cyberarmscontrolblog

International Agreement for Control of Cyber Weapons

Category: CYBER ATTACK

April 2, 2017

Cyber Defense Triad

In the deterrence theory of nuclear war, the “triad” is an essential concept. It refers to three different delivery platforms for thermonuclear weapons.

  1. Land Based –– Intercontinental Ballistic Missiles (ICBMs) are located in silos scattered around the United States, and perhaps in other places as well.
  2. Air Based –– Intercontinental Strategic Bombers such as the B-2 will fly to their targets and delivery the thermonuclear weapons.
  3. Sea Based –– Submarine Launched Ballistic Missiles (SLBMs) are launched from submarines, which are exceedingly impossible to detect.

In a typical scenario, the United States is attacked by incoming thermonuclear weapons. The land based missiles are destroyed. Many strategic bombers are caught on the ground and also destroyed.  Those bombers that are heading to their targets are shot out of the air.

Still, the SLBMs will be launched, and that force alone is enough to completely destroy the attacker, no matter how large they are.

As a result, any attacker is assured that if they attack, then they definitely will be destroyed also.  This is the basis for nuclear deterrence, and the basis for the world’s peace that we have enjoyed since the beginning of the nuclear age.

The Cyber Defense Triad

Since 9/11, the United States has made a very large investment in national security.  It has prepared not only for fighting terrorism overseas, but also for fighting it inside the United States.  This has resulted in a blurring of responsibilities between more than 3,984 federal, state and local organizations that are involved in anti-terrorist activities. Doing the math, that is more than 76 anti-terrorist organizations per state.

By taking out a small subset of these organizations, we can see the organizations involved with cyber security and cyber warfare. See Figure 1.

CYBER-DEFENSE-TRIAD.001

Figure 1 – The Cyber Defense Triad.

The two major government organizations responsible for cyber security are the Department of Defense, and the Department of Homeland Security. These organizations are supported by the intelligence establishment of the Office of the Director of National Intelligence, which sit on top of the eighteen (18) intelligence organizations operating in the United States.

One of the peculiar problems of cyber defense is the blurring of national borders. It is actually almost meaningless to think of a national border.  So in a sense, the dividing up of responsibilities between the Department of Defense and Homeland Security is archaic. You will notice that no such division exists in Russia.  (See previous post on Russian Cyber Defense Doctrine.)

But looking at this complex web of cyber defense capabilities, one wonders how well it will really work when under extreme pressure of a major cyber incident?

Cyber Deterrence Theory

It is an open question regarding whether or not the cyber capabilities that have been deployed by the United States are capable of cyber deterrence. Given the massive number of cyber attacks that have been reported, the answer is “no”.

Cyber Deterrence Theory needs more exploration. See future blog entries.

 

Leave a comment
March 30, 2017

USA –– The World’s Cyber Superpower

A Cyber Superpower

The United States of America is the World’s cyber superpower.

History shows that the revolution in computing and information technology started not in the United States, but instead in England. But as the onslaught of the Second World War began to dim the starched and crusty sun of the British Empire, the world’s center of computing innovation shifted to the United States, and has never left. Today, the United States has emerged as the world’s cyber superpower. No other country comes close, in fact, the rest of the world added up together does not equal the cyberpower of the United States. Nevertheless, with cyber-greatness, comes cyber-vulnerability, and thus the United States faces many challenges going forward.

Technology Growth and Innovation

Birth of Computing. The foundations of computing were defined by Alan Mathison Turing (1912-1954), an English mathematician in his paper “On Computable Numbers, with an Application to the Entscheidungsproblem” delivered to the London Mathematical Society in 1936. After a long discussion, he writes “If this is so, we can construct a machine to write down the successive state formulae, and hence to compute the required number.” (Don’t try to read the paper unless you know a great deal of math.  A better explanation is found in Andrew Hodges book “Alan Turning: The Enigma“.)

Turing was recruited to work at Bletchley Park, the center of the UK’s codebreaking operation during the Second World War. The central challenge was learning how to break the enigma coding machine. Turing and his team built the world’s first electro-mechanical machine to break the code (bomba kryptologiczna [Polish]). Eventually the German Navy deployed an improved enigma machine with more coding rotors. This blunted the English effort.

Nevertheless, the United States Naval Computing Machine Laboratory at a secret location in Dayton, Ohio started work on a more advanced code-breaking machine using vacuum tubes. You can see a picture of the U.S. Navy Cryptanalytic Bombe at the National Security Agency’s (NSA) National Cryptologic Museum here. The Museum has a picture of coding rotors on its facebook page here. This project was located in “Building 26” on the campus of the National Cash Register Machine company. This is where the future founder of IBM worked.

Growth of Computing. The history of computing is long, but most of the book was written in the United States. In particular, the release of the IBM System 360 included the first operating system. Mainframe computers, minicomputers, personal computers, handheld computers, integrated circuits, and so on. Much of this evolution was powered by companies in Silicon Valley, but also around Route 128 in Boston. As a note, much work in development of supercomputers was funded by NSA, especially the work of Seymour Cray.

Telecommunications and Networking. Most of the world’s innovation in telecommunications and networking has occurred in the United States. There is no need here to retell the long history of developments: Telegraph, Telephone, Radio & Television, Satellite, Internet, Mobile Cellular Technology. (See Desmond Chong’s comments here.) The Internet now connects most citizens of the world. (See: Internet Society report here.) From 1992 to 2015, the number of websites grew from 10 to 863,105,652 and from 1993 the number of Internet Users grew from 108,935 to 3,185,996,155. (See Internet Live Stats.)

This growth of “cyberspace” in effect has created an entirely new virtual geography for conflict between nation states.

Control of Cyber Infrastructure. Apart from manufacturing much of the technology, US companies produce the software, cloud systems, other Internet based services, and social media systems that dominate the world. There is no European Google, for example. Companies such as Google, Facebook, Twitter, Microsoft, IBM, Apple and others dominate the world’s ICT landscape.

Emergency Response to Cyber Attacks

In the Post-9/11 world, the United States has built up and incredible infrastructure to defend against terrorism and respond to it promptly once it occurs.  These investments envision threats from weapons of mass destruction, lone wolf terrorist attacks, Electromagnetic Pulse (EMP), and cyber attacks. A few days after the September 11th attack, the US Congress handed over to the executive $40 billion dollars to “get started” on building these defensive systems. Then it wrote another check and another. The total amount invested is classified.

