A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
Cyber warfare White Paper
December 7, 2010 at 3:52 pm #117348
From Chathman house, (The Royal Institute of International Affairs (Chatham House) is an independent international affairs think-tank and membership organization. It is precluded by its Charter from expressing any institutional view or policy on any aspect of international affairs.)
Title: On Cyber Warfare
In recent years, governments and international organizations have become more focused on cyber security and increasingly aware of the urgency connected with it. In the United Kingdom, cyber security featured prominently in the National Security Strategy and the Strategic Security and Defence Review published in October 2010.
Cyber warfare is arguably at the most serious end of the spectrum of security challenges posed by – and within – cyberspace. Just like the tools of conventional warfare, cyber technology can be used to attack the machinery of state, financial institutions, the national energy and transport infrastructure and public morale. However, while some actions may appear aggressive and warlike, they may not necessarily be intended as acts of war. It is important, therefore, to distinguish between warfare and non-warfare in cyberspace. It is the action and its warlike properties that matter as much as the actor. For example, the cyber actions of terrorist groups, spies and organized criminals can be harmful and appear aggressive but they do not in themselves necessarily constitute acts of cyber warfare.
Cyber warfare could be the archetypal illustration of ‘asymmetric warfare’ – a struggle in which one opponent might be weak in conventional terms but is clever and agile, while the other is strong but complacent and inflexible. The most distinctive feature of cyber warfare (and cyber security more generally) is the rapidity with which threats can evolve. The pace of change can be so abrupt as to render the action/reaction cycle of traditional strategy out of date before it has begun.
There is a beguiling and dangerous argument that cyber warfare can be preferable as a ‘painless’ or ‘bloodless’ formof conflict that still delivers decisive outcomes. Victory and defeat are far from recognizable in cyberspace. These concepts have little traction in a domain where political, ideological, religious, economic and military combatants fight for varying reasons, according to different timescales, and applying their own code of conduct to the fight. This results in a discordant and chaotic sphere of conflict in which it is not yet obvious that a common framework of ethics, norms and values can apply.
Cyber warfare is often discussed in terms of alarming anecdotes which often seem closer to the world of science fiction than public policy. Moving beyond the anecdotal, cyber warfare must, however, be understood in the context of national strategy. This report identifies the essential characteristics of cyber warfare as a strategic phenomenon by describing the actions of cyber attackers and the reactions of defending governments and by analysing the ‘ends, ways and means’ of cyber warfare. As a result it proposes the following definition:
*Cyber warfare can be a conflict between states, but it could also involve non-state actors in various ways. In cyber warfare it is extremely difficult to direct precise and proportionate force; the target could be military, industrial or civilian or it could be a server room that hosts a wide variety of clients, with only one among them the intended target.
The most distinctive features of cyber warfare are:
*Cyber warfare can enable actors to achieve their political and strategic goals without the need for armed conflict.
*Cyberspace gives disproportionate power to small and otherwise relatively insignificant actors.
*Operating behind false IP addresses, foreign servers and aliases, attackers can act with almost complete anonymity and relative impunity, at least in the short term.
*In cyberspace the boundaries are blurred between the military and the civilian, and between the physical and the virtual; and power can be exerted by states or non-state actors, or by proxy.
*Cyberspace should be viewed as the ‘fifth battlespace’, alongside the more traditional arenas of land, air, sea and space. Cyber warfare is best understood as a new but not entirely separate component of this multifaceted conflict environment.
*Warlike actions in cyberspace are more likely to occur in conjunction with other forms of coercion and confrontation. However, the ways and means of cyber warfare remain undeniably distinct from these other modes of conflict. A number of conclusions can be drawn from this assessment of the evolving challenges in cyberspace:
*The transatlantic relationship is important for a variety of reasons where cyber warfare is concerned. Close cooperation between the United States and the United Kingdom in intelligence and military matters has extended into cyberspace, enabling both states to influence the domain in a way that is difficult, if not impossible, for any other bilateral partnership or alliance to match.
*On both sides of the Atlantic there should nevertheless be a discussion regarding the precise nature of cyber warfare. This discussion should take into account the complexity of cyberspace, the challenges posed to traditional notions of warfare based on attack and defence, and the speed of change in the medium which threatens to overwhelm all but the most technologically competent.
*There is, however, no need to reinvent the wheel and to devise wholly new techniques and procedures related to cyber warfare. Despite the novelty of cyberspace, there are lessons regarding the management of complex problems to be learned from the existing defence environment, wider government and the commercial sector.
Strategy is the servant of politics. While there may be no shortage of politics associated with different acts of cyber warfare around the world, it cannot yet be described as a politically constrained phenomenon in the way that Clausewitz, the nineteenth-century soldier-philosopher and author of On War, would understand. This report describes cyberspace as terra nullius, currently beyond the reach of mature political discourse. It is precisely the absence of a constraining political framework around cyber warfare that makes cyberspace so attractive as a place in which to pursue aggressively cultural, religious, economic, social and even – paradoxically – political goals.
Cyber warfare should be constrained and validated by politics, ethics, norms and values otherwise the debate can be unbalanced in favour of military and technological responses to emerging threats. In the process, many of the challenges associated with cyber warfare will be clarified and resolved. For its part, politics must also acknowledge the challenges of cyber warfare: its complexities must be extended back into the world of politics, questioning deeply embedded assumptions about the primacy of the state, the authority of government and the role of government agencies and the armed forces as providers of national security.
You must be logged in to reply to this topic.