The establishment of the US Cyber Command in 2010 confirmed that cyberspace is a new domain of warfare. The computer is not only a target but also a weapon. Therefore, national security thinkers must find a way to incorporate cyberattacks and defense into military doctrine as soon as possible.
The world’s most influential military treatise is Sun Tzu’s Art of War. Its compelling and adaptive wisdom has survived myriad revolutions in technology and human conflict. And its tactics and strategies have been applied to other disciplines, including business, sports, and personal relationships. Future cybercommanders will also find Sun Tzu’s guidance beneficial. For example, on defense, he warns leaders never to rely on the good intentions of others or to count on best-case scenarios. This is sound advice in cyberspace, because computers are attacked from the moment they connect to the Internet.
Here’s a quote from the section “Variation in Tactics”:
The Art of War teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
On offense, cyberattacks are likely to play a leading role in future wars, where the nature of the fight could be, above all, over IT infrastructure. A cyber-only war might even please Sun Tzu, who argued that the best leaders can attain victory before combat is necessary: "The best thing of all is to take the enemy’s country whole and intact… Supreme excellence consists in breaking the enemy’s resistance without fighting."
In theory, cyberwarfare might be a good thing for the world if it makes future conflicts shorter and costs fewer lives, which could facilitate economic recovery and post-war diplomacy.
However, it may be difficult to write military doctrine for many aspects of cyberconflict that are truly revolutionary. Here are no fewer than 10 to consider:
The Internet is an artificial environment that can be shaped in part according to national security requirements.
The blinding proliferation of technology and hacker tools makes it impossible to be familiar with all of them.
The proximity of adversaries is determined by connectivity and bandwidth, not terrestrial geography.
Software updates and network reconfigurations change cyberbattle space unpredictably and without warning.
Contrary to our historical understanding of war, cyberconflict favors the attacker.
Cyberattacks are flexible enough to be effective for propaganda, espionage, and the destruction of critical infrastructure.
The difficulty of obtaining reliable cyberattack attribution lessens the credibility of deterrence, prosecution, and retaliation.
The “quiet” nature of cyberconflict means a significant battle could take place with only the direct participants knowing about it.
The dearth of expertise and evidence can make victory, defeat, and battle damage a highly subjective undertaking.
There are few moral inhibitions to cyberattacks, because they relate primarily to the use and abuse of data and computer code. So far, there is little perceived human suffering.
The world’s top military thinkers, including Sun Tzu, can help modern organizations fill the holes
in their cyberdefenses, but it will take many years to incorporate all the revolutionary aspects of cyberconflict into military doctrine.
I would like to support and extend Kurtkeys' defenition of the Internet logistic chain in his #1 point:
"The Internet is not an artificial environment. It is made up of wires and routers and hubs and satellites and computers and physical entities around the globe."
...which connects senders and receivers, people, who's quantum consciousnesses are seperated by a mear sequence of numbers and letters.
This subject should be acknowledged and studied, peer reviewed, by the global scientific community.
1. The Internet is not an artificial environment. It is made up of wires and routers and and hubs and satellites and computers and physical entities around the globe.
8. you seem to be saying that in cyber warfare only the Warriors will be affected. while in 6 you talk about the destruction of critical infrastructure. Maybe you don't understand what critical infrastructure really is, or you don't think it's destruction will affect the mass population.
But in a cyber attack the knocks out the power grid across the center of the United States leaving millions of people in Nebraska Colorado and Iowa to freeze to death during a winter storm, that is what cyber warfare is. Waging a cyber war effectively would mean you would have to attack the people who were considered noncombatants in traditional warfare. Attacking just the military infrastructure or the command-and-control of the government would not win the war. You have to dishearten and discourage the general population to the point where they were unable to resist. And that would mean disrupting the food supply, disrupting the retail merchandising supply disrupting the water supply and generally making it impossible to resist. There would not be just turning off twitter is shutting down Facebook. Waging war on the scale would not be invisible and will return us to the type of warfare fought before Vietnam.
10. Going hand-in-hand with what I said above the cyber war would not be any more morally acceptable or tolerable than conventional warfare. In fact would be more reprehensible because the war itself will be waged against noncombatants. And not just on the basis of emptying out their bank accounts or stealing their identities.
I find your entire treatise on the subject a little bit naïve. But I applaud you for broaching the subject.
The problem is nationalizing and militarizing cyberspace. The Internet should be free. Some of his points are self-defeating:
1.The Internet is an artificial environment that can be shaped in part according to national security requirements.
Yes, its artificial, but it IS NOT shaped by National security. It is Non/Multi-national. Nationalization is a bad trend, and is really invalid.
2.OK
The proximity of adversaries is determined by connectivity and bandwidth, not terrestrial geography.
3.This point contradicts his #1 – the internet is non-geographic. It is also Co-Geographic – adversaries, friends and neutrals are equally non-distant (indistinguishable).
Software updates and network reconfigurations change cyberbattle space unpredictably and without warning.
4.So this is beneficial especially for defensive: reconfigure your assets away from attack instantaneously. But it also exponentially increases the likelihood for collateral damage.
Contrary to our historical understanding of war, cyberconflict favors the attacker.
5.OK. If you ignore #4.
Cyberattacks are flexible enough to be effective for propaganda, espionage, and the destruction of critical infrastructure.
6.None of which are warfare. Piracy, Espionage, and Crimes.