Investments were made in two direction; foreign intelligence, and emergency response in the homeland.  Although the development of foreign intelligence capabilities using cyber espionage is secret, revelations from illegal criminal leaks published by the traitor Edward Snowden and the brutal Wikileaks, plus high quality yet legal investigative reporting by authors such as Dana Priest and William M. Arkin (Top Secret America: The Rise of the New American Security State) suggest the incredible capabilities of the United States.

  • A large amount of all Internet traffic worldwide is intercepted, stored, and subjected to analysis by organizations such as the National Security Agency (NSA).
  • A large amount of telephony traffic is intercepted and stored, then used for analysis of a number of problems.
  • Breakthroughs in artificial intelligence and other innovations in software have greatly expanded the effectiveness of intelligence analysis (although there are constant complaints that much more information is being collected than can be analyzed).
  • In response to the threat of terrorism, the USA has greatly increased the integration of law enforcement and intelligence gathering and analysis by building fusion centers linking local and state resources (police; emergency response) into the Federal Government.
  • The U.S. Military has been tasked with responding to threats that occur within the United States (and this requires it to collect and analyze threat data originating from within the country).

To put it in simple terms, apart from its not inconsiderable activities overseas, the United States has trained its military to fight, defend infrastructure, and collect intelligence within the United States itself.

Result: There has been a blurring of lines of responsibility between local, state, and Federal efforts to fight a cyber war.

The result is a nation state with dominant cyberpower:

  1. Control over the bulk of cyber technology.
  2. Largest and most sophisticated intelligence collection and analysis systems.
  3. World wide response capabilities, both kinetic and cyber, both offensive and defensive.
  4. The largest penetration into cyber networks around the world.
  5. Highest level of integration between cyber intelligence and cyber response.

Since 9/11, the United States in the cyber arena likely has invested more than 25 times as much as any nation that is in a distant second place. There is a cyber arms race, and the United States is winning, and will continue to do so for the foreseeable future (providing it keeps investing, as it probably will).

What is “Cyber Power”?

It is difficult to have an undisputed definition of cyberpower, but as a starting point, we can say that for a nation state, it may be defined by the following factors:

  1. w1 – The number of cyber-weapons deployed and under the control of the nation-state.
  2. w2 – The percentage of zero day cyber weapons deployed and under the control of the nation-states.
  3. p1 – The maximum number of cyber warfare operators per capita that are on duty under peak deployment.
  4. p2 – The maximum number of volunteer or militia cyber warfare operators that may be deployed to support the government.
  5. Rg – The number of websites that may be attacked by government cyber fighters.
  6. Rp – The number of websites that may be attacked by militia cyber warfare operators.
  7. e1 – The number of emergency response centers dedicated to monitoring cyber attacks and coordinating response.
  8. e2 – The number of emergency response centers with cyber-response capabilities.
  9. e3 – The number of emergency response centers with capabilities to respond to secondary targets of a cyber attack, e.g., infrastructure damage, but with no cyber capabilities.

Cyberpower might be estimated as follows:

(9[w2w1]+[w1-9{w2w1}]+3.5p1+p2) * (Rg+.6Rp) + (.9e1+.4e2+.15e3)

Getting this type of data, applying proper quantification and operationalization of the relationships, however, is somewhat problematical, to say the least.

Lingering Challenges Going Forward

Government and Private Sector Coordination. The United States has a peculiar arrangement whereby the government is responsible for defense of the nation, but is unable to control how private enterprises, and the private sector in general, avails itself of defensive technologies. The private sector is left to defend itself.  For example, Under the National Security Agency (NSA), the Cyber Command (“Cybercom”) component is responsible for development of both offensive and defensive cyber weapons. However, it is not clear at all how and under which specific circumstances the power of Cyber Command would be used. See Figure 1.

CYBER-ATTACK-RESPONSE.001

Figure 1 –– Attack and Defense in Cyberspace. The US Government (NSA’s Cyber Command) is tasked with defending the U.S. Government from cyber attacks. But in case of cyber attacks against important private sector components, including infrastructure, there is no clear role or authority.

As of 2018 Cyber Command should have a 6,200 member force.  It is under the command of the U.S. Strategic Command, which also is in charge of the USA’s nuclear weapons. This number, 6,200 might possibly be only a fraction of the true size of Cyber Command, considering that it is common practice in  many parts of the U.S. government, including the military, to make extensive use of outsourcing and subcontractors to get its work done. If the government employee/subcontractor ratio for other parts of the government is applied to Cyber Command, then a force of 27,900 might be more realistic.

Since it operates under the auspices of the National Security Agency (NSA), Cyber Command has responsibility for protecting the communications, including data communications and thus data processing and ICT infrastructure, of the United States Government. Presumably this means that should government ICT infrastructure come under attack from another nation state, Cyber Command could respond. The rules of cyber war are not yet worked out because it is difficult to have a “cyber war”, without any real “war”. And if there is not real “war”, then presumably government weapons would not be used to fight the conflict.

This leaves a vulnerability for the United States. If the private sector, including the USA’s vast infrastructure (electricity, transportation, finance, business process computing, communications, distribution), came under attack, it is not clear that the NSA would respond. Perhaps it has standing orders to aid the private sector, but it is difficult to see how this could happen except through the mechanism of providing warning and advice to victims of cyberattacks.

It is possible that cyber militia might be used by either the private sector or by the government, but there is not much known about this possibility, and in any case, there would be legal and regulatory barriers for this to be done by the government.

This leaves open the challenge of coordination.

Focus and Coordination. Within the U.S. government, as well as the states and local jurisdictions, a large number of fusion centers and other points of shared operational responsibility has been developed and deployed. Everything from response to a chemical biological attack to a full scale nuclear war has been prepared for. There is a particularly vigilant infrastructure in place to handle the aftermath of a severe terrorist attack against any community.  But these centers specialize in different areas: some on electricity, others on public health, terrorism, or a number of other focus area. They have different degrees of cyber defense and response capabilities, if any at all.

But we can be sure that in any cyber emergency, it will be very difficult to coordinate the activities of these many centers and there is no integrated cyber response plan to do so.

Effectiveness Against Cyber Attack

So looking below at Figure 2, we might hypothesize that there is an optimum number of centers of cyber excellence that determines the level of effectiveness against a cyber attack. In the initial stages of build-up, there is a rapid rise in effectiveness.  But if too much is built, the response teams will face increasing difficulty in coordinating their response, and the effectiveness will start to fall, even as investments continue to rise.

RESPONSE-EFFECTIVENESS.001

Figure 2 – Too much cyber defense might weaken the overall national efforts. Response to cyber attacks are coordinated a various national centers. As the number of these centers increases, the effectiveness of response increases, but never becomes perfect. But it never approaches perfect. At some point further increases in cyber response centers weakens national cyber defense because of the cost of coordination.

