There is a thread of discussion that rises about whether cyber or the electro magnetic spectrum define cyberspace. Other countries have defined their doctrine differently according to their cultural or business perceptions. This discussion is really more about rice-bowl politics (government euphemism for resource constraints). Of course, the electo magnetic spectrum (EMS) is the ascendant domain of the cyber realm. Of course, the EMS defines the medium in which the man made construct of cyber works, transmits, and exists. Of course, there is no other tactical use of the realm of cyber within this construct other than through the man made tools that use the EMS. Unfortunately it is all-wrong.
Part of the issue of understanding why cyberspace is not only in the EMS is looking at the analogies used to describe the relationships. If under the definition that operating with and through the EMS you have defined that man made tools are solely within the domain of EMS then outer-space is part of the EMS domain. You can only work through the physical principles of the EMS to operate the equipment in outer-space. You can’t flip a switch with your finger, change a setting, or dial in a new camera view without operating through the EMS when your end point is in space. The satellite is functionally a computer flying through vacuum accessed through the EMS. Yet outer-space is it’s own domain.
As to cyber being a man made domain there are a few refutations to that point. First, the sub-surface sea domain is a natural domain that can only be exploited through the use of mechanized tools that humans built yet nobody refers to sub-surface operations as being in a man made domain. The satellite exploiting the domain of space where men only recently have been able to actually operate is also a man made artifact. You can’t see, touch, feel, or operate as a human in the vacuum of space but most assuredly it can be used against you. That leads to the question is this discussion of cyber as a domain even important or is it a waste of time?
The conversation of EMS or cyber illustrates a few very specific points and a strategic weakness in current thought and practices as related to cyber operations. First let me alliterate a few positions. Cyber is not the network, cyber is not the bits on the network, cyber is not computers, cyber is not a Gibsonian space, cyber is not processing, cyber is not a virtual reality, and finally cyber is not new. Putting cyber into neat tidy buckets is what one government does to be exploited by another government that doesn’t bound the problem in the same way. That is how we end up with strategic blindness in a new domain.
I don’t expect anybody to agree with me today. In less than a few years my description of cyber space will be the common understanding of cyber space. Some ground rules in understanding cyber space is in order. Cyberspace is exactly like every other domain and you can drop “cyber” from your vocabulary to describe war, conflict, and just about everything else. There are things that make cyber special, but there are things that make all the other domains special too.
Tenet one: Cyber space has always existed
Cyber space is the realm of data that is contextualized into information and it is exploited through tools, techniques and procedures to include modern processors and networks. We are only now beginning to exploit the information environment which is what cyberspace really is and where we are really going. The data and connections between points of data exists upon creation and exploitation is subsequent to the relationship existence. We do the exploitation and creation everyday through meta-cognitive processes but computers make it a strategic capability. When you notice that the car in the lane is next to you a series of processes are kicked off that determine your action or inaction. If you are analyzing the analysis process you have stepped across the line into cyber space. It is a long road for most people to get to the point of understanding this. There is a significant amount of analysis by leaders in information theory from Norbert Wiener to Watson to Shannon that support this conceptual position.
To see tenet one in action that it is not part of the EMS but uses the EMS consider the manipulation of data by corporations. Disparate large data sets are manipulated into information that has meaning beyond the single data elements original intent. This meaning can be evaluated, analyzed and have meta-informative powers about your cyber fingerprint. All of this is data manipulation that could occur simply in the human mind, but is exploited through the use of modern computers. Just because we discovered the island in the middle of the ocean doesn’t mean we created the island or the ocean.
Tenet two: Cyber space is not the network
Viewing cyberspace as the network alone fosters strategic weakness or blindness. Focusing on the network and the processing, storage, and transmission infrastructures is like trying to describe a population by the telephone poles, water, and sewer systems. You can exploit specific features of these critical infrastructures but you will be missing a center of gravity to leverage. If you ask plumbers how to attack a population you will get one answer and looking to somebody like the NSA a signals intelligence group your answer will be bounded by their skills and capabilities (the most formidable plumbers on the planet). This focus on the plumbing misses the strategic backhoe digging in the back yard of your population. Cyber space is much bigger than the pipes and processors of the domain.
Cyber space is exploited through the network but there may come a time when the conceptual understanding of a network simply does match the current patterns of today. When David Ronfeldt and John Arquilla wrote about netwars they were really talking about people networks based of familiar relationship vectors. Their earlier work on swarms is also instructive towards what we’re talking about but it is an error to bound the problem by the plumbing.
To be sure I use the plumbing example at my own hazard. At least a dozen times I have heard the arrogant technologist screaming “dude it’s the tubez!” That would be one of the problems in allowing the Internet to define the domain. It isn’t the tubez it is the information. The data is the dirt, the information is the forests, and the programs create the terrain. All of this exists, but must be exploited through tools. We currently use computers and the EMS to exploit the cyber domain. We don’t call space the “rocket domain” or the “hot gas propulsion domain” because that is how we get there.
