Debating Cyber Warfare - Questions from .GOV

Tuesday, November 08, 2011

Don Eijndhoven

44a2e0804995faf8d2e3b084a1e2db1d

The NCDI

A few months ago I was engaged by a friend who had desires of starting a new foundation in the Netherlands.

He surmised that the Dutch Ministry of Defence could use some help in establishing proper Cyber Doctrine.

Now, a scant 6 months later, we find our group is firmly set at 7 people and the foundation has officially been established. It is called the Dutch Institute for Cyber Doctrine (NCDI) and I sincerely hope you will hear more of us in the near future.

imageI mention the birth of this foundation because through some proper networking we've been asked for input by our government with relation to Cyber Warfare.

The request for information contained such interesting questions that I felt I could almost dedicate an entire article on each question, and so I did.

 I hope to generate some really interesting debates with these questions. Without further ado, here is the first question:

"After Land, Air, Sea and Space, Cyberspace is generally considered to be the fifth warfighting domain. Based on what political and military objectives can operational cyber capabilities be developed and deployed? Please define the nature and role of operational cyber capabilities during military operations."

An Answer

While you'll find a plethora of discussions in which it is still hotly debated what it all means, it is very likely that future conflicts will not be 'pure cyber wars' in the same way we haven’t seen ‘pure nuclear wars’  or ‘pure air wars’.

Instead it is much more likely that new conflicts will contain cyber attacks or cyber espionage as part of a larger strategic plan. In fact we've already seen it in conflicts as early as the war in the Persian Gulf in 1991, where the famous and recently deceased Robert Morris was said to have launched the first US cyber attack.

Many people now ask the question what the political and military impact is of cyber warfare, and this is a very valid question. However, it should not be confused with political and/or military motive, because nothing has really changed in that regard. War is, as Clausewitz said, the continuation of Policy through other means, and that is exactly what cyber is: just another means.

With that in mind, I feel the first half of the question is somewhat flawed. Political objectives are not usually fundamentally changed by technology, though military objectives certainly can be, and with the advent of cyber warfare it is easy to confuse or even conflate the two.

So for me, the question is really “What military objectives should be the focus of operational cyber capability development?”. The answer to this question will probably always remain difficult to answer, because the technology surrounding cyberspace is continually changing.

Furthermore we find that the application of said technology is ever changing as well, making it very hard to pin down exactly if and where there are any fixed strategic points or objectives to aim exploitation development to. What is a sensible and effective angle today may be completely obsolete tomorrow.

Based on what we’ve seen so far (of what we’ve been allowed to see, that is), we can assume that in the foreseeable future, cyber attacks will not have a directly kinetic component. That is to say – cyber attacks don’t (and won’t) act like bullets, bombs or missiles. As we know and understand it now, it can be used as a strictly supporting function to ongoing operations.

The key word here is Information – its discovery, manipulation or denial. Cyber attacks could be succesfully applied to disable a radar array preventing a strategic bombing or insertion, or more locally to disable alarm systems on a house that needs to be breached quietly.

It could (and already is) be used highly effectively to break into the networks of defence contractors and steal the highly sensitive specs of enemy technology, and in turn use that information to render them harmless to your troops.

Interestingly enough, you could also use it the other way around: To make your enemies see things that aren’t there, such as by flooding their radar screen with bogus information or by infiltrating and corrupting their chain of command’s methods of communication.

Whatever the application, it is important to note that virtually all these attacks are of a temporary nature. They don’t really change things permanently. As such, you should not depend on cyber attacks to give you a lasting advantage. It is highly likely that the target will, at one point, discover the attack and take steps to undo it.

The bottom line is that before being able to develop operational cyber capabilities, it is important that you understand the nature of Cyber attacks. What it is, and what it isn’t.

You won’t win any wars with Cyber alone, but you may be able to increase the success rate of your missions and give your opponents a very frustrating time during ongoing operations by applying this exciting new technology.

About the author: Don Eijndhoven has a BA in Informatics (System & Network Engineering) with a Minor in Information Security from the Hogeschool van Amsterdam, The Netherlands. Among a long list of professional certifications he obtained are the titles CISSP, Certified Ethical Hacker, MCITPro and MCSE. He has over a decade of professional experience in designing and securing IT infrastructures. He is the CEO of Argent Consulting and often works as a management consultant or Infrastructure/Security architect. In his spare time he is a public speaker, works as a Project Manager for CSFI and acts as its Director of Educational Affairs in the EU region. He also blogs for several tech-focused websites about the state of Cyber Security and is a founding member of Netherlands Cyber Doctrine Institute (NCDI), a Dutch foundation that aims to support the Dutch Ministry of Defense in writing proper Cyber Doctrine.

Cross-posted from ArgentConsulting.nl

Possibly Related Articles:
18360
Government Military Cyberwar Attacks Cyber Warfare Netherlands Cyber Defense
Post Rating I Like this!
B64e021126c832bb29ec9fa988155eaf
Dan Dieterle Excellent article Don. I agree, in the short term, cyber attacks will be used to hinder and cause confusion during a kinetic attack.

Now with many countries moving to automated systems (drones, robots, weapons platforms) - hacking these systems could allow kinetic attacks through cyber, but until then, we will see more cyber espionage and sabotage.
1320875861
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.