Control of the Proliferation of Cyber Weapons

Cyber Arms Control.  Understanding the prospects of cyber arms control must be based on realistic assumptions about nation state motivation. when seeking international agreement, the cardinal rule is that no nation state will support any regime that does not yield it a benefit. So any international convention to control the proliferation of cyber weapons most present some advantage for each nation in acquiescence. A “win-win” scenario, to use popular game theory lingo. So from the point of view of the United States, we must examine if it is possible to identify any specific advantages from such a treaty. Here are a few to consider:

  1. Uncertainty Mitigation. The exchange of information between nation states, even if imperfect (as it certainly will be), will lessen the uncertainty surrounding a potential cyber attack or cyber war.  This is because it will be necessary to keep a tab on the development of new cyber weapons by competing nation states. In addition, an international warning and coordination system for potential cyber war will enable the USA to better allocate the correct forces for the attack. In the absence of mutually exchanged information concerning the cyber weapons arsenals of the USA’s strategic competitors, there will be a tendency to over-build cyber-weapon counter-measures, thus wasting resources, and leading to further uncertainty. Finally, getting an insight into the cyber warfare operations and capabilities of its strategic competitors (China and Russia) will be less problematic and more accurate than obtaining an incomplete picture using traditional espionage and intelligence collection methods. In general, any regime that can lessen uncertainty in cyber war would be a stabilizing factor.
  2. Law Enforcement. International enforcement against cyber-based crime currently faces many serious obstacles. A short list includes: (1) extradition of cyber-criminals from one jurisdiction to another; (2) rules of evidence that are internationally recognized; (3) attribution of criminality and responsibility; and (4) variances in definitions of crimes. By putting in place the type of government-to-government coordination required for a successful cyber arms control regime, part of its function, by necessity, would be to distinguish nation-state originating weapons from other cyber abuses. Since these other abuses are by default the responsibility of criminals, this would enhance international coordination and law enforcement to bring them to justice.

 

Leave a comment
March 22, 2017

Cyber Deterrence Theory – Why Cyber Weapons Are More Dangerous Than Nuclear Weapons

Deterrence in the Nuclear Age

Deterrence is found between nation states when an aggressive action by any nation is discouraged because of doubt or fear of the consequences.

BRODIE-RAND-DETERRENCE.001

Figure 1 – Cover page of the 1958 RAND report on Deterrence written by Bernard Brodie.

The concept of deterrence was created in the late 1950’s by analysts such as Bernard Brodie who was working at the RAND Corporation “think tank” in Santa Monica, California. He and his colleague Herman Kahn was developing a system of theoretical frameworks that could be used to understand the implication of thermonuclear war using Intercontinental Ballistic Missiles (ICBMs) and other delivery systems.

At that point in time, the United States was reeling from the psychological shock of Sputnik 1 (Простейший Спутник-1), a satellite that the Soviet Union placed into an elliptical Earth orbit in October 1957.  The “Space Race” was on, and the Soviet Union had a substantial lead over the United States.

Although Sputnik was designed to orbit the earth and emit a 20 and 40 MHz signal, the shock to the United States was not caused merely by the Soviet Union’s ability to place a small radio transmitter in orbit to broadcast for 21 days.

This was 1957, there were no computers, no electronic calculators.  All mathematical calculations were made using slide rules. There was no CAD-CAM; all engineering work was done on paper. Engineers used drafting tables.

The shock was in the accuracy. If the Soviet Union could manage to be precise enough to place a small radio broadcasting satellite into a stable orbit, then it had the skills to be accurate enough to send a thermonuclear weapon to the mainland of the United States. The accuracy was enough to place Sputnik into orbit, and enough to drop an atomic bomb on a U.S. metropolitan area.

Shortly thereafter, the United States and the Soviet Union greatly increased production of nuclear weapons and ICBMs. The number of atomic bombs became so great that it would have been possible for the Soviet Union easily to extinguish all life on planet earth.

That is, in the mid-1960s, the United States had deployed approximately 31,000 nuclear bombs. By the late 1980s, the Soviet Union had deployed 40,000 nuclear bombs.  Considering that there are only 260 or so large cities in the United States, the threat of 40,000 nuclear bombs was overwhelming.

In today’s world, people do not think much about nuclear weapons. Countries such as Iran that are engaged in violating its treaty obligations and developing nuclear weapons argue that they have a “right” to do so, but they have no such right.

This is because nuclear weapons are too dangerous to allow them to spread. Here is an example that frequently was given by Professor Geoffrey Kemp in his lectures at the Fletcher School of Law and Diplomacy. For some reason, he always like to use the MIT swimming pool in his story.

“It is an October day. The beautiful New England sky is clear and dark blue. Not a cloud to be seen. A nuclear weapon explodes approximately 20,000 feet above the MIT swimming pool. What would be the consequences? Let us first think of only the heat. Take a compass and a map. Draw a circle around the MIT swimming pool. Go out 235 miles as a radius in every direction. The heat of the explosion alone would cause everything within that circle to spontaneously burst into flames. And that is before any of the blast effects were felt.”

With a radius of 235 miles, this blast area would be 173,494 square miles. The United States is 3.797 million square miles. Incredibly, it would take the Soviet Union only 22 weapons to burn the entire surface of the United States. That would leave it with 39,980 weapons remaining. We could do the same math with the Soviet Union. With its size of 8.65 million square miles, it would cost the United States only 50 bombs to burn the entire surface of the Soviet Union, leaving it with 30,950 weapons remaining.

Now these calculations could be a little off, but you should get the point.

So in the nuclear age the theoretical question being considered in sunny Santa Monica was how to avoid having the United States destroyed. The larger question was how to avoid having the entire earth incinerated.

Mutually Assured Destruction (MAD)

Eventually the superpowers settled on a type of balance of power. It was not the “classic” balance of power that had been re-established at the Congress of Vienna (Wiener Kongress) in 1815 after the trauma of the Napoleonic wars.  The nuclear age was to have a different balance of power. Each nation would know that if it attacked another, then there would remain enough thermonuclear weapons on the other side to assure that the attacker themselves would be destroyed in retaliation.

This is guaranteed by the “triad” of delivery systems: The Air Force, the fleet of Intercontinental Ballistic Missiles (ICBMs), and the Navy’s Submarine Launched Ballistic Missiles (SLBMs). In a worst case scenario, if the entire continent of the United States were incinerated and every human being killed, still the U.S. Navy’s nuclear submarine fleet hiding always in the ocean would be able to launch a devastating counter-strike against the Soviet Union. And the USSR built a submarine fleet to provide it with the same retaliatory capability.

