Tag: Cyberwarfare

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

The Nuclear Option in Cyberspace

Stuxnet was a malicious computer worm that caused substantial damage to Iran’s nuclear program. It was likely deployed to prevent a conventional military strike against Iran’s nuclear facilities. The 2015 cyber attacks on Ukranian critical infrastructure caused loss of energy for hundreds of thousands citizens of Ukraine in December. It was likely staged to test cyber operations for the upcoming 2016 U.S. presidential election. Both cases offer interesting takeaways: (a) offensive cyber operations often empower rather than deter an adversary and (b) offensive cyber operations resulting in a devastating cyber attack to the integrity of the target may be responded via conventional military means. But where exactly is the threshold for escalating a cyber attack into conventional domains? How can policymakers rethink escalation guidelines without compromising international relations? This paper discusses achieving strategic stability in cyberspace by way of transferring the concept of a nuclear no-first-use policy into the current U.S. cyber strategy.  

tl;dr

U.S. cyber strategy has a hypocrisy problem: it expects its cyberattacks to deter others (defend forward) without triggering escalatory responses outside cyberspace, while it is unclear about what it considers off-limits. A strategic cyber no-first-use declaration, like the one outlined in this article, could help solve risks of inadvertent instability while allowing cyber-​operations to continue.

Make sure to read the full paper titled A Strategic Cyber No-First-Use Policy? Addressing the U.S. Cyber Strategy Problem by Jacquelyn Schneider at https://www.tandfonline.com/doi/full/10.1080/0163660X.2020.1770970

Credit: J.M. Eddins Jr./Air Force

In 2018 the Trump administration adopted its progressive National Cyber Strategy. These sort of policy declarations are commonly filled with agreeable generalities, albeit this National Cyber Strategy read in conjunction with the 2018 Department of Defense Cyber Strategy introduced a new, rather reckless cyber posture of forward attack in cyberspace as a means of a preemptive cyber defense. Key themes, e.g. 

  • Using cyberspace to amplify military lethality and effectiveness;  
  • Defending forward, confronting threats before they reach U.S. networks;  
  • Proactively engaging in the day-to-day great power competition in cyberspace;  
  • Actively contesting the exfiltration of sensitive DoD information; 

raise important questions of national security. Why does an industrial superpower like the United States feel a need to start a cyber conflict when it could redirect resources toward building effective cyber defense systems? How many cyber attacks against critical U.S. infrastructure are successful that it would justify a forward leaning cyber defense? What is the long-term impact of charging the military with cyber strategy when the private sector in Silicon Valley is in a much better position to create built-in-cybersecurity and why aren’t resources invested back into the economy to spur cyber innovation? Each of these questions is material for future dissertations. Until then, instead of a defend forward strategy in cyberspace, a cyber policy of no-first-use might complement securing critical infrastructure while ensuring allies that the U.S. cyber capabilities are unmatched in the world and merciless if tested. 

No-first-use is a concept originating in the world of nuclear warfare. In essence, it means 

“a state declares that although it has nuclear weapons, and will continue to develop and rely on these weapons to deter nuclear strikes, it will not use nuclear weapons first.”

Instead conventional (non-nuclear) warfare will be utilized to respond to attacks on its sovereignty. These policies are not treaties with legal ramifications if violated. They’re neither agreements to ban production of certain weapon systems nor intended as arms control measures. In fact, no-first-use policies often take shape in form of a public commitment signaling restraint to friends and foes. They are made for strategic stability in a given domain. 

No-First-Use Cyber Policy 

Taking the no-first-use concept to cyberspace may be a national security strategy at low cost and high impact. Cyberspace is by its configuration transient, hard to control, low cost of entry and actor-independent. For example, a web crawler is at times a spiderbot indexing websites for search engines to produce better search results. At another time the same web crawler is configured to recon adversary cyber infrastructure and collect intelligence. Yet another time, the tool may carry a malicious payload while scraping website data. This level of ambiguity introduces a wealth of cyber policy hurdles to overcome when drafting a no-first-use cyber policy. Schneider recommends starting with distinguishing the elements of cyber operations in its strategic context. As mentioned before some actions in cyberspace are permissible, even expected, other actions using the same technology, are not. Now, there is no precedence for a cyber operation to be so effective at scale that it would compromise its target (state) altogether. For example, no known cyber operation has ever irreparably corrupted the energy infrastructure of a state, destroyed social security and health data of its citizens and redirected all government funds, bonds and securities without a trace or leaving the state in a position unable to respond within conventional warfare domains. This means the escalation risk from a cyber operation against critical infrastructure is lower in cyberspace compared to an attack with conventional weaponry. Therefore a successful no-first-use cyber policy must focus on the cyber operation that produces the most violent results and is effectively disrupting a conventional defense (by disrupting critical infrastructure). 

