Cyber Conflict: Conceptual Challenges
Week 4, lecture 1
What is war? Effects, means, actors
War is a continuation of politics by other means. It is intrinsically violent (1), instrumental
(2), and fought by states (3). Carl von Clausewitz.
War must be defined in terms of violence. Taking human life is the primary and dominant
characteristic of war. Sustained combat. Organized armed forces. 1000+ battle related
fatalities in a 12-month period. (Small & Singer).
Sources of state power existed primarily in the physical control of the land, sea, air.
Cyberspace: the interdependent network of information and communications technology
infrastructures that includes the internet interface with this network of networks is creating
and evolving behavioral space that is initiating social, economic, and political dynamics.
While much of this behavior is positive, there is a growing negative, even malignant
use = considerations of cybersecurity are becoming more prominent.
Threat actors and vectors multiple across the same interconnected space diversity of actors
(nation states; conflict + intelligence gathering, terrorists, organized crime, individuals etc.)
Previously, clear distinction between the state of peace and state of war army across
border, defeat enemy to achieve political objectives conflict in this Greyzone? The space
between war and peace is not an empty one, but a landscape churning with political,
economic, and security competitions that require constant attention (Schadlow, 2014).
What is cyberwar? Is there cyberwar?
War conducted in and from computers and the networks connecting them, waged by states or
their proxies against other states.
Cyberweapons are not overtly violent, their use is unlikely to fit the traditional criterion of
interstate war; rather the new capability is expanding the range of possible harm and
outcomes between the concepts of war and peace (Lucas Kello).
Cyberspace possess distinct characteristics that make it insecure:
, 1) Cyberspace is a human construction. Highly malleable. Underlying infrastructure is
always changing. It can be manipulated, adapted and abused.
2) Cyberspace spans the physical and digital worlds. Hardware exist in the real world,
but actions occur online. No international agreement on territoriality. Fairly low cost
of entry. Attribution is challenging and time consuming. As it is interconnected it
cannot easily be segmented.
The frontline is everywhere
There is no safe zone in cybersecurity. Everywhere that you operate you can be attacked.
Vector for attack may even be outside of your control.
- Allies are potential vulnerabilities, if your adversary can compromise their networks
- Vulnerabilities in states’ supply chains.
- No distinction between civilians and combatants.
Cyberspace is a domain of persistent threat where achieving security is an everyday
challenge.
Endemic vulnerability
Modern operating systems and applications are extremely complex programs. Flaws in the
program: exploits, can be used by hackers as entry points.
Zero day attacks: a vulnerability in a piece of software that is unknown by the software
developers.
Even when an exploit is known – patches need to be created and computers need to be
updated. Installing updates are often delayed allowing known exploits to be continually used.
WannaCry attack: disabled over 300k computers. 98% of which was using windows 7.
How do states use cyberspace to compete in the international system?
Computer network exploitation (CNE): enabling operations and intelligence collection
capabilities conducted through the use of computer networks to gather data from target or
adversary information systems or networks (NIST).
Computer network attack (CNA): Operations to disrupt, deny, degrade, or destroy
information resident in computers and computer networks, or the computers and networks
themselves (US, JD for information operations, 1998).
,Offensive cyber capabilities
Types
Deny; to prevent adversary from accessing and using critical information, systems, and
services by a specified level for a specified time.
Destroy; to damage a system or entity so badly that it cannot perform any function or be
restored to an usable condition without being entirely rebuilt
Disrupt; to break or interrupt the flow of information. To completely but temporarily deny
access to, or operation of, a target for a period of time.
Degrade; to deny access to, or operation of, a target to a level represented as a percentage of
capacity
Deceive; to cause a person to believe what is not true. Mislead adversary decision makers by
manipulating their perception of reality. To control or change adversary’s information,
information systems, and/or networks in a desired manner.
Characteristics
Cyberspace operations intended to project power by the application of force in or through
cyberspace.
The combination of technological, individual and organizational capacities that jointly enable
the adversarial manipulation of digital services and networks.
a) Usually involve intrusion or unauthorized access (not always).
b) Usually involve external control of the network over the internet.
c) Can be combined with a range of other techniques (including social engineering,
human sources) to gain access.
Harm
Web defacement – financial gain – denial of key services – disable critical infrastructure
Assist/enable Ios – data deletion – sabotage (military sites) – interfere with nuclear C&C
Cyberwar – cybergeddon
Vulnerability is present in every system and can be exploited by the adversaries. The number
of potential entry points is simply too high to be completely impervious.
, Examples feeding the public imagination of cyberwar
Stuxnet/Olympic Games. Cyber attack in 2007. Physical damage to Iranian centrifuges,
destroying 1-2000. First three years undetected. Attack designed in a way to look like user
error. 2010 discovered unexpectedly after word inadvertently spread outside Iran’s nuclear
facilities. Never intended to be detected, and was set up to stop itself in 2012 randomly
closed exit valves on centrifuges so that gas would be trapped. Caused damage over time and
wasted gas.
- The idea clearly is to try to disrupt operations that could lead to a nuclear weapon and
to make their scientists feel less secure and less capable of doing their work.
- The use of malware as a cyberweapon, designed to infiltrate and damage systems run
by computers – was supposed to make the Iranian think that their engineers were
incapable of running an enrichment facility.
Direct effect: marked decrease in centrifuge activity in 2009
Indirect effect: mistrust in scientific community, fear of inside threat
Set back Iranian weapon’s program by 2 years.
Limitations: highly customized capability, single use-target, Iran recovered within 6 months
overall direct impact physical progress nuclear program probably fairly limited (Lindsay,
2013).
Threat inflation?
Exaggerations in the threat perception. Commercial and institutional incentive to hype the
threat. Rhetoric has shifted in recent years.