And that is the essence of “deterrence”. Neither side will attack the other with nuclear weapons, because it is reasonable certain that it will get the same back. Like the final statement of the computer in the movie “War Games”, the best move is not to play at all.

So we should be thankful about nuclear weapons. Because they have kept the peace and ensured that there was no outbreak of war between the superpowers.

Applying Deterrence Theory to Cyber Warfare

Is it possible to have deterrence in the cyber arena?  First, we need to think about a few of the differences between nuclear and cyber weapons.

Destructive Capability. The destructive capabilities of nuclear weapons are well known. They have kinetic blast effects, heat effects, and radiation poisoning effects. They are designed to destroy infrastructure, or other weapons systems. The calculation of destructive capabilities is well understood. The “Circular Error Probable” (CEP) value which measures the probability that the weapon will explode within a certain range of its target is almost as important as the strength of the blast, since proximity can leverage the inverse square law. In contrast, cyber weapons can have both logical and kinetic effects. By “logic” effects, we refer to destruction or alteration of programmable code or other data, and then the secondary “downstream” effects that are generated. In cyber, a “kinetic” effect is a downstream effect of a cyber event. For example, the Stuxnet virus is said to have caused Siemens programmable logic controllers to trigger a destruction of the Iranian centrifuge machines.

Attack Focus. In nuclear weapons, the kinetic, heat, and radiation effects are centered around the impact point of the explosion. Anything, any system either mechanical or biological within the effect range will sustain damage. The degree of damage falls off exponentially as we move away from the site of the explosion. In contrast, cyber weapons do not necessarily have a point of impact. They can have similar effects across very large geographical areas. As long the system is compatible in logic with the cyber weapon’s capabilities, they be anywhere.  So for example, a nuclear weapon can destroy an electricity production complex; but a cyber weapon can cause destruction or disruption across a geographically distributed electricity or banking grid. A nuclear weapon will destroy everything within its range; a cyber weapon can reap massive destruction to a specific system, but leave everything else in the area untouched.

Visibility of Attack Delivery Phase. Apart from a hidden “suitcase bomb”, the delivery of strategic nuclear weapons is visible. Aircraft (strategic bombers) and ICBMs or nuclear cruise missiles can be detected by radar, although stealth aircraft are more difficult to see. Of course the “reaction time” for responding is a considerable problem. For an SLBM attack against the United States, there may be only 10 minutes or so to respond. The visibility, however limited, probably allows the receiving state to determine the origin of the weapon, and this enables it to target its response and retaliation. So there is a delivery phase of a nuclear attack. With cyber weapons, this delivery phase is not visible. There are two aspects to this: First, it is possible to disguise cyber weapons so that even when they are identified, their source is not known; Second, an additional factor is that with nuclear weapons, there is a delivery time governed by the physics of moving a bomb across the planet. With cyber weapons, delivery takes place more or less instantaneously.

Covert Cyber Weapons Caches. During the Cold War, it was said that the Soviet Union had pre-positioned caches of arms or other destructive items in various places across the United States. These were designed to be available to Non-Official Cover (NOC) agents who would be “activated” in case of a war. This tactic is also said to have been used by the Soviet Union against European targets in the interwar period, and also by the United States. With cyber weapons, the pre-positioning of malicious code means in essence that the payload already has been delivered. There is no delivery phase, and it certainly is not visible. So it is reasonable to assume that any cyber-superpower already has positioned significant numbers of cyber weapons inside the infrastructure of its potential enemies. Therefore, the weapons should be able to attack without warning.

Destructive Effects. Nuclear weapons: (1) kinetic; (2) heat; (3) radiation poisoning. Cyber weapons: (1) kinetic; (2) logical.

Level of Uncertainty. The level of uncertainty for strategists is greater for cyber than for nuclear. This not to discount the considerable uncertainty surrounding a scenario of thermonuclear war. Nevertheless, we can say that the Mutually Assured Destruction (MAD) principle means we can be sure that if a major confrontation breaks out, then both sides will sustain unacceptable levels of damage, regardless of who was the aggressor. In contrast, there is no such certainty with cyber weapons.

To quote Brodie:

“It is a truistic statement that by deterrence we mean obliging the opponent to consider, in an environment of great uncertainty, the probable cost to him of attacking us against the expected gain thereof.” (p.11)

If the Russian Federation makes a decision to launch a cyber attack against the United States, then given the great amount of uncertainty, how can it estimate what the U.S. response will be, and how much “cost” or damage it will be required to suffer, and after that, what will be its expected gain? The same is true for the United States. It if decides to launch a cyber attack against China, then how does it estimate what the Chinese are capable of doing in retaliation, and after that, how can it assess the potential gain?

Conclusion – Cyber Weapons Are More Dangerous Than Nuclear Weapons

Cyber War is Mutually Un-Assured Destruction (MUD). We only can  conclude that the level of uncertainty is so great in cyber that there is no assurance of destruction of the attacking party, and no way to estimate how much “cost” would need to be paid by the attacker as it weathers the retaliation of its victim; thus there is no way to understand whether or not there would be any potential gain.

So the implication of this is that cyber weapons appear to be more dangerous that nuclear weapons because of the level of uncertainty inherent in their deployment and potential use. This means by extension that at least for the time being, the concept of “balance of cyber power” is not a feasible concept.

In future posts, we will examine a number of cyber-war scenarios.

 

 

 

 

 

 

 

 

Leave a comment
January 23, 2017

Escalation Levels in Cyber War

Cyber Readiness Levels

Cyber war may be thought of as a low-level type of conflict. In its initial stages, it does not have an offensive nature, but instead is focused more on intelligence collection.

Intelligence collection. There are two aspects: (1) the collection of specific pieces of information (data) that can be used later as an input into intelligence analysis; (2) collection of macro-information that helps to make a “cyber map” of the information space of the enemy. This would include understanding of (a) the major networks and components of the enemy cyber structure; and (b) the types of a characteristics of vulnerabilities of the enemy cyber structure.

cyber-conflict-intensity-001

Figure 1 – Levels of Readiness for Cyber War. Kinetic, Information and Cyber Operations stand in a general hierarchy leading to increased levels of violence.

Active Cyber Disruption. The second level of cyber operations is more aggressive and offensive in nature. At this level, cyber weapons are deployed for specific purposes of disruption.

