cyberarmscontrolblog

International Agreement for Control of Cyber Weapons

Category: CYBER WARFARE

April 2, 2017

Cyber Defense Triad

In the deterrence theory of nuclear war, the “triad” is an essential concept. It refers to three different delivery platforms for thermonuclear weapons.

  1. Land Based –– Intercontinental Ballistic Missiles (ICBMs) are located in silos scattered around the United States, and perhaps in other places as well.
  2. Air Based –– Intercontinental Strategic Bombers such as the B-2 will fly to their targets and delivery the thermonuclear weapons.
  3. Sea Based –– Submarine Launched Ballistic Missiles (SLBMs) are launched from submarines, which are exceedingly impossible to detect.

In a typical scenario, the United States is attacked by incoming thermonuclear weapons. The land based missiles are destroyed. Many strategic bombers are caught on the ground and also destroyed.  Those bombers that are heading to their targets are shot out of the air.

Still, the SLBMs will be launched, and that force alone is enough to completely destroy the attacker, no matter how large they are.

As a result, any attacker is assured that if they attack, then they definitely will be destroyed also.  This is the basis for nuclear deterrence, and the basis for the world’s peace that we have enjoyed since the beginning of the nuclear age.

The Cyber Defense Triad

Since 9/11, the United States has made a very large investment in national security.  It has prepared not only for fighting terrorism overseas, but also for fighting it inside the United States.  This has resulted in a blurring of responsibilities between more than 3,984 federal, state and local organizations that are involved in anti-terrorist activities. Doing the math, that is more than 76 anti-terrorist organizations per state.

By taking out a small subset of these organizations, we can see the organizations involved with cyber security and cyber warfare. See Figure 1.

CYBER-DEFENSE-TRIAD.001

Figure 1 – The Cyber Defense Triad.

The two major government organizations responsible for cyber security are the Department of Defense, and the Department of Homeland Security. These organizations are supported by the intelligence establishment of the Office of the Director of National Intelligence, which sit on top of the eighteen (18) intelligence organizations operating in the United States.

One of the peculiar problems of cyber defense is the blurring of national borders. It is actually almost meaningless to think of a national border.  So in a sense, the dividing up of responsibilities between the Department of Defense and Homeland Security is archaic. You will notice that no such division exists in Russia.  (See previous post on Russian Cyber Defense Doctrine.)

But looking at this complex web of cyber defense capabilities, one wonders how well it will really work when under extreme pressure of a major cyber incident?

Cyber Deterrence Theory

It is an open question regarding whether or not the cyber capabilities that have been deployed by the United States are capable of cyber deterrence. Given the massive number of cyber attacks that have been reported, the answer is “no”.

Cyber Deterrence Theory needs more exploration. See future blog entries.

 

Leave a comment
March 22, 2017

Cyber Deterrence Theory – Why Cyber Weapons Are More Dangerous Than Nuclear Weapons

Deterrence in the Nuclear Age

Deterrence is found between nation states when an aggressive action by any nation is discouraged because of doubt or fear of the consequences.

BRODIE-RAND-DETERRENCE.001

Figure 1 – Cover page of the 1958 RAND report on Deterrence written by Bernard Brodie.

The concept of deterrence was created in the late 1950’s by analysts such as Bernard Brodie who was working at the RAND Corporation “think tank” in Santa Monica, California. He and his colleague Herman Kahn was developing a system of theoretical frameworks that could be used to understand the implication of thermonuclear war using Intercontinental Ballistic Missiles (ICBMs) and other delivery systems.

At that point in time, the United States was reeling from the psychological shock of Sputnik 1 (Простейший Спутник-1), a satellite that the Soviet Union placed into an elliptical Earth orbit in October 1957.  The “Space Race” was on, and the Soviet Union had a substantial lead over the United States.

Although Sputnik was designed to orbit the earth and emit a 20 and 40 MHz signal, the shock to the United States was not caused merely by the Soviet Union’s ability to place a small radio transmitter in orbit to broadcast for 21 days.

This was 1957, there were no computers, no electronic calculators.  All mathematical calculations were made using slide rules. There was no CAD-CAM; all engineering work was done on paper. Engineers used drafting tables.

The shock was in the accuracy. If the Soviet Union could manage to be precise enough to place a small radio broadcasting satellite into a stable orbit, then it had the skills to be accurate enough to send a thermonuclear weapon to the mainland of the United States. The accuracy was enough to place Sputnik into orbit, and enough to drop an atomic bomb on a U.S. metropolitan area.

Shortly thereafter, the United States and the Soviet Union greatly increased production of nuclear weapons and ICBMs. The number of atomic bombs became so great that it would have been possible for the Soviet Union easily to extinguish all life on planet earth.

That is, in the mid-1960s, the United States had deployed approximately 31,000 nuclear bombs. By the late 1980s, the Soviet Union had deployed 40,000 nuclear bombs.  Considering that there are only 260 or so large cities in the United States, the threat of 40,000 nuclear bombs was overwhelming.

In today’s world, people do not think much about nuclear weapons. Countries such as Iran that are engaged in violating its treaty obligations and developing nuclear weapons argue that they have a “right” to do so, but they have no such right.

This is because nuclear weapons are too dangerous to allow them to spread. Here is an example that frequently was given by Professor Geoffrey Kemp in his lectures at the Fletcher School of Law and Diplomacy. For some reason, he always like to use the MIT swimming pool in his story.

“It is an October day. The beautiful New England sky is clear and dark blue. Not a cloud to be seen. A nuclear weapon explodes approximately 20,000 feet above the MIT swimming pool. What would be the consequences? Let us first think of only the heat. Take a compass and a map. Draw a circle around the MIT swimming pool. Go out 235 miles as a radius in every direction. The heat of the explosion alone would cause everything within that circle to spontaneously burst into flames. And that is before any of the blast effects were felt.”

With a radius of 235 miles, this blast area would be 173,494 square miles. The United States is 3.797 million square miles. Incredibly, it would take the Soviet Union only 22 weapons to burn the entire surface of the United States. That would leave it with 39,980 weapons remaining. We could do the same math with the Soviet Union. With its size of 8.65 million square miles, it would cost the United States only 50 bombs to burn the entire surface of the Soviet Union, leaving it with 30,950 weapons remaining.

Now these calculations could be a little off, but you should get the point.

So in the nuclear age the theoretical question being considered in sunny Santa Monica was how to avoid having the United States destroyed. The larger question was how to avoid having the entire earth incinerated.

Mutually Assured Destruction (MAD)

Eventually the superpowers settled on a type of balance of power. It was not the “classic” balance of power that had been re-established at the Congress of Vienna (Wiener Kongress) in 1815 after the trauma of the Napoleonic wars.  The nuclear age was to have a different balance of power. Each nation would know that if it attacked another, then there would remain enough thermonuclear weapons on the other side to assure that the attacker themselves would be destroyed in retaliation.

This is guaranteed by the “triad” of delivery systems: The Air Force, the fleet of Intercontinental Ballistic Missiles (ICBMs), and the Navy’s Submarine Launched Ballistic Missiles (SLBMs). In a worst case scenario, if the entire continent of the United States were incinerated and every human being killed, still the U.S. Navy’s nuclear submarine fleet hiding always in the ocean would be able to launch a devastating counter-strike against the Soviet Union. And the USSR built a submarine fleet to provide it with the same retaliatory capability.

