CYBERATTACKS | CRITICAL INFRASTRUCTURE | NATO 2022 (UPDATE)


Strengthening Cyberwarfare Preparedness
by Allen Ari Dziwa, mydigitalpublication.com

Cyberwarfare is when a nation-state engages in provoked or unprovoked cyberattacks, that is, the use of force to attack computers or computer networks, with another nation-state or extremist group for hegemonic or geo-political reasons. Parks and Duggan (2011) defined cyberwarfare as, “a combination of computer network attack and defense and special technical operations.”

Another interesting take on cyberwarfare is from Cornish et al (2012) who wrote, “Cyberwarfare can be a conflict between states, but it could also involve non-state actors in various ways. In cyberwarfare it is extremely difficult to direct precise and

proportionate force; the target could be military, industrial or civilian or it could be a server room that hosts a wide variety of clients, with only one among them the intended target.”

This definition includes non-state actors and sounds most realistic. How about a civil war scenario? It is important to point out that most internal wars between a sitting government and a rebel movement or extremist group involve kinetic warfare, but cyberwarfare is likely to happen in the foreseeable future. However, the focus here is war involving two or more nation-states.

In addition to being concerned by cyberwar, which Clarke and Knacke (2010) defined as, “Actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing

damage or disruption”, it is also important to define cyber terrorism. Cyber terrorism involves a rebel or extremist group using cyberattacks to force a nation-state or a group of nations to address political or religious grievances. It is important to mention that previously, some nation-states have been known to sponsor terrorist activities especially involving the use of ammunition. This implies that nation-states may also participate in cyber terrorism.

One more definition is important to broaden how cyberwarfare is defined as it is an evolving field. Taddeo (2012) gave a definition of cyberwarfare: “The warfare grounded on certain uses of ICTs within an offensive or defensive military strategy endorsed by a state and aiming at the immediate disruption or control of the enemy’s resources, and which is waged

within the informational environment, with agents and targets ranging both on the physical and non-physical domains and whose level of violence may vary upon circumstances.”

Laws Governing Cyberwarfare
Unlike conventional warfare with defined rules of engagement, cyberwarfare does not have specific rules in place, though there is a general assumption that cyberwarfare would conform to established rules that apply to kinetic warfare. However, Libicki (2009) views this differently as he argues that “cyberspace must be understood in its own terms, and policy decisions being made for these and other new commands must reflect such understanding. Attempts to transfer policy constructs from other forms of warfare will not only fail but also hinder policy and planning.” Schmitt (2014), wrote, “In the

mid-1990s, international security affairs specialists began to consider the possibility of cyberwarfare, both as an element of classic armed conflict and as a stand-alone proposition.” This laid the ground for taking a closer look at issues pertaining to cyberwarfare.

With more cyberattacks being reported, especially during the Russia and Georgia armed conflict, according to Schmitt (2014), “the NATO Cooperative Cyber Defence Centre of Excellence launched a major research project in late 2009 to examine the public international law governing cyber warfare. Twenty world-class academics and legal practitioners (the “International Group of Experts”) spent the next three years drafting the Tallinn Manual on the International Law Applicable to Cyber Warfare.”

While the Tallinn Manual is an invaluable resource to both governmental legal advisors and scholars, the views expressed are non-binding opinions of the international experts. Nation-states are not bound by those proposed rules of engagement. According to the Tallinn (2017), “The Tallinn Manual’s focus was on cyber operations involving the use of force and those that occur in the context of armed conflict.”

Gazula (2017), wrote, “despite preparations for cyberwarfare by various countries and cyber intrusions by individuals, there is still a lack of international laws governing cyberspace, especially the law for cyberspace arms control.” This means without clear laws and rules governing cyberwarfare, there is always room for collateral damage. For a capitalist nation such as the United States, most of the assets belong to the private

sector, but they also serve the government and the military. For other nations such as North Korea, most assets are probably nationalized and belong to the state. However, it is reasonable that a cyberattack on critical infrastructure that benefits US citizens even if managed by the private sector should be regarded as a direct attack, rather than collateral damage. For instance, if the recent Colonial Pipeline breach were a state-sanctioned attack, it would fall in the cyberwarfare territory. Under conventional war expectations, damage on civilian infrastructure usually falls under collateral damage.

