Not everything related to the cyber domain is limited to the 1s and 0s that flow across networks. There is a fairly robust physical component that is often overlooked in the way cyber espionage is depicted in the press, publications and especially in the movies. Deep cover covert cyber operations are not new and have been a part of modern day spying and espionage for two decades. What is new is the level of activity in this area by countries around the world, as well as intelligence agencies and special interest organizations.
Our military and intelligence communities know that superiority in the cyber domain requires a robust cyber espionage program. That is what has driven covert cyber operations to the forefront. “It is hard to imagine any conflict that arises today will not have some covert cyber operation associated with it,” said a source who asked not to be identified. When I pressed about the role of operatives in the models that are currently in use the source said, “Look it is not uncommon for some aspects of cyber operations to have boots on the ground in the specific area where the target of the cyber activity is located.”
The stand-alone cyber mission is becoming a much smaller percentage of total cyber operations. It has become another weapon used by military planners and strategists. It is the natural progression of this capability. In a presentation given nearly a decade ago, I talked about cyber covert operatives not as a standalone entity but a capacity of the modern-day spy. That has now become a reality that is impacting offensive and defensive covert operations.
Posted on Jan 24, 2013 at 9:26 PM0 comments
The introduction of cyberspace as the fifth domain of conflict has far reaching implications that have not yet been fully explored nor were appropriate policies created to provide operational guidance for our military and government leaders. Adding to an already complex issue is that fact that military planners and strategists do not have decades of well documented past actions that can be drawn upon as a guide in the prosecution of military cyber action. There is little doubt that military cyber capabilities are impacting the rules of engagement, military doctrine and international laws and policies.
During the past decade I have been involved in a number of cyber conflict planning exercises for training and research purposes. I recently was asked for my opinion on three specific scenarios involving offensive cyber operations that are very interesting. Here they are:
Scenario 1. The United States, as part of a NATO force or operation, launches a offensive cyber action from a facility in Maryland that targeted military systems in Syria, which is trying to quash the uprising. Would the cyberattack being launched from U.S. soil make the launching facility in Maryland included in the battlespace? Does the cyberattack command and control and launch facility being in the United States automatically make the U.S. mainland a legitimate target for physical or cyber retaliation?
Scenario 2. The United States experiences a fairly disruptive cyberattack on its infrastructure that black-outs a city of 60,000 for days. Would the United States be within its rights to launch a retaliatory strike, cyber or physical, against compromised systems in Venezuela that were used as an unwilling or unknowing intermediary in the cyberattack that was attributed to forces in Iran?
Scenario 3. A financial institution within the United States experiences a cyberattack on its online banking systems. The financial institution’s internal IT staff back-trace the attack to Argentina. As their servers are about to crash due to the malicious traffic, the IT staff decides to return fire and launch a retaliatory cyber strike against the top traffic sources in Argentina. Do they have the right of self-defense? (Note: This already happened back in 2011.)
These three scenarios illustrate the complexities of modern conflict now that cyberattacks have entered in to the equation. Recent planning of cyberattack scenarios such as these for training purposes resulted in the conclusion that it is easy to see how a room full of lawyers and international policy experts would be needed during the planning of any real-world cyberattack. These issues must be investigated, debated and answers agreed upon now before they come up in the heat of cyber conflict.
Posted on Jan 17, 2013 at 9:26 PM0 comments
Many people have projected the norming of cyberattack capabilities into the concepts, methods and techniques used in modern-day conflict and they were right. The advancement and availability of cyber weapons, coupled with a growing understanding of how they can be used in support of conventional conflict, has driven the need for a basic understanding of these weapons and techniques across the board. Actual cyberattacks and the weapons used have been studied not only by academics, but also by military planners, strategists and commanding officers alike.
Electronics have germinated the modern battlefield. This has created a need for a basic understanding of cyber weapons and cyberattack techniques throughout the ranks. This understanding should be extended even to the level of the ordinary combat soldier. This was made clear in a recent cyber scenario planning exercise. Indeed, there are a number of situations where ground forces might be in the best position to launch an attack against an adversary's cyber assets, military equipment or infrastructure.
This need carries over into defensive training as well. Equipment operators must be aware of the potential that their equipment could be compromised by a cyberattack launched by the enemy. When the equipment they are operating acts abnormally, understanding the basics of this threat would at least bring this potential threat into their thought process as they seek to determine the reason the equipment is not functioning as it should.
Militaries around the world must now incorporate cyber warfare skills into basic training. There are some who will say these skills are not needed by everyone. To maintain that position, they clearly have not seen just how technology intensive the modern battle field is today. That intensity will only increase over time.
Posted on Jan 10, 2013 at 9:26 PM0 comments
There is a growing sentiment that the so called digital sit-ins, or distributed denial of service (DDOS) attacks, are legitimate forms of modern-day protests. Many cyber defenders and those who manage the organizations they protect are unaware that there have been calls by individuals and private organization for Anonymous to launch one of its cyber protest (i.e., DDOS) attacks against specific organizations that the caller feels has wronged society.
These attacks merely deny general access to the online sites and services of the organization that is targeted. They typically do not cause permanent damage, nor do they involve hacking into servers of the targeted systems or stealing data from those systems.
Some refer to Anonymous as a modern-day Robin Hood, while others put the group in the same category as terrorists. There have been a number of people who have thanked Anonymous for its efforts in its fight for various freedoms. One posted comment on an article said: “Dear Anonymous, Thank you for everything you do for us.” There has been one report that claims the U.S. State Department was working “hand in glove” with Anonymous regarding Syrian issues.
Cyber activism, virtual-states, digital sit-ins are all real and pose a challenge. We have just begun to acknowledge the true power of networked resistance. This has spurred an increase in research looking into the similarities between hacktivist efforts such as Anonymous and real-world protest groups. In addition, many are interested in where those that follow the activities of Anonymous believe the future of hacktivism and virtual-states will be in three to five years.
As the perspectives and research comes in, the next step is to figure out how to deal with this virtual entity.
Posted on Jan 03, 2013 at 9:26 PM0 comments