And that is the essence of “deterrence”. Neither side will attack the other with nuclear weapons, because it is reasonable certain that it will get the same back. Like the final statement of the computer in the movie “War Games”, the best move is not to play at all.

So we should be thankful about nuclear weapons. Because they have kept the peace and ensured that there was no outbreak of war between the superpowers.

Applying Deterrence Theory to Cyber Warfare

Is it possible to have deterrence in the cyber arena?  First, we need to think about a few of the differences between nuclear and cyber weapons.

Destructive Capability. The destructive capabilities of nuclear weapons are well known. They have kinetic blast effects, heat effects, and radiation poisoning effects. They are designed to destroy infrastructure, or other weapons systems. The calculation of destructive capabilities is well understood. The “Circular Error Probable” (CEP) value which measures the probability that the weapon will explode within a certain range of its target is almost as important as the strength of the blast, since proximity can leverage the inverse square law. In contrast, cyber weapons can have both logical and kinetic effects. By “logic” effects, we refer to destruction or alteration of programmable code or other data, and then the secondary “downstream” effects that are generated. In cyber, a “kinetic” effect is a downstream effect of a cyber event. For example, the Stuxnet virus is said to have caused Siemens programmable logic controllers to trigger a destruction of the Iranian centrifuge machines.

Attack Focus. In nuclear weapons, the kinetic, heat, and radiation effects are centered around the impact point of the explosion. Anything, any system either mechanical or biological within the effect range will sustain damage. The degree of damage falls off exponentially as we move away from the site of the explosion. In contrast, cyber weapons do not necessarily have a point of impact. They can have similar effects across very large geographical areas. As long the system is compatible in logic with the cyber weapon’s capabilities, they be anywhere.  So for example, a nuclear weapon can destroy an electricity production complex; but a cyber weapon can cause destruction or disruption across a geographically distributed electricity or banking grid. A nuclear weapon will destroy everything within its range; a cyber weapon can reap massive destruction to a specific system, but leave everything else in the area untouched.

Visibility of Attack Delivery Phase. Apart from a hidden “suitcase bomb”, the delivery of strategic nuclear weapons is visible. Aircraft (strategic bombers) and ICBMs or nuclear cruise missiles can be detected by radar, although stealth aircraft are more difficult to see. Of course the “reaction time” for responding is a considerable problem. For an SLBM attack against the United States, there may be only 10 minutes or so to respond. The visibility, however limited, probably allows the receiving state to determine the origin of the weapon, and this enables it to target its response and retaliation. So there is a delivery phase of a nuclear attack. With cyber weapons, this delivery phase is not visible. There are two aspects to this: First, it is possible to disguise cyber weapons so that even when they are identified, their source is not known; Second, an additional factor is that with nuclear weapons, there is a delivery time governed by the physics of moving a bomb across the planet. With cyber weapons, delivery takes place more or less instantaneously.

Covert Cyber Weapons Caches. During the Cold War, it was said that the Soviet Union had pre-positioned caches of arms or other destructive items in various places across the United States. These were designed to be available to Non-Official Cover (NOC) agents who would be “activated” in case of a war. This tactic is also said to have been used by the Soviet Union against European targets in the interwar period, and also by the United States. With cyber weapons, the pre-positioning of malicious code means in essence that the payload already has been delivered. There is no delivery phase, and it certainly is not visible. So it is reasonable to assume that any cyber-superpower already has positioned significant numbers of cyber weapons inside the infrastructure of its potential enemies. Therefore, the weapons should be able to attack without warning.

Destructive Effects. Nuclear weapons: (1) kinetic; (2) heat; (3) radiation poisoning. Cyber weapons: (1) kinetic; (2) logical.

Level of Uncertainty. The level of uncertainty for strategists is greater for cyber than for nuclear. This not to discount the considerable uncertainty surrounding a scenario of thermonuclear war. Nevertheless, we can say that the Mutually Assured Destruction (MAD) principle means we can be sure that if a major confrontation breaks out, then both sides will sustain unacceptable levels of damage, regardless of who was the aggressor. In contrast, there is no such certainty with cyber weapons.

To quote Brodie:

“It is a truistic statement that by deterrence we mean obliging the opponent to consider, in an environment of great uncertainty, the probable cost to him of attacking us against the expected gain thereof.” (p.11)

If the Russian Federation makes a decision to launch a cyber attack against the United States, then given the great amount of uncertainty, how can it estimate what the U.S. response will be, and how much “cost” or damage it will be required to suffer, and after that, what will be its expected gain? The same is true for the United States. It if decides to launch a cyber attack against China, then how does it estimate what the Chinese are capable of doing in retaliation, and after that, how can it assess the potential gain?

Conclusion – Cyber Weapons Are More Dangerous Than Nuclear Weapons

Cyber War is Mutually Un-Assured Destruction (MUD). We only can  conclude that the level of uncertainty is so great in cyber that there is no assurance of destruction of the attacking party, and no way to estimate how much “cost” would need to be paid by the attacker as it weathers the retaliation of its victim; thus there is no way to understand whether or not there would be any potential gain.

So the implication of this is that cyber weapons appear to be more dangerous that nuclear weapons because of the level of uncertainty inherent in their deployment and potential use. This means by extension that at least for the time being, the concept of “balance of cyber power” is not a feasible concept.

In future posts, we will examine a number of cyber-war scenarios.

 

 

 

 

 

 

 

 

Leave a comment
January 25, 2017

Russian Negotiating Positions on Cyber Warfare

Difficulty in Controlling Cyber Weapons

One of the chief criticisms of an international treaty for the control of cyber weapons is that countries simply would not agree to it because there is a risk of lessening nation state power. After all, why would a nation-state agree to limit its own cyber weapons.

Since the Russian Federation is a powerful actor in the cyber realm, it may be useful to examine its national cyber security objectives and then extrapolate to estimate Russia’s positions in any proposed international negotiations.

russian-negotiation-positions-001

Figure 1 – Inference of Russian Negotiating Positions in connection with cyber warfare and related information operations.

Russian Priorities for International Agreements on Cyber

Much of Russia’s Information Security Doctrine (ДОКТРИНА информационной безопасности Российской Федерации) is defensive in nature. Consequently, the threat recognized by the Russian Federation is the same as in other countries, including those in the European Community and United States.

Financial Crimes and Privacy Cyber Crimes. All countries recognize that financial crimes or stealing of personal information on citizens by hackers are criminal acts. In the Russian Federation, these are recognized also as serious crimes. The practical result is that Russia will be open to negotiations on any international treaty that strengthens law enforcement of international cyber crimes involving theft of money or personal information.

Hacking and Attacks on Cyber Infrastructure. Like in other countries, hacking attacks that are aimed at harming cyber infrastructure are illegal in Russia. Recent reports indicate the Duma (the Russian Congress or Parliament) is considering strong prison sentences for anyone convicted of harming cyber infrastructure through hacking. Again, the practical result is that negotiations that aim to increase international cooperation to combat this type of hacking should be possible between Russia and other nations.