Once clear definitions are laid out and binding agreements in place, there is a chance cyberwar crimes would also be defined and appropriate international bodies would be put in place to prosecute

such cyberwar crimes.

The Internet Experts that developed the Tallin Manual had a series of definitions. According to the Tallin Manual (2014), “A cyber operation constitutes a use of force when its scale and effects are comparable to non-cyber operations rising to the level of a use of force.” The problem is that “scale and effects” may mean different things to the attacker and the victim depending on quantitative and qualitative factors used to determine the scale.

This is similar to the Obama Doctrine as Clarke (2011), shared, “a cyber equivalence in which cyberattacks are to be judged by their effects, not their means.” Since there is not a universally accepted definition of cyberwarfare or cyberwar, unilateral and multilateral definitions may prevail in determining when and how a country may

launch a cyberwar. Even with well-reported incidents in Estonia (2007) and Georgia (2008), there hasn’t been multilateral definitions from organizations such as the North Atlantic Treaty Organization (NATO) that could be used to trigger appropriate responses if cyberwarfare is suspected. This leaves most attacks in the realm of cybercrimes and with unclear international laws cross-border prosecutions are just as hard to pursue.

The Complexities of the Cyberwarfare
Despite varying definitions of what a cyberwar constitutes and lack of clear rules of engagement and international laws, Sanger (2018), points out that, “It is tempting to think of cyberwar as something that takes place separate and apart from other conflicts, that what happens in the cloud is somehow divorced from what happens on the ground.” Many

scholars believe we have been engaged in cyberwarfare for a while now. Sembodho et al (2021), wrote, “Cyberwars are becoming more frequent. One of many cyberattacks that have taken place in the past few decades is the attack allegedly carried out by North Korea against the United States (US).”

If cyberattacks are state-sanctioned, then whether they cause damage or fail to make an impact should qualify to be classified as cyberwarfare. Many countries are still struggling with whether attacks should be retaliated. This means if an organization is hacked, it must investigate and remediate the issue, rather than engage in a hacking retaliation. The reason is that retaliation without clear attribution may lead to falsely attack an innocent third party that only participated in passing on traffic or whose IP was spoofed to create

an impression that the attack originated from an entity that had no role in the attack. Rabkin and Rabkin (2016) explained this attribution issue aptly when they wrote, “Cyber intrusions are often disguised in various ways, as attackers route their activity through computers on a network. Often the immediate source of an attack—or what appears to be the immediate source—may be in a different country or even on a different continent than the actual source.”

However, not everyone is convinced about what cyberwar is all about. There are skeptics such as Rid (2012), who argued, “Cyberwar is still more hype than hazard. Consider the definition of an act of war: It has to be potentially violent; it has to be purposeful, and it has to be political. The cyberattacks we’ve seen so far, from Estonia to the Stuxnet virus, simply don’t meet these criteria.”

If cyberwars are already happening with no proper rules of engagements, it means all systems both in the private and public sectors are fair game. This means there is literally no collateral damage for targets naturally go beyond military-owned infrastructure. One issue that complicates cyberwarfare is the difficulty in attributing an attack to a particular attacker and how to quantify the damage. Moreso, terrorist organizations that choose to launch politically-motivated cyberattacks may indiscriminately launch attacks against any assets in a targeted nation-state.

There is also risk of launching complex cyber tools such as worms that can spread rapidly and ricochet to turn the attacker into a target. This is very possible. When attacks are launched, it’s hard to distinguish what’s coming from mere

cyber criminals operating in adversary countries from state-sponsored attackers. Pursuing cyber criminals has already been a challenge since some countries do not cooperate with US law enforcement.

