions in 2014 were viewed as being a violation of international law by Europe, and this triggered a series of sanctions. But here, we want to look at the information or cyber warfare aspects of the Russian annexation.

The annexation of the Crimea took place within the context of the revolution in the Ukraine. During those events, the Ukrainian leadership which was friendly to Russia was thrown out. Ukraine was divided ethnically. Away from the Crimea, the ethnic Russian share of the population drops off sharply. In the simplest terms, in the West, Ukrainians are in the majority, in the East, ethnic Russian are in the majority.

As events unfolded, there was a military component, but the information component of the takeover was stunning. The Russian operations should be studied as a textbook case of superiority. Public meeting, newspapers, radio, television, social media, and other informational networks was quickly harnessed by what can best be described as a coherent trans-media strategy. It went well beyond anything that happened in Libya or during the “Arab Spring” in Egypt.

Interviews with citizens Crimea showed evidence of a completely different sense of reality. The ethnic Russians there were 100% convinced that Ukrainian fascists from Kiev were marching towards the Crimea. These fascist invaders were “burning Russian homes and raping Russian women”.  There was a complete sense of panic, and the scarcity of information (except what was being supplied), made the uncertainty even greater.  Having watched the speeches that were being streamed on YouTube, this writer can attest to their emotional content and dramatic content.

When the time came, it was a foregone conclusion that the vote would be overwhelmingly in favor of union with the Russian Federation.

In terms of information warfare doctrine, the Ukraine is a perfect example of how a coherent and well-managed campaign can complement other actions, here the use of military force, much of which was covert.

If we compare US actions in the Middle East, there is no such coherency between military action and information operations. The Russian actions in Crimea appear to indicate the United States has lost the ability or does not have the skills to conduct an equally integrated cyber strategy. If there is a “cyber race”, the Americans are losing.

In the next part of this blog, we will examine other examples and cases of cyber and information warfare.

 

 

References (courtesy of Psyfactor.org)

Ярослав Деркаченко, Эволюция понятия «информационная война», 2016.

Георгий Почепцов, Информационная политика и безопасность современных государств, 2011.

 

The Rise of Cyber Nationalism

Countries now have informal gangs of cyber warriors positioned to attack foreign countries. This appears to have happened a number of times. Reports indicate that after the president of Taiwan made a congratulatory telephone call to Mr. Trump, the 45th President elect of the United States, nationalists in mainland China launched a series of cyber attacks against facilities in Taiwan. Since there are so many Chinese in the mainland, and since Taiwan is so small in comparison, one can imagine the severity of the damage. Various news reports (The Diplomat, The Jamestown Foundation, Financial Times) indicate that the current Chinese government is “worried” about the ferocity of these cyber attacks.

Cyber Nationalism

In China, the fear is “cyber nationalism”, the spontaneous development of nationalist “armies” of hackers who attack foreign countries viewed as being antagonistic to China. Below we list various techniques identified as being associated with cyber nationalists.

Malicious Hacking. Attacks may take place against websites of a foreign government in an “enemy” country. Or attacks may take place against foreign newsmedia that publishes information not favorable to the hacker’s home country, its foreign policy, its domestic policy, its leadership, or its government. In general, “hacking” is a broad and less-than-specific term that may refer to a number of actions including (1) Denial of Service (DOS) attacks against a website, thus more or less making it impossible for people to find the website or use it; (2) Introduction of propaganda onto the target website; for example, instead of having its regular home page show up, a defaced home page will show up containing a negative message for readers; (3) Alteration of information on a website, either in a major or subtle way; (4) introducing malicious code onto the target website.

Social Media. A second tactic is to bombard social media with the intended political message. This can be of either the positive or negative variety. “Positive” refers to setting up social media locations, such as a Facebook page, that expresses a point of view compatible with that of the cyber nationalists. “Negative” refers to visiting social media pages of organizations or individuals who have an opposing (or targeted) point of view, and introducing (or bombarding the site with) harsh comments. There are a number of social media sites, but since Facebook is the world’s largest carrier of email, for all practical purposes, these social media wars take place on Facebook.