Extradition Treaties. There have been a number of cases in which Russian authorities have wanted a criminal hiding in the West to be handed over, and a number of cases in which criminals located in Russia have been targeted for arrest outside of Russia. For the time being, there is no automatic way to handle extradition. Some countries, such as Israel, simply refuse to extradite their own citizens. We can expect that Russia might be willing to engage in negotiations with a limited purpose of agreeing to extradition arrangements for cyber criminals that are located overseas and yet through their criminal actions inflict harm in Russia. In order to have reciprocity, Russia would need to agree to hand over Russian citizens when they are indicted abroad for cyber crimes.

The general problem with extradition is that each nation handing over its citizens must be confident that the type of justice the person will receive in the receiving country is comparable to the standards found in their own country. For the time being, many countries do not recognized the Russian legal system as having sufficient level of quality to provide credible guarantees. Nevertheless, it might be possible to engage in negotiations, providing there is discussion of a special type of legal protocol for cyber-crimes. This would be a potentially useful area for international legal scholarship and exchange of information. There are many problem, not the least of which is the rules for evidence required for conviction. Nevertheless, until there are such arrangements in place, any extraditions will be handled by nation states on a case-by-case basis.

Information Operations Targeting Russia. In the Russian way of thinking, there is a danger of information operations being conducted by foreign parties against Russia. These are divided into two classes: Class 1 are actions taken inside Russia by organizations that have some connection, usually funding, from non-Russian sources; Class 2 are information operations conducted outside of Russia, even aimed at citizens of other nations, that harm the image of Russia or otherwise sow discord.

Although the Universal Declaration of Human Rights (Всеобщая декларация прав человекаis generally used as a basis for arguing that it is the right of every individual to communicate (even criticize) freely, Russia can plausibly argue that Article 29 ¶2 places limits on communications that disturbs morality, the public order, or general welfare of a nation.  The concept of public order (ordre publique) is very broad in nature. The consequence is that Russia has a legal argument. In addition, Article 30 prohibits information and communication that has the effect of destruction of rights and freedoms.  As a consequence, Russia has an argument that their broad definition of information threats to Russian sovereignty and public order are legal.

To go even further, it would by extension and analogy be possible to reference the United Nations Charter Articles 41 & 42 which give each nation state an inherent right of self-defense. As such, any nation should be able to defend itself against information operations that are a threat to its sovereignty or public order. The counter-argument to this line of thinking is that when the UN Charter was written, these articles referred specifically to military (kinetic) threats. So since information operations are not kinetic threats, then these self-defense articles do not apply. The counter-counter-argument that can be made is that although these Articles definitely apply to kinetic military operations, the major powers involved in the Second World War (Вели́кая Оте́чественная война́) all were heavily involved in various types of information operations. Therefore, since information operations at the time of the signing of the UN Charter were considered to be an inherent aspect of warfare, we can infer that the United Nations Charter and its inherent right of self-defense for nation states as seen in Articles 41 & 42 are inclusive of information operations.

The implication is that although it might be possible to engage Russia in discussions regarding an international agreement regarding control of information operations, the likelihood of success would be minimal because there is a conflict between the danger of information operations, and the need for freedom of the press. In addition, Russian media channels such as RT and Sputnik might be criticized in Europe or the United States in the same way CNN or Voice of America (VOA) might be criticized in Russia.   So the consequences are that Russia would be required to place limitations on the content of RT and Sputnik and all of its foreign media operations in exchange for other nations to do the same. These are unrealistic expectations for either Russia or any other nation to agree to, therefore, we can assess there is a very small chance we will see any successful negotiations on the international control of information operations conducted by nation states or major media channels. An additional complication is that the Internet already provides free access to most of the world’s television channels. (See Free Internet TV.)

Default to National Control. Since we can expect no international agreement to limit or control information operations, the only defensive solution is for nation states to take actions within their own territory to limit the supposedly corrosive influence of foreign information. This is the default position of the People’s Republic of China, and a number of other countries. Russia has not been as strict as China in this regard. The United States may be considering taking steps to limit the information operations of Islamic terrorist organizations such as ISIS (Daesh). This would represent a remarkable departure from a policy of almost 100% freedom of information.

Terrorist Propaganda.  Terrorist propaganda has been around for a long time, but the current debate is over control of ISIS (Daesh) propaganda that is being transmitted through various social media channels over the Internet. This may cause asyngnotic networks to emerge and trigger terrorist attacks. (See “The Cyber Intelligence Challenge of Asyngnotic Networks“.) The current trend is for nation states to consider censoring this information. Again, this will be done at the nation-state (default) level of control.

An additional argument that Russia might make in justifying these types of actions is found in Article 41 of the United Nations Charter. Here, the article specifically mentions “means of communications” as something that can be interrupted in order to maintain international peace and security.

Religious Dimension to Information Operations. There are arguments made that there should be no control over religious communications across borders, and that to limit these flows of information is to repress religious rights. The counter-argument is that there is no protection provided in any society for information of any type, even religious information, if it promotes hatred or racism, or incites violence. Therefore, “religious” communications from ISIS (Daesh) can be banned in all countries for public safety reasons. There is no “right” to transmit information that may cause people to become violent and endanger peace and security. No international agreement is needed to allow this type of censorship, as these rights of nation states already are written into treaties and agreements.

International Control of Cyber Espionage. Every nation spies, and every nation knows it. Espionage is information collection and analysis conducted by a nation state as a part of its national defense. Russia has a tradition of cooperating in sharing intelligence information under extremely limited circumstances, and when doing so is mutual, and the entire sharing operation is mutually beneficial. These agreements are made on a bilateral basis, and are not published or registered, so are beyond the scope of this analysis. Since every nation has an inherent right of self-defense, there will never be an international agreement to limit or control espionage, even that conducted via the Internet (“cyber espionage”).

Details of Russia’s Information Security Doctrine

By a Presidential Decree of December 5, 2016, Russia adopted a revised information security doctrine (ДОКТРИНА информационной безопасности Российской Федерации). What can we learn from this document that would anticipate Russian policy positions in international negotiations aimed at getting more cyber security for the world?

(Below is the original Russian. Above is not a translation, but instead is a gloss that summarizes the implications of the Russian doctrine. The pertinent Russian phrases have been underlined.)

II.7. Recognizes that information technology has developed into an international phenomena that is cross-border in nature.
(7. Информационные технологии приобрели глобальный трансграничный характер и стали неотъемлемой частью всех сфер деятельности личности, общества и государства.)

II.8(d). Suggests that the government of Russia desires to work at building an international political-legal framework that will help to stop use of information technology that harm stability and sovereignty. This is expressed as the desire for international agreements that will stop foreigners from using cyber to injure Russia’s “information space”.
((д) содействие формированию системы международной информационной безопасности, направленной на противодействие угрозам использования информационных технологий в целях нарушения стратегической стабильности, на укрепление равноправного стратегического партнерства в области информационной безопасности, а также на защиту суверенитета Российской Федерации в информационном пространстве.)

The Russian View of Cyber Threats

III.10. The international flow of information into Russia may help terrorists, extremists or other illegal activities. For example, under this way of thinking, the introduction of ISIS (Daesh) propaganda into muslim communities inside Russia is a serious cyber threat.
(Возможности трансграничного оборота информации все чаще используются для достижения геополитических, противоречащих международному праву военно-политических, а также террористических, экстремистских, криминальных и иных противоправных целей в ущерб международной безопасности и стратегической стабильности.)