Decentralized Approach to Internet Governance
In a free-market economy such as the United States, the government lets private companies take the lead in developing new Internet technologies. This means the United States government does not direct the private sector on what to do as it hinders with innovation. The United States recognizes the importance of securing the Internet. The White House (2011), stated that, “A secure cyberspace is critical to our prosperity. We use the Internet and other online environments to increase our productivity, as a platform for innovation, and as a venue in which to create new

businesses. Our digital infrastructure, therefore, is a strategic national asset, and protecting it—while safeguarding privacy and civil liberties—is a national security priority and an economic necessity.”

This recognition has led the US government to create vital agencies such as the United States Computer Emergency Readiness Team and more recently the US Cyber Command. The US Cyber Command’s mission (US Cyber Command, 2021) is to “direct, synchronize, and coordinate cyberspace planning and operations – to defend and advance national interests – in collaboration with domestic and international partners.” This is an important milestone; however, decentralization may hinder effective coordination. Instead, this paper proposes a clearly defined hybrid approach to handle crisis if a cyberwar erupts.

Hybrid Approach
As with everything related to kinetic wars, the United States and virtually all other countries have a centralized approach to coordinating and executing a war. They can deploy the Air Force, the Navy, the Marines, the Army and other types of forces. To avoid confusion, the federal government takes a lead in the war even though the private sector plays an important role in manufacturing ammunition and other equipment used by the military.

When it comes to cybersecurity, both offensive and defensive cyber tools have their roots in the private sector. Some of the smartest computer and mathematical geniuses are found in the private sector. In order to fully utilize their capabilities, the United States can incorporate a hybrid

approach that allows the private sector to flourish, but closely collaborate with the private sector to establish a robust Cyber Force led by the US Cyber Command.

Proposed Approach: US Cyber Reserve Army
There are many patriotic Americans that may not be in a position to join the United States Army because of age, physical challenges such as being confined to a wheelchair and certain career commitments. However, for cybersecurity, what it takes are advanced skills in mathematics, computer science and networking. The US Cyber Command may not be able to hire such highly skilled labor, but there could be a voluntary army created for such a purpose composed of civilians that can be called to duty as necessary. Such an army would have policy experts, strategists, offensive

hackers, network defense experts and special cyber incident handlers who would work under the coordination of the US Cyber Command. This is one viable solution of utilizing the overflowing talent to defend critical infrastructure if a cyberwar arises against the United States.

The US reserve army would reflect the diversity of the United States which would include men and women of all racial stripes, varying educational backgrounds, warriors with physical handicaps but excellent coding skills, and cyber war strategists all bound by the patriotic duty to defend the cyberspace of the United States of America.

Final Thoughts
The White House (2021) said, “the United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private

sector, and ultimately the American people’s security and privacy.” Currently, there are various agencies with a mission to protect communications infrastructure. “The Cybersecurity and Infrastructure Security Agency (CISA) works with partners to defend against today’s threats and collaborates to build more secure and resilient infrastructure for the future” (CISA 2021). Another important agency is the National Security Agency which “partners with allies, private industry, academics, and researchers to strengthen awareness and collaboration to advance the state of cybersecurity” (National Security Agency 2021). The US Cyber Commands which is part of our military “unifies the direction of cyberspace operations, strengthens Depatertment of Defense (DoD) cyberspace capabilities, and integrates and bolsters DoD’s cyber expertise” (US Cyber Command 2021).

While all these agencies are important and play critical roles, when it comes to a cyberwar, just like a kinetic war, the US military should take the lead in coordinating the war by taping into a very resourceful US Cyber Reserve Army. According to Trautman (2016), “Admiral Mike Rogers summarized cyber-attacks as the greatest long-term threat to national security in part because we have yet to come to a broad policy and legal consensus.”

This is why our cybersecurity policy agenda must consider a comprehensive and centralized policy framework with basis in law. When it comes to facing a cyberwar, I share same sentiments with Jonathan Zittrain who once observed, according to Trautman (2016), that “coordinated responses and

comprehensive strategies to deal with mounting cybersecurity challenges have been understandably slow to develop.” Therefore, it is time to have a US Reserve Army led by the US Cyber Command, and the United States will strengthen its preparedness for a cyberwar.

References

Clarke R.A, K. R. (2010). Cyber war: the next threat to national. eCCO.