News Media. An increasing number of online news outlets invite comments on different news stories. Actually, this is a form of customer retention strategy. People will keep coming back to a website if they can “interact” with it. Sometimes these comments can be made anonymously; other times they require registration to identify the commentators. Online registration has a variety of levels of security and authenticity. In most cases, however, it is possible to register with only a reference email account, and email accounts themselves can be false. This makes it possible for trolls to be accredited anonymously, or to even register under more than one identity. These comments in the media can have a significant effect, one would suppose. (We need to take a look at more detailed social science and communications/media research to see if anyone has empirically measured the effects on public opinion and published the results in a scientific journal.)  But for the time being, let’s assume these armies of commentators can have an effect.

Other Examples of Cyber Nationalism

China is not the only country with entrenched cyber nationalists.  Russia is reported to have conducted “information warfare” in connection with its campaign in the Ukraine. (See “Cyber Threats and Russian Information Warfare” published by the Jewish Policy Center; or “Russia’s Information Warfare” published in Politico; or “Russian and the Menace of Unreality: How Vladimir Putin is revolutionizing information warfare” published in The Atlantic; or “Что такое информационная война?” [What is Information Warfare?] published in ВОПРОСИК; or “Информационная война: определения и базовые понятия” [Information warfare: definitions and basic concepts] published in PsyFactor; or “論中共「信息戰」之不對稱作戰” [The Asymmetric Operation/War of PRC’s Information Warfare] . )

And there is no reason to single out Russia or China only. Other countries do the same thing. For Israel, see “Information and Warfare: The Israeli Case” by Gideon Avidor and Russell W. Glenn. India established an “Information Warfare Agency” to counter messages from its dear friends in Pakistan. We can assume that every advanced country has developed an information warfare strategy, or at least is thinking about it. Some countries are better than others.

Issues for Cyber Arms Control

The essential problem of Cyber Nationalism is its informal nature. In cases like China, and reportedly Russia (which are the strongest examples), there is little if any connection between the government and the cyber nationalist movements. What we have is the spontaneous formation of nationalist cyber activists who are willing to cross over international borders and take cyber action in support of their country. In their heart, they are patriots, eager to defend the honor and reputation of their homeland as they see it.

It would be difficult and probably very controversial for any government to crack down on their private citizens because they were promoting their country overseas in cyberspace.

This means that in terms of an international treaty for control of cyber weapons, cyber nationalism would be problematical to include. It would mean that by acquiescing to an international agreement (treaty) nations would need to agree to crack down (arrest; prosecute; punish; fine) their own nationals when they engage in international cyber activism. Even if there were such an agreement, it would be very difficult to enforce from a practical point of view.

  1. How would the government be notified of the violation overseas?
  2. How would it be possible to verify the true identity of the person committing the violation?
  3. What would be the evidentiary requirements in the judicial process?
  4. What would happen if the action taken abroad by a cyber nationalist was considered a crime where it was committed, but not a crime in the country which is the domicile of the alleged offender? (For example, would a United States prosecutor punish an American citizen because they published information on a Chinese website that in China was considered to be illegal, but in the US would be acceptable or even a form of protected speech?)
  5. Given the number of persons involved, how would it be possible from a practical point of view to police the actions of hundreds of thousands of citizens?

The Criminal Element of Cyber Activism. In the above list, we mentioned two general classes of cyber activism expressing cyber nationalism. In most cases, working on social media and making comments on newsmedia websites that themselves invite commentary would not be illegal, regardless of how outrageous or biased the comments. On the other hand, cyber vandalism (denial of service attacks; hacking of websites to change or distort the information there) is definitely illegal, and probably illegal in all countries.

Application to International Treaty

cyber-crimes-treaty-001

Figure 1 Treaty coverage for cyber crimes connected with cyber nationalism.

We can conclude, therefore, that an international treaty might be able to tighten up the enforcement against criminal actions.  Presumably, Country A would be willing to prosecute its citizens who performed recognized cyber crimes in Country B, if Country B was willing to prosecute its citizens who performed recognized cyber crimes in Country A. See Figure 1.

This type of agreement would be difficult to negotiate because the definition of cybercrime changes from one country to another. It would be easier to start with bilateral treaty negotiations, but more effective if a global treaty could be put in place.

