The Gray Lines Between Reconnaissance, Espionage and Cyberwar

Sunday, November 14, 2010

David Dennis


There has been a lot of discussion about cyberwar and other threats to electronic infrastructure in the past few years, but there hasn't been much basic definition of terms, especially terms that public decision makers and the general public can share.

This is one attempt to provide some basic terms that can be meaningful to both groups. Here are three terms to start the process:

1. Reconnaissance

In conventional warfare terms, this is the process of gathering information about an enemy and the terrain in which you will face him.

Most of this information is readily available; all that's needed is time and effort. In fact, there is little a defender can do to deny this information to an enemy.

In the electronic arena, reconnaissance efforts would focus on identifying potential value target systems (operating systems, ports used, etc.) and their supporting services (firewalls, DNS, failovers, etc.).

Except for the case of systems totally disconnected from the Internet, this sort of activity is inevitable and probably not worth defending against.

2. Espionage

In conventional warfare terms, this activity is the process of getting non-public or classified information (or items). It's usually illegal, but not generally a cause for a declaration of war between nations.

Discovered espionage attempts will, however, tend to cool off diplomatic relations. Electronic espionage is the logical extension of conventional means and, like their cousins, may be tolerated, sanctioned on a tit-for-tat basis, or singled out for more severe political sanctions.

The rub for most nations is that, the more they retaliate against these activities, the less able they are to use them to gather their own intelligence information.

3. Act of War

The definition of an act of war has changed over the last century. Originally, it involved the attack or occupation by one nation of another nation--its territory, citizens, commercial interests, etc.--and sometimes included a diplomatic declaration as well.

More recently, it has come to represent a tacit recognition of hostilities without an overt declaration. Democratic nations have the most difficulty with this class of activity, as their populations tend to be more involved in national decisions and may well take the situation in unintended directions.

Further complicating things recently have been the rise of nongovernmental organizations that legally transcend borders (corporations), furtively skirt national power (criminal syndicates), or even influence or displace governmental authority (most semi-successful insurgencies).

Since we currently have only a vague definition for a state of war, people will also have a hard time deciding what an act of war would look like in cyberspace, especially when nongovernmental organizations get involved.

Defining basic terms such as these only begins to scratch the surface, but attempting to make or implement policy without them is no shortcut.

Possibly Related Articles:
Defense Cyberwar Espionage Reconnaissance
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.