The difficulty of obtaining reliable cyberattack attribution lessens the credibility of deterrence, prosecution, and retaliation.
7.So how does national agents, such as military, justify militarization of the Internet?
The "quiet" nature of cyberconflict means a significant battle could take place with only the direct participants knowing about it.
8.Collateral damage is exponentially higher – DDOS can impact other sites, degrade bandwidth, etc., not counting mis-targeted (like the organic farmers with the name SOPA?).
The dearth of expertise and evidence can make victory, defeat, and battle damage a highly subjective undertaking.
9.Lack of attribution. Lack of evidence. Is there anything at all to support?
There are few moral inhibitions to cyberattacks, because they relate primarily to the use and abuse of data and computer code. So far, there is little perceived human suffering
10.OK, it's a game. And lets keep it that way. De-militarize, De-nationalize: Prevent the Internet by Agreement and Law from being used as a weapon of mass destruction. Then deal with the pirates and spies.
There is no doubt that people are using scare tatics to get this out there, but I do personally belive this is the future. Its of course in their interest to keep the debate going in order to make more money.
But I do belive that their will be a time where this fear mongering turns the corner into real fear. Right now people are projecting all these scary stats and causing a big deal about very little. I would say that in the next 10 -15 years many of these money making schemes now will become a reality.
Succi, I agree with you but the quote Paul pulled puts words to what I was wondering. I do think there is an industry brewing by playing up these threats.
I've seen that in elections, where many of the election integrity activitsts are simply persons who receive literally millions of dollars of federal government money to study and never conclude. It's in their interest to keep the debate going.
In terms of cyber warfare, I wonder if more money will be made by people talking about security threats than will ever be impacted by the threats themselves.
Paul - This is deffinilty based off FUD, but if we're not planning for a landscape that's already being exploited and is just going to grow we've already lost.
Not all attacks are meant to kill, but they are aimed to give you an advantage. Re-routing internet traffic, stealing information, changing data, etc are ways that would also be used in cyber-war to give yourself an advantage. I think we have to step back and not consider mass lose of life as the definition of a cyber war.
The cyber realm can touch all areas of war and isn't restricted to one realm. Of course if they wanted to they could attack our power grid, water supply, etc that could touch multiple lives and leave us open to a more traditional attack while we're vulneraable.
I agree that we most likely won't see a fully cyber war anytime soon, but using the internet as a weapon is deffintly something that each country is starting to invest in more heavily.
We're not going to rely soley on the internet in war, but use it as a tool (a large tool) to help advance or enhance a countries position.
With today's world relying on connectivity I can see DoS attacks becoming the "go to cyber weapon" during a conflict. This doesn't include attacks or espionage that would require more planning like Stuxnet.
"Paul, I agree we are oblivious to everything happening, but don't you think this is an industry that is building on the proverbial fear, uncertainty, and doubt?"
That's so true. There is definitely no doubt that due to the massive amount of money that cybersecurity will generate in the coming years, all the parties involved in cybersecurity strategy i.e. the Military, defense contractors and legislators may be using the 'the sky is falling" approach to get our attention.
I came across an article that perfectly sums up what is behind this megabucks cybersecurity industry:
"Washington is filled with people who have a vested interest in conflating and inflating the threats to our digital security. In his famous farewell address to the nation in 1961, President Dwight Eisenhower warned against the dangers of what he called the "military-industrial complex": a excessively close nexus between the Pentagon, defense contractors, and elected officials that could lead to unnecessary expansion of the armed forces, superfluous military spending, and a breakdown of checks and balances within the policy making process. Eisenhower's speech proved prescient."
Paul, I agree we are oblivious to everything happening, but don't you think this is an industry that is building on the proverbial fear, uncertainty, and doubt?
While there are many systems that are linked (like a power grid), most IT infrastucture items are not linked. So, to me, could cyber terrorists cause disruption and make many of us have a bad day? Sure.
Can it in any way be an attack that harmed or killed thousands of people? For the most part, I don't see it.
Of course, a hacker could monkey with the FAA or other transportion systems, for instance. It's the coordinated Act of War in Ocean's Eleven style that seems the stretch to me.
Kenneth, I think you're right about one of the real dangers here: in the case of overt, actual war between technologically developed nations, bombing campaigns might not be necessary to disrupt the grid and other infrastructures. There may be virtual ways of doing so.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
National security thinkers are still debating whether a"“Digital Pearl Harbor" is possible. But in the ongoing revolution in Syria, the cyber battleground is already strewn with interesting proofs-of-concept.
My blog, The Art of Cyberwar, posted on Internet Evolution this past January, described 10 revolutionary aspects of conflict in cyberspace. Based on the feedback I received, I've decided to revisit each of the 10 aspects with a new view based on what I've learned from many comments. Here is my list:
World leaders fear that cyber-terrorism and cyber-warfare may pose a real threat to national security. In the future, unknown hackers might target everything from electricity to elections.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
Sean Smith, a US Foreign Service IT manager, gave his life in service of his country and the world. His life and death are a humbling example for all of us who work in IT.
The plan for unmanned police drones to patrol traffic and other city conditions in Seattle has sparked a new set of legal concerns about privacy. Law traditionally lags technology, but we can expect now to see a new round of activity in the courts as legal definitions begin to emerge on what "next-gen privacy" will look like.
Ontario's information privacy commissioner explains the unintended consequences of facial recognition technology and how biometric encryption can make it safer.
Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