Tenet three: For any domain to be defined as such it must be relevant forever
Forever is a long time, but it also means from this point forward and backwards. There is a key point where EMS and cyber play off of each other. I don’t think anybody is going to claim that EMS didn’t exist three or four hundred years ago before it began to be exploited (supposedly ancient Egyptians made batteries so thousands of years?). EMS has always existed but we have only relatively recently began to exploit the capabilities. Similarly I would state that cyber space has always existed and we have only more recently started to exploit it.
Yes I know many people will chafe at this point (but it’s the computers darn it!!!!) Well, with that view point you close off entire conceptual areas of the cyber domain. So, we can agree to disagree and you’ll be coming around to my viewpoint in the future anyways, what about the future? To get there we start with history.
Today computers are built using the same principles as were defined in the late 1970s which were based on models and techniques from the 1950s. The modern transmission protocols have their roots in the 1960s. But, that isn’t where we are going to be stuck. What have to realize is that regardless of the tools humans are using them currently and that invokes patterns and behaviors. Those patterns and behaviors can be exploited as what we’ve seen recently proves. Cyberspace is existent regardless of the tools and is only limited by human perceptions.
Who knows what will work or won’t work in the future but the understanding of the domain must be moved forward or the strategic consequences will be substantial. If the domain is information and made up data then what do we know? One example is quantum computing and transmission that will change the context and richness of content. The big data problems of today will become nearly extinct to be replaced with the super mega big data problems of the future. Transmission security will become stronger, bandwidth will become significantly better, and end point security will become even more important than today.
One change we can see in the near term is bringing cyberspace into meat space. The capability has existed for years and Gibson (oh no!) discussed the idea of virtual reality in meat space years ago. Google is getting ready to create glasses that have the capability of bringing cyber space into reality easily. For to often the technospastics have tried to think of ways of getting humans into cyberspace through haptics, immersives, and other sensory delusions. When, right around the corner, we were bringing cyberspace out to meet us.
From the benign use of mapping, to the use of heads up displays for the intelligence community, the future of immersive information is only confounded by the network connectivity. The convergence of high-speed data techniques and heads up glasses suggests an entirely new way of relating to the world.
Tenet four: To be a domain there must be strategic consequence
History is filled with anecdotes of messengers caught or detained so messages could be read, changed, or denied in transit. Information that was exploited in one domain so that action could be taken in another domain is one way of looking at this problem. The tools of exploitation are specific to the domain or cross-domains as needed. RADAR could be used ashore to detect enemy bombers, much like it could be used to detect them from ships. EMS is a cross-domain capability. It should not be any surprise that EMS has functions inside of the cyber domain. How are specific capabilities of cyberspace exploited to allow for cross-domain strategic consequence?
An easy answer is to look at history and see events like Solar Sunrise for the consequence versus the actors involved. If as reported military action was changed regardless of the later investigations evidence this was a strategic consequence. If exploitation of information through cyberspace is possible regardless of the methods there is likely strategic consequence. It is likely use of the cyberspace domain as a cross-domain capability. Right about now the intelligence community folks are jumping up and down saying “We exploit information all the time!!!” Well of course you do and thank you for proving we’ve been doing this for a long time. Actually intelligence community folks don’t say anything to anybody ever at all, you know….
The use of information is facilitated by and utilized better through the use of computers than tired horses and relatively unprotected riders carrying messenger bags. However, the principles are the same. If a general had the capability to read the message in the satchel and exploit that intelligence they would most assuredly do so. That would not detract from the military capacity or intelligence effort nor undermine the capability. If the same general could change the information to the detriment of an adversary they would jump for glee and dance a little jig. Well maybe not. Still, that principle is exactly what we’re doing in first generation cyberspace exploitation. Second generation cyberspace exploitation is rapidly approaching.
Tenet five: The lock in of current capability and capacity is egregiously in error
The advent of the rifle changed the course of modern conflict. Where there were muskets with one kind of fire rate, the cartridge and then automation of loading changed how battles were fought. We’ve always dealt with the idea of cyberspace much as we did with ballistics (arrows are a form of ballistics as well as rocks). Modern cyber warfare as exploitation of the domain of cyberspace will advance along the same pattern of implements and tools as other domains have done. The rise of Sputnik changed the domain of space and in the waning days of Hubble the two methods of exploiting space don’t even seem similar.