 

 

 

 

 

 

Comments on “Assessing Russian Activities and Intentions in Recent US Elections”

“Disclosures through Wikileaks did not contain any evident forgeries” (ODNI Report, p. 3)

The Office of the Director of National Intelligence (ODNI) released an unclassified report on the Russian hacking of the US election. The document is a consensus of the Federal Bureau of Investigation (FBI), the National Security Agency (NSA) and the Central Intelligence Agency (CIA). In some cases, there is a difference in expressed confidence between the agencies, with the NSA being less sure on some items. The intelligence community made no conclusions regarding whether or not the Russian efforts were effective in changing the result in the Presidential election of 2016.

The report details various actions that Russia takes  to influence public opinion. There are a number of organizations mentioned in the report. These different organizations, according to the analysis, worked together in order to influence public opinion.  These organizations are summarized in Figure 1.

russian-propaganda-structure-001

Figure 1 — Different organizations mentioned in the ODNI report on Russian interference in the 2016 Presidential Election. Note: The small dots are “cut-outs”; see discussion below.

We can divide the organizations into three categories: (1) propaganda and public diplomacy; (2) covert cyber activities (hacking and dissemination of information); and (3) intelligence collection and unknown covert activities.

Propaganda and Public Diplomacy

Russia Today. A very large amount of the report is dedicated to activities of the Russian government-sponsored news channel RT, which previously was known as “Russia Today”. It has a multi-layered structure. The RIA Novosti (РИА Новости) agency is the official news organ of the Russian government. It created a subsidiary TV Novosti (ТВ-Новости) to operate “autonomously” apart from the government.  The word “novosti” in Russian means “news”. The root is “novo” which means “new”. (In English, the word “novel” as in “a novel idea” comes from the same root.) TV Novosti then created Russia Today (RT) as another autonomous organization.  The intelligence assessment is that these organizations are not independent of the Russian government; that they follow the Kremlin “line”, and this is confirmed with quotes from the head of Russia Today.

Russia Today changed its name to “RT” because it was felt it would appeal to a larger audience. RT is the most frequently viewed foreign news channel in the United Kingdom. RT operates in the United States a commercial news entity as a stand-alone news organization. This organization then hires westerners to act as reporters. This is the multi-layered structure.

Sputnik News. Named after the world’s first satellite to orbit the earth, the technology that launched the “space race”, Sputnik News seems to have the same structure. The report is not clear if it is sponsored by TV Novosti or RIA Novosti or through some other mechanism. (In Figure 1, there are dotted lines indicating uncertainty.). Nevertheless, Sputnik news operates in a way similar to RT. There is also a Sputnik Radio network.

The important point is that both channels broadcast the opinions of the Kremlin. In other words, the report argues, they slant the news in ways that are not harmful to Russia. In addition, if Russia has enemies abroad, these enemies get damning critical coverage. News, therefore, is not journalism in the common sense of the news as theoretically found in the United States, but instead is viewed as being an instrument of state power.

These Russian entities operate somewhat like the Chinese XinHua, or the Voice of America, or France 24, or Radio France International (FRI), or the BBC, or Deutsche Welle. All of these are government sponsored news outlets.

Internet Research Agency. The report also mentions the Internet Research Agency, located in St. Petersburg here (formerly called Leningrad when the Soviet Union existed). This organization is said to deploy armies of Internet Trolls. In Russia, these are called “Web Brigades” (Веб-бригады).  Trolls are persons who use assumed names to monitor news media websites as well as social media for the purpose of expressing opinions that follow the party line. For example, if it is decided that Hillary Clinton is not a favorite of Russia, then the trolls operate to insert negative Hillary comments in as many news outlets around the world as possible. Anyone who participates in online discussions through major news media web sites is familiar with this army of commentators. (Russia is not the only country to do this.)

Analysis of these Russian trolls shows a tendency to criticize anything about the United States that the Russian government does not like. According to the intelligence report, the overarching idea is to destroy the concept of liberal democracy.

