RealSecurity

In part 1 I provided a short recap on the topic of cyberwar and gave some basic perspectives of how military tactics have changed to accommodate different enemies and environments in history. Most importantly the integration of the enemy making it difficult to distinguish friend from foe and the fact that status can change without warning, what we currently see with insurgents and reflective of the cyber theater of war. Another point I wanted to hit home with you is the arsenal of military weapons we have at our disposal have been, in some cases, rendered moot.

The cyber theater of war is the ultimate fog of war environment. The basics of warfare become distorted. What works as battle fundamentals in the physical world do not necessarily apply to the digital domain. To demonstrate this let's look through the lens of cyberwar at something everyone is familiar with, Sun Tzu's "The Art of War". You'll find that certain proclamations are completely applicable in cyberwar because they have to do with mind-set and general strategy, but others that are clearly related to the physical domain and therefore have little applicability.

All warfare is based on deception.

Or one of my favorites,

If your opponent is of choleric temper, seek to irritate him. Pretend to be weak, that he may grow arrogant.

And one I think is very appropriate for cyberwar,

Attack him where he is unprepared, appear where you are not expected.

Then there are those that need a little imagination to cross the divide from physical to digital, but you can see applicability between the lines.

Bring war material with you from home, but forage on the enemy. Thus the army will have food enough for its needs.

However, there are far more that don't quite resonate. For example,

The stronger men will be in front, the jaded ones will fall behind, and on this plan only one-tenth of your army will reach its destination.

Of course, using a 2,500 year old military literature to prove a point about cyberwar is arguably a bit obtuse, but the point, I hope, was made. There are features of military strategy that on some level can be retained because they are simply timeless. Conversely, the more "tuned" modern strategies of warfare are virtually doomed in cyberspace.

Let's look at some of the characteristics of cyberspace and the cyber theater of war relative to traditional war strategy.

Computers can be commandeered without the knowledge of the owner and commanded to participate in an attack. This is fairly alien and somewhat rare in traditional warfare, but the concept of "mental turn coat" has been experienced in the war on terrorism. Terrorism is a state of mind and as a result it is difficult to identify and target unless there are obvious clues, such as carrying an AK or an RPG. Nevertheless, a friend or non-combatant can become the enemy very quickly, just as a seemingly benign computer system can be used against you.

Given that computers are everywhere, there is no meaningful method to establish implicit trust. Meaning an ally's computer can become the tool for the enemy at any point in time, just as your own systems. Traditional war there are methods of identification and rules of engagement, both current versions will not work in the cyber theater of war. There are no borders, battle lines, or means of assuring indisputable trust. In short, your enemy is anything and everything at any point in time.

Given that potentially "trusted" systems can be made to participate in an attack, targeting such systems raises concern. Is it a system of an ally? Is it a system critical to other forms of defense? Have you even accurately determined the target is the right target? What will happen if you destroy the targeted system? It's one thing to accurately identify a threat, it's another to understand the implications of its destruction. This does occur in modern warfare and is mostly associated with collateral damage. Also, there are planned targets for their downstream impact, such as blowing up a bridge to slow enemy movements, but fully aware that it will equally impede friendly movements. It's a give and take. However, the essential difference is the fluidity of system role. A bridge is a bridge that serves a quantifiable purpose and that purpose makes the foundation for decisions. In cyberspace, the asset's role, function, and purpose – and who it may be valuable to at any given time – are dynamic, which undermines the foundational aspects of the decision making process.

Trojans, embedded code and malware, backdoors, rootkits, and the like can be surreptitiously introduced into systems and networks at production, integration, or once implemented creating a hidden, highly distributed attack platform. In fact, the Tet offensive is a perfect example of this strategy. Within that light, there are some similarities to be found in traditional and cyberwar strategies. However, this example is more akin to Manchurian Candidate and the triggering of a cyberweapons, or more accurately defined as a weapon platform, upon command after long periods of hibernation. Interestingly, the aspect of manipulating code and chips comes up rarely in typical media and private sector security circles, but I – as do other, less vocal folks in the know – believe that this is an enormous attack vector.

Cyberweapons are more dynamic than traditional weapons. In the physical domain there are essentially explosives, projectiles, and chemical weapons when your break it down to the very basics. All of which can be used to: kill and destroy, kill and not destroy, or render ineffective (not kill or destroy). Now, putting aside physiological warfare, weapons, and CI processes for a moment, this is the overall spectrum of modern weaponry. In cyberspace the spectrum is much wider. A computer system can be - at the desired point in time - destroyed, rendered ineffective, turned into an intelligence gathering device, made to perform on your behalf, participate in a larger function (limited role/involvement), used to acquire more assets, or store resources. In other words, there is no such thing as simply destroying the enemy any longer; hence all strategies based on destruction are outdated in cyberspace.

Interestingly, Sun Tzu does comment on the concept of destruction:

In the practical art of war, the best thing of all is to take the enemy's country whole and intact; to shatter and destroy it is not so good. So, too, it is better to recapture an army entire than to destroy it, to capture a regiment, a detachment or a company entire than to destroy them.

So far we've discussed some points on strategy and the affects cyberspace will have to traditional approaches and conditions at a high-level. In the next part of this series, I'm going to talk about how this relates to tactics. We'll talk more about cyberweapon's spectrum and get into more detail on offense and defensive tactics in cyberspace, continuing the comparison to traditional and modern warfare.

I'll leave you with one last Sun Tzu quote:

It is only one who is thoroughly acquainted with the evils of war that can thoroughly understand the profitable way of carrying it on.