Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed: Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when
Last week Al Quaeda cyberterrorism attack information was declassified and made public. Today’s New York Times had an applicable editorial to whether cybersecurity issues are over-blown or under-believed:
Predictions of disaster have always been ignored — that is why there is a Cassandra myth — but it is hard to think of a time when so many major warned-against calamities have occurred in such quick succession. The next time someone is inclined to hold hearings on a disaster, they should go beyond asking why particular warnings were ignored and ask why well-founded warnings are so often ignored.
The article cites Katrina, 9/11, and others. Today we’ll try to answer whether this trend of ignoring warnings is this applicable towards warnings of Cyberwarfare.
Let’s open with this quote from PBS Frontline’s 2003 ‘Cyberwar’:
[PBS Frontline, 2003 (Cyberwar) JOHN ARQUILLA]:
If I were establishing a terror organization today, I would be more interested in doing costly disruption by cyberspace-based means. If I did physical destruction, I would know that I would have to deal with a bunch of angry Americans who would track me to the ends of the earth. On the other hand, if I could engage in acts that would cause hundreds of billions of dollars worth of costly economic damage, and I could do it relatively secretly, why wouldn't I pursue that aim? And why wouldn't that make me a great hero to the constituency I was serving, my people, those who believe as I would?
So if I were a terrorist, I would be thinking these days about mass disruption rather than mass destruction.
Here’s what the previous source, John Arquilla, one of cybersecurity’s knowledge leaders and currently a professor at Naval Postgraduate School in Monterey, had to say about cyberwar nearly eighteen years ago:
Cyberwar refers to conducting, and preparing to conduct, military operations according to information-related principles. It means disrupting if not destroying the information and communications systems, broadly defined to include even military culture, on which an adversary relies in order to “know” itself: who it is, where it is, what it can do when, why it is fighting, which threats to counter first, etc.
It means trying to know all about an adversary while keeping it from knowing much about oneself. It means turning the “balance of information and knowledge” in one’s favor, especially if the balance of forces is not. It means using knowledge so that less capital and labor may have to be expended.
Notable in this eighteen year old definition is that cyber-espionage is included in the opening moves of cyberwarfare. Historically, espionage has always supported political objectives and warfare.
President Obama’s 2009 statements about cyberthreats we face framed it as "one of the most serious economic and national security challenges we face as a nation. It's also clear that we're not as prepared as we should be, as a government, or as a country."
As this video shows, experts fighting the war believe we are losing the cyber-espionage war.
Speaking of warfare, let’s make sure we’re on the same page with the definition of what warfare is and what it requires.
Bridging Gaps: Defining ‘Warfare’
What helps one part of society grapple with the theoretical and technically possible combining with a gauge of intent to do harm is historical reference.
Some call them ‘case studies’, others call it ‘military history’.
The definition of ‘warfare’ in academic historical terms is that:
“…war itself represents a peculiar and distinctive form of human activity, focused above all else on a socially abnormal use of violence that larger societies both glorify and condemn.
Some argue that this definition of ‘warfare’ justifies a greater depth of focus than is often achieved through modern historical curriculum.
According to several resources, this science of academic military history has measurably declined for the past thirty years with the theoretical result of a traditionally higher educated populace actually less able to recognize threat. One key factor why this will occur may be that in the United States our military history has fallen from the academic to the popular, hitting the ‘applied military history’ branch of the tree on the way down.
Thinking of military history in three segments may help:
- Applied Military History can be defined as what they teach at Annapolis, Naval Postgraduate School, War College, West Point – you get the drift. ‘Applied’ working like a crowbar for a lever; a tool implemented with knowledge where useful.One applied military history book using applied military history written for “the rest of us” is The 33 Strategies of War.
- Popular Military History being the History Channel, Military Channel, YouTube snippets, ‘The Pacific’ and ‘300’. Maybe ‘Military History for the Twitter crowd’ with virtual CGI examples of age-old tactics and mainstream storytelling methods.
- Academic Military History is the term used often to describe more of a Classical History / APA formatted world if you will. This discipline specializes in getting into the what-ifs and measurable results of conflict, as well as the socio-political pressuring resulting in the conflict.
It makes sense that most of us in 21st Century America fall into the second category. How can that help us determine whether we are in danger or not?
Barbarians at the Gates?
Taking a hard look at the historic examples of the price of failing to properly recognize a threat include:
- Rome’s defeat at the Battle of Cannae followed a popular revolt in Rome over the length (perhaps familiar and reoccurring?) of the 2nd Punic War and the mandated replacement of Fabius whose attrition tactics were actually effective against Hannibal. Cannae itself has been studied for the past two thousand years and is still taught at West Point and other military academies, however the contributing human factors which partially contributed to the ‘Barbarians at the gates’ phrase two thousand years later are rooted in human nature.
- Carthage’s fall at the hands of Rome years after victory over Rome slipped through the grasp of Hannibal in the endgame of his Rome campaign. The debatable historical point is whether Hannibal would have conquered Rome if he had been given the resources he repeatedly asked for, but the Carthaginian leadership failed to give him in order to preserve their own power base in Carthage. Same human factors apply.
- D-Day involved Gen. Patton in a classic military deception which is sort of like social engineering applied to warfare. In fact, deception in warfare is classed within Sun Tzu principles as well as the old-school Soviet Maskiriovka: basically if you con your enemy about one thing they won’t do anything about your real plan.
From this amateur military historian’s perspective, throughout human history we tend to simply not value the severity of a threat. Also, the impact of powerful deceptive cyberwarfare operations shouldn’t be underestimated – Georgia v. Russia won’t be the last time it’s used.
Cyberwar: A 21st Century Call for the ‘300’?
- Stating that there is no cyberwar simply because we can’t all agree on the definition of warfare would be self defeating yet it would also follow human factors in military history.
- In this 21st Century instance the winner of the June Cyberwarfare debate may already be forecast as well – my forecast is that the majority attending will ascertain that industry security experts are more knowledgeable than warfare experts.
- If there is a cyberwar and we are failing to address it don’t give up hope: there are precedents for grasping victory out of the jaws of defeat. In 2006, ancient Greek history combined with a graphic novel visionary showed King Leonidas going at the Persian Empire alone in ‘300’.
Carollyn Duffy Marsan writes an excellent top ten cyberwarfare wrapup which states:
“ …with cyberwarfare, you need to win the first battle because there may not be a second. The enemy may have so wiped out your critical infrastructure through coordinated cyberattacks that you can't mount an effective defense and are forced to surrender.”
One question remains: If cyberwarfare and cybercrime are in fact as great a threat as others posit, and we are not recognizing it as such, who will stand in the 21st Century gap of Thermoplyae before the cyberthreats overwhelm modern internet communication technology?
Securing Our eCity Contributing Writer