Analysis. RT and Sputnik are the Russian version of similar government-supported news channels found elsewhere. They have been effective in getting their message across. In terms of the US election, it is not known how many Americans read Sputnik (probably not very many), or how many watch RT (compared to other media, probably not very many). Therefore, it is difficult to know if there was any substantial effect on the election. The Internet trolls may have had an effect, and may have been used to pump up and disseminate fake news, but no one seems to have measured this. After all, it is not possible definitively to identify the trolls.

Hacking & Dissemination by Russian Military Intelligence.

The GRU. The heart of the report concludes that the military foreign intelligence service of the Russian Federation, the GRU was responsible for hacking the emails from the Democrat party. GRU is an abbreviationn for Glavnoye Razvedyvatel’noye Upravleniye (Гла́вное разве́дывательное управле́ние). Glavnoye means Chief, or head. Razvedyvatel’noye means intelligence as in “collecting intelligence”. You can see the latin root “ved” which is “to see”. In English we have the same in the word “video”, from the Latin videre. In the United States, a rough equivalent to the GRU would be the Defense Intelligence Agency (DIA).

The report concludes that the GRU hacked the Democrat National Committee (DNC), took the emails, and also hacked John Podesta’s email account. So the next step was to deliver the information to the public, but without having anyone know it was sourced from the GRU. It is difficult to speculate on how the intelligence community identified the GRU as the source of the hacking. We do know, however, that intelligence collection on this type of operation within the United States would be done by the FBI, and intelligence collection outside the United States would be done by the CIA and for signals intelligence (SIGINT), by the NSA.

In terms of the National Security Agency (NSA), also known as “No Such Agency” or “Never Say Anything”, as far as the writer of this blog knows, this report on Russian hacking and influence operations is the first report ever published in the public with details of NSA assessments. Perhaps there have been others, but NSA does not usually publish anything at all except historical documents available through the National Cryptologic Museum, which is well worth the visit if you can find it.

Front Organizations. Sometimes covert operations (intelligence, police, industrial espionage teams, consultants) set up companies or organizations (non-profits, research services) to do certain work, but without identification of their true owner (sponsor, controller). The report does not specify any front organizations, but during the Cold War  a number were used to shape international public opinion. Evidently the concept of front organization was invented by Vladimir Lenin in his 1902 manifesto “What Is To Be Done“. The list is long, but front organizations associated with the Cold War and even before include the International Confederation of Free Trade Unions, the World Federation of Trade Unions, the Women’s International Democratic Federation, the World Peace Council, the International Union of Students, the Pan-Pacific Trade Union Secretariat, the Japan Peace Committee (日本平和大会), the Society for German Soviet Friendship. There is no need to provide a complete list here. Guccifer 2.0.  In this context, the report seems to express some suspicion that the hacker Guccifer 2.0 was a front organization. Rumored to be a single Romanian hacker, evidently it is not a single individual, according to the report. These things are murky. DCLeaks. This organization also was used as a conduit for providing information.

Cut-Outs. In Figure 1, the little circles represent “cut-outs”. The term “cut-out” is specific to espionage tradecraft, and represents a third party intermediary who can be trusted as a courier to transport information. Actually, one cut-out can pass the information to another before the information is given to the final destination. The utility in cut-outs is that their identities usually are vague. So if a source of information (S) hands the information to cut-out 1 (C1), who then hands it to the second cut-out (C2), who then hands it to the recipient (R), then (R) will not know the source of the information, and probably (C2) does not know the source of the information. And of course (R) is unaware of (c1) and so on. This system is made even more effective if the cut-outs have complete false identities, or if even their false identities are unknown to each other. (Even if interrogated, C2 would not be able to identify C1, and so on.)

False Flag Operations. This leads to the so-called “false flag” operation. False Flag is another espionage tradecraft term. It generally refers to a situation in which the person taking the action (whatever it is) thinks they are working for one country (or organization), when in actuality they are working for a different one. The use of cut-outs aids in getting people to provide their services (because they think they are working for someone else), but also aids the process of obscuring the source of any disseminated information.

Wikileaks. So when Julian Assange of Wikileaks says that he did not receive the information from a state party or a representative of a state party, he easily could be telling the truth, or at least the truth as he knows it. This doesn’t really matter, because once the information was released, the GRU had accomplished its purpose.

