The Business Forum

"It is impossible for ideas to compete in the marketplace if no forum for
  their presentation is provided or available."           Thomas Mann, 1896

The Business Forum Journal

 

Who Will Win the Cyberwar?
 

By Joseph Vaughn-Perling
 

 

We are at war.  That may not be news to you.   We have been at war in one form or another constantly whether a cold war, a regional conflict in which we have an interest or some sort of �police action� for most all the living memory of anyone likely to read this.

This cyberwar war is different.  It is on our shores, in our cities, our business, our homes.  It is fought door to door, house to house and all of us are consigned into the militia in this conflict whether we like it or not.  The only way to conscientiously object is to live in the woods and eat what you grow.  It hits us all.  Young and old, and whether or not you use technology, those with whom you interact do so.  This is your war, and it is your children�s war.  That it has been saddled with the comic sounding abstraction calling it �Cyberwar� perhaps hides its impact on your lives and livelihoods.

The war has been ongoing for a long time and actively engaged by US military SIGINT (Signals Intelligence), however this year in this war, we have passed a watershed moment.  Though most assumed that major nations including the USA were engaged in offensive operations, the official posture has always been one of Strategic Defense.  This posture is for good reason, and has the greatest efficacy in the long game because the winners of this war are most likely to be democratic nations with a free press.

Recent Skirmishes

In June of 2012, public acknowledgement of �Operation Olympic Games� and Stuxnet were made public by the New York Times, and Washington Post.  This operation was an offensive successful attack which targeted the Iranian nuclear program, specifically its centrifuges used to purify the uranium for the reactors at the Natanz plant. 

The publication of an offensive operation was seen by many as a failing in the military efforts of the Cyber war, but these events ought to be analyzed in the context of the broader conflict.  Fundamentally an understanding of why and how a cyber war is different from conventional warfare, as well as how it is similar may elucidate the genius of not just this particular operation, but also the genius of the publicity it received.

War is a cost to a society.  It is never a benefit and can at best be a necessary evil.  No long war has ever benefited a country; on the contrary prosperity comes from peace, security, and the trade that those conditions enable.  Even a country that wins every battle will find that such engagements will ultimately and inevitably be seen as massacres and atrocities by the people at large.  We are all in this war not by choice.  The choice is forced upon us by the nature of the world in which we live and the onslaught under which we find ourselves.  So then, why this choice to engage in offense, and to allow any detail of this to become public?

Cyberwar Strategy

To begin, we must understand that the strategy for victory is to attack only after the victory is already secured.  The loser of a war is the side that fights first and looks for victory afterward.  This maxim is even truer of cyber warfare than conventional war.  Here�s why: In conventional war, almost all of the munitions are destroyed during the attack.  In cyber war, most of the munitions AND THE SECRETS THEY CONVEY, are left on the battlefield and can be deconstructed and reproduced at very low cost by the agile and savvy defender.  When a computer system is attacked using the more sophisticated attacks, the attacking code must arrive at the victim machine, and enter its memory in order to have its effect.  Once these codes are in the machines of the defender, they can be analyzed, and reverse engineered.  The result of this is that when a cyber weapon is used offensively, if the defender is competent, the defender gains technology research and development whether or not the attack is successful.  Every attempted attack will advance the defender.

It has never been truer than now that the best offense is a good defense.  Withstanding an attack makes us stronger, and by limiting our attacking as much as possible, we keep those who would be our enemies weak.

High risk areas have good defenses.

In my long career with BT, one of the functions in which I served was auditing remote offices around the world.  Although there were uniform standards for security, there were inevitably some who did not meet the standard as well as those who far exceeded the standard.  During the analysis of this international estate one trend leapt out of the data, the greater the threat in the region, the greater the security compliance and the more likely the offices there were to exceed the standards.

There is a sort of Darwinian evolution of network security.  If you do not innovate and advance your defenses in a hostile environment, you can become mired in mitigating the damages that will occur from the many attacks that will succeed.  Professionals who are accustomed to working in such hostile environments tend to take security measures very seriously and implement them rigorously.  The same is true of the cyber warfare battleground.  Nations under continuous onslaught, rich with high value targets tend to have the most robust defenses.

How is war won or lost?

In 2004 I made some discussion of the elements required in being a foot soldier in this war, with specific attention to asymmetric cyber warfare.  The guidance previously provided to foot soldiers is entirely consistent with the strategic posture for governance in wartime described here.  The effective governance will assure a constant supply of resource and intelligence to the foot soldiers engaging at the fronts of this effort.  