Future exploitation of cyberspace will inherently include all of the common patterns of conflict we have seen and a few more. First generation capabilities have been replicating the patterns and strategies of meat space in cyberspace. Second generation exploitation will look a little like using extra sensory perception to know the adversaries intent without having to read what is in the messengers bag. Big data is stumbling towards this technique rapidly. Knowing something by piecing the data out of disparate bits is possible when you know how to structure the query. Though sanity checking is required this kind of high capacity processing will remove the need to put fingerprints on the adversaries networks. This sounds like mumbo jumbo but talk to people who do significant large data trend analysis and begin to see what is capable today and how we are drawing towards this new capability.
What is beyond our current capability and capacity that informs the future of cyberspace? Nano, and other forms of self-replicating and highly embedded systems will become part of the landscape. Already medical devices are taking on some of this pattern as we see miniature cameras and other forms of probes and shunts that are automated through chemical or the EMS. Recent development of merging human nerves to prosthetics will advance this to the point cyberspace is meat-space. It may be that long before we enter third generation cyberspace there won’t be a need for the word cyber. I can perceive that cyberspace may become a secondary persona or element like water and air in our day to day life.
We currently are stuck at this second generation of cyberspace not because of processing or even doctrinal understanding, but because of bandwidth. Bandwidth is the Achilles heal of cyberspace. Until that wall is broken much will be held stagnant. However, cyberspace is not the network. The constraints though are congestion in the understanding of the domain. In what other domain would we say that the current capability is the only capability we ever expect to have?
All nation states understand that information is power and constraining, containing, and amplifying are mechanisms for instrumentalizing that power. Whether creating false information that causes an adversary to behave in a particular way or declaring policy that sways an adversary to a particular path these are forms of nation state power. The considerations of how these choices are made, plans are created, and resources for execution of those plans are built are the fundamentals of doctrine. Currently most nation states understand the equivalent of exploiting secrets and engaging in snooping on each other as information dominance.
The next step will be to understand that exfiltration of information is only one phase of information dominance. Knowing what your adversary says allows for a minor cue as to goals, and objectives. Knowing your adversaries capabilities and perceiving things about the adversary that they have not even identified is key to dominance in the information realm. This is more than exploitation, operations, or attack through networks. That is so last decade. Using all source intelligence inclusive of the EMS, inclusive of the narrative, and inclusive of the information the cyber domain can be exploited.
Intelligence analysis has been doing this for millennia. There is nothing new here and that is kind of the point. It is understanding the capabilities of the cyber domain and the subsequent special characteristics of the cyber domain that are important. If information is the trees of the cyber domain we can do things really fast like counting all the trees. We can categorize, evaluate, and know which trees are sick or rotten. Very fast. Exploitation of networks and communication technologies allows one small view of the world of an adversary. Integrity of the message though is problematic and consideration has to be given to checking and counterchecking. So it has been done for a long time.
Currently doctrine is stuck. It’s not really the NSA’s or Cyber Commands fault that we’re stuck looking at a capability of a domain through a soda straw. The symptoms of cyber myopia are focusing on information security through systems instead of looking at the information. Other forms of soda straw gazing are found in strict controls on functions instead of worrying about behaviors. There has to be more. If the cyber domain is real there should be things we could look at that reflect the other domains. What is soft power in cyberspace? What is effective support to foreign nations? Where are the considerations of false flag and civilian casualties? The questions abound in the metaphorical understanding of the domain. If cyberspace is more like a naval model than land model is there an equivalent of a silent (sub) surface in cyberspace? There are many questions and once in awhile a few answers.
Doctrine is set by strategy and instantiated through mechanisms of training and operational capacity. Doctrine is not merely operations writ large. Doctrine is the core principles that are required to operate, defend, and execute operations in the domain. Operations are the requisite plans and resources necessary to “operate” using specific tactics and capabilities. We have problems discussing this because it is stuck in the intelligence community but over time people who have been doing it will filter out into the civilian world and the doctrine and operations capability will become known.
Though specifics of doctrine are beyond this discussion there will be changes in society that are required. Remember don’t limit yourself to the network and do look at cyberspace as information. Civilian security becomes paramount. Not because anybody gives a darn about civilians, but because the use of compiled data across large segments of the world population is possible. Weak privacy laws and the need for ones that are fairly strict become national security issues. Corporations that engage in data warehousing become strategic assets and possible collaborators with governments. In the day you can determine Strawberry Pop Tarts utilization based on the weather you can also determine military actions based on the number of pizza deliveries to the Pentagon. Now imagine the same pattern analysis applied to social networks of entire countries populations. Even if just a small subset large social groups will always leak substantial information. You just need the tools to exploit it.
Doctrine will follow the capability and the action curve. What will have to happen though in the near term is to stop looking at cyberspace through artificial barriers. These barriers are created through organizational constructs that are not inherently bounding conditions to adversaries. The EMS versus cyber debate is a red herring that detracts from the larger issues of understanding cyber space.