Another consideration for an effective no-first-use cyber policy is the rationale of continued development of cyber capabilities. A no-first-use cyber policy does not preclude its parties from actively testing adversaries’ cyber vulnerabilities; it only bars them from exploiting such weaknesses unless the adversary strikes first. 

A strong argument against adopting a no-first-use cyber policy is diplomatic appearances. First, it might signal a weakness on part of U.S. cyber capabilities or indicate to allies that the U.S. will not commit to protecting them if under attack. Second, it may also result in hypocrisy if the U.S. launches a first strike in cyberspace after political changes but is still bound to a no-first-use policy. For Schneider a successful no-first-use cyber policy 

“credibly convinces other states that the U.S. will restrain itself in cyberspace while it simultaneously conducts counter-cyber operations on a day-to-day basis.”

She also recommends strategic incentives through positive means: information sharing, foreign aid or exchange of cyber capabilities. The end goal then ought to be strategic deterrence through commitments in cyberspace to restraint high-severity cyber attacks.  

I found the idea of a no-first-use cyber policy captivating, albeit inconceivable to be implemented at scale in cyberspace. First, even though cyber operations with the potential to blackout a state are currently reserved for professional militaries or organized cyber operators in service of a state-actor, I don’t believe that a lone non-state actor is not capable of producing malicious code with equal destructive powers. Second, I see attribution still as a roadblock despite improving cyber forensics. Any democracy would see the hypocrisy of mistakenly engaging a non-state actor or the risk of misidentifying a state-actor as perpetrator. Moreover, the current state of attribution research in cyberspace is considering humans with certain intent as foundation when future cyber conflict may be initiated by a rogue or faulty autonomous weapon system under substantial control of an artificial intelligence. Third, any policy without legal or economic ramifications isn’t worth considering. An effective deterrence is hard to achieve without “skin in the game”. Perhaps an alternative to a no-first-use cyber policy would be a first-invest-into-cyber defense policy. Emulate the Paris Climate Accord for cyberspace by creating a normative environment that obligates states to achieve and maintain a minimum of cybersecurity by investing into cyber defense. This way constant innovation within the private sector reduces vulnerabilities, which will lead to a self-sustaining deterrence.   

How Cyberwarfare Is Used to Influence Public Policy

Cyberspace differs from physical domains. How do we know a hacker’s motive or allegiance? Among the many cyber conflicts in cyberspace only a few escalate into a real world conflict. Those which do, however, beckon a reevaluation of existing policies. This paper argues current research is underrating the second-order impact from cyber-enabled political warfare on public policy. It makes a case for policy makers to consider changes of public policy beyond mere retaliation. Moreover it offers insights into the complex investigations process tied to cyber operations that fall out-of-pattern.

tl;dr

At present, most scholarship on the potential for escalation in cyberspace couches analysis in terms of the technological dynamics of the domain for relative power maneuvering. The result has been a conceptualisation of the logic of operation in cyberspace as one of ‘tit-for-tat’ exchanges motivated by attribution problems and limited opportunity for strategic gain. This article argues that this dominant perspective overlooks alternative notions of how cyber tools are used to influence. This, in turn, has largely led scholars to ignore second-order effects – meaning follow-on effects triggered by a more direct outcome of an initial cyber action – on domestic conditions, institutions, and individual stakeholders. This article uses the case of cyber-enabled political warfare targeting the United States in 2016 to show how escalation can occur as a second-order effect of cyber operations. Specifically, the episode led to a re-evaluation of foreign cyber strategy on the part of American defence thinkers that motivated an offensive shift in doctrine by 2018. The episode also directly affected both the political positions taken by important domestic actors and the attitude of parts of the electorate towards interference, both of which have reinforced the commitment of military planners towards assertive cyber actions.

Make sure to read the full paper titled Beyond tit-for-tat in cyberspace: Political warfare and lateral sources of escalation online by Christopher Whyte at https://doi.org/10.1017/eis.2020.2

Credit: Jozsef Hunor Vilhelem

Cyber-enabled political warfare takes place on a daily basis. It is orchestrated by democracies and authoritarian states alike. A prevailing academic school of thought evaluates these cyber operations by a four-prong perimeter guidance: 

(1) Common intelligence-gathering
(2) Signal testing
(3) Strategic reconnaissance which may result in a
(4) Major cyber assault on critical infrastructure

On both sides, attacker and defender, it is incredibly difficult to determine whether a cyber operation is a tolerated everyday occurrence or a prelude to, if not the final attack against national security. This overpowering imbalance between signal-to-noise ratio has led to a dominant academic perspective that argues cyber operations are an endless loop of retaliatory instances overlooking clandestine long-term objectives. It begs the question: when does an instance of cybersecurity become a matter of national security? When does a cyber operation escalate into full-on warfare? In this paper, the author creates a notion for cyber operations as an instrument to influence public policy beyond mere breach of cybersecurity post escalation. Through examples of cyber-enabled political warfare, the author makes a case for vulnerabilities in democratic societies that originate from a failure to evaluate cyber-enabled political warfare under cyber conflict standards. Therefore creating a vacuum for policy development skewed to overstate potential cyber risks in public policy.    