Conventional warfare has simple and well defined Clausewitzian goals, which combined with military complex tactics and strategic management has the purpose:

(a) To conquer and destroy the armed power of the enemy; always direct our principal operation against the main body of the enemy army or at least against an important portion of his forces

(b) To take possession of his material and other sources of strength, and to direct our operations against the places where most of these resources are concentrated

(c) To gain public opinion, to support the ongoing efforts which may be won through great victories and the ultimate peaceful occupation of the enemy's capital.

Why is Cyber Warfare Different from Conventional War?

Cyber warfare is similar, but has important differences.  Whereas the goal of (a), to conquer, may only be achieved through an attack in both conventional and cyber war, a distinction for cyber war is that any such attack immediately risks (b), to possess strength, and if discovered risks (c), moral superiority.  However, successfully defending against a cyber attack accomplishes both (b) and (c) and preserves (a).   With this important difference, the principle focus of cyber warfare rests with adequate defenses, incident response, and excellent forensic analysis capabilities in order to both deconstruct the attack and to gain the public opinion advantage of moral authority. 

So then with a strong advantage to the defender because assets are gained with each successful defense, why attack?  The answer may not be as obvious as it appears.  Some attackers have ceded the moral high ground and are actively and overtly engaged in piracy and support this through philosophical social identity isolation and in-group/out-group definition (declaring a war is a means of achieving this to some extent).   This presents a risk to (c) especially in free-press democratic nations.

In state-sponsored press and non-democratic nations, there is more control over (c) in the former, and in the latter somewhat less concern for (c).  In these nations it can be expected to find a higher incidence of offensive state sponsored cyber warfare, particularly as it pertains to espionage.  This is because the social cost of the effort is mitigated by the state control over the information and governance of the actions of the people, or social pressures against disharmony.   However, this can work strongly against a nation in the long game.  For those of us in the service of BT, the First and Longest Lasting Telecom on the Planet, the long game matters.  The only longer measure is the very long game which is the court of historical record.  Winning the long game is most advanced by constant and continuous construction of the most robust and intelligent defense, for it is in this way that the size and shape of civilization will be determined.  

Joseph Vaughn-Perling is a Fellow of The Business Forum Institute and is currently the Security and Authentication Capability Manager for British Telecom Global Services.  He holds a B.S. degree in Psychology & Cognitive Science from the University of California Los Angeles and studied Law at the University of San Diego Law School. Prior to joining British Telecom he was LAN/WAN Technologist for William O�Neil & Co. publisher of Investors Daily; and was Senior Consulting Engineer, (Global Security, Security Development & Legal Dept) at Infonet Services Corporation. Joseph is a Certified Information Systems Security Professional (CISSP) and a Certified Checkpoint Systems Engineer (CCSE) He is a recognized Network Design Architect for fault tolerant globe spanning networks and applications and Member of the Board of Directors for International Networking companies.

Contact the Author:  ~  Click Here

Return to


The Business Forum Journal

Search Our Site

Search the ENTIRE Business Forum site. Search includes the Business
Forum Library, The Business Forum Journal and the Calendar Pages.

Editorial PolicyNothing you read in The Business Forum Journal should ever be construed to be the opinion of, statements condoned by, or advice from, The Business Forum, its staff, workers, officers, members, directors, sponsors or shareholders. We pass no opinion whatsoever on the content of what we publish, nor do we accept any responsibility for the claims, or any of the statements made, within anything published herein.  We merely aim to provide an academic forum and an information sourcing vehicle for the benefit of the business and the academic communities of the Pacific States of America and the World.  Therefore, readers must always determine for themselves where the statistics, comments, statements and advice that are published herein are gained from and act, or not act, upon such entirely and always at their own risk.  We accept absolutely no liability whatsoever, nor take any responsibility for what anyone does, or does not do, based upon what is published herein, or information gained through the use of links to other web sites included herein.                                     Please refer to our: legal disclaimer
 


Home    Calendar    The Business Forum Journal    Features
Concept     History     Library    Formats    Guest Testimonials
Client Testimonials      Search      News Wire     Why Sponsor
Tell-A-Friend     Join    Experts   Contact The Business Forum


 

 

The Business Forum
 Beverly Hills, California United States of America

Email:  [email protected]
Graphics by DawsonDesign
Webmaster:  bruceclay.com
 

� Copyright The Business Forum Institute 1982 - 2012  All rights reserved.