III.10. There is a threat of information technology being introduced into Russia without having undergone adequate security testing, and without being integrated with the over-all national efforts at cyber security. (The United States does not have any such program.)
(При этом практика внедрения информационных технологий без увязки с обеспечением информационной безопасности существенно повышает вероятность проявления информационных угроз.)

III.12. Covert action by government secret organizations uses cyber for psychological warfare. In Russia, there is a view that human rights organizations (and others) may be secretly funded by foreign governments to weaken Russia. By “weaken” Russian doctrine means “destabilization of the political and social situation”.
(12. Расширяются масштабы использования специальными службами отдельных государств средств оказания информационно-психологического воздействия, направленного на дестабилизацию внутриполитической и социальной ситуации в различных регионах мира и приводящего к подрыву суверенитета и нарушению территориальной целостности других государств. В эту деятельность вовлекаются религиозные, этнические, правозащитные и иные организации, а также отдельные группы граждан, при этом широко используются возможности информационных технологий.)

III.13. Terrorist organizations use cyber to both sabotage Russia’s technical infrastructure, but also to distribute propaganda.
(Различные террористические и экстремистские организации широко используют механизмы информационного воздействия на индивидуальное, групповое и общественное сознание в целях нагнетания межнациональной и социальной напряженности, разжигания этнической и религиозной ненависти либо вражды, пропаганды экстремистской идеологии, а также привлечения к террористической деятельности новых сторонников. Такими организациями в противоправных целях активно создаются средства деструктивного воздействия на объекты критической информационной инфраструктуры.)

III.14. Hacking and computer crime targeting financial assets and private information.
(14. Возрастают масштабы компьютерной преступности, прежде всего в кредитно-финансовой сфере, увеличивается число преступлений, связанных с нарушением конституционных прав и свобод человека и гражданина, в том числе в части, касающейся неприкосновенности частной жизни, личной и семейной тайны, при обработке персональных данных с использованием информационных технологий.)

III.16. Governments of various nations use cyber to (a) attack Russian infrastructure; (b) conduct cyber espionage; (c) influence political and social stability.
(16. Состояние информационной безопасности в области государственной и общественной безопасности характеризуется постоянным повышением сложности, увеличением масштабов и ростом скоординированности компьютерных атак на объекты критической информационной инфраструктуры, усилением разведывательной деятельности иностранных государств в отношении Российской Федерации, а также нарастанием угроз применения информационных технологий в целях нанесения ущерба суверенитету, территориальной целостности, политической и социальной стабильности Российской Федерации.)

III.19. Internet governance is not equitable between nations. This is a threat because it makes it problematical for Russia to work at creating a system of international information security.
( 19. Состояние информационной безопасности в области стратегической стабильности и равноправного стратегического партнерства характеризуется стремлением отдельных государств использовать технологическое превосходство для доминирования в
информационном пространстве. Существующее в настоящее время распределение между странами ресурсов, необходимых для обеспечения безопасного и устойчивого
функционирования сети “Интернет”, не позволяет реализовать совместное справедливое, основанное на принципах доверия управление ими. Отсутствие международно-правовых норм, регулирующих межгосударственные отношения в информационном пространстве, а также механизмов и процедур их применения, учитывающих специфику информационных технологий, затрудняет формирование системы международной информационной безопасности, направленной на достижение стратегической стабильности и равноправного стратегического партнерства.)

Leave a comment
January 23, 2017

Escalation Levels in Cyber War

Cyber Readiness Levels

Cyber war may be thought of as a low-level type of conflict. In its initial stages, it does not have an offensive nature, but instead is focused more on intelligence collection.

Intelligence collection. There are two aspects: (1) the collection of specific pieces of information (data) that can be used later as an input into intelligence analysis; (2) collection of macro-information that helps to make a “cyber map” of the information space of the enemy. This would include understanding of (a) the major networks and components of the enemy cyber structure; and (b) the types of a characteristics of vulnerabilities of the enemy cyber structure.

cyber-conflict-intensity-001

Figure 1 – Levels of Readiness for Cyber War. Kinetic, Information and Cyber Operations stand in a general hierarchy leading to increased levels of violence.

Active Cyber Disruption. The second level of cyber operations is more aggressive and offensive in nature. At this level, cyber weapons are deployed for specific purposes of disruption.

Information Operations. Beyond cyber, any national defense campaign employs the use of propaganda, information operations, disinformation, or other tools, in order to shape the psychological environment both of the target country, but also of the national audience. Information operations involve the placement into the meme-space of alternative ideas, the objective of which is to compel public opinion to move in a way more favorable to the originator’s way of thinking. Propaganda and information operations are a well-known tool of statecraft.

Kinetic Operations. After the battleground has been prepared by cyber and information operations, the next level of actual military conflict. Killing people, destruction of property, and other arts of classical warfare. In all nations, this level of conflict is seen as being the “last resort”, an action taken when all other means fail in solving the national conflict.

cyber-attack-escalation-001

Figure 2 – Levels of Escalation of Cyber War. Prior to initiating cyber attacks, there are several precursor levels of escalation.

Levels of Escalation of Cyber War

There are at least five (5) levels of preparation before offensive cyber operations begin.

General Intelligence Collection. Cyber has emerged as a major tool of intelligence collection. Economic, military, and government intelligence can be collected through cyber in a way that is at least two orders of magnitude less expensive than any other means. The use of automation in particular can change the need for specific targeting (because web-bots can simply scan everything). In addition, collection can be asynchronous; that is, information can be collected for use later, even though when it is collected, there is no specific purpose to get it.

Targeted Intelligence Collection. More specific cyber intelligence is collected with there is a known target. Examples would be a specific person, or a specific facility (government, commercial, military). Cyber can either be a support for other means of technical intelligence TECHINT, or can itself be a tool, e.g., cyber could be used to support collection of MASINT (Measurement and Signature Intelligence), FISINT (Foreign Instrumentation Signals Intelligence). Targeted intelligence collection occurs when a tangible and known threat has been identified.

Cyber Target Preparation. Once cyber targets have been identified, a number of steps must be taken to perfect the attack. This means testing or simulating the attack on a mock-up copy of the target, and if necessary placing into the target cyber infrastructure (such as a server, control device, or other location) of malware that can be activated when needed. It is crucial that the cyber attack profile of each target be identified and verified prior to launching an attack.

Preparation of Disinformation. Planning and preparation for disinformation actions. This involves changing information, inserting information, destruction of information, or denial of access to information.

At this point preparations have been put in place. Malware is positioned, and relevant information has been collected analyzed.

Initiation of Cyber Attack. The active phase of the cyber attack begin. Keep in mind that in a nation-state confrontation, this refers to initiations of hundreds of targets at the same time.

Cyber Command and Control. Any successful cyber program must have some type of command and control structure to (1) control initiation of attacks; (2) monitor performance and effectiveness of attacks; (3) monitor the overall cyber conflict and be able to report on lethality (effectiveness) of attacks.