Information Operations. Beyond cyber, any national defense campaign employs the use of propaganda, information operations, disinformation, or other tools, in order to shape the psychological environment both of the target country, but also of the national audience. Information operations involve the placement into the meme-space of alternative ideas, the objective of which is to compel public opinion to move in a way more favorable to the originator’s way of thinking. Propaganda and information operations are a well-known tool of statecraft.

Kinetic Operations. After the battleground has been prepared by cyber and information operations, the next level of actual military conflict. Killing people, destruction of property, and other arts of classical warfare. In all nations, this level of conflict is seen as being the “last resort”, an action taken when all other means fail in solving the national conflict.

cyber-attack-escalation-001

Figure 2 – Levels of Escalation of Cyber War. Prior to initiating cyber attacks, there are several precursor levels of escalation.

Levels of Escalation of Cyber War

There are at least five (5) levels of preparation before offensive cyber operations begin.

General Intelligence Collection. Cyber has emerged as a major tool of intelligence collection. Economic, military, and government intelligence can be collected through cyber in a way that is at least two orders of magnitude less expensive than any other means. The use of automation in particular can change the need for specific targeting (because web-bots can simply scan everything). In addition, collection can be asynchronous; that is, information can be collected for use later, even though when it is collected, there is no specific purpose to get it.

Targeted Intelligence Collection. More specific cyber intelligence is collected with there is a known target. Examples would be a specific person, or a specific facility (government, commercial, military). Cyber can either be a support for other means of technical intelligence TECHINT, or can itself be a tool, e.g., cyber could be used to support collection of MASINT (Measurement and Signature Intelligence), FISINT (Foreign Instrumentation Signals Intelligence). Targeted intelligence collection occurs when a tangible and known threat has been identified.

Cyber Target Preparation. Once cyber targets have been identified, a number of steps must be taken to perfect the attack. This means testing or simulating the attack on a mock-up copy of the target, and if necessary placing into the target cyber infrastructure (such as a server, control device, or other location) of malware that can be activated when needed. It is crucial that the cyber attack profile of each target be identified and verified prior to launching an attack.

Preparation of Disinformation. Planning and preparation for disinformation actions. This involves changing information, inserting information, destruction of information, or denial of access to information.

At this point preparations have been put in place. Malware is positioned, and relevant information has been collected analyzed.

Initiation of Cyber Attack. The active phase of the cyber attack begin. Keep in mind that in a nation-state confrontation, this refers to initiations of hundreds of targets at the same time.

Cyber Command and Control. Any successful cyber program must have some type of command and control structure to (1) control initiation of attacks; (2) monitor performance and effectiveness of attacks; (3) monitor the overall cyber conflict and be able to report on lethality (effectiveness) of attacks.

Leave a comment
January 20, 2017

Russian Cyber War Doctrine

What is the Cyber War Doctrine of the Armed Forces of the Russian Federation? Examining The Military Doctrine of the Russian Federation, we can see a number of references to the information aspects of war. Below we examine the Russian Military Doctrine of 2010 and compare it to the updated version published in 2015.

Analysis of Russian Cyber War Doctrine

Much of Russian cyber military doctrine is similar to what we would find in the United States. For example, there is an emphasis on the role of information technology in command and control. There also is a specific emphasis placed on development of advanced weaponry using cyber. In addition, the Russian military is charged with protecting the information infrastructure of the Russian Federation.

But it appears that Russian military doctrine defines the cyber and information aspects of warfare in a considerably broader way than in the United States. Here are a few examples:

Information Actions Precede Combat Action.  Before being used, Kinetic force (traditional military action) is to be preceded by all other non-violent instruments of statecraft. Information operations (cyber operations), therefore, are viewed as a precursor to kinetic warfare.

russia-cyber-doctrine-001

Figure 1 –– Differents function of cyber in Russian military doctrine. The references refer to parts of the official Russian Military Doctrine published in 2015(*). These are translated below.

Protection of Russian Territory Includes Information Territory. Apart from protecting the physical territory of Russia, the concept of territory has been extended to include “cyber space” or “national cyber space”, and the military is specifically tasked with protecting all of the cyber space within the Russian Federation.

Cyber Weapons Are Viewed as Increased Threat. In the Russian view, the conventional (including nuclear) strength of the Russian military is such that it is less likely Russian will receive a conventional attack. Paradoxically, the Russians view this as increasing the risk that Russia will be attacked through communication and information technologies. It is a cyber version of guerilla warfare.

Very Broad Definition of Cyber Attack. The type of cyber incident considered by be an “attack” is very broad. It needs only to have an effect on political independence or sovereignty. Any attack against infrastructure also is included. This would cover denial-of-service, or malware. But if a cyber incident has a destabilizing effect on the “social” or “political” situation, then it also is considered to be an attack.

Spiritual and Patriotic Traditions Protected Against Cyber Attack. An information incident can be classed as a “subversive information activity” if it is “aimed at undermining” the opinions of young citizens towards “historical, spiritual and patriotic traditions”. This would mean, for example, that it is the duty of the Russian military to protect Russia against information that undermines Russian traditions.

The Non-Military Population Can be Used for Cyber Defense. The Russian military is empowered to work with non-military elements in Russia for the purpose of taking “information” measures for defense. This refers to the “army” of civilian hackers that work ostensibly outside of government control.

Cyber Attacks Are Authorized Anywhere. The Russian military is authorized to launch a cyber attack (defensive action) against the enemy anywhere in the “global information space”, e.g., not only within the territory of the enemy state.

Cyber Weapons “Indirect and Asymmetric” in Nature. Cyber weapons, and other means, are viewed as being potentially indirect and asymmetric in their utility. In this case, “asymmetric” means “low cost; high impact” or “low cost; high defensive cost”.

Information Operations. The Russian military is empowered to engage in information operations that are aimed at influencing public associations and political groups. The military is empowered to “neutralize” threats through political and non-military means. This is a very broad mandate.

Cyber Espionage is Doctrine. The use of information technology and “modern technical means” is authorized for assessment and forecasting. This is the classical function of foreign intelligence operations.

Control Over Internet to Protect Third Countries. The military is empowered to take steps to make it impossible for any force to use information and communications technologies to influence sovereignty and political independence not only of Russia, but of other states as well.

Excerpts from Russian Cyber Military Doctrine

(The operative terms are underlined.)

Part I §5. The Military Doctrine reflects the commitment of the Russian Federation to taking military measures for the protection of its national interests and the interests of its allies only after political, diplomatic, legal, economic, informational and other non-violent instruments have been exhausted. (В Военной доктрине отражена приверженность Российской Федерации к использованию для защиты национальных интересов страны и интересов ее союзников военных мер только после исчерпания возможностей применения политических, дипломатических, правовых, экономических, информационных и других инструментов ненасильственного характера.)