Intelligence and Unknown

SVR. The third type of operation mentioned briefly in the report is what we might call “classical espionage” conducted through the Russian Foreign Intelligence Service (SVR) Слу́жба вне́шней разве́дки (again you see the verb root “ved” in the last word, from the Latin videre). The report mentions use of Directorate S (Illegals).  Illegals are another espionage tradecraft term that refers to persons inserted into a society, like the United States, under completely false identities, even pretending to be Americans. The popular television series “The Americans” is an example of “illegals”. It also mentions persons who are recruited by the SVR to carry out espionage work. There were little if any details provided, and no examples, except that the report indicates the SVR systematically collected information on the US election system, including information on State election commissions. The report indicates there is no evidence of hacking the polling machines or changing the vote counts.

Other Campaigns

Apart from the actions regarding the election of the 45th President of the United States, the report cites other campaigns, including a few that the Russians believe were directed at Russia. These include the Olympic doping scandal, and release of the Panama Papers. It also describes Russian activities in support of Occupy Wall Street, and campaigns that criticize American democracy as being corrupt and not representative of the people, and that convince people “the media” is providing them false information. The report also argues that RT specials with an anti-fracking message are designed to hinder development of a challenge to Gazprom, the giant Russian energy company that supplies natural gas.

Summing Up

The intelligence report describes a range of public opinion campaigns directed by the government of Russia.  The major bombshell seems to be that the GRU is blamed for hacking the Podesta emails, and then through third parties getting the information to Wikileaks in a way that disguised the origin of the hack.

The remainder of the report describes programs of information (and “disinformation”) that have been in place since the Cold War.

The underlying message of the report is that the overall aim of the Russian campaigns should be seen in a larger context. It was not only to keep Hillary Clinton out of office, but to entirely discredit the democratic liberal order established by the United States in the Post War period. This includes spreading information that makes people believe the entire system is corrupt.

Trump’s Response

The 45th President has stated that although there is evidence a large number of countries hack into the United States, the Russian actions did not change the outcome of the US election. And to repeat, the intelligence report did not come to any conclusions in this regard.

 

 

Highlights of James Clapper Testimony

National Intelligence Director James Clapper; Mike Rogers, the Chief of NSA’s Cyber Command, and Marcel Lettre, a Defense Undersecretary for Intelligence testified today to the U.S. Senate Armed Services Committee. The overall theme of the hearing was supposed to be Russian interference in the recent presidential election in the United States. As it turns out, the intel community has not yet completed its study. Nevertheless, a few notes on the hearing are provided below.

The intelligence community has concluded that Russia interfered with the election and that the plan was directed and planned directly by the Kremlin, including with knowledge of the President of the Russian Federation.

No proof was offered, because to offer the proof would destroy intelligence collection methods.

cyber-war-matrix-001

Cyber War Matrix.

This was a long testimony. Here, the intent is only to report on what was said, that is, the major conclusions that have been made by the intelligence community regarding Russian hacking. The set-up to the testimony by Senator John McCain was tricky. He stated that attacks against election emails were “consistent” with Russian techniques of hacking, but he did not say the hacks were Russian.

2,000,000 personnel records of the U.S. government were stolen by China, according to McCain. “Indecision and inaction” has thus far been the U.S. response. The cost needs to be raised for conducting cyber attacks against the United States. The opening statement from the Democratic side blamed election problems on Russia. These statements were made by Jack Reed, Democrat, Rhode Island, who argued also that Russia takes these actions because democracy is a threat to countries near to Russia, which is in what it claims is its “sphere of influence”.

Marcel Lettre. Threats. DOD defines 5 challenges. Russian coercion and aggression, particularly in Europe. Historic change in Asia Pacific. Risks with China’s destabilizing actions there. Iranian influences in Middle East. North Korea nuclear provocations. And Terrorism fighting, ISIS and Al Qaeda. All of these present a cyber threat.

The DOD strategy is to maintain dominance in this domain. Three missions: Defend DOD networks; giver cyber options to commanders; defend US against cyber attacks. “Cyber Mission Force”  now is operational.