Leave a comment
January 20, 2017

Russian Cyber War Doctrine

What is the Cyber War Doctrine of the Armed Forces of the Russian Federation? Examining The Military Doctrine of the Russian Federation, we can see a number of references to the information aspects of war. Below we examine the Russian Military Doctrine of 2010 and compare it to the updated version published in 2015.

Analysis of Russian Cyber War Doctrine

Much of Russian cyber military doctrine is similar to what we would find in the United States. For example, there is an emphasis on the role of information technology in command and control. There also is a specific emphasis placed on development of advanced weaponry using cyber. In addition, the Russian military is charged with protecting the information infrastructure of the Russian Federation.

But it appears that Russian military doctrine defines the cyber and information aspects of warfare in a considerably broader way than in the United States. Here are a few examples:

Information Actions Precede Combat Action.  Before being used, Kinetic force (traditional military action) is to be preceded by all other non-violent instruments of statecraft. Information operations (cyber operations), therefore, are viewed as a precursor to kinetic warfare.

russia-cyber-doctrine-001

Figure 1 –– Differents function of cyber in Russian military doctrine. The references refer to parts of the official Russian Military Doctrine published in 2015(*). These are translated below.

Protection of Russian Territory Includes Information Territory. Apart from protecting the physical territory of Russia, the concept of territory has been extended to include “cyber space” or “national cyber space”, and the military is specifically tasked with protecting all of the cyber space within the Russian Federation.

Cyber Weapons Are Viewed as Increased Threat. In the Russian view, the conventional (including nuclear) strength of the Russian military is such that it is less likely Russian will receive a conventional attack. Paradoxically, the Russians view this as increasing the risk that Russia will be attacked through communication and information technologies. It is a cyber version of guerilla warfare.

Very Broad Definition of Cyber Attack. The type of cyber incident considered by be an “attack” is very broad. It needs only to have an effect on political independence or sovereignty. Any attack against infrastructure also is included. This would cover denial-of-service, or malware. But if a cyber incident has a destabilizing effect on the “social” or “political” situation, then it also is considered to be an attack.

Spiritual and Patriotic Traditions Protected Against Cyber Attack. An information incident can be classed as a “subversive information activity” if it is “aimed at undermining” the opinions of young citizens towards “historical, spiritual and patriotic traditions”. This would mean, for example, that it is the duty of the Russian military to protect Russia against information that undermines Russian traditions.

The Non-Military Population Can be Used for Cyber Defense. The Russian military is empowered to work with non-military elements in Russia for the purpose of taking “information” measures for defense. This refers to the “army” of civilian hackers that work ostensibly outside of government control.

Cyber Attacks Are Authorized Anywhere. The Russian military is authorized to launch a cyber attack (defensive action) against the enemy anywhere in the “global information space”, e.g., not only within the territory of the enemy state.

Cyber Weapons “Indirect and Asymmetric” in Nature. Cyber weapons, and other means, are viewed as being potentially indirect and asymmetric in their utility. In this case, “asymmetric” means “low cost; high impact” or “low cost; high defensive cost”.

Information Operations. The Russian military is empowered to engage in information operations that are aimed at influencing public associations and political groups. The military is empowered to “neutralize” threats through political and non-military means. This is a very broad mandate.

Cyber Espionage is Doctrine. The use of information technology and “modern technical means” is authorized for assessment and forecasting. This is the classical function of foreign intelligence operations.

Control Over Internet to Protect Third Countries. The military is empowered to take steps to make it impossible for any force to use information and communications technologies to influence sovereignty and political independence not only of Russia, but of other states as well.

Excerpts from Russian Cyber Military Doctrine

(The operative terms are underlined.)

Part I §5. The Military Doctrine reflects the commitment of the Russian Federation to taking military measures for the protection of its national interests and the interests of its allies only after political, diplomatic, legal, economic, informational and other non-violent instruments have been exhausted. (В Военной доктрине отражена приверженность Российской Федерации к использованию для защиты национальных интересов страны и интересов ее союзников военных мер только после исчерпания возможностей применения политических, дипломатических, правовых, экономических, информационных и других инструментов ненасильственного характера.)

Part II §11. There is a tendency towards shifting the military risks and military threats to the information space and the internal sphere of the Russian Federation. At the same time, despite the fact that unleashing of a large-scale war against the Russian Federation becomes less probable, in a number of areas the military risks encountered by the Russian Federation are increasing. (Наметилась тенденция смещения военных опасностей и военных угроз в информационное пространство и внутреннюю сферу Российской Федерации. При этом, несмотря на снижение вероятности развязывания против Российской Федерации крупномасштабной войны, на ряде направлений военные опасности для Российской Федерации усиливаются.)

The main external military risks are:
Part II §12(k)(l) use of information and communication technologies for the military-political purposes to take actions which run counter to international law, being aimed against sovereignty, political independence, territorial integrity of states and posing threat to the international peace, security, global and regional stability; (использование информационных и коммуникационных технологий в военно-политических целях для осуществления действий, противоречащих международному праву, направленных против суверенитета, политической независимости, территориальной целостности государств и представляющих угрозу международному миру, безопасности, глобальной и региональной стабильности;)

13. The main internal military risks are:
Part II §13(a) activities aimed at changing by force the constitutional system of the Russian Federation; destabilizing domestic political and social situation in the country; disrupting the functioning of state administration bodies, important state and military facilities, and information infrastructure of the Russian Federation; (деятельность, направленная на насильственное изменение конституционного строя Российской Федерации, дестабилизацию внутриполитической и социальной ситуации в стране, дезорганизацию функционирования органов государственной власти, важных государственных, военных объектов и информационной инфраструктуры Российской Федерации;)

Part II §13(c) subversive information activities against the population, especially young citizens of the State, aimed at undermining historical, spiritual and patriotic traditions related to the defense of the Motherland; (деятельность по информационному воздействию на население, в первую очередь на молодых граждан страны, имеющая целью подрыв исторических, духовных и патриотических традиций в области защиты Отечества;)

Characteristic features and specifics of current military conflicts are:
Part II §15(a) integrated employment of military force and political, economic, informational or other non-military measures implemented with a wide use of the protest potential of the population and of special operations forces; (комплексное применение военной силы, политических, экономических, информационных и иных мер невоенного характера, реализуемых с широким использованием протестного потенциала населения и сил специальных операций)

Part II §15(b) massive use of weapons and military equipment systems, high-precision and hypersonic weapons, means of electronic warfare, weapons based on new physical principles that are comparable to nuclear weapons in terms of effectiveness, information and control systems, as well as drones and autonomous marine vehicles, guided robotic weapons and military equipment; (массированное применение систем вооружения и военной техники, высокоточного, гиперзвукового оружия, средств радиоэлектронной борьбы, оружия на новых физических принципах, сопоставимого по эффективности с ядерным оружием, информационно-управляющих систем, а также беспилотных летательных и автономных морских аппаратов, управляемых роботизированных образцов вооружения и военной техники)

Part II §15(c) exerting simultaneous pressure on the enemy throughout the enemy’s territory in the global information space, airspace and outer space, on land and sea; (воздействие на противника на всю глубину его территории одновременно в глобальном информационном пространстве, в воздушно-космическом пространстве, на суше и море)

