When considering the doctrinal documents of computer network attack (CNA), and the hierarchical relationship to information warfare there is a likelihood of misunderstanding of the concepts of cyber warfare. It is hard for somebody in academia to get traction with ideas or concepts that are foreign to the entities of the national defense structure especially if they go against common perceptions and ideas. In the waging of cyber warfare there needs to be a doctrinal understanding and though a central tenet to my research I thought I might open a bit as events move forward to try and gain some thought real estate.
First it should be immediately obvious that, “hackers” are not “cyber warriors” and I cringe whenever I see a top Air Force leader give that kind of impression. Bubba the red neck truck driver with a shot gun can become a soldier of remarkable skill, but just because he can shoot a gun doesn’t make him a soldier. By the way I am a beer belly bubba who wears camo and shoots my bow at furry brown things in the late fall. However, it takes training, skills, and discipline far beyond the simplistic awareness of technology to train and adapt cyber warriors. Unfortunately even the lexicon has been polluted far beyond the Steven Levy discussion of hackers.
Second having considered the posse commitatus acts and the various law enforcement entities it becomes obvious that domestic defense creates a quandary. Every agency wants a piece of the super sexy cyber realm and when given it we get abject violence towards the Constitution as we’ve seen with the border patrol and the Department of Homeland Security in regards to the seizure of laptops. There are also the whimsical attempts and censured communities that the Federal Bureau of Investigation (FBI) and their attempts to control and restrict information. Though often a fan of the FBI in this case their under funded, closed minded, meager attempts show a distinct lack of understanding in dealing with the threat. Though I find at the “agent” level and investigator level they “get it” the leadership is “geek” averse.
The only place that a national agency can exist and work with the differing law enforcement agencies and department of defense with no legal issues is the National Guard. A bisected Guard unit with both federalized and non-federalized entities operating with full law enforcement status has the ability to interface with all groups from the state level on up. Non-federalized guard troops can operate in the inherent government function of chasing the bad guys with one way hand offs between federal and non-federalized. Thereby strengthening portions of posse commitatus. The extra-territorial and analysis functions can be done by the federalized troops in concert with the individual responsible agencies. I would like to say that I came up with this idea on my own, but after I suggested it to a member of the military, it was pointed out that Tom Clancy came up with it in his book series “Net Force”. So much for being a thought leader.
Third the concept of operations for computer network attack (CNA) needs to be broken out of the information operations (IO) hierarchy. It does not belong there. Much like the concepts of the use of armor to support troops in World War 1 was supplanted by new armor-cavalry concepts of operation, where the model changed towards infantry in support of armor, cyber operations take on new expanded roles beyond IO. CNA is but one element of cyber operations and kinetic effect through cyber operations. The highly hierarchical and brittle security models of command and control (C2) infrastructures in the military and corporate world reflect a target rich environment.
These brittle networks are reflected in the social and organizational structures, the physical and data communications, and the information dissemination and cognition models. Where defense has been studied, the offense task against these elements in societies where the asymmetric balance is against the United States, has not been truly considered. In general the third world is categorized as technologically inferior, the European and Pan Asian community as off limits, and domestic threats ignored. This would be great if everybody played their roles equally and allies didn’t spies on allies, and corporate espionage didn’t happen, and the world stage was a static environment. How much better to be prepared for cyber conflict before it happens.
Finally the analysis of networks and the various ideas of what makes up a network needs to be explored. The term “network” is what programmers would call an over loaded operator. It is used in place of various other terms and absconded with daily when some central concept or idea needs to be obscured in geek speak. Networks though are components of a system that are connected through some medium. The system can be a group of computers that communicate data or a group of people who socialize amongst each other expressing ideas. The power distribution system is a network of carriers lines and distribution/access points. Layered on top of that is a cyber network of command and control. In fact most of the utilities in the western world have sophisticated command and control networks.
Each of these elements is being explored by groups of people looking for concepts of operations in the art of cyber warfare. Cyber warfare though is a political, technical, social, and conflict laden activity and in many ways needing a new doctrinal publication and joint operating presence to bring together the defensive and offensive operational elements of the military along with the law enforcement entities. The reality is that cyber offensive warfare is still an infant among the towering giants of offensive capability.