Part II §11. There is a tendency towards shifting the military risks and military threats to the information space and the internal sphere of the Russian Federation. At the same time, despite the fact that unleashing of a large-scale war against the Russian Federation becomes less probable, in a number of areas the military risks encountered by the Russian Federation are increasing. (Наметилась тенденция смещения военных опасностей и военных угроз в информационное пространство и внутреннюю сферу Российской Федерации. При этом, несмотря на снижение вероятности развязывания против Российской Федерации крупномасштабной войны, на ряде направлений военные опасности для Российской Федерации усиливаются.)

The main external military risks are:
Part II §12(k)(l) use of information and communication technologies for the military-political purposes to take actions which run counter to international law, being aimed against sovereignty, political independence, territorial integrity of states and posing threat to the international peace, security, global and regional stability; (использование информационных и коммуникационных технологий в военно-политических целях для осуществления действий, противоречащих международному праву, направленных против суверенитета, политической независимости, территориальной целостности государств и представляющих угрозу международному миру, безопасности, глобальной и региональной стабильности;)

13. The main internal military risks are:
Part II §13(a) activities aimed at changing by force the constitutional system of the Russian Federation; destabilizing domestic political and social situation in the country; disrupting the functioning of state administration bodies, important state and military facilities, and information infrastructure of the Russian Federation; (деятельность, направленная на насильственное изменение конституционного строя Российской Федерации, дестабилизацию внутриполитической и социальной ситуации в стране, дезорганизацию функционирования органов государственной власти, важных государственных, военных объектов и информационной инфраструктуры Российской Федерации;)

Part II §13(c) subversive information activities against the population, especially young citizens of the State, aimed at undermining historical, spiritual and patriotic traditions related to the defense of the Motherland; (деятельность по информационному воздействию на население, в первую очередь на молодых граждан страны, имеющая целью подрыв исторических, духовных и патриотических традиций в области защиты Отечества;)

Characteristic features and specifics of current military conflicts are:
Part II §15(a) integrated employment of military force and political, economic, informational or other non-military measures implemented with a wide use of the protest potential of the population and of special operations forces; (комплексное применение военной силы, политических, экономических, информационных и иных мер невоенного характера, реализуемых с широким использованием протестного потенциала населения и сил специальных операций)

Part II §15(b) massive use of weapons and military equipment systems, high-precision and hypersonic weapons, means of electronic warfare, weapons based on new physical principles that are comparable to nuclear weapons in terms of effectiveness, information and control systems, as well as drones and autonomous marine vehicles, guided robotic weapons and military equipment; (массированное применение систем вооружения и военной техники, высокоточного, гиперзвукового оружия, средств радиоэлектронной борьбы, оружия на новых физических принципах, сопоставимого по эффективности с ядерным оружием, информационно-управляющих систем, а также беспилотных летательных и автономных морских аппаратов, управляемых роботизированных образцов вооружения и военной техники)

Part II §15(c) exerting simultaneous pressure on the enemy throughout the enemy’s territory in the global information space, airspace and outer space, on land and sea; (воздействие на противника на всю глубину его территории одновременно в глобальном информационном пространстве, в воздушно-космическом пространстве, на суше и море)

Part II §15(f) enhanced centralization and computerization of command and control of troops and weapons as a result of transition from a strictly vertical system of command and control to global networked computerized systems of command and control of troops (forces) and weapons; (усиление централизации и автоматизации управления войсками и оружием в результате перехода от строго вертикальной системы управления к глобальным сетевым автоматизированным системам управления войсками (силами) и оружием)

Part II §15(i) use of indirect and asymmetric methods of operations; (применение непрямых и асимметричных способов действий)

Part II §15(j) employment of political forces and public associations financed and guided from abroad. (использование финансируемых и управляемых извне политических сил, общественных движений)

Part III §21(a) to assess and forecast the development of the military and political situation at global and regional levels, as well as the state of interstate relations in the military-political field with the use of modern technical means and information technologies; (оценка и прогнозирование развития военно-политической обстановки на глобальном и региональном уровне, а также состояния межгосударственных отношений в военно-политической сфере с использованием современных технических средств и информационных технологий)

Part III §21(b) to neutralize potential military risks and military threats through political, diplomatic and other non-military means; (нейтрализация возможных военных опасностей и военных угроз политическими, дипломатическими и иными невоенными средствами)

Part III §21(s) to create conditions to reduce the risk of using information and communications technologies for the military-political purposes to undertake actions running counter to international law, directed against sovereignty, political independence or territorial integrity of states or threatening international peace and security, and global and regional stability. (создание условий, обеспечивающих снижение риска использования информационных и коммуникационных технологий в военно-политических целях для осуществления действий, противоречащих международному праву, направленных против суверенитета, политической независимости, территориальной целостности государств и представляющих угрозу международному миру, безопасности, глобальной и региональной стабильности)

Part III §35(b) to provide for a more effective and secure functioning of public administration and military governance system and to ensure communication between federal government agencies, bodies of the constituent entities of the Russian Federation and other government authorities in addressing defense and security tasks; (повышение эффективности и безопасности функционирования системы государственного и военного управления, обеспечение информационного взаимодействия между федеральными органами исполнительной власти, органами исполнительной власти субъектов Российской Федерации, иными государственными органами при решении задач в области обороны и безопасности)

Part III §35(j) to improve the system of information security of the Armed Forces, other troops and bodies; (совершенствование системы информационной безопасности Вооруженных Сил, других войск и органов)

Part III §39(d) ensuring the reliable functioning of the command and control system of the Armed Forces, other troops and bodies in peacetime, under the conditions of an imminent threat of aggression and in wartime; (обеспечения надежного функционирования системы управления Вооруженными Силами, другими войсками и органами в мирное время, в период непосредственной угрозы агрессии и в военное время)

Part III §39(h) formation of territorial troops to provide protection and defense of military, state and special facilities, critical infrastructure, including transport, communications and energy, as well as potentially hazardous sites; (формирования территориальных войск для охраны и обороны военных, государственных и специальных объектов, объектов, обеспечивающих жизнедеятельность населения, функционирование транспорта, коммуникаций и связи, объектов энергетики, а также объектов, представляющих повышенную опасность для жизни и здоровья людей;)

Part III §39(l) ensuring effective information security of the Armed Forces, other troops and bodies; (эффективного обеспечения информационной безопасности Вооруженных Сил, других войск и органов)

Part III §46(c) to enhance capacity and means of information warfare; (развитие сил и средств информационного противоборства) Note: The word “противоборства” does not mean strictly “warfare”, but instead means “confrontation” which could be thought of as a level of violence short of full-scale warfare.

