Sri Lanka Army

Defenders of the Nation

30th August 2018 15:59:25 Hours

Assess & Understand the Nature of the Cyberspace Domain in Own Country - Dr Bateman

Attaching the highest and prioritized attention on ‘Cyber Conflicts & Future Power’ as specified in the Session 2 of the opening day (30) Session 2, Dr Kirklin J. Bateman, Chair, Department of War and Conflict Studies, College of International Security Affairs, National Defence University, Washington, DC, United States of America remarked that each country needs to assess and understand the Nature of the Cyberspace Domain for preparation of prevention of cyber infiltration.

Here follows the full presentation;

Good afternoon, thank you Dr. Vidanange for that kind introduction and setting the stage for our panel’s topic. I must state that my remarks here today represent my own views and not those of the United States, the Department of Defense, the National Defense University, or the College of International Security Affairs.

Cyber Conflicts and the Future Power is a topic that requires substantially more than 20 minutes to adequately cover. For our purposes today, I am going to focus on these areas and emphasize how Cyberspace Domain activities fit into future power competition, and in particular how these factor into Hybrid Warfare. Frank Hoffman, a senior research fellow at the National Defense University in Washington, DC described Hybrid Warfare in a 2009 article: “The concept of hybrid warfare is not particularly new, representing a combination of conventional and unconventional/irregular warfare, extending beyond the battlefield to encompass economic, diplomatic, information (including psychological, cyber and misinformation), and political warfare.” I think the last part of his definition is particularly important-offensive Cyberspace Domain activities are modern forms of political warfare. Indeed, as Clausewitz’s dictum tells us, “war is the continuation of politics by other means,” so too are offensive Cyberspace actions.

Words mean things important to get the lexicon right, A war-fighting domain like any other Cyber Space vs Cyberspace, Cyber Security vs Cyber security, Cyberspace vs the Internet vs Internet vs Intranet.

“Cyber 9-11” “Cyber Pearl Harbor” “Cyber CAT 5 Hurricane”, Hollywood, Hackers, 1995, Live Free or Die Hard, 2007, Untraceable and Eagle Eye 2008, The Fifth Estate and Blackhat, 2015, Reality, Daily attacks (mostly criminal)-malware, ransomware, spear phishing, Islamic State and other VEOs using social media to recruit, radicalize, and operationalize individuals, Russian Attack-DDOS and websites in Estonia 2007, Georgia 2008, and Ukraine 2014/2017, Stuxnet Attack on Iran Nuclear Infrastructure 2010, North Korea Sony Hack 2014 point to this sphere.

To operate the network, day to day activities of ensuring the network is operational and functioning properly and also must understand nature of the network. Best when ubiquitous, but not intrusive, Information assurance and compliance with policies and regulations, Individual user behavior is the greatest threat, he said.

Active measures involve immediate actions, forensics, and then corrective actions for repair, mitigation, and defense against future threats and must consider second and third order effects-risk of unintended consequences

Attacking critical infrastructure and other doomsday scenarios disruptive attacks, precision targeting for precise effects, Military and industrial espionage, Propaganda and influence campaigns as part of Political Warfare, US just delegated use of offensive Cyberspace domain activities in the 2019 NDAA to the USCYBERCOM commander-had been at POTUS level similar to nuclear weapons, just to extract.

A brief history of State Offensive Actions includes: Russia, Estonia 2007, Georgia 2008, UK, Brexit 2016, US Presidential Election 2016, Ukraine 2014 and 2017, China, Primarily military and industrial espionage, Intellectual property theft, State cyber security infiltration and exploitation of vulnerabilities in national security structures (military and civilian) are contributing to the scenario.

In the future, Offensive Cyberspace Actions could trigger as Degradation Attacks, Used to influence behavior of other states, Most destructive of offensive Cyberspace actions and also least likely to occur on a large scale, Powerful states in the international order that seek to maintain power and status quo use these attacks, Disruption Attacks, Cheap signaling to maintain influence-states with waning influence most likely to use these attacks, Political Warfare, Propaganda and Information Operations, Influence Campaigns, Espionage Attacks, States with rising influence most likely to use these attacks, Economic, military, industrial espionage to reach parity and gain competitive advantage of information are among looming threats.

Like any other national challenge, conflicts in the Cyberspace Domain and future power competition requires a strategy; know yourself in your own country to include current capabilities and strategies. Know the threat assess and understand the nature of the threat What is most likely? What is most dangerous?

Strategy means and requires an Ends-Ways-Means construct, strategies must include assessment of risk and development of mitigation approaches.