Part II §15(f) enhanced centralization and computerization of command and control of troops and weapons as a result of transition from a strictly vertical system of command and control to global networked computerized systems of command and control of troops (forces) and weapons; (усиление централизации и автоматизации управления войсками и оружием в результате перехода от строго вертикальной системы управления к глобальным сетевым автоматизированным системам управления войсками (силами) и оружием)

Part II §15(i) use of indirect and asymmetric methods of operations; (применение непрямых и асимметричных способов действий)

Part II §15(j) employment of political forces and public associations financed and guided from abroad. (использование финансируемых и управляемых извне политических сил, общественных движений)

Part III §21(a) to assess and forecast the development of the military and political situation at global and regional levels, as well as the state of interstate relations in the military-political field with the use of modern technical means and information technologies; (оценка и прогнозирование развития военно-политической обстановки на глобальном и региональном уровне, а также состояния межгосударственных отношений в военно-политической сфере с использованием современных технических средств и информационных технологий)

Part III §21(b) to neutralize potential military risks and military threats through political, diplomatic and other non-military means; (нейтрализация возможных военных опасностей и военных угроз политическими, дипломатическими и иными невоенными средствами)

Part III §21(s) to create conditions to reduce the risk of using information and communications technologies for the military-political purposes to undertake actions running counter to international law, directed against sovereignty, political independence or territorial integrity of states or threatening international peace and security, and global and regional stability. (создание условий, обеспечивающих снижение риска использования информационных и коммуникационных технологий в военно-политических целях для осуществления действий, противоречащих международному праву, направленных против суверенитета, политической независимости, территориальной целостности государств и представляющих угрозу международному миру, безопасности, глобальной и региональной стабильности)

Part III §35(b) to provide for a more effective and secure functioning of public administration and military governance system and to ensure communication between federal government agencies, bodies of the constituent entities of the Russian Federation and other government authorities in addressing defense and security tasks; (повышение эффективности и безопасности функционирования системы государственного и военного управления, обеспечение информационного взаимодействия между федеральными органами исполнительной власти, органами исполнительной власти субъектов Российской Федерации, иными государственными органами при решении задач в области обороны и безопасности)

Part III §35(j) to improve the system of information security of the Armed Forces, other troops and bodies; (совершенствование системы информационной безопасности Вооруженных Сил, других войск и органов)

Part III §39(d) ensuring the reliable functioning of the command and control system of the Armed Forces, other troops and bodies in peacetime, under the conditions of an imminent threat of aggression and in wartime; (обеспечения надежного функционирования системы управления Вооруженными Силами, другими войсками и органами в мирное время, в период непосредственной угрозы агрессии и в военное время)

Part III §39(h) formation of territorial troops to provide protection and defense of military, state and special facilities, critical infrastructure, including transport, communications and energy, as well as potentially hazardous sites; (формирования территориальных войск для охраны и обороны военных, государственных и специальных объектов, объектов, обеспечивающих жизнедеятельность населения, функционирование транспорта, коммуникаций и связи, объектов энергетики, а также объектов, представляющих повышенную опасность для жизни и здоровья людей;)

Part III §39(l) ensuring effective information security of the Armed Forces, other troops and bodies; (эффективного обеспечения информационной безопасности Вооруженных Сил, других войск и органов)

Part III §46(c) to enhance capacity and means of information warfare; (развитие сил и средств информационного противоборства) Note: The word “противоборства” does not mean strictly “warfare”, but instead means “confrontation” which could be thought of as a level of violence short of full-scale warfare.

Part III §46(d) to improve the quality of the means of information exchange on the basis of up-to-date technologies and international standards, as well as a single information field of the Armed Forces, other troops and bodies as part of the Russian Federation’s information space; (качественное совершенствование средств информационного обмена на основе использования современных технологий и международных стандартов, а также единого информационного пространства Вооруженных Сил, других войск и органов как части информационного пространства Российской Федерации;)

Part III §46(f) to develop new types of high-precision weapons and means of counteracting them, aerospace defense assets, communication systems, reconnaissance and command systems, radio jamming systems, complexes of unmanned aerial vehicles, robotic strike complexes, modern transport aviation and individual protection systems for military personnel; (создание новых образцов высокоточного оружия и средств борьбы с ним, средств воздушно-космической обороны, систем связи, разведки и управления, радиоэлектронной борьбы, комплексов беспилотных летательных аппаратов, роботизированных ударных комплексов, современной транспортной авиации, систем индивидуальной защиты военнослужащих;)

Part III §46(g) to create basic information management systems and integrate them with the systems of command and control of weapons and the computerized systems of command and control bodies at the strategic, operational-strategic, operational, operational-tactical and tactical levels. (создание базовых информационно-управляющих систем и их интеграция с системами управления оружием и комплексами средств автоматизации органов управления стратегического, оперативно-стратегического, оперативного, оперативно-тактического и тактического масштаба)

Part III §55(f) to develop a dialogue with interested states on national approaches to confronting military risks and military threats brought about by the extensive use of information and communications technologies for military and political purposes; (развитие диалога с заинтересованными государствами о национальных подходах к противодействию военным опасностям и военным угрозам, возникающим в связи с масштабным использованием информационных и коммуникационных технологий в военно-политических целях)

Russian Cyber Military Terminology

информация инструмент –– “information instruments”.  This is a general term that applies to any use of information to further nation state objectives, including military objectives. 

информационное пространство –– “information space”. The Russian defines the nation as having an information space. This is the entire cyber infrastructure of Russia, including government, commercial, military and private networks and information processing systems. In this sense, Russians believe it is important to protect this “information space” as much as it is important to protect physical land mass.

информационная инфраструктура –– “information infrastructure”. This refers also to the entire country, but is more specific than “information space” because it focuses on the specific technical details of the computing and telecommunications network.

деятельность по информационному –– “information activities”. This refers to communication of information, such as through publications, the media, social media or other means that can have a negative effect on Russia. These are considered to be subversive.

комплексное применение –– “integrated employment”. Here this refers to the integration of military force with information (cyber) activities by the population.

информационно-управляющих систем –– “information and control system”.  This refers to the cyber components of military weapons. It encompasses everything from general command and control to artificial intelligence or other technologies that enable more intelligence weapons.

глобальное информационное пространство –– “global information space”. This refers to the World Wide Web, and everything connected to it. The doctrine calls for identification of activities on the enemy throughout the world’s cyber infrastructure and then attacking these points, even if they are outside of the national territory of the enemy country.

информационное противоборство –– “information confrontation”. A cyber conflict that fall short of full-scale military warfare.

информационные технологии –– “information technology”. Used the same as in the United States.

невоенные средства –– “non-military means”. Cyber weapons and information operations are viewed as being a type of military action without using kinetic force.

информационная безопасность –– “information security”. Generally the same as the term “cyber security”. It refers to protection of information systems and other infrastructure from hackers.

информационная война –– “information warfare”. Cyber and information operations conducted by the Armed Forces.

обмен информацией –– “information exchange”. Refers to communication within the military.

Russian Military Doctrine Published in 2010

By comparing the 2010 version with the 2015 version above, it is possible to see the giant advance in cyber strategy made by the Russian Federation.

Part I §4. Use of informational instruments for the protection of the national interest.

