The Internet is both the terrain and the tool in the future of cyber warfare. As we look at the use of the Internet to support hostile actions against government and military targets the classic asymmetric conflict is rising in scope and scale. This is exactly the kind of conflict that the United States military has had issues in resolving. The Internet is a force multiplier and allows the lone individual hostile agent to act in ways that previously would have been nearly impossible to detect. So, what does it mean for the military to move past passive activities found in the normal domains of information assurance and security and enter the darker realm and more dangerous realm of cyber warfare?
If the military is going to increase capability for cyber warfare what does that look like? Currently most national training standards, most University curriculum, and even most “hacking” schools are about defense of networks and information assets. Cyber warfare sits squarely in the communications domain without taking on the associated information warfare attributes though it can. An armed invasion may not use psychological operations or information operations as part of the plan but it can. Cyber warfare as warfare against the computer mediated assets of an adversary and the processor power of that adversary is a new terrain. An attack against the communication infrastructure will either disrupt, delay, change, or intercept information. A JDAM into a telephone closet is a form of cyber warfare. The hacking of a communication satellite like the LTTE did is a form of cyber warfare. The disruption of the telemetry from a Predator Drone is a form of cyber warfare.
Since the treaty was signed at the Peace of Westphalia in 1648 the nation states in the European tradition have forsworn direct action against the populations and fought wars as state against state (with notable exceptions of course). The treaty and governmental systems of the nation states have limited the type of conflict the military can be involved in against civilians. The issue is that in the new environment a civilian in a foreign nation can now take action against industry, government, or the military and be highly effective. While taking little risk of being caught. This is the nature of an asymmetric threat that will be difficult to counter. The Internet is a solar system wide network with the deep space network part of it. The computer forensic task of identifying the actual location of a hostile entity in real time with enough assurance to take action is going to be the centerpiece of any rules of engagement.
The rules of engagement for the military taking actions are going to be highly restrictive. The actions taken by the military are going to be so specific that models and methods of showing to foreign entities the evidence of an attack will be huge. When a foreign agent can be located in one country bouncing traffic through a variety of other countries all hostile to American interests the stakes will go up quickly to insure that the forensic evidence of the cyber attack is specific and has a high level of confidence. Cyber Pearl Harbor scenarios aside the mind boggles at the possibilities of an intelligent hostile operative with access to the Internet. The ability to respond by the military is important. The rules of engagement for that response though need to be discussed.
The military entering the world of cyber to wage war has some interesting issues that we can put questions too.
- Treaties currently limit the over flight of the United States Air Force during hostilities against a foreign adversary. Will there have to be treaties for a military agency to use the networks of an ally or other nation to wage cyber war?
- Depending on the sophistication of the military response to cyber warfare and the attack vectors that are used in active hostilities there is the possibility of civilian casualties in the United States. What if any civil defense mechanism will the military put into place to protect industry and civilians?
- There are laws and proscriptions against certain military activities against United States citizens. Will those traditional protections, laws, and regulations have to be abandoned or the spirit of them adjusted?
- I have written about models on which cyber warfare could be waged but it requires specific skill sets and not those of necessarily hackers. Information assurance and security, code generation and manipulation are all skills for this type of warrior, but so are tactical and strategic geo-political thinking skills. This is not a tawdry cadet or under graduate computer science drop out. Where will this new service find these already rare skills
- Though I imagine the military has thought about this, and there may be waivers that I am unaware of today. The discussion of activity or open hostilities on the Internet in the act of cyber warfare simply as a discussion is likely against the law (DMCA- Anti bypass circumvention provisions).
I will not try to make a case against the military joining battle in the cyber terrain. When I coined the term (though others have used it) of Cyber Terrain I wanted to add this new world to the land, sea, and air terrain that the military has traditionally followed. Whether the Marines, Army, Navy, or Air Force the leadership has always understood the joint nature of their interests around conflict. The cyber domain sits in the same area that soldiers exploited when cutting the wires of the enemy telephone systems, that World War 2 spy masters exploited with the Enigma code, and that Civil War generals exploited by targeting the banner carriers of their adversary. The communication channel though carries much more information and is much more subject to heinous abuse by the interconnected nature of the systems. Simply unplugging is not the answer. The answer is to consider the many questions and develop a cohesive body of knowledge around active participation in hostilities on the Internet.
As Thomas Kuhn told us when considering the shifts in science and disciplines sometimes the shifts are gradual but other times the paradigm shift is rapid. I would argue that we have been on the cusp of this change for a long time, there is a wealth of knowledge, but that knowledge is imperfect and found in silos of side board research.
Comments are welcome they are moderated (to keep SPAM down) and you must be a registered user. Otherwise have fun.
1 comment for “What does it means when the military moves from defense to offense on the Internet?”