Part III §46(d) to improve the quality of the means of information exchange on the basis of up-to-date technologies and international standards, as well as a single information field of the Armed Forces, other troops and bodies as part of the Russian Federation’s information space; (качественное совершенствование средств информационного обмена на основе использования современных технологий и международных стандартов, а также единого информационного пространства Вооруженных Сил, других войск и органов как части информационного пространства Российской Федерации;)

Part III §46(f) to develop new types of high-precision weapons and means of counteracting them, aerospace defense assets, communication systems, reconnaissance and command systems, radio jamming systems, complexes of unmanned aerial vehicles, robotic strike complexes, modern transport aviation and individual protection systems for military personnel; (создание новых образцов высокоточного оружия и средств борьбы с ним, средств воздушно-космической обороны, систем связи, разведки и управления, радиоэлектронной борьбы, комплексов беспилотных летательных аппаратов, роботизированных ударных комплексов, современной транспортной авиации, систем индивидуальной защиты военнослужащих;)

Part III §46(g) to create basic information management systems and integrate them with the systems of command and control of weapons and the computerized systems of command and control bodies at the strategic, operational-strategic, operational, operational-tactical and tactical levels. (создание базовых информационно-управляющих систем и их интеграция с системами управления оружием и комплексами средств автоматизации органов управления стратегического, оперативно-стратегического, оперативного, оперативно-тактического и тактического масштаба)

Part III §55(f) to develop a dialogue with interested states on national approaches to confronting military risks and military threats brought about by the extensive use of information and communications technologies for military and political purposes; (развитие диалога с заинтересованными государствами о национальных подходах к противодействию военным опасностям и военным угрозам, возникающим в связи с масштабным использованием информационных и коммуникационных технологий в военно-политических целях)

Russian Cyber Military Terminology

информация инструмент –– “information instruments”.  This is a general term that applies to any use of information to further nation state objectives, including military objectives. 

информационное пространство –– “information space”. The Russian defines the nation as having an information space. This is the entire cyber infrastructure of Russia, including government, commercial, military and private networks and information processing systems. In this sense, Russians believe it is important to protect this “information space” as much as it is important to protect physical land mass.

информационная инфраструктура –– “information infrastructure”. This refers also to the entire country, but is more specific than “information space” because it focuses on the specific technical details of the computing and telecommunications network.

деятельность по информационному –– “information activities”. This refers to communication of information, such as through publications, the media, social media or other means that can have a negative effect on Russia. These are considered to be subversive.

комплексное применение –– “integrated employment”. Here this refers to the integration of military force with information (cyber) activities by the population.

информационно-управляющих систем –– “information and control system”.  This refers to the cyber components of military weapons. It encompasses everything from general command and control to artificial intelligence or other technologies that enable more intelligence weapons.

глобальное информационное пространство –– “global information space”. This refers to the World Wide Web, and everything connected to it. The doctrine calls for identification of activities on the enemy throughout the world’s cyber infrastructure and then attacking these points, even if they are outside of the national territory of the enemy country.

информационное противоборство –– “information confrontation”. A cyber conflict that fall short of full-scale military warfare.

информационные технологии –– “information technology”. Used the same as in the United States.

невоенные средства –– “non-military means”. Cyber weapons and information operations are viewed as being a type of military action without using kinetic force.

информационная безопасность –– “information security”. Generally the same as the term “cyber security”. It refers to protection of information systems and other infrastructure from hackers.

информационная война –– “information warfare”. Cyber and information operations conducted by the Armed Forces.

обмен информацией –– “information exchange”. Refers to communication within the military.

Russian Military Doctrine Published in 2010

By comparing the 2010 version with the 2015 version above, it is possible to see the giant advance in cyber strategy made by the Russian Federation.

Part I §4. Use of informational instruments for the protection of the national interest.

Part II §9(c). The informational infrastructure of the Russian Federation is a vulnerability because it might be disrupted.

Part II §12(d). Information warfare is an essential component of military conflict.

Part II §13(d). Information warfare should be used prior to kinetic military force so as to shaping international public opinion.

Part III §19(a). Information technology should be used to assess international relations [between countries] and for prediction of political events. (This is a reference to classical intelligence; thus the use of cyber tools to collect intelligence.)

Part III §30(j). Cyber is to be used to provide information support to the armed forces. (This is the same as US doctrine.)

*Part III §41 (c). The armed forces are to develop resources for information warfare.

Part III §41(d). The Russian Federation has an “information space” and the Armed Forces are to have a “single information field” within that space. Cyber is to be improved within those spaces so that information exchange is easier and more efficient. (The concept of a “single information field” for a country is an interesting one. It goes against the idea of the Internet being a global and essentially transnational technical system for movement of information.)

Part III §41(f). Cyber should be used to support “new models of high-precision weapons”.

Part III §41(g). The armed forces will develop information systems that will be integrated for command and control, including automating some functions. This will be done at the “strategic, operational-strategic, operational, operational-tactical, and tactical levels”. (This refers to communication and information exchange within the armed forces.)

Analysis of 2010 Russian Military Doctrine

Much of the Russian doctrine is focused on the use of information technology for improving command and control of the Armed Forces. This includes Part III §30(j), Part III §41(d), Part III §41(f) and Part III §41(g).

Other parts of the doctrine define cyber war as a tool or one method (among many) of protecting the national interest. These include Part I §4, Part II §12(d), and Part III §41 (c).

There is an interesting notion of a national “information space” and the fear that it might be a target for attack by enemies. Part II §9(c), and Part III §41(d).

The final part of the doctrine covers the offensive use of cyber weapons (or information tools) as an extension of state power. First, they should be used to shape international public opinion. Part II §13(d). This is the classic use of propaganda or “public diplomacy” in international relations. Second, they should be used to collect intelligence. Part III §19(a).

The doctrine does not clearly spell out the offensive use of cyber weapons. In Part III §41(f) there is mention of “new models of high-precision weapons”. In generally understood language, this would mean items such as precision guided munitions. It would be possible, however, to define a “new model” weapon as being a cyber weapon. But it is doubtful this is the meaning. In Part III §41(c) there is a call for resources for information warfare, but this is not defined. So possibly cyber weapons could be included under this section.

In any case, the essence of the Russian doctrine is clear. Cyber weapons, or information operations, are to be used in place of kinetic military force preceding a conflict, and hopefully to avoid a further escalation of a conflict. If the conflict deepens, then cyber weapons will continue to be used to support the Armed Forces.