Cyber operations resulting in cyber conflict are here to stay. In an increasingly accessible space of computer science and affordable hardware, nation states as well as hostile individual fringe groups find more and more fertile ground to develop new generations of cyber tools to pursue anything from criminal objectives to ideological influence operations to subvert public opinion. In the context of cyber operations being part of an everyday occurrence this poses the first problem of identifying a targeted cyber operation as a departure from regular everyday probes in cyberspace. Aforementioned affordability increases difficulty to assess the situation since the cyber operation may originate from a state-actor or is a proxy action driven by individual fringe groups that may or may not be adherent to a state-actor. Here, states need to decide between tolerance, which may result in a failure to detect a major assault on critical infrastructure or a measured response, which will always result in giving away signal that an opponent may abuse for future cyber operations. Of course, the former carries risk of escalating into a real world conflict. Whereas the latter carries the risk of setting the stage for a real world conflict under even less favorable circumstances. In this latter scenario the author creates a notion to consider the second order effects on public policy. In other words, when investigating cyber operations, it is necessary to review beyond the technical means and parse the attack with current affairs. This notion reverberates into the policy development process for the event of a shift in strategic policy.

“What pressure points and vulnerabilities dictate the utility of cyber operations and, subsequently, the shape of potential escalation?”

Democracies delegate the power of the people to elected leaders based on an information exchange system that requires integrity. Cyber-enabled political warfare seeks to exploit integrity by sowing distrust in the political system and its elected leaders. By example of the 2016 U.S. presidential elections, the author builds a case for clarity on how the cyber operations were not only a ‘tit-for-tat’ engagement in support of a particular candidate but rather deployed with a strategic, long-term objective to subvert the integrity of U.S. democracy. The disruption of the democratic process took place by 

(1) Identifying a lack of government regulation for social media platforms that have critical reach with the electorate
(2) Understanding flaws in the algorithmic design of information distribution via social media
(3) Increased cyber attacks on private information that carry disruptive elements once published
(4) Increased deflection of attempts to specifically attribute cyber operations. Therefore enabling plausible deniability
(5) A domestic political landscape that is so polarized that it tolerates foreign interference or is even further divided by domestic agent’s rhetoric and 
(6) A foreign actor (Russia) who is willing to exploit these vulnerabilities

Through these various inter-connected and standalone stages of cyber-enabled political warfare, the Russians were able to effectively undermine public trust in both political candidates, the democratic process and beyond that to an extent that triggered a critical reevaluation of the U.S. cyber strategy resulting in new public policy. The implication for policy makers is to critically consider lateral side effects of cyber operations beyond the method employed and damage done. The potential to influence decision-making of state leaders might be enhanced by these second order effects especially when misinterpreted. Aside from attribution, an effective policy response must take a holistic approach beyond closing a vulnerability in national security.    

Political Warfare Is A Threat To Democracy. And Free Speech Enables It

“I disapprove of what you say, but I will defend to the death your right to say it” is an interpretation of Voltaire’s principles by Evelyn Beatrice Hall. Freedom of expression is often cited as the last frontier before falling into authoritarian rule. But is free speech, our greatest strength, really our greatest weakness? Hostile authoritarian actors seem to exploit these individual liberties by engaging in layered political warfare to undermine trust in our democratic systems. These often clandestine operations pose an existential threat to our democracy.   

tl;dr

The digital age has permanently changed the way states conduct political warfare—necessitating a rebalancing of security priorities in democracies. The utilisation of cyberspace by state and non- state actors to subvert democratic elections, encourage the proliferation of violence and challenge the sovereignty and values of democratic states is having a highly destabilising effect. Successful political warfare campaigns also cause voters to question the results of democratic elections and whether special interests or foreign powers have been the decisive factor in a given outcome. This is highly damaging for the political legitimacy of democracies, which depend upon voters being able to trust in electoral processes and outcomes free from malign influence— perceived or otherwise. The values of individual freedom and political expression practised within democratic states challenges their ability to respond to political warfare. The continued failure of governments to understand this has undermined their ability to combat this emerging threat. The challenges that this new digitally enabled political warfare poses to democracies is set to rise with developments in machine learning and the emergence of digital tools such as ‘deep fakes’.

