Real Cyberwar: A Taxonomy

Wednesday, January 18, 2012

Infosec Island Admin



Cyberwar… A term that has been more misunderstood and bandied about improperly than APT (Advanced Persistent Threat).

Every time I see it in the media or being barked out or talked about by this and that INFOSEC person, military officer, government official, or the media, my eye twitches.

I understand that to many the word “Cyber” seems shiny and slick but it should not be the prefix for just anything that involves a computer or a smart phone. The reality is that the true meaning of “Cyber War” comes from the last bit “WAR”.

And one hopefully knows what the meaning of war is... Right?

So, for me, cyber war means that there is actual warfare at work here. Not just espionage efforts, which can be a prelude to war, but often aren’t the sole aegis of much of the espionage going on.

By warfare I mean kinetic attacks, troops on the move, and generally an invasion of some kind or hostilities where people are being killed. That is war…

Cyberwar, as yet, has NOT happened. There have been Cyber Operations if you want to use the term (I don’t) but most of what we have been seeing in the news cycle is once again, NOT cyberwar.

Our Site Has Been DoS’d IT’S CYBERWAR! Uhhh No… It’s Not

Ok, now that I have said that, I will once again re-iterate that most of what we have been seeing in the news (Anonymous, Antisec, LulzSec, DD0S, Dox-ing, IP Theft, etc) are NOT Cyberwar. I would not even call these attacks warfare and I will elucidate now on why. It really comes down to one thing… No outright declarations of war.

None of the instances so far have actually resulted in rockets being fired, bombs being dropped, or any other warfare to be carried out on anyone anywhere.

Of course though, we have had much sabre rattling about this, and the US military as well as Israel have recently made bones about being able to launch conventional warfare against those they “think” attacked a website or released some credit card data.

God… How stupid is that?

Yet again, I say none of this has happened yet. Nor would I say that any of these events above, would or should be classified as precursors to war. These are nuisance attacks by those wishing to cause damage to businesses or perhaps governments but they are not attacks on systems (as yet) that would cripple any nation state whatsoever to the point of being an easier target for real warfare.

Let me give you an example of real cyber warfare… Georgia: The Georgian infrastructure was attacked as a pre-emptive measure to real invasion/bombing by the Russian government.

The effect of the attacks took not only Georgia proper offline, but cut off its communications networks internally, leaving them in a weak position for the Russian attacks to just begin. This is cyberwar... Which leads me to the taxonomy thereof.

[Editors note: the author had originally identified Estonia as the target of the Russian attack. The author amended the piece to correctly identify Georgia.]

A Taxonomy of Cyber Warfare

(Click image to enlarge)

There you have it. Cyberwar should only be leveled as a term when the actual use of warfare if involved. This is a cause and effect type of thing and should NEVER be confused with someone getting dox’d by Anonymous or having your internet commerce presence taken off-line with DDoS.

The short and simple.. No bombs and bullets.. No Cyberwar. To say otherwise loudly in the media is just another kind of cyber… “Cyberdouchery”

A Plea to The Media and INFOSEC Community

My polemic will conclude here with a plea to those in the know. The INFOSEC community at large should know better than to propagate all of this claptrap but unfortunately some do.

Some people (who remain nameless but actually use the title cyberwar in their titles or screen names) should know better but see an opportunity to make a splash with buzzword bingo.

Please stop.

With the advent of computing and with the moniker of “Cyberspace” being coined (allegedly) by William Gibson, everyone seems to want to grab a little bit of that epic “cool” and throw the term out there for just about anything digital.


There’s warfare… There’s Espionage… and There’s Cyberdouchery.

Know the differences and be a better informed person.


Cross-posted from Krypt3ia

Possibly Related Articles:
Military Cyberwar Attacks DDoS Espionage Hacktivist hackers Cyber Warfare Cyber Offense Estonia Taxonomy
Post Rating I Like this!
David Dennis I share your concern over the lax use of the term "cyberwar" but my main concern is that we no longer have a good working definition of warfare. And we can't really blame media types for the problem.

It used to be that a state of war only existed when nations declared war. How many times has that happened in the last 70 years or so?

Antagonists have changed as well. In addition to nations, we now have transnational organizations like the UN and NATO, insurgent groups of every stripe (ethnic, religious, etc.) and terrorist and/or criminal organizations to boot. Hostilities involving these groups can be classified as (holy) war, police action, or just thuggery, depending on where you sit.

You do pose a legitimate question that needs to be discussed at more length, though (and I don't have the answer): Does cyberwar have to involve kinetic elements? For example, is malware that formats every hard drive on an aircraft carrier any less aggressive than a missile strike on that vessel? The US has fought many conflicts without using all of its military assets, but does that make them any less of a conflict?

I think that the answer lies, not in what types of technology or force are used, but rather the strategic intentions of the antagonists are. Of course, looking at the antagonists of today (mostly nongovernmental), how are we to define what those intentions are?

Now, there's a challenge that's even more difficult than trying to get the media to use accurate terminology.
Gabriel Bassett I think you could replace "Cyber War" at the bottom of the taxonomy with just, "war". Cyber is a domain, just like land, air, sea, and space. It is not a type of agression, (war war, trade war, etc).

I can understand the idea that a cyber engagement must have physical consiquences to be considered part of a war, however that limits war to a western definition. Eastern mentalities see war differently, (i.e. the idea of winning a war without firing a bullet). In that case, war may be fought by destroying your adversary's economy or by simply convincing them to surrender w/o fighting. (See the 36 Strategems

In the end, I agree with you. "Cyber War" is over used. (Especially right now with respect to the Isreal - Saudi Arabia thing.) That throwing rocks across international borders. People need to get their minds off cyber war. The strategic view is causing people to overlook the tactical.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.