Why students of small wars should care about cyber-warfare

We define forms of military conflict sometimes by the terrain on which it is fought. Whether the terrain be land warfare, naval warfare, or air warfare the terrain determines the scope and strategies. Low intensity conflict can be defined by the political and strategic consequences in limited warfare or response to less than all out war. Sometimes we might refer to this as small wars. Whether limiting small wars to response to insurgency or political response to violence the genesis of restricted response within small wars remains a model for considering cyber warfare.

Cyber-warfare an over used term dredged up and without much substance refers to a spectrum of conflict. Cyber-warfare is a euphemism for computer-mediated conflict, which refers to the terrain much like land warfare. Some would say that cyber-warfare is just another form of warfare and should not be hyphenated [1]. Some would say that cyber-warfare does not exist similar to the debate over cyber terrorism [2]. The computer is the tool as well as the terrain giving this form of warfare a pedantic and circular nature. The computer within this paradigm being inclusive of the terrain, weapon and target. We can refer to a tank as a weapon, or as a target, but never as the actual terrain. When we talk about computer-mediated conflict we take on the full capability spectrum of the tool as well as terrain.

Computer-mediated conflict is important to the small wars scholar for a few reasons. The Internet is a rising media form that is expanding to global reach and universal ubiquity [3]. As such it is a powerful tool for information operations. As the global reach of the Internet expands into areas of conflict around the world it informs the small wars scholar of an entities intent through various communications channels and more importantly attacks against the individual [4].

Computers allow for gathering intelligence about actors within and outside the zone of conflict and their interactions [5]. Computers start with low profile intelligence gathering as a capability and end with command and control of smart munitions and kinetic effect. Where air war has minimal impact on sub surface naval warfare, naval warfare has minimal impact on infantry combat far from the sea, and land war has minimal impact on hostile space operation the computer and communications infrastructure is found through out the conflict spectrum. In summary computer-mediated conflict is full spectrum in nature.

What we know about the Internet and modern computing today was jumpstarted, and basically created out of whole cloth. It is interesting to note where that occurred. The MIT Model Rail Road Club was the location and genus of much of what we take advantage of today in the way of a switched Internet [6]. When technologies and societies merge there can be substantial changes in the directions those technologies take in wide spread use. Kevin Mitnick though not a professed superior technical genius did adapt and change the conceptual model of technology and used his powers of persuasion to obviate any normal security services [7]. We can assume through a variety of examples that technology is malleable to unintended uses, and that rapid technological change may erupt from unknown direction. A principle of insurgency is to use the overwhelming resources of a hostile nation against itself. The insurgency (e.g. terrorist) will use our tools as weapons against us.

The technical scope of cyber warfare can be delineated by strategies used to secure assets or targets within the terrain. John McCumber defined three security services (confidentiality, integrity, and availability) along with three information states (transmission, storage, processing), and he also defined three countermeasures (technology, policy and practice, and people). This defined the McCumber cube model of information assurance and security [8]. About ten years Maconachy, Schou, Ragsdale, and Welch extended the “McCumber Cube” adding two more security services (non-repudiation, and authentication) [9] . What this does is allow us to turn the security model on its head and define a series of attack vectors counter to the three counter measures (omitted on purpose). The McCumber model serves the purpose of defining the securing of computer resources in all of the different methods of utilization.

What cyber warfare is not is information warfare. Though all spectrums of conflict can be used as information operations cyber warfare is about creating attrition or damage to the ability of the enemy to conduct operations. Though that may not be kinetic it likely is going to be channeled along the McCumber model of protection. Kinetic attack using cyber assets is possible. A predator using computers for command and control is a computer mediated communications tool with missiles attached. This is important to realize as if the integrity or confidentiality of the predator UAV is exploited there are going to be issues.

In conclusion cyber warfare is a force multiplier for the war fighter. Attacking the different sweet spots of an enterprise and exploiting weaknesses in the computer infrastructure is going to be the likely scenario. Whereas information assurance and security are important and specific strategies they are not cyber warfare. Saying a technology solution is cyber warfare is like saying a tank is all there is to armor. The people, the processes, the procedures and tactics are what make a loose association of misfits into a fighting organization. The scholar of cyber warfare should acknowledge that “hacking” and computer hooliganism is like gangs when compared to soldiers. Dangerous and efficient yes. Soldiers. As the debate about cyber warfare escalates and the capability of foreign entities increase we should frame the discussion the same as we would for any war fighter domain.

[1] D. Ilett, “Security Guru slams misuse of ‘cyberterrorism’.” vol. 2007: ZDnet news, 2005.
[2] J. A. Lewis, Assessing the risks of cyber terrorism, cyber war and other cyber threats. Washington DC: Center for Strategic & International Studies, 2002.
[3] D. E. Denning, Information warfare and securty. New York: Addison Wesley, 1999.
[4] R. Forno and R. Baklarz, The art of information warfare: Insight into the knowledge warrior philosophy. Dunkirk, MD: Universal Publishers, 1997.
[5] G. F. Treverton, Reshaping national intelligence for an age of information. Cambridge, NY: Cambridge University Press, 2001.
[6] S. Levy, Hackers: Heroes of the computer revolution. New York: Penguin Putnam, 1984.
[7] K. D. Mitnick and W. Simon, The art of deception: Controlling the human element of security. Indianapolis, IN: Wiley Publishing, 2002.
[8] J. McCumber, “Information Systems Security: A Comprehensive Model,” in 14th National Computer Security Conference, National Institute of Standards and Technology. Baltimore, MD. October, 1991.
[9] W. V. Maconachy, C. D. Schou, D. Ragsdale, and D. Welch, “A Model for Information Assurance: An Integrated Approach,” in 2001 IEEE Workshop on Information Assurance and Security, US Military Academy, West Point, NY, 2001, pp. 5-6.

Leave a Reply