Make sure to read the full paper titled Political warfare in the digital age: cyber subversion, information operations and ‘deep fakes’ by Thomas Paterson and Lauren Hanley at https://www.tandfonline.com/doi/abs/10.1080/10357718.2020.1734772

MC2 Joseph Millar | Credit: U.S. Navy

This paper’s central theme is at the intersection of democratic integrity and political subversion operations. The authors describe an increase of cyber-enabled espionage and political warfare due to the global spread of the internet. They argue it has led to an imbalance between authoritarian and democratic state actors. Their argument rests on the notion that individual liberties such as freedom of expression put democratic states at a disadvantage compared to authoritarian states. Therefore authoritarian states are observed to more often choose political warfare and subversion operations versus democracies are confined to breaching cyber security and conducting cyber espionage. Cyber espionage is defined as

“the use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization”

and is not a new concept. I disagree with the premise of illicit access because cyberspace specifically enables the free flow of information beyond any local regulation. Illicit is either redundant for espionage does not necessarily require breaking laws, rules or customs or it is duplicative with confidential information, which I interpret as synonymous with classified information. Though one might argue about the difference. From a legal perspective, the information does not need to be obtained through illicit access.

With regard to the broader term political warfare, I found the definition of political warfare as, 

“diverse operations to influence, persuade, and coerce nation states, organizations, and individuals to operate in accord with one’s strategic interests without employing kinetic force” 

most appropriate. It demonstrates the depth of political warfare, which encompasses influence and subversion operations outside of physical activity. Subversion operations are defined as 

“a subcategory of political warfare that aims to undermine institutional as well as individual legitimacy and authority”

I disagree with this definition for it fails to emphasize the difference between political warfare and subversion – both undermine legitimacy and authority. However, a subversion operation is specifically aimed to erode and deconstruct a political mandate. It is the logical next step after political warfare influenced a populace in order to achieve political power. The authors see the act of subversion culminating in a loss of trust in democratic principles. It leads to voter suppression, reduced voter participation, decreased and asymmetrical review of electoral laws but more importantly it poses a challenge to the democratic values of its citizens. It is an existential threat to a democracy. It favors authoritarian states detached from checks and balances that are usually present in democratic systems. These actors are not limited by law or civic popularity or reputational capital. Ironically, this bestows a certain amount of freedom upon them to deploy political warfare operations. Democracies on the other hand uphold individual liberties such as freedom of expression, freedom of the press, freedom of assembly or equal treatment under law and due process. As demonstrated during the 2016 U.S. presidential elections, a democracy generally struggles with identifying political warfare initiated by a foreign (hostile) state from certain segments of the population pursuing their strategic objectives by leveraging these exact individual freedoms. An example from the Mueller Report 

“stated that the Internet Research Agency (IRA), which had clear links to the Russian Government, used social media accounts and interest groups to sow discord in the US political system through what it termed ‘information warfare’ […] The IRA’s operation included the purchase of political advertisements on social media in the names of US persons and entities, as well as the staging of political rallies inside the United States.”

And it doesn’t stop in America. Russia is deploying influence operations in volatile regions on the African continent. China has a history of attempting to undermine democratic efforts in Africa. Both states aim to chip away power from former colonial powers such as France or at least suppress efforts to democratise regions in Africa. China is also deeply engaged in large-scale political warfare in the Southeast Asian region over regional dominance but also territorial expansion as observed in the South China Sea. New Zealand and Australia recorded numerous incidents of China’s attempted influence operations. Australia faced a real-world political crisis when Australian Labor Senator Sam Dastyari was found to be connected to political donor Huang Xiangmo, who has ties to the Chinese Communist Party. Therefore, China having a direct in-route to influence Australian policy decisions. 

The paper concludes with an overview of future challenges posed by political warfare. With more and more computing power readily available the development of new cyber tools and tactics to ideate political warfare operations is only going to increase. Authoritarian states are likely to expand their disinformation playbooks by tapping into the fears of people fueled by conspiracy theories. Developments of machine learning and artificial intelligence will further improvements of inauthentic behavior online. For example, partisan political bots will become more human and harder to discern from real human users. Deep fake technology will increase sampling rates by tapping into larger datasets from the social graph of every human being making it increasingly possible to impersonate individuals to gain access or achieve certain strategic objectives. Altogether, political warfare poses a greater challenge than cyber-enabled espionage in particular for democracies. Democracies need to understand the asymmetrical relationship with authoritarian actors and dedicate resources to effective countermeasures to political warfare without undoing civil liberties in the process.