Notes

(*) It was published December 25, 2014.

Leave a comment
January 6, 2017

Highlights of James Clapper Testimony

National Intelligence Director James Clapper; Mike Rogers, the Chief of NSA’s Cyber Command, and Marcel Lettre, a Defense Undersecretary for Intelligence testified today to the U.S. Senate Armed Services Committee. The overall theme of the hearing was supposed to be Russian interference in the recent presidential election in the United States. As it turns out, the intel community has not yet completed its study. Nevertheless, a few notes on the hearing are provided below.

The intelligence community has concluded that Russia interfered with the election and that the plan was directed and planned directly by the Kremlin, including with knowledge of the President of the Russian Federation.

No proof was offered, because to offer the proof would destroy intelligence collection methods.

cyber-war-matrix-001

Cyber War Matrix.

This was a long testimony. Here, the intent is only to report on what was said, that is, the major conclusions that have been made by the intelligence community regarding Russian hacking. The set-up to the testimony by Senator John McCain was tricky. He stated that attacks against election emails were “consistent” with Russian techniques of hacking, but he did not say the hacks were Russian.

2,000,000 personnel records of the U.S. government were stolen by China, according to McCain. “Indecision and inaction” has thus far been the U.S. response. The cost needs to be raised for conducting cyber attacks against the United States. The opening statement from the Democratic side blamed election problems on Russia. These statements were made by Jack Reed, Democrat, Rhode Island, who argued also that Russia takes these actions because democracy is a threat to countries near to Russia, which is in what it claims is its “sphere of influence”.

Marcel Lettre. Threats. DOD defines 5 challenges. Russian coercion and aggression, particularly in Europe. Historic change in Asia Pacific. Risks with China’s destabilizing actions there. Iranian influences in Middle East. North Korea nuclear provocations. And Terrorism fighting, ISIS and Al Qaeda. All of these present a cyber threat.

The DOD strategy is to maintain dominance in this domain. Three missions: Defend DOD networks; giver cyber options to commanders; defend US against cyber attacks. “Cyber Mission Force”  now is operational.

Clapper (DNI). Regarding Russian interference in the electoral process. Said that the Russian tools detailed in the NCCIC report showed how they influenced the election. Russia has increased cyber espionage operations, and has leaked crucial data. China continues to attack US government and US companies. Iran and North Korea continue improve their capabilities. ISIS is using Internet to collect funds, broadcast propaganda, and recruit new members. Cyber attacks can also change or alter information. All of this chips away at the public trust. All instruments of power should be used to respond to cyber attacks. Using cyber to counter cyber attacks. Recommends separating NSA and Cyber Command.

Rogers (Cyber Command and NSA).They are awaiting the findings of a joint intelligence review. Their conclusions still have not been collected. Russian cyber groups have “a history of aggressively hacking into others’ governments”.

McCain first started to discuss Julian Assange. Confirmed that Wikileaks published names of people who had their lives put in danger. No credibility should be attached to his views, according to Clapper, Rogers and McCain.  McCain does not believe Russian actions

“They did not change any vote tallies; we have no way to gage the impact it had choices of the election.” Would that be act an of war if elections were changed? That is a “very heavy policy call”, but it definitely should carry great gravity. No one seems to know what to do if there is a cyber attack. They report it, but remain bystanders.

A “deterrence and response” framework needs to be put into place. There is a conclusion that the Russians interfered in the election. CIA, NSA and DHS will create joint report. They DO conclude that Russia interfered in the election. Rogers (NSA) said largest problem is “speed; speed and speed”.

Fake news sites; fake news stories also were part of Russian actions. A multi-facited campaign. Hacking was only one part of it. It also included classical propaganda,  disinformation, and fake news. Russian’s used “classical tradecraft”, particularly for misinformation, to hide source of the news information.

“People in glass houses should not throw too many rocks”. The attack against the Office of Personnel Management (OPM) was an act of espionage, not a cyber-attack. We do the same type of espionage. “Large data sets have become a particular high priority target” because “it is possible to mine the data”, according to Rogers.

The implication of Clapper’s statement is that cyber-espionage is not an “attack”. This is because every nation does it.

“If there is any connection with the Internet, there is an inherent security vulnerability,” according to Clapper.

Senator Nelson (Florida) compared cyber war to nuclear war. He argued that there is “no deterrence” in the field of cyber. A cyber response to a cyber act “may not be the best response”, according to Clapper. Also, you never know “what kind of cyber-retaliation” will be bought back from the other side. “All instruments of national power” should be used.

If a country launches a cyber counter-attack, then it is necessary to use the infrastructure of other countries, and this brings up a variety of legal issues.

Senator Claire McCaskill, Missouri Democrat, was highly critical of any contact with Assange. He is under indictment by Swedish government for sexual crimes. He exposed information that put people at risk. The “people in the intelligence community do not have much respect for him.”

Conclusions

The intelligence community has not yet completed its report. There appears to be a significant amount of evidence that Russia participated in the election, but there is no hard evidence yet presented. The key actors that oppose the United States are (1)~Russia; (2)~China; (3)~North Korea; and (4)~Iran.

One theme emphasized several times was that there is little strategy developed for responding to cyber attacks. “We don’t have a strategy.”  Also, the coordination needed for a response is very complicated, and takes too long. This prevents the United States from have a coherent and effective response to a cyber attack. “We are being hit repeatedly because the benefits  outweigh the cost”.

There also were indications that the intel community may have an idea of what happened inside the Kremlin. This will not come to light, because it obviously would give away too much information about “sources and methods” of intelligence collection.

In addition, there is no policy of responding to acts of espionage because we do the same.

Bottom line: The current thinking is that the Russians at the highest levels approved of and directed the hacking campaign against the United States. In this context, it means President Putin himself. This is not really good news. Clapper sees Russian actions as being in the same tradition as the Cold War, like what happened in the 1960s.

Below is a rough sketch of the categories of cyber activities under discussion.

 

Prospects for Cyber Arms Control

There are two ways to think about the election hacking. First, there are arguments that political activity should be considered to be a “critical infrastructure”, and the consequence of this would be that such hacking would be considered to be an aggressive attack against the country. Second, the current line of thinking is that espionage (passive information collection) should be separated from collection of commercial industrial espionage, or political interference.

In the Cyber War Matrix, above, cyber arms control would apply to the warfare rows. There will never be any international agreement to limit espionage or active measures.

 

 

 

 

 

 

Leave a comment