Clapper (DNI). Regarding Russian interference in the electoral process. Said that the Russian tools detailed in the NCCIC report showed how they influenced the election. Russia has increased cyber espionage operations, and has leaked crucial data. China continues to attack US government and US companies. Iran and North Korea continue improve their capabilities. ISIS is using Internet to collect funds, broadcast propaganda, and recruit new members. Cyber attacks can also change or alter information. All of this chips away at the public trust. All instruments of power should be used to respond to cyber attacks. Using cyber to counter cyber attacks. Recommends separating NSA and Cyber Command.

Rogers (Cyber Command and NSA).They are awaiting the findings of a joint intelligence review. Their conclusions still have not been collected. Russian cyber groups have “a history of aggressively hacking into others’ governments”.

McCain first started to discuss Julian Assange. Confirmed that Wikileaks published names of people who had their lives put in danger. No credibility should be attached to his views, according to Clapper, Rogers and McCain.  McCain does not believe Russian actions

“They did not change any vote tallies; we have no way to gage the impact it had choices of the election.” Would that be act an of war if elections were changed? That is a “very heavy policy call”, but it definitely should carry great gravity. No one seems to know what to do if there is a cyber attack. They report it, but remain bystanders.

A “deterrence and response” framework needs to be put into place. There is a conclusion that the Russians interfered in the election. CIA, NSA and DHS will create joint report. They DO conclude that Russia interfered in the election. Rogers (NSA) said largest problem is “speed; speed and speed”.

Fake news sites; fake news stories also were part of Russian actions. A multi-facited campaign. Hacking was only one part of it. It also included classical propaganda,  disinformation, and fake news. Russian’s used “classical tradecraft”, particularly for misinformation, to hide source of the news information.

“People in glass houses should not throw too many rocks”. The attack against the Office of Personnel Management (OPM) was an act of espionage, not a cyber-attack. We do the same type of espionage. “Large data sets have become a particular high priority target” because “it is possible to mine the data”, according to Rogers.

The implication of Clapper’s statement is that cyber-espionage is not an “attack”. This is because every nation does it.

“If there is any connection with the Internet, there is an inherent security vulnerability,” according to Clapper.

Senator Nelson (Florida) compared cyber war to nuclear war. He argued that there is “no deterrence” in the field of cyber. A cyber response to a cyber act “may not be the best response”, according to Clapper. Also, you never know “what kind of cyber-retaliation” will be bought back from the other side. “All instruments of national power” should be used.

If a country launches a cyber counter-attack, then it is necessary to use the infrastructure of other countries, and this brings up a variety of legal issues.

Senator Claire McCaskill, Missouri Democrat, was highly critical of any contact with Assange. He is under indictment by Swedish government for sexual crimes. He exposed information that put people at risk. The “people in the intelligence community do not have much respect for him.”

Conclusions

The intelligence community has not yet completed its report. There appears to be a significant amount of evidence that Russia participated in the election, but there is no hard evidence yet presented. The key actors that oppose the United States are (1)~Russia; (2)~China; (3)~North Korea; and (4)~Iran.

One theme emphasized several times was that there is little strategy developed for responding to cyber attacks. “We don’t have a strategy.”  Also, the coordination needed for a response is very complicated, and takes too long. This prevents the United States from have a coherent and effective response to a cyber attack. “We are being hit repeatedly because the benefits  outweigh the cost”.

There also were indications that the intel community may have an idea of what happened inside the Kremlin. This will not come to light, because it obviously would give away too much information about “sources and methods” of intelligence collection.

In addition, there is no policy of responding to acts of espionage because we do the same.

Bottom line: The current thinking is that the Russians at the highest levels approved of and directed the hacking campaign against the United States. In this context, it means President Putin himself. This is not really good news. Clapper sees Russian actions as being in the same tradition as the Cold War, like what happened in the 1960s.

Below is a rough sketch of the categories of cyber activities under discussion.

 

Prospects for Cyber Arms Control

There are two ways to think about the election hacking. First, there are arguments that political activity should be considered to be a “critical infrastructure”, and the consequence of this would be that such hacking would be considered to be an aggressive attack against the country. Second, the current line of thinking is that espionage (passive information collection) should be separated from collection of commercial industrial espionage, or political interference.

In the Cyber War Matrix, above, cyber arms control would apply to the warfare rows. There will never be any international agreement to limit espionage or active measures.