Part II §9(c). The informational infrastructure of the Russian Federation is a vulnerability because it might be disrupted.

Part II §12(d). Information warfare is an essential component of military conflict.

Part II §13(d). Information warfare should be used prior to kinetic military force so as to shaping international public opinion.

Part III §19(a). Information technology should be used to assess international relations [between countries] and for prediction of political events. (This is a reference to classical intelligence; thus the use of cyber tools to collect intelligence.)

Part III §30(j). Cyber is to be used to provide information support to the armed forces. (This is the same as US doctrine.)

*Part III §41 (c). The armed forces are to develop resources for information warfare.

Part III §41(d). The Russian Federation has an “information space” and the Armed Forces are to have a “single information field” within that space. Cyber is to be improved within those spaces so that information exchange is easier and more efficient. (The concept of a “single information field” for a country is an interesting one. It goes against the idea of the Internet being a global and essentially transnational technical system for movement of information.)

Part III §41(f). Cyber should be used to support “new models of high-precision weapons”.

Part III §41(g). The armed forces will develop information systems that will be integrated for command and control, including automating some functions. This will be done at the “strategic, operational-strategic, operational, operational-tactical, and tactical levels”. (This refers to communication and information exchange within the armed forces.)

Analysis of 2010 Russian Military Doctrine

Much of the Russian doctrine is focused on the use of information technology for improving command and control of the Armed Forces. This includes Part III §30(j), Part III §41(d), Part III §41(f) and Part III §41(g).

Other parts of the doctrine define cyber war as a tool or one method (among many) of protecting the national interest. These include Part I §4, Part II §12(d), and Part III §41 (c).

There is an interesting notion of a national “information space” and the fear that it might be a target for attack by enemies. Part II §9(c), and Part III §41(d).

The final part of the doctrine covers the offensive use of cyber weapons (or information tools) as an extension of state power. First, they should be used to shape international public opinion. Part II §13(d). This is the classic use of propaganda or “public diplomacy” in international relations. Second, they should be used to collect intelligence. Part III §19(a).

The doctrine does not clearly spell out the offensive use of cyber weapons. In Part III §41(f) there is mention of “new models of high-precision weapons”. In generally understood language, this would mean items such as precision guided munitions. It would be possible, however, to define a “new model” weapon as being a cyber weapon. But it is doubtful this is the meaning. In Part III §41(c) there is a call for resources for information warfare, but this is not defined. So possibly cyber weapons could be included under this section.

In any case, the essence of the Russian doctrine is clear. Cyber weapons, or information operations, are to be used in place of kinetic military force preceding a conflict, and hopefully to avoid a further escalation of a conflict. If the conflict deepens, then cyber weapons will continue to be used to support the Armed Forces.

Notes

(*) It was published December 25, 2014.

Leave a comment
January 13, 2017

The United States is Losing the Cyber War Race (I)

Part I

Much of the original thinking about Cyber War was developed in the United States. But America has fallen behind. Russian cyberwar doctrine is more comprehensive, more integrated, has more powerful weapons, and is more up to date.

Cyber Warfare must be seen as part of a larger strategy of “Information Warfare”, known in Russia as “Информационная война“. Information warfare is a very broad subject, and includes a number of actions outside of the cyber domain. (Derkachenko writes that “information warfare” as a term is being changed to the term “information operations”,   but the term “cyberwar” is becoming more popular. The United States does not have a regular television show on information warfare, but Russia does. Dimitri Taran runs a very comprehensive show on Channel 1 TV Crimea.

Much Russian writing about Cyber Warfare and Information Warfare draws upon a number of different examples and case studies of conflicts that had, in the Russian view, an important information content. Information warfare is seen to be a type of Twilight Zone somewhere between a Cold War and a “Hot” War. “Thus, by its nature information warfare it occupies a position between the “cold” war . . .  and actual combat with the participation of the armed forces.” See Svargaman, Что такое информационная война? who describes the so-called “next-generation” information warfare as including:  Substitution — Information warfare can take the place of traditional military action, or as Svargaman writes “contactless destruction” [“бесконтактного поражения”]. Use of TV as Weapon — Television channels can be used to manipulate public opinion either by highlighting or obscuring crucial events. The Russian view is that information warfare has limited power, but should be thought of as complementing and enhancing “traditional methods of warfare”. [“информационная война имеет свои границы возможностей . . . дополняет  и усиливает традиционные средства ведения войны”]

In the Russian view, the state (the government) has a strong role to play in management of information on a national basis. According to Pocheptsov, this includes tactical mass mind control, agenda-setting (information management), and strategic  management of mass consciousness. [“Тактическое управление массовым сознанием; Управление информационной повесткой дня; Стратегическое управление массовым сознанием”]  One can just imagine what would happen in the United States if the President asked for budget authority to conduct information operations so as to accomplish “mind control” or “strategic management mass consciousness”. Pocheptsov sees films and other cultural exports of the United States as being a type of “sociological propaganda” [Социологическая пропаганда], and even fine arts are seen as a type of information warfare. The Cold War is seen as a “war of mass culture” with abstract expressionism pitted against socialist realism.  ” [“холодная война оказалась войной массовых культур, например, абстрактный экспрессионизм против социалистического реализма”]

This viewpoint is generally more comprehensive (larger in scope) that views in the United States.

Cyber War in Crimea and Ukraine

This blog is not intended to take a position on the situation in the Ukraine and Crimea. The Crimea has been controlled by different powers through history: Greece, then Rome, then the Byzantine Empire, the Empire of Trebizond, control by Venetian Republic. Catherine the Great in 1783 got the Crimea from the Ottoman Empire, which had occupied Constantinople. In 1921 it was a Soviet Socialist Republic, and became a state of Russia from 1945-54, then the Ukrainian SSR from 1954-1991. (Khruschev transferred the Crimea to the Ukraine.) After 1991 it was slightly separate from the Ukraine as  the “Autonomous Republic of Crimea with Sevastopol City. Now it has been annexed by The Russian Federation. Most of the people who live in the Crimea are ethnic Russians (61%) and speak Russian and many are inter-married with families living in Russia proper. Nevertheless, Russian actions in 2014 were viewed as being a violation of international law by Europe, and this triggered a series of sanctions. But here, we want to look at the information or cyber warfare aspects of the Russian annexation.

The annexation of the Crimea took place within the context of the revolution in the Ukraine. During those events, the Ukrainian leadership which was friendly to Russia was thrown out. Ukraine was divided ethnically. Away from the Crimea, the ethnic Russian share of the population drops off sharply. In the simplest terms, in the West, Ukrainians are in the majority, in the East, ethnic Russian are in the majority.

As events unfolded, there was a military component, but the information component of the takeover was stunning. The Russian operations should be studied as a textbook case of superiority. Public meeting, newspapers, radio, television, social media, and other informational networks was quickly harnessed by what can best be described as a coherent trans-media strategy. It went well beyond anything that happened in Libya or during the “Arab Spring” in Egypt.

Interviews with citizens Crimea showed evidence of a completely different sense of reality. The ethnic Russians there were 100% convinced that Ukrainian fascists from Kiev were marching towards the Crimea. These fascist invaders were “burning Russian homes and raping Russian women”.  There was a complete sense of panic, and the scarcity of information (except what was being supplied), made the uncertainty even greater.  Having watched the speeches that were being streamed on YouTube, this writer can attest to their emotional content and dramatic content.