Clarke, R. (2011). Cyber War: The Next Threat to National Security and What to Do About It. Harper Collins.

Cybersecurity and Infrastructure Agency. (2021, October 15). CISA HOME. Retrieved October 14, 2021, from https://www.cisa.gov/about-cisa

Gazula, M. B. (2017). Cyber Warfare Conflict Analysis and Case Studies. Massachusetts Institute of Technology .

Jeremy Rabkin, A. R. (2016). Hacking Back Without Cracking Up. Aegis Paper Series No. 1606.

Kukuh Ugie Sembodho, A. T. (2021). The Limitation of United States Deterrence Strategy Towards North Korean Cyber . Global Strategis, p. 150.

Libicki, M. (2009). Cyberdeterrence and cyberwar. Santa Monica: The Rand Corporation.

M, T. (2012). An analysis for a just cyber warfare in Cyber Conflict (CY-CON). , 2012 4th International Conference on,, (pp. 1-10).

National Security Agency. (2021, October

14). NSA Home.

Parks R, D. D. (2011). Principles of cyberwarfare, security privacy. IEEE, 30-35.

Rid, T. (2012, March). Think Again: Cyberwar. Foreign Policy , pp. 80-84.

Sanger, D. (n.d.). The Perfect Weapon: War, Sabatoge, and Fear in the Cyber Age. New York: Crown Publishers.

Schmitt, M. (2014). The Law of Cyber Warfare: Quo Vadis? Stanford Law & Policy Review, 269-270.

Tallin Mannual. (2017). Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.

The White House. (2011, April). National Strategy for Trusted Identities in

Cyberspace.

The White House. (2021). Improving the Nation’s Cybersecurity. Federal Register Vol. 86.

Trautman, L. J. (2016, April). Cybersecurity: What About US Policy? Journal of Law, Technology & Policy, p. 344.

US Cyber Command. (2021). US Cyber Command Mission. Retrieved from https://www.cybercom.mil/About/Mission-and-Vision/

About the Author
Allen Ari Dziwa, CISSP, CISA, CCSP, CEH is a current cybersecurity scholar at Brown University in Rhode Island. He has worked in technology and cybersecurity consulting for 15 years. He currently serves on the Board of Directors of ISSA North Texas, E-

Council’s Ethical Hacking Advisory Board and is a certified ethical hacker and threat intelligence certified analyst. He holds 13 professional and vendor cybersecurity certifications. Views in this article do not represent his current or previous employers. Contact: allendziwa@hotmail.com

©ISSA. View All Articles.

Strengthening Cyberwarfare Preparedness
/article/Strengthening+Cyberwarfare+Preparedness/4265373/746291/article.html

NATO, G-7 leaders promise bulwark against retaliatory Russian cyberattacks

https://flip.it/7eJj9D?utm_source=pocket_mylist

https://www.belfercenter.org/publication/toward-collaborative-cyber-defense-and-enhanced-threat-intelligence-structure?utm_source=pocket_mylist

Lightning Fast Cybersecurity updates in real time.

https://flipboard.com/@easytech4all/cybersecurity-6tbejh5oz

Follow Blog for work in progress updates on R&D

https://easytech4all.net/author/easytechonline/

Cybersec YouTube playlist.

https://youtube.com/playlist?list=PLf-aX7Sa0eCRYUADIqTAU2qH-lKcNB-wj

https://easytech4all.net

https://1Powercyber.substack.com

https://1PowerCyber.blogspot.com

https://easytech4all.tumblr.com

View at Medium.com






#cybersecurity
#cyberattacks
#Cyberattack
#cybersec
#infosec
#dataprotection
#dataprivacy
#linux
#cyberdefense
#cyberdefence
#AdvancedCyberThreatIntelligence
#CyberThreatIntelligence
#technology
#informationtechnology
#easytech4all
#CyberWar


cybersec
Cyberdefense
Cyber Defense
Cyber Defence
easytech4all
Cybersecurity
infosec
Advanced cyber threat Intelligence
cyber threat Intelligence
Data privacy
Data protection
Cyberthreatintelligence
Advancedcyberthreatintelligence

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s