When the time came, it was a foregone conclusion that the vote would be overwhelmingly in favor of union with the Russian Federation.

In terms of information warfare doctrine, the Ukraine is a perfect example of how a coherent and well-managed campaign can complement other actions, here the use of military force, much of which was covert.

If we compare US actions in the Middle East, there is no such coherency between military action and information operations. The Russian actions in Crimea appear to indicate the United States has lost the ability or does not have the skills to conduct an equally integrated cyber strategy. If there is a “cyber race”, the Americans are losing.

In the next part of this blog, we will examine other examples and cases of cyber and information warfare.

 

 

References (courtesy of Psyfactor.org)

Ярослав Деркаченко, Эволюция понятия «информационная война», 2016.

Георгий Почепцов, Информационная политика и безопасность современных государств, 2011.

 

Leave a comment
January 11, 2017

The Rise of Cyber Nationalism

Countries now have informal gangs of cyber warriors positioned to attack foreign countries. This appears to have happened a number of times. Reports indicate that after the president of Taiwan made a congratulatory telephone call to Mr. Trump, the 45th President elect of the United States, nationalists in mainland China launched a series of cyber attacks against facilities in Taiwan. Since there are so many Chinese in the mainland, and since Taiwan is so small in comparison, one can imagine the severity of the damage. Various news reports (The Diplomat, The Jamestown Foundation, Financial Times) indicate that the current Chinese government is “worried” about the ferocity of these cyber attacks.

Cyber Nationalism

In China, the fear is “cyber nationalism”, the spontaneous development of nationalist “armies” of hackers who attack foreign countries viewed as being antagonistic to China. Below we list various techniques identified as being associated with cyber nationalists.

Malicious Hacking. Attacks may take place against websites of a foreign government in an “enemy” country. Or attacks may take place against foreign newsmedia that publishes information not favorable to the hacker’s home country, its foreign policy, its domestic policy, its leadership, or its government. In general, “hacking” is a broad and less-than-specific term that may refer to a number of actions including (1) Denial of Service (DOS) attacks against a website, thus more or less making it impossible for people to find the website or use it; (2) Introduction of propaganda onto the target website; for example, instead of having its regular home page show up, a defaced home page will show up containing a negative message for readers; (3) Alteration of information on a website, either in a major or subtle way; (4) introducing malicious code onto the target website.

Social Media. A second tactic is to bombard social media with the intended political message. This can be of either the positive or negative variety. “Positive” refers to setting up social media locations, such as a Facebook page, that expresses a point of view compatible with that of the cyber nationalists. “Negative” refers to visiting social media pages of organizations or individuals who have an opposing (or targeted) point of view, and introducing (or bombarding the site with) harsh comments. There are a number of social media sites, but since Facebook is the world’s largest carrier of email, for all practical purposes, these social media wars take place on Facebook.

News Media. An increasing number of online news outlets invite comments on different news stories. Actually, this is a form of customer retention strategy. People will keep coming back to a website if they can “interact” with it. Sometimes these comments can be made anonymously; other times they require registration to identify the commentators. Online registration has a variety of levels of security and authenticity. In most cases, however, it is possible to register with only a reference email account, and email accounts themselves can be false. This makes it possible for trolls to be accredited anonymously, or to even register under more than one identity. These comments in the media can have a significant effect, one would suppose. (We need to take a look at more detailed social science and communications/media research to see if anyone has empirically measured the effects on public opinion and published the results in a scientific journal.)  But for the time being, let’s assume these armies of commentators can have an effect.

Other Examples of Cyber Nationalism

China is not the only country with entrenched cyber nationalists.  Russia is reported to have conducted “information warfare” in connection with its campaign in the Ukraine. (See “Cyber Threats and Russian Information Warfare” published by the Jewish Policy Center; or “Russia’s Information Warfare” published in Politico; or “Russian and the Menace of Unreality: How Vladimir Putin is revolutionizing information warfare” published in The Atlantic; or “Что такое информационная война?” [What is Information Warfare?] published in ВОПРОСИК; or “Информационная война: определения и базовые понятия” [Information warfare: definitions and basic concepts] published in PsyFactor; or “論中共「信息戰」之不對稱作戰” [The Asymmetric Operation/War of PRC’s Information Warfare] . )

And there is no reason to single out Russia or China only. Other countries do the same thing. For Israel, see “Information and Warfare: The Israeli Case” by Gideon Avidor and Russell W. Glenn. India established an “Information Warfare Agency” to counter messages from its dear friends in Pakistan. We can assume that every advanced country has developed an information warfare strategy, or at least is thinking about it. Some countries are better than others.

Issues for Cyber Arms Control

The essential problem of Cyber Nationalism is its informal nature. In cases like China, and reportedly Russia (which are the strongest examples), there is little if any connection between the government and the cyber nationalist movements. What we have is the spontaneous formation of nationalist cyber activists who are willing to cross over international borders and take cyber action in support of their country. In their heart, they are patriots, eager to defend the honor and reputation of their homeland as they see it.

It would be difficult and probably very controversial for any government to crack down on their private citizens because they were promoting their country overseas in cyberspace.

This means that in terms of an international treaty for control of cyber weapons, cyber nationalism would be problematical to include. It would mean that by acquiescing to an international agreement (treaty) nations would need to agree to crack down (arrest; prosecute; punish; fine) their own nationals when they engage in international cyber activism. Even if there were such an agreement, it would be very difficult to enforce from a practical point of view.

  1. How would the government be notified of the violation overseas?
  2. How would it be possible to verify the true identity of the person committing the violation?
  3. What would be the evidentiary requirements in the judicial process?
  4. What would happen if the action taken abroad by a cyber nationalist was considered a crime where it was committed, but not a crime in the country which is the domicile of the alleged offender? (For example, would a United States prosecutor punish an American citizen because they published information on a Chinese website that in China was considered to be illegal, but in the US would be acceptable or even a form of protected speech?)
  5. Given the number of persons involved, how would it be possible from a practical point of view to police the actions of hundreds of thousands of citizens?

The Criminal Element of Cyber Activism. In the above list, we mentioned two general classes of cyber activism expressing cyber nationalism. In most cases, working on social media and making comments on newsmedia websites that themselves invite commentary would not be illegal, regardless of how outrageous or biased the comments. On the other hand, cyber vandalism (denial of service attacks; hacking of websites to change or distort the information there) is definitely illegal, and probably illegal in all countries.

Application to International Treaty

cyber-crimes-treaty-001

Figure 1 Treaty coverage for cyber crimes connected with cyber nationalism.

We can conclude, therefore, that an international treaty might be able to tighten up the enforcement against criminal actions.  Presumably, Country A would be willing to prosecute its citizens who performed recognized cyber crimes in Country B, if Country B was willing to prosecute its citizens who performed recognized cyber crimes in Country A. See Figure 1.

This type of agreement would be difficult to negotiate because the definition of cybercrime changes from one country to another. It would be easier to start with bilateral treaty negotiations, but more effective if a global treaty could be put in place.

 

 